More mathematical symbols for ZF examples
authorpaulson
Tue Mar 06 17:01:37 2012 +0000 (2012-03-06)
changeset 4682357bf0cecb366
parent 46822 95f1e700b712
child 46824 1257c80988cd
child 46841 49b91b716cbe
More mathematical symbols for ZF examples
src/ZF/Constructible/AC_in_L.thy
src/ZF/Constructible/DPow_absolute.thy
src/ZF/Constructible/Datatype_absolute.thy
src/ZF/Constructible/Formula.thy
src/ZF/Constructible/Internalize.thy
src/ZF/Constructible/L_axioms.thy
src/ZF/Constructible/Normal.thy
src/ZF/Constructible/Rank.thy
src/ZF/Constructible/Rank_Separation.thy
src/ZF/Constructible/Rec_Separation.thy
src/ZF/Constructible/Reflection.thy
src/ZF/Constructible/Relative.thy
src/ZF/Constructible/Satisfies_absolute.thy
src/ZF/Constructible/Separation.thy
src/ZF/Constructible/WF_absolute.thy
src/ZF/Constructible/WFrec.thy
src/ZF/Constructible/Wellorderings.thy
src/ZF/Resid/Confluence.thy
src/ZF/Resid/Redex.thy
src/ZF/Resid/Reduction.thy
src/ZF/Resid/Residuals.thy
src/ZF/Resid/Substitution.thy
src/ZF/UNITY/AllocBase.thy
src/ZF/UNITY/AllocImpl.thy
src/ZF/UNITY/ClientImpl.thy
src/ZF/UNITY/Comp.thy
src/ZF/UNITY/Constrains.thy
src/ZF/UNITY/Distributor.thy
src/ZF/UNITY/FP.thy
src/ZF/UNITY/Follows.thy
src/ZF/UNITY/GenPrefix.thy
src/ZF/UNITY/Guar.thy
src/ZF/UNITY/Increasing.thy
src/ZF/UNITY/Merge.thy
src/ZF/UNITY/Monotonicity.thy
src/ZF/UNITY/MultisetSum.thy
src/ZF/UNITY/Mutex.thy
src/ZF/UNITY/State.thy
src/ZF/UNITY/SubstAx.thy
src/ZF/UNITY/UNITY.thy
src/ZF/UNITY/Union.thy
src/ZF/UNITY/WFair.thy
     1.1 --- a/src/ZF/Constructible/AC_in_L.thy	Tue Mar 06 16:46:27 2012 +0000
     1.2 +++ b/src/ZF/Constructible/AC_in_L.thy	Tue Mar 06 17:01:37 2012 +0000
     1.3 @@ -86,7 +86,7 @@
     1.4   apply (simp (no_asm_use))
     1.5  apply clarify
     1.6  apply (simp (no_asm_use))
     1.7 -apply (subgoal_tac "\<forall>l2 \<in> list(A). length(l2) = x --> Cons(a,l2) \<in> B", blast)
     1.8 +apply (subgoal_tac "\<forall>l2 \<in> list(A). length(l2) = x \<longrightarrow> Cons(a,l2) \<in> B", blast)
     1.9  apply (erule_tac a=a in wf_on_induct, assumption)
    1.10  apply (rule ballI)
    1.11  apply (rule impI)
    1.12 @@ -163,7 +163,7 @@
    1.13  
    1.14  lemma (in Nat_Times_Nat) fn_iff:
    1.15      "[|x \<in> nat; y \<in> nat; u \<in> nat; v \<in> nat|]
    1.16 -     ==> (fn`<x,y> = fn`<u,v>) <-> (x=u & y=v)"
    1.17 +     ==> (fn`<x,y> = fn`<u,v>) \<longleftrightarrow> (x=u & y=v)"
    1.18  by (blast dest: inj_apply_equality [OF fn_inj])
    1.19  
    1.20  lemma (in Nat_Times_Nat) enum_type [TC,simp]:
    1.21 @@ -171,7 +171,7 @@
    1.22  by (induct_tac p, simp_all)
    1.23  
    1.24  lemma (in Nat_Times_Nat) enum_inject [rule_format]:
    1.25 -    "p \<in> formula ==> \<forall>q\<in>formula. enum(fn,p) = enum(fn,q) --> p=q"
    1.26 +    "p \<in> formula ==> \<forall>q\<in>formula. enum(fn,p) = enum(fn,q) \<longrightarrow> p=q"
    1.27  apply (induct_tac p, simp_all)
    1.28     apply (rule ballI)
    1.29     apply (erule formula.cases)
    1.30 @@ -382,7 +382,7 @@
    1.31  apply (simp add: ltI, clarify)
    1.32  apply (rename_tac u v)
    1.33  apply (rule_tac i="lrank(u)" and j="lrank(v)" in Ord_linear_lt, simp_all) 
    1.34 -apply (drule_tac x="succ(lrank(u) Un lrank(v))" in ospec)
    1.35 +apply (drule_tac x="succ(lrank(u) \<union> lrank(v))" in ospec)
    1.36   apply (simp add: ltI)
    1.37  apply (drule_tac x=u in spec, simp)
    1.38  apply (drule_tac x=v in spec, simp)
     2.1 --- a/src/ZF/Constructible/DPow_absolute.thy	Tue Mar 06 16:46:27 2012 +0000
     2.2 +++ b/src/ZF/Constructible/DPow_absolute.thy	Tue Mar 06 17:01:37 2012 +0000
     2.3 @@ -40,13 +40,13 @@
     2.4    assumes MH_iff_sats: 
     2.5        "!!a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 a10. 
     2.6          [|a0\<in>A; a1\<in>A; a2\<in>A; a3\<in>A; a4\<in>A; a5\<in>A; a6\<in>A; a7\<in>A; a8\<in>A; a9\<in>A; a10\<in>A|]
     2.7 -        ==> MH(a2, a1, a0) <-> 
     2.8 +        ==> MH(a2, a1, a0) \<longleftrightarrow> 
     2.9              sats(A, p, Cons(a0,Cons(a1,Cons(a2,Cons(a3,
    2.10                            Cons(a4,Cons(a5,Cons(a6,Cons(a7,
    2.11                                    Cons(a8,Cons(a9,Cons(a10,env))))))))))))"
    2.12    shows 
    2.13        "[|x \<in> nat; z \<in> nat; env \<in> list(A)|]
    2.14 -       ==> sats(A, formula_rec_fm(p,x,z), env) <-> 
    2.15 +       ==> sats(A, formula_rec_fm(p,x,z), env) \<longleftrightarrow> 
    2.16             is_formula_rec(##A, MH, nth(x,env), nth(z,env))"
    2.17  by (simp add: formula_rec_fm_def sats_is_transrec_fm is_formula_rec_def 
    2.18                MH_iff_sats [THEN iff_sym])
    2.19 @@ -55,14 +55,14 @@
    2.20    assumes MH_iff_sats: 
    2.21        "!!a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 a10. 
    2.22          [|a0\<in>A; a1\<in>A; a2\<in>A; a3\<in>A; a4\<in>A; a5\<in>A; a6\<in>A; a7\<in>A; a8\<in>A; a9\<in>A; a10\<in>A|]
    2.23 -        ==> MH(a2, a1, a0) <-> 
    2.24 +        ==> MH(a2, a1, a0) \<longleftrightarrow> 
    2.25              sats(A, p, Cons(a0,Cons(a1,Cons(a2,Cons(a3,
    2.26                            Cons(a4,Cons(a5,Cons(a6,Cons(a7,
    2.27                                    Cons(a8,Cons(a9,Cons(a10,env))))))))))))"
    2.28    shows
    2.29    "[|nth(i,env) = x; nth(k,env) = z; 
    2.30        i \<in> nat; k \<in> nat; env \<in> list(A)|]
    2.31 -   ==> is_formula_rec(##A, MH, x, z) <-> sats(A, formula_rec_fm(p,i,k), env)" 
    2.32 +   ==> is_formula_rec(##A, MH, x, z) \<longleftrightarrow> sats(A, formula_rec_fm(p,i,k), env)" 
    2.33  by (simp add: sats_formula_rec_fm [OF MH_iff_sats])
    2.34  
    2.35  theorem formula_rec_reflection:
    2.36 @@ -90,7 +90,7 @@
    2.37  
    2.38  lemma sats_satisfies_fm [simp]:
    2.39     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
    2.40 -    ==> sats(A, satisfies_fm(x,y,z), env) <->
    2.41 +    ==> sats(A, satisfies_fm(x,y,z), env) \<longleftrightarrow>
    2.42          is_satisfies(##A, nth(x,env), nth(y,env), nth(z,env))"
    2.43  by (simp add: satisfies_fm_def is_satisfies_def sats_satisfies_MH_fm
    2.44                sats_formula_rec_fm)
    2.45 @@ -98,7 +98,7 @@
    2.46  lemma satisfies_iff_sats:
    2.47        "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
    2.48            i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
    2.49 -       ==> is_satisfies(##A, x, y, z) <-> sats(A, satisfies_fm(i,j,k), env)"
    2.50 +       ==> is_satisfies(##A, x, y, z) \<longleftrightarrow> sats(A, satisfies_fm(i,j,k), env)"
    2.51  by (simp add: sats_satisfies_fm)
    2.52  
    2.53  theorem satisfies_reflection:
    2.54 @@ -124,12 +124,12 @@
    2.55    is_DPow_sats :: "[i=>o,i,i,i,i] => o" where
    2.56     "is_DPow_sats(M,A,env,p,x) ==
    2.57        \<forall>n1[M]. \<forall>e[M]. \<forall>sp[M]. 
    2.58 -             is_satisfies(M,A,p,sp) --> is_Cons(M,x,env,e) --> 
    2.59 -             fun_apply(M, sp, e, n1) --> number1(M, n1)"
    2.60 +             is_satisfies(M,A,p,sp) \<longrightarrow> is_Cons(M,x,env,e) \<longrightarrow> 
    2.61 +             fun_apply(M, sp, e, n1) \<longrightarrow> number1(M, n1)"
    2.62  
    2.63  lemma (in M_satisfies) DPow_sats_abs:
    2.64      "[| M(A); env \<in> list(A); p \<in> formula; M(x) |]
    2.65 -    ==> is_DPow_sats(M,A,env,p,x) <-> sats(A, p, Cons(x,env))"
    2.66 +    ==> is_DPow_sats(M,A,env,p,x) \<longleftrightarrow> sats(A, p, Cons(x,env))"
    2.67  apply (subgoal_tac "M(env)") 
    2.68   apply (simp add: is_DPow_sats_def satisfies_closed satisfies_abs) 
    2.69  apply (blast dest: transM) 
    2.70 @@ -146,8 +146,8 @@
    2.71  
    2.72  (* is_DPow_sats(M,A,env,p,x) ==
    2.73        \<forall>n1[M]. \<forall>e[M]. \<forall>sp[M]. 
    2.74 -             is_satisfies(M,A,p,sp) --> is_Cons(M,x,env,e) --> 
    2.75 -             fun_apply(M, sp, e, n1) --> number1(M, n1) *)
    2.76 +             is_satisfies(M,A,p,sp) \<longrightarrow> is_Cons(M,x,env,e) \<longrightarrow> 
    2.77 +             fun_apply(M, sp, e, n1) \<longrightarrow> number1(M, n1) *)
    2.78  
    2.79  definition
    2.80    DPow_sats_fm :: "[i,i,i,i]=>i" where
    2.81 @@ -164,14 +164,14 @@
    2.82  
    2.83  lemma sats_DPow_sats_fm [simp]:
    2.84     "[| u \<in> nat; x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
    2.85 -    ==> sats(A, DPow_sats_fm(u,x,y,z), env) <->
    2.86 +    ==> sats(A, DPow_sats_fm(u,x,y,z), env) \<longleftrightarrow>
    2.87          is_DPow_sats(##A, nth(u,env), nth(x,env), nth(y,env), nth(z,env))"
    2.88  by (simp add: DPow_sats_fm_def is_DPow_sats_def)
    2.89  
    2.90  lemma DPow_sats_iff_sats:
    2.91    "[| nth(u,env) = nu; nth(x,env) = nx; nth(y,env) = ny; nth(z,env) = nz;
    2.92        u \<in> nat; x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
    2.93 -   ==> is_DPow_sats(##A,nu,nx,ny,nz) <->
    2.94 +   ==> is_DPow_sats(##A,nu,nx,ny,nz) \<longleftrightarrow>
    2.95         sats(A, DPow_sats_fm(u,x,y,z), env)"
    2.96  by simp
    2.97  
    2.98 @@ -223,13 +223,13 @@
    2.99  definition 
   2.100    is_DPow' :: "[i=>o,i,i] => o" where
   2.101      "is_DPow'(M,A,Z) == 
   2.102 -       \<forall>X[M]. X \<in> Z <-> 
   2.103 +       \<forall>X[M]. X \<in> Z \<longleftrightarrow> 
   2.104           subset(M,X,A) & 
   2.105             (\<exists>env[M]. \<exists>p[M]. mem_formula(M,p) & mem_list(M,A,env) &
   2.106                      is_Collect(M, A, is_DPow_sats(M,A,env,p), X))"
   2.107  
   2.108  lemma (in M_DPow) DPow'_abs:
   2.109 -    "[|M(A); M(Z)|] ==> is_DPow'(M,A,Z) <-> Z = DPow'(A)"
   2.110 +    "[|M(A); M(Z)|] ==> is_DPow'(M,A,Z) \<longleftrightarrow> Z = DPow'(A)"
   2.111  apply (rule iffI)
   2.112   prefer 2 apply (simp add: is_DPow'_def DPow'_def Collect_DPow_sats_abs) 
   2.113  apply (rule M_equalityI) 
   2.114 @@ -310,7 +310,7 @@
   2.115  enclosed within a single quantifier.*}
   2.116  
   2.117  (* is_Collect :: "[i=>o,i,i=>o,i] => o"
   2.118 -    "is_Collect(M,A,P,z) == \<forall>x[M]. x \<in> z <-> x \<in> A & P(x)" *)
   2.119 +    "is_Collect(M,A,P,z) == \<forall>x[M]. x \<in> z \<longleftrightarrow> x \<in> A & P(x)" *)
   2.120  
   2.121  definition
   2.122    Collect_fm :: "[i, i, i]=>i" where
   2.123 @@ -325,20 +325,20 @@
   2.124  
   2.125  lemma sats_Collect_fm:
   2.126    assumes is_P_iff_sats: 
   2.127 -      "!!a. a \<in> A ==> is_P(a) <-> sats(A, p, Cons(a, env))"
   2.128 +      "!!a. a \<in> A ==> is_P(a) \<longleftrightarrow> sats(A, p, Cons(a, env))"
   2.129    shows 
   2.130        "[|x \<in> nat; y \<in> nat; env \<in> list(A)|]
   2.131 -       ==> sats(A, Collect_fm(x,p,y), env) <->
   2.132 +       ==> sats(A, Collect_fm(x,p,y), env) \<longleftrightarrow>
   2.133             is_Collect(##A, nth(x,env), is_P, nth(y,env))"
   2.134  by (simp add: Collect_fm_def is_Collect_def is_P_iff_sats [THEN iff_sym])
   2.135  
   2.136  lemma Collect_iff_sats:
   2.137    assumes is_P_iff_sats: 
   2.138 -      "!!a. a \<in> A ==> is_P(a) <-> sats(A, p, Cons(a, env))"
   2.139 +      "!!a. a \<in> A ==> is_P(a) \<longleftrightarrow> sats(A, p, Cons(a, env))"
   2.140    shows 
   2.141    "[| nth(i,env) = x; nth(j,env) = y;
   2.142        i \<in> nat; j \<in> nat; env \<in> list(A)|]
   2.143 -   ==> is_Collect(##A, x, is_P, y) <-> sats(A, Collect_fm(i,p,j), env)"
   2.144 +   ==> is_Collect(##A, x, is_P, y) \<longleftrightarrow> sats(A, Collect_fm(i,p,j), env)"
   2.145  by (simp add: sats_Collect_fm [OF is_P_iff_sats])
   2.146  
   2.147  
   2.148 @@ -361,7 +361,7 @@
   2.149   and not the usual 1, 0!  It is enclosed within two quantifiers.*}
   2.150  
   2.151  (*  is_Replace :: "[i=>o,i,[i,i]=>o,i] => o"
   2.152 -    "is_Replace(M,A,P,z) == \<forall>u[M]. u \<in> z <-> (\<exists>x[M]. x\<in>A & P(x,u))" *)
   2.153 +    "is_Replace(M,A,P,z) == \<forall>u[M]. u \<in> z \<longleftrightarrow> (\<exists>x[M]. x\<in>A & P(x,u))" *)
   2.154  
   2.155  definition
   2.156    Replace_fm :: "[i, i, i]=>i" where
   2.157 @@ -377,21 +377,21 @@
   2.158  lemma sats_Replace_fm:
   2.159    assumes is_P_iff_sats: 
   2.160        "!!a b. [|a \<in> A; b \<in> A|] 
   2.161 -              ==> is_P(a,b) <-> sats(A, p, Cons(a,Cons(b,env)))"
   2.162 +              ==> is_P(a,b) \<longleftrightarrow> sats(A, p, Cons(a,Cons(b,env)))"
   2.163    shows 
   2.164        "[|x \<in> nat; y \<in> nat; env \<in> list(A)|]
   2.165 -       ==> sats(A, Replace_fm(x,p,y), env) <->
   2.166 +       ==> sats(A, Replace_fm(x,p,y), env) \<longleftrightarrow>
   2.167             is_Replace(##A, nth(x,env), is_P, nth(y,env))"
   2.168  by (simp add: Replace_fm_def is_Replace_def is_P_iff_sats [THEN iff_sym])
   2.169  
   2.170  lemma Replace_iff_sats:
   2.171    assumes is_P_iff_sats: 
   2.172        "!!a b. [|a \<in> A; b \<in> A|] 
   2.173 -              ==> is_P(a,b) <-> sats(A, p, Cons(a,Cons(b,env)))"
   2.174 +              ==> is_P(a,b) \<longleftrightarrow> sats(A, p, Cons(a,Cons(b,env)))"
   2.175    shows 
   2.176    "[| nth(i,env) = x; nth(j,env) = y;
   2.177        i \<in> nat; j \<in> nat; env \<in> list(A)|]
   2.178 -   ==> is_Replace(##A, x, is_P, y) <-> sats(A, Replace_fm(i,p,j), env)"
   2.179 +   ==> is_Replace(##A, x, is_P, y) \<longleftrightarrow> sats(A, Replace_fm(i,p,j), env)"
   2.180  by (simp add: sats_Replace_fm [OF is_P_iff_sats])
   2.181  
   2.182  
   2.183 @@ -412,7 +412,7 @@
   2.184  subsubsection{*The Operator @{term is_DPow'}, Internalized*}
   2.185  
   2.186  (*  "is_DPow'(M,A,Z) == 
   2.187 -       \<forall>X[M]. X \<in> Z <-> 
   2.188 +       \<forall>X[M]. X \<in> Z \<longleftrightarrow> 
   2.189           subset(M,X,A) & 
   2.190             (\<exists>env[M]. \<exists>p[M]. mem_formula(M,p) & mem_list(M,A,env) &
   2.191                      is_Collect(M, A, is_DPow_sats(M,A,env,p), X))" *)
   2.192 @@ -435,14 +435,14 @@
   2.193  
   2.194  lemma sats_DPow'_fm [simp]:
   2.195     "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   2.196 -    ==> sats(A, DPow'_fm(x,y), env) <->
   2.197 +    ==> sats(A, DPow'_fm(x,y), env) \<longleftrightarrow>
   2.198          is_DPow'(##A, nth(x,env), nth(y,env))"
   2.199  by (simp add: DPow'_fm_def is_DPow'_def sats_subset_fm' sats_Collect_fm)
   2.200  
   2.201  lemma DPow'_iff_sats:
   2.202        "[| nth(i,env) = x; nth(j,env) = y; 
   2.203            i \<in> nat; j \<in> nat; env \<in> list(A)|]
   2.204 -       ==> is_DPow'(##A, x, y) <-> sats(A, DPow'_fm(i,j), env)"
   2.205 +       ==> is_DPow'(##A, x, y) \<longleftrightarrow> sats(A, DPow'_fm(i,j), env)"
   2.206  by (simp add: sats_DPow'_fm)
   2.207  
   2.208  theorem DPow'_reflection:
   2.209 @@ -463,7 +463,7 @@
   2.210  
   2.211  lemma (in M_DPow) transrec_body_abs:
   2.212       "[|M(x); M(g); M(z)|]
   2.213 -    ==> transrec_body(M,g,x,y,z) <-> y \<in> x & z = DPow'(g`y)"
   2.214 +    ==> transrec_body(M,g,x,y,z) \<longleftrightarrow> y \<in> x & z = DPow'(g`y)"
   2.215  by (simp add: transrec_body_def DPow'_abs transM [of _ x])
   2.216  
   2.217  locale M_Lset = M_DPow +
   2.218 @@ -490,7 +490,7 @@
   2.219  
   2.220  lemma (in M_Lset) RepFun_DPow_abs:
   2.221       "[|M(x); M(f); M(r) |]
   2.222 -      ==> is_Replace(M, x, \<lambda>y z. transrec_body(M,f,x,y,z), r) <->
   2.223 +      ==> is_Replace(M, x, \<lambda>y z. transrec_body(M,f,x,y,z), r) \<longleftrightarrow>
   2.224            r =  {DPow'(f`y). y\<in>x}"
   2.225  apply (simp add: transrec_body_abs RepFun_def) 
   2.226  apply (rule iff_trans) 
   2.227 @@ -517,7 +517,7 @@
   2.228  
   2.229  lemma (in M_Lset) Lset_abs:
   2.230    "[|Ord(i);  M(i);  M(z)|] 
   2.231 -   ==> is_Lset(M,i,z) <-> z = Lset(i)"
   2.232 +   ==> is_Lset(M,i,z) \<longleftrightarrow> z = Lset(i)"
   2.233  apply (simp add: is_Lset_def Lset_eq_transrec_DPow') 
   2.234  apply (rule transrec_abs)  
   2.235  apply (simp_all add: transrec_rep' relation2_def RepFun_DPow_apply_closed)
     3.1 --- a/src/ZF/Constructible/Datatype_absolute.thy	Tue Mar 06 16:46:27 2012 +0000
     3.2 +++ b/src/ZF/Constructible/Datatype_absolute.thy	Tue Mar 06 17:01:37 2012 +0000
     3.3 @@ -15,15 +15,15 @@
     3.4  
     3.5  definition
     3.6    contin :: "(i=>i) => o" where
     3.7 -   "contin(h) == (\<forall>A. directed(A) --> h(\<Union>A) = (\<Union>X\<in>A. h(X)))"
     3.8 +   "contin(h) == (\<forall>A. directed(A) \<longrightarrow> h(\<Union>A) = (\<Union>X\<in>A. h(X)))"
     3.9  
    3.10 -lemma bnd_mono_iterates_subset: "[|bnd_mono(D, h); n \<in> nat|] ==> h^n (0) <= D"
    3.11 +lemma bnd_mono_iterates_subset: "[|bnd_mono(D, h); n \<in> nat|] ==> h^n (0) \<subseteq> D"
    3.12  apply (induct_tac n) 
    3.13   apply (simp_all add: bnd_mono_def, blast) 
    3.14  done
    3.15  
    3.16  lemma bnd_mono_increasing [rule_format]:
    3.17 -     "[|i \<in> nat; j \<in> nat; bnd_mono(D,h)|] ==> i \<le> j --> h^i(0) \<subseteq> h^j(0)"
    3.18 +     "[|i \<in> nat; j \<in> nat; bnd_mono(D,h)|] ==> i \<le> j \<longrightarrow> h^i(0) \<subseteq> h^j(0)"
    3.19  apply (rule_tac m=i and n=j in diff_induct, simp_all)
    3.20  apply (blast del: subsetI
    3.21               intro: bnd_mono_iterates_subset bnd_monoD2 [of concl: h]) 
    3.22 @@ -56,14 +56,14 @@
    3.23  done
    3.24  
    3.25  lemma lfp_subset_Union:
    3.26 -     "[|bnd_mono(D, h); contin(h)|] ==> lfp(D,h) <= (\<Union>n\<in>nat. h^n(0))"
    3.27 +     "[|bnd_mono(D, h); contin(h)|] ==> lfp(D,h) \<subseteq> (\<Union>n\<in>nat. h^n(0))"
    3.28  apply (rule lfp_lowerbound) 
    3.29   apply (simp add: contin_iterates_eq) 
    3.30  apply (simp add: contin_def bnd_mono_iterates_subset UN_subset_iff) 
    3.31  done
    3.32  
    3.33  lemma Union_subset_lfp:
    3.34 -     "bnd_mono(D,h) ==> (\<Union>n\<in>nat. h^n(0)) <= lfp(D,h)"
    3.35 +     "bnd_mono(D,h) ==> (\<Union>n\<in>nat. h^n(0)) \<subseteq> lfp(D,h)"
    3.36  apply (simp add: UN_subset_iff)
    3.37  apply (rule ballI)  
    3.38  apply (induct_tac n, simp_all) 
    3.39 @@ -128,12 +128,12 @@
    3.40  definition
    3.41    iterates_replacement :: "[i=>o, [i,i]=>o, i] => o" where
    3.42     "iterates_replacement(M,isF,v) ==
    3.43 -      \<forall>n[M]. n\<in>nat --> 
    3.44 +      \<forall>n[M]. n\<in>nat \<longrightarrow> 
    3.45           wfrec_replacement(M, iterates_MH(M,isF,v), Memrel(succ(n)))"
    3.46  
    3.47  lemma (in M_basic) iterates_MH_abs:
    3.48    "[| relation1(M,isF,F); M(n); M(g); M(z) |] 
    3.49 -   ==> iterates_MH(M,isF,v,n,g,z) <-> z = nat_case(v, \<lambda>m. F(g`m), n)"
    3.50 +   ==> iterates_MH(M,isF,v,n,g,z) \<longleftrightarrow> z = nat_case(v, \<lambda>m. F(g`m), n)"
    3.51  by (simp add: nat_case_abs [of _ "\<lambda>m. F(g ` m)"]
    3.52                relation1_def iterates_MH_def)  
    3.53  
    3.54 @@ -146,7 +146,7 @@
    3.55  theorem (in M_trancl) iterates_abs:
    3.56    "[| iterates_replacement(M,isF,v); relation1(M,isF,F);
    3.57        n \<in> nat; M(v); M(z); \<forall>x[M]. M(F(x)) |] 
    3.58 -   ==> is_iterates(M,isF,v,n,z) <-> z = iterates(F,n,v)" 
    3.59 +   ==> is_iterates(M,isF,v,n,z) \<longleftrightarrow> z = iterates(F,n,v)" 
    3.60  apply (frule iterates_imp_wfrec_replacement, assumption+)
    3.61  apply (simp add: wf_Memrel trans_Memrel relation_Memrel nat_into_M
    3.62                   is_iterates_def relation2_def iterates_MH_abs 
    3.63 @@ -215,7 +215,7 @@
    3.64           number1(M,n1) & cartprod(M,A,X,AX) & is_sum(M,n1,AX,Z)"
    3.65  
    3.66  lemma (in M_basic) list_functor_abs [simp]: 
    3.67 -     "[| M(A); M(X); M(Z) |] ==> is_list_functor(M,A,X,Z) <-> (Z = {0} + A*X)"
    3.68 +     "[| M(A); M(X); M(Z) |] ==> is_list_functor(M,A,X,Z) \<longleftrightarrow> (Z = {0} + A*X)"
    3.69  by (simp add: is_list_functor_def singleton_0 nat_into_M)
    3.70  
    3.71  
    3.72 @@ -272,7 +272,7 @@
    3.73  
    3.74  lemma (in M_basic) formula_functor_abs [simp]: 
    3.75       "[| M(X); M(Z) |] 
    3.76 -      ==> is_formula_functor(M,X,Z) <-> 
    3.77 +      ==> is_formula_functor(M,X,Z) \<longleftrightarrow> 
    3.78            Z = ((nat*nat) + (nat*nat)) + (X*X + X)"
    3.79  by (simp add: is_formula_functor_def) 
    3.80  
    3.81 @@ -287,7 +287,7 @@
    3.82  by (simp add: list_N_def Nil_def)
    3.83  
    3.84  lemma Cons_in_list_N [simp]:
    3.85 -     "Cons(a,l) \<in> list_N(A,succ(n)) <-> a\<in>A & l \<in> list_N(A,n)"
    3.86 +     "Cons(a,l) \<in> list_N(A,succ(n)) \<longleftrightarrow> a\<in>A & l \<in> list_N(A,n)"
    3.87  by (simp add: list_N_def Cons_def) 
    3.88  
    3.89  text{*These two aren't simprules because they reveal the underlying
    3.90 @@ -310,7 +310,7 @@
    3.91  done
    3.92  
    3.93  lemma list_imp_list_N [rule_format]:
    3.94 -     "l \<in> list(A) ==> \<forall>n\<in>nat. length(l) < n --> l \<in> list_N(A, n)"
    3.95 +     "l \<in> list(A) ==> \<forall>n\<in>nat. length(l) < n \<longrightarrow> l \<in> list_N(A, n)"
    3.96  apply (induct_tac l)
    3.97  apply (force elim: natE)+
    3.98  done
    3.99 @@ -354,7 +354,7 @@
   3.100  
   3.101  definition
   3.102    is_list :: "[i=>o,i,i] => o" where
   3.103 -    "is_list(M,A,Z) == \<forall>l[M]. l \<in> Z <-> mem_list(M,A,l)"
   3.104 +    "is_list(M,A,Z) == \<forall>l[M]. l \<in> Z \<longleftrightarrow> mem_list(M,A,l)"
   3.105  
   3.106  subsubsection{*Towards Absoluteness of @{term formula_rec}*}
   3.107  
   3.108 @@ -374,19 +374,19 @@
   3.109      "formula_N(n) == (\<lambda>X. ((nat*nat) + (nat*nat)) + (X*X + X)) ^ n (0)"
   3.110  
   3.111  lemma Member_in_formula_N [simp]:
   3.112 -     "Member(x,y) \<in> formula_N(succ(n)) <-> x \<in> nat & y \<in> nat"
   3.113 +     "Member(x,y) \<in> formula_N(succ(n)) \<longleftrightarrow> x \<in> nat & y \<in> nat"
   3.114  by (simp add: formula_N_def Member_def) 
   3.115  
   3.116  lemma Equal_in_formula_N [simp]:
   3.117 -     "Equal(x,y) \<in> formula_N(succ(n)) <-> x \<in> nat & y \<in> nat"
   3.118 +     "Equal(x,y) \<in> formula_N(succ(n)) \<longleftrightarrow> x \<in> nat & y \<in> nat"
   3.119  by (simp add: formula_N_def Equal_def) 
   3.120  
   3.121  lemma Nand_in_formula_N [simp]:
   3.122 -     "Nand(x,y) \<in> formula_N(succ(n)) <-> x \<in> formula_N(n) & y \<in> formula_N(n)"
   3.123 +     "Nand(x,y) \<in> formula_N(succ(n)) \<longleftrightarrow> x \<in> formula_N(n) & y \<in> formula_N(n)"
   3.124  by (simp add: formula_N_def Nand_def) 
   3.125  
   3.126  lemma Forall_in_formula_N [simp]:
   3.127 -     "Forall(x) \<in> formula_N(succ(n)) <-> x \<in> formula_N(n)"
   3.128 +     "Forall(x) \<in> formula_N(succ(n)) \<longleftrightarrow> x \<in> formula_N(n)"
   3.129  by (simp add: formula_N_def Forall_def) 
   3.130  
   3.131  text{*These two aren't simprules because they reveal the underlying
   3.132 @@ -413,7 +413,7 @@
   3.133  done
   3.134  
   3.135  lemma formula_imp_formula_N [rule_format]:
   3.136 -     "p \<in> formula ==> \<forall>n\<in>nat. depth(p) < n --> p \<in> formula_N(n)"
   3.137 +     "p \<in> formula ==> \<forall>n\<in>nat. depth(p) < n \<longrightarrow> p \<in> formula_N(n)"
   3.138  apply (induct_tac p)
   3.139  apply (simp_all add: succ_Un_distrib Un_least_lt_iff) 
   3.140  apply (force elim: natE)+
   3.141 @@ -432,7 +432,7 @@
   3.142  
   3.143  text{*This result and the next are unused.*}
   3.144  lemma formula_N_mono [rule_format]:
   3.145 -  "[| m \<in> nat; n \<in> nat |] ==> m\<le>n --> formula_N(m) \<subseteq> formula_N(n)"
   3.146 +  "[| m \<in> nat; n \<in> nat |] ==> m\<le>n \<longrightarrow> formula_N(m) \<subseteq> formula_N(n)"
   3.147  apply (rule_tac m = m and n = n in diff_induct)
   3.148  apply (simp_all add: formula_N_0 formula_N_succ, blast) 
   3.149  done
   3.150 @@ -459,7 +459,7 @@
   3.151  
   3.152  definition
   3.153    is_formula :: "[i=>o,i] => o" where
   3.154 -    "is_formula(M,Z) == \<forall>p[M]. p \<in> Z <-> mem_formula(M,p)"
   3.155 +    "is_formula(M,Z) == \<forall>p[M]. p \<in> Z \<longleftrightarrow> mem_formula(M,p)"
   3.156  
   3.157  locale M_datatypes = M_trancl +
   3.158   assumes list_replacement1:
   3.159 @@ -498,7 +498,7 @@
   3.160  
   3.161  lemma (in M_datatypes) list_N_abs [simp]:
   3.162       "[|M(A); n\<in>nat; M(Z)|]
   3.163 -      ==> is_list_N(M,A,n,Z) <-> Z = list_N(A,n)"
   3.164 +      ==> is_list_N(M,A,n,Z) \<longleftrightarrow> Z = list_N(A,n)"
   3.165  apply (insert list_replacement1)
   3.166  apply (simp add: is_list_N_def list_N_def relation1_def nat_into_M
   3.167                   iterates_abs [of "is_list_functor(M,A)" _ "\<lambda>X. {0} + A*X"])
   3.168 @@ -512,14 +512,14 @@
   3.169  done
   3.170  
   3.171  lemma (in M_datatypes) mem_list_abs [simp]:
   3.172 -     "M(A) ==> mem_list(M,A,l) <-> l \<in> list(A)"
   3.173 +     "M(A) ==> mem_list(M,A,l) \<longleftrightarrow> l \<in> list(A)"
   3.174  apply (insert list_replacement1)
   3.175  apply (simp add: mem_list_def list_N_def relation1_def list_eq_Union
   3.176                   iterates_closed [of "is_list_functor(M,A)"])
   3.177  done
   3.178  
   3.179  lemma (in M_datatypes) list_abs [simp]:
   3.180 -     "[|M(A); M(Z)|] ==> is_list(M,A,Z) <-> Z = list(A)"
   3.181 +     "[|M(A); M(Z)|] ==> is_list(M,A,Z) \<longleftrightarrow> Z = list(A)"
   3.182  apply (simp add: is_list_def, safe)
   3.183  apply (rule M_equalityI, simp_all)
   3.184  done
   3.185 @@ -546,7 +546,7 @@
   3.186  
   3.187  lemma (in M_datatypes) formula_N_abs [simp]:
   3.188       "[|n\<in>nat; M(Z)|]
   3.189 -      ==> is_formula_N(M,n,Z) <-> Z = formula_N(n)"
   3.190 +      ==> is_formula_N(M,n,Z) \<longleftrightarrow> Z = formula_N(n)"
   3.191  apply (insert formula_replacement1)
   3.192  apply (simp add: is_formula_N_def formula_N_def relation1_def nat_into_M
   3.193                   iterates_abs [of "is_formula_functor(M)" _
   3.194 @@ -561,14 +561,14 @@
   3.195  done
   3.196  
   3.197  lemma (in M_datatypes) mem_formula_abs [simp]:
   3.198 -     "mem_formula(M,l) <-> l \<in> formula"
   3.199 +     "mem_formula(M,l) \<longleftrightarrow> l \<in> formula"
   3.200  apply (insert formula_replacement1)
   3.201  apply (simp add: mem_formula_def relation1_def formula_eq_Union formula_N_def
   3.202                   iterates_closed [of "is_formula_functor(M)"])
   3.203  done
   3.204  
   3.205  lemma (in M_datatypes) formula_abs [simp]:
   3.206 -     "[|M(Z)|] ==> is_formula(M,Z) <-> Z = formula"
   3.207 +     "[|M(Z)|] ==> is_formula(M,Z) \<longleftrightarrow> Z = formula"
   3.208  apply (simp add: is_formula_def, safe)
   3.209  apply (rule M_equalityI, simp_all)
   3.210  done
   3.211 @@ -599,7 +599,7 @@
   3.212  
   3.213  definition
   3.214    is_eclose :: "[i=>o,i,i] => o" where
   3.215 -    "is_eclose(M,A,Z) == \<forall>u[M]. u \<in> Z <-> mem_eclose(M,A,u)"
   3.216 +    "is_eclose(M,A,Z) == \<forall>u[M]. u \<in> Z \<longleftrightarrow> mem_eclose(M,A,u)"
   3.217  
   3.218  
   3.219  locale M_eclose = M_datatypes +
   3.220 @@ -625,21 +625,21 @@
   3.221                 iterates_closed [of "big_union(M)"])
   3.222  
   3.223  lemma (in M_eclose) is_eclose_n_abs [simp]:
   3.224 -     "[|M(A); n\<in>nat; M(Z)|] ==> is_eclose_n(M,A,n,Z) <-> Z = Union^n (A)"
   3.225 +     "[|M(A); n\<in>nat; M(Z)|] ==> is_eclose_n(M,A,n,Z) \<longleftrightarrow> Z = Union^n (A)"
   3.226  apply (insert eclose_replacement1)
   3.227  apply (simp add: is_eclose_n_def relation1_def nat_into_M
   3.228                   iterates_abs [of "big_union(M)" _ "Union"])
   3.229  done
   3.230  
   3.231  lemma (in M_eclose) mem_eclose_abs [simp]:
   3.232 -     "M(A) ==> mem_eclose(M,A,l) <-> l \<in> eclose(A)"
   3.233 +     "M(A) ==> mem_eclose(M,A,l) \<longleftrightarrow> l \<in> eclose(A)"
   3.234  apply (insert eclose_replacement1)
   3.235  apply (simp add: mem_eclose_def relation1_def eclose_eq_Union
   3.236                   iterates_closed [of "big_union(M)"])
   3.237  done
   3.238  
   3.239  lemma (in M_eclose) eclose_abs [simp]:
   3.240 -     "[|M(A); M(Z)|] ==> is_eclose(M,A,Z) <-> Z = eclose(A)"
   3.241 +     "[|M(A); M(Z)|] ==> is_eclose(M,A,Z) \<longleftrightarrow> Z = eclose(A)"
   3.242  apply (simp add: is_eclose_def, safe)
   3.243  apply (rule M_equalityI, simp_all)
   3.244  done
   3.245 @@ -669,8 +669,8 @@
   3.246  theorem (in M_eclose) transrec_abs:
   3.247    "[|transrec_replacement(M,MH,i);  relation2(M,MH,H);
   3.248       Ord(i);  M(i);  M(z);
   3.249 -     \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g))|]
   3.250 -   ==> is_transrec(M,MH,i,z) <-> z = transrec(i,H)"
   3.251 +     \<forall>x[M]. \<forall>g[M]. function(g) \<longrightarrow> M(H(x,g))|]
   3.252 +   ==> is_transrec(M,MH,i,z) \<longleftrightarrow> z = transrec(i,H)"
   3.253  by (simp add: trans_wfrec_abs transrec_replacement_def is_transrec_def
   3.254         transrec_def eclose_sing_Ord_eq wf_Memrel trans_Memrel relation_Memrel)
   3.255  
   3.256 @@ -678,7 +678,7 @@
   3.257  theorem (in M_eclose) transrec_closed:
   3.258       "[|transrec_replacement(M,MH,i);  relation2(M,MH,H);
   3.259          Ord(i);  M(i);
   3.260 -        \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g))|]
   3.261 +        \<forall>x[M]. \<forall>g[M]. function(g) \<longrightarrow> M(H(x,g))|]
   3.262        ==> M(transrec(i,H))"
   3.263  by (simp add: trans_wfrec_closed transrec_replacement_def is_transrec_def
   3.264          transrec_def eclose_sing_Ord_eq wf_Memrel trans_Memrel relation_Memrel)
   3.265 @@ -706,7 +706,7 @@
   3.266  
   3.267  
   3.268  lemma (in M_datatypes) length_abs [simp]:
   3.269 -     "[|M(A); l \<in> list(A); n \<in> nat|] ==> is_length(M,A,l,n) <-> n = length(l)"
   3.270 +     "[|M(A); l \<in> list(A); n \<in> nat|] ==> is_length(M,A,l,n) \<longleftrightarrow> n = length(l)"
   3.271  apply (subgoal_tac "M(l) & M(n)")
   3.272   prefer 2 apply (blast dest: transM)
   3.273  apply (simp add: is_length_def)
   3.274 @@ -752,7 +752,7 @@
   3.275  
   3.276  lemma (in M_datatypes) nth_abs [simp]:
   3.277       "[|M(A); n \<in> nat; l \<in> list(A); M(Z)|]
   3.278 -      ==> is_nth(M,n,l,Z) <-> Z = nth(n,l)"
   3.279 +      ==> is_nth(M,n,l,Z) \<longleftrightarrow> Z = nth(n,l)"
   3.280  apply (subgoal_tac "M(l)")
   3.281   prefer 2 apply (blast intro: transM)
   3.282  apply (simp add: is_nth_def nth_eq_hd_iterates_tl nat_into_M
   3.283 @@ -770,11 +770,11 @@
   3.284          \<exists>p[M]. \<exists>u[M]. pair(M,x,y,p) & is_Inl(M,p,u) & is_Inl(M,u,Z)"
   3.285  
   3.286  lemma (in M_trivial) Member_abs [simp]:
   3.287 -     "[|M(x); M(y); M(Z)|] ==> is_Member(M,x,y,Z) <-> (Z = Member(x,y))"
   3.288 +     "[|M(x); M(y); M(Z)|] ==> is_Member(M,x,y,Z) \<longleftrightarrow> (Z = Member(x,y))"
   3.289  by (simp add: is_Member_def Member_def)
   3.290  
   3.291  lemma (in M_trivial) Member_in_M_iff [iff]:
   3.292 -     "M(Member(x,y)) <-> M(x) & M(y)"
   3.293 +     "M(Member(x,y)) \<longleftrightarrow> M(x) & M(y)"
   3.294  by (simp add: Member_def)
   3.295  
   3.296  definition
   3.297 @@ -784,10 +784,10 @@
   3.298          \<exists>p[M]. \<exists>u[M]. pair(M,x,y,p) & is_Inr(M,p,u) & is_Inl(M,u,Z)"
   3.299  
   3.300  lemma (in M_trivial) Equal_abs [simp]:
   3.301 -     "[|M(x); M(y); M(Z)|] ==> is_Equal(M,x,y,Z) <-> (Z = Equal(x,y))"
   3.302 +     "[|M(x); M(y); M(Z)|] ==> is_Equal(M,x,y,Z) \<longleftrightarrow> (Z = Equal(x,y))"
   3.303  by (simp add: is_Equal_def Equal_def)
   3.304  
   3.305 -lemma (in M_trivial) Equal_in_M_iff [iff]: "M(Equal(x,y)) <-> M(x) & M(y)"
   3.306 +lemma (in M_trivial) Equal_in_M_iff [iff]: "M(Equal(x,y)) \<longleftrightarrow> M(x) & M(y)"
   3.307  by (simp add: Equal_def)
   3.308  
   3.309  definition
   3.310 @@ -797,10 +797,10 @@
   3.311          \<exists>p[M]. \<exists>u[M]. pair(M,x,y,p) & is_Inl(M,p,u) & is_Inr(M,u,Z)"
   3.312  
   3.313  lemma (in M_trivial) Nand_abs [simp]:
   3.314 -     "[|M(x); M(y); M(Z)|] ==> is_Nand(M,x,y,Z) <-> (Z = Nand(x,y))"
   3.315 +     "[|M(x); M(y); M(Z)|] ==> is_Nand(M,x,y,Z) \<longleftrightarrow> (Z = Nand(x,y))"
   3.316  by (simp add: is_Nand_def Nand_def)
   3.317  
   3.318 -lemma (in M_trivial) Nand_in_M_iff [iff]: "M(Nand(x,y)) <-> M(x) & M(y)"
   3.319 +lemma (in M_trivial) Nand_in_M_iff [iff]: "M(Nand(x,y)) \<longleftrightarrow> M(x) & M(y)"
   3.320  by (simp add: Nand_def)
   3.321  
   3.322  definition
   3.323 @@ -809,10 +809,10 @@
   3.324      "is_Forall(M,p,Z) == \<exists>u[M]. is_Inr(M,p,u) & is_Inr(M,u,Z)"
   3.325  
   3.326  lemma (in M_trivial) Forall_abs [simp]:
   3.327 -     "[|M(x); M(Z)|] ==> is_Forall(M,x,Z) <-> (Z = Forall(x))"
   3.328 +     "[|M(x); M(Z)|] ==> is_Forall(M,x,Z) \<longleftrightarrow> (Z = Forall(x))"
   3.329  by (simp add: is_Forall_def Forall_def)
   3.330  
   3.331 -lemma (in M_trivial) Forall_in_M_iff [iff]: "M(Forall(x)) <-> M(x)"
   3.332 +lemma (in M_trivial) Forall_in_M_iff [iff]: "M(Forall(x)) \<longleftrightarrow> M(x)"
   3.333  by (simp add: Forall_def)
   3.334  
   3.335  
   3.336 @@ -862,7 +862,7 @@
   3.337  
   3.338  
   3.339  lemma (in M_datatypes) depth_abs [simp]:
   3.340 -     "[|p \<in> formula; n \<in> nat|] ==> is_depth(M,p,n) <-> n = depth(p)"
   3.341 +     "[|p \<in> formula; n \<in> nat|] ==> is_depth(M,p,n) \<longleftrightarrow> n = depth(p)"
   3.342  apply (subgoal_tac "M(p) & M(n)")
   3.343   prefer 2 apply (blast dest: transM)
   3.344  apply (simp add: is_depth_def)
   3.345 @@ -883,19 +883,19 @@
   3.346      "[i=>o, [i,i,i]=>o, [i,i,i]=>o, [i,i,i]=>o, [i,i]=>o, i, i] => o" where
   3.347    --{*no constraint on non-formulas*}
   3.348    "is_formula_case(M, is_a, is_b, is_c, is_d, p, z) ==
   3.349 -      (\<forall>x[M]. \<forall>y[M]. finite_ordinal(M,x) --> finite_ordinal(M,y) -->
   3.350 -                      is_Member(M,x,y,p) --> is_a(x,y,z)) &
   3.351 -      (\<forall>x[M]. \<forall>y[M]. finite_ordinal(M,x) --> finite_ordinal(M,y) -->
   3.352 -                      is_Equal(M,x,y,p) --> is_b(x,y,z)) &
   3.353 -      (\<forall>x[M]. \<forall>y[M]. mem_formula(M,x) --> mem_formula(M,y) -->
   3.354 -                     is_Nand(M,x,y,p) --> is_c(x,y,z)) &
   3.355 -      (\<forall>x[M]. mem_formula(M,x) --> is_Forall(M,x,p) --> is_d(x,z))"
   3.356 +      (\<forall>x[M]. \<forall>y[M]. finite_ordinal(M,x) \<longrightarrow> finite_ordinal(M,y) \<longrightarrow>
   3.357 +                      is_Member(M,x,y,p) \<longrightarrow> is_a(x,y,z)) &
   3.358 +      (\<forall>x[M]. \<forall>y[M]. finite_ordinal(M,x) \<longrightarrow> finite_ordinal(M,y) \<longrightarrow>
   3.359 +                      is_Equal(M,x,y,p) \<longrightarrow> is_b(x,y,z)) &
   3.360 +      (\<forall>x[M]. \<forall>y[M]. mem_formula(M,x) \<longrightarrow> mem_formula(M,y) \<longrightarrow>
   3.361 +                     is_Nand(M,x,y,p) \<longrightarrow> is_c(x,y,z)) &
   3.362 +      (\<forall>x[M]. mem_formula(M,x) \<longrightarrow> is_Forall(M,x,p) \<longrightarrow> is_d(x,z))"
   3.363  
   3.364  lemma (in M_datatypes) formula_case_abs [simp]:
   3.365       "[| Relation2(M,nat,nat,is_a,a); Relation2(M,nat,nat,is_b,b);
   3.366           Relation2(M,formula,formula,is_c,c); Relation1(M,formula,is_d,d);
   3.367           p \<in> formula; M(z) |]
   3.368 -      ==> is_formula_case(M,is_a,is_b,is_c,is_d,p,z) <->
   3.369 +      ==> is_formula_case(M,is_a,is_b,is_c,is_d,p,z) \<longleftrightarrow>
   3.370            z = formula_case(a,b,c,d,p)"
   3.371  apply (simp add: formula_into_M is_formula_case_def)
   3.372  apply (erule formula.cases)
   3.373 @@ -904,10 +904,10 @@
   3.374  
   3.375  lemma (in M_datatypes) formula_case_closed [intro,simp]:
   3.376    "[|p \<in> formula;
   3.377 -     \<forall>x[M]. \<forall>y[M]. x\<in>nat --> y\<in>nat --> M(a(x,y));
   3.378 -     \<forall>x[M]. \<forall>y[M]. x\<in>nat --> y\<in>nat --> M(b(x,y));
   3.379 -     \<forall>x[M]. \<forall>y[M]. x\<in>formula --> y\<in>formula --> M(c(x,y));
   3.380 -     \<forall>x[M]. x\<in>formula --> M(d(x))|] ==> M(formula_case(a,b,c,d,p))"
   3.381 +     \<forall>x[M]. \<forall>y[M]. x\<in>nat \<longrightarrow> y\<in>nat \<longrightarrow> M(a(x,y));
   3.382 +     \<forall>x[M]. \<forall>y[M]. x\<in>nat \<longrightarrow> y\<in>nat \<longrightarrow> M(b(x,y));
   3.383 +     \<forall>x[M]. \<forall>y[M]. x\<in>formula \<longrightarrow> y\<in>formula \<longrightarrow> M(c(x,y));
   3.384 +     \<forall>x[M]. x\<in>formula \<longrightarrow> M(d(x))|] ==> M(formula_case(a,b,c,d,p))"
   3.385  by (erule formula.cases, simp_all)
   3.386  
   3.387  
   3.388 @@ -946,7 +946,7 @@
   3.389    fixes a and is_a and b and is_b and c and is_c and d and is_d and MH
   3.390    defines
   3.391        "MH(u::i,f,z) ==
   3.392 -        \<forall>fml[M]. is_formula(M,fml) -->
   3.393 +        \<forall>fml[M]. is_formula(M,fml) \<longrightarrow>
   3.394               is_lambda
   3.395           (M, fml, is_formula_case (M, is_a, is_b, is_c(f), is_d(f)), z)"
   3.396  
   3.397 @@ -1003,7 +1003,7 @@
   3.398  
   3.399  theorem (in Formula_Rec) formula_rec_abs:
   3.400    "[| p \<in> formula; M(z)|]
   3.401 -   ==> is_formula_rec(M,MH,p,z) <-> z = formula_rec(a,b,c,d,p)"
   3.402 +   ==> is_formula_rec(M,MH,p,z) \<longleftrightarrow> z = formula_rec(a,b,c,d,p)"
   3.403  by (simp add: is_formula_rec_def formula_rec_eq transM [OF _ formula_closed]
   3.404                transrec_abs [OF fr_replace MH_rel2] depth_type
   3.405                fr_transrec_closed formula_rec_lam_closed eq_commute)
     4.1 --- a/src/ZF/Constructible/Formula.thy	Tue Mar 06 16:46:27 2012 +0000
     4.2 +++ b/src/ZF/Constructible/Formula.thy	Tue Mar 06 17:01:37 2012 +0000
     4.3 @@ -45,38 +45,38 @@
     4.4    "Exists(p) == Neg(Forall(Neg(p)))";
     4.5  
     4.6  lemma Neg_type [TC]: "p \<in> formula ==> Neg(p) \<in> formula"
     4.7 -by (simp add: Neg_def) 
     4.8 +by (simp add: Neg_def)
     4.9  
    4.10  lemma And_type [TC]: "[| p \<in> formula; q \<in> formula |] ==> And(p,q) \<in> formula"
    4.11 -by (simp add: And_def) 
    4.12 +by (simp add: And_def)
    4.13  
    4.14  lemma Or_type [TC]: "[| p \<in> formula; q \<in> formula |] ==> Or(p,q) \<in> formula"
    4.15 -by (simp add: Or_def) 
    4.16 +by (simp add: Or_def)
    4.17  
    4.18  lemma Implies_type [TC]:
    4.19       "[| p \<in> formula; q \<in> formula |] ==> Implies(p,q) \<in> formula"
    4.20 -by (simp add: Implies_def) 
    4.21 +by (simp add: Implies_def)
    4.22  
    4.23  lemma Iff_type [TC]:
    4.24       "[| p \<in> formula; q \<in> formula |] ==> Iff(p,q) \<in> formula"
    4.25 -by (simp add: Iff_def) 
    4.26 +by (simp add: Iff_def)
    4.27  
    4.28  lemma Exists_type [TC]: "p \<in> formula ==> Exists(p) \<in> formula"
    4.29 -by (simp add: Exists_def) 
    4.30 +by (simp add: Exists_def)
    4.31  
    4.32  
    4.33  consts   satisfies :: "[i,i]=>i"
    4.34  primrec (*explicit lambda is required because the environment varies*)
    4.35 -  "satisfies(A,Member(x,y)) = 
    4.36 +  "satisfies(A,Member(x,y)) =
    4.37        (\<lambda>env \<in> list(A). bool_of_o (nth(x,env) \<in> nth(y,env)))"
    4.38  
    4.39 -  "satisfies(A,Equal(x,y)) = 
    4.40 +  "satisfies(A,Equal(x,y)) =
    4.41        (\<lambda>env \<in> list(A). bool_of_o (nth(x,env) = nth(y,env)))"
    4.42  
    4.43    "satisfies(A,Nand(p,q)) =
    4.44        (\<lambda>env \<in> list(A). not ((satisfies(A,p)`env) and (satisfies(A,q)`env)))"
    4.45  
    4.46 -  "satisfies(A,Forall(p)) = 
    4.47 +  "satisfies(A,Forall(p)) =
    4.48        (\<lambda>env \<in> list(A). bool_of_o (\<forall>x\<in>A. satisfies(A,p) ` (Cons(x,env)) = 1))"
    4.49  
    4.50  
    4.51 @@ -88,57 +88,57 @@
    4.52    "sats(A,p,env) == satisfies(A,p)`env = 1"
    4.53  
    4.54  lemma [simp]:
    4.55 -  "env \<in> list(A) 
    4.56 -   ==> sats(A, Member(x,y), env) <-> nth(x,env) \<in> nth(y,env)"
    4.57 +  "env \<in> list(A)
    4.58 +   ==> sats(A, Member(x,y), env) \<longleftrightarrow> nth(x,env) \<in> nth(y,env)"
    4.59  by simp
    4.60  
    4.61  lemma [simp]:
    4.62 -  "env \<in> list(A) 
    4.63 -   ==> sats(A, Equal(x,y), env) <-> nth(x,env) = nth(y,env)"
    4.64 +  "env \<in> list(A)
    4.65 +   ==> sats(A, Equal(x,y), env) \<longleftrightarrow> nth(x,env) = nth(y,env)"
    4.66  by simp
    4.67  
    4.68  lemma sats_Nand_iff [simp]:
    4.69 -  "env \<in> list(A) 
    4.70 -   ==> (sats(A, Nand(p,q), env)) <-> ~ (sats(A,p,env) & sats(A,q,env))" 
    4.71 -by (simp add: Bool.and_def Bool.not_def cond_def) 
    4.72 +  "env \<in> list(A)
    4.73 +   ==> (sats(A, Nand(p,q), env)) \<longleftrightarrow> ~ (sats(A,p,env) & sats(A,q,env))"
    4.74 +by (simp add: Bool.and_def Bool.not_def cond_def)
    4.75  
    4.76  lemma sats_Forall_iff [simp]:
    4.77 -  "env \<in> list(A) 
    4.78 -   ==> sats(A, Forall(p), env) <-> (\<forall>x\<in>A. sats(A, p, Cons(x,env)))"
    4.79 +  "env \<in> list(A)
    4.80 +   ==> sats(A, Forall(p), env) \<longleftrightarrow> (\<forall>x\<in>A. sats(A, p, Cons(x,env)))"
    4.81  by simp
    4.82  
    4.83 -declare satisfies.simps [simp del]; 
    4.84 +declare satisfies.simps [simp del];
    4.85  
    4.86  subsection{*Dividing line between primitive and derived connectives*}
    4.87  
    4.88  lemma sats_Neg_iff [simp]:
    4.89 -  "env \<in> list(A) 
    4.90 -   ==> sats(A, Neg(p), env) <-> ~ sats(A,p,env)"
    4.91 -by (simp add: Neg_def) 
    4.92 +  "env \<in> list(A)
    4.93 +   ==> sats(A, Neg(p), env) \<longleftrightarrow> ~ sats(A,p,env)"
    4.94 +by (simp add: Neg_def)
    4.95  
    4.96  lemma sats_And_iff [simp]:
    4.97 -  "env \<in> list(A) 
    4.98 -   ==> (sats(A, And(p,q), env)) <-> sats(A,p,env) & sats(A,q,env)"
    4.99 -by (simp add: And_def) 
   4.100 +  "env \<in> list(A)
   4.101 +   ==> (sats(A, And(p,q), env)) \<longleftrightarrow> sats(A,p,env) & sats(A,q,env)"
   4.102 +by (simp add: And_def)
   4.103  
   4.104  lemma sats_Or_iff [simp]:
   4.105 -  "env \<in> list(A) 
   4.106 -   ==> (sats(A, Or(p,q), env)) <-> sats(A,p,env) | sats(A,q,env)"
   4.107 +  "env \<in> list(A)
   4.108 +   ==> (sats(A, Or(p,q), env)) \<longleftrightarrow> sats(A,p,env) | sats(A,q,env)"
   4.109  by (simp add: Or_def)
   4.110  
   4.111  lemma sats_Implies_iff [simp]:
   4.112 -  "env \<in> list(A) 
   4.113 -   ==> (sats(A, Implies(p,q), env)) <-> (sats(A,p,env) --> sats(A,q,env))"
   4.114 -by (simp add: Implies_def, blast) 
   4.115 +  "env \<in> list(A)
   4.116 +   ==> (sats(A, Implies(p,q), env)) \<longleftrightarrow> (sats(A,p,env) \<longrightarrow> sats(A,q,env))"
   4.117 +by (simp add: Implies_def, blast)
   4.118  
   4.119  lemma sats_Iff_iff [simp]:
   4.120 -  "env \<in> list(A) 
   4.121 -   ==> (sats(A, Iff(p,q), env)) <-> (sats(A,p,env) <-> sats(A,q,env))"
   4.122 -by (simp add: Iff_def, blast) 
   4.123 +  "env \<in> list(A)
   4.124 +   ==> (sats(A, Iff(p,q), env)) \<longleftrightarrow> (sats(A,p,env) \<longleftrightarrow> sats(A,q,env))"
   4.125 +by (simp add: Iff_def, blast)
   4.126  
   4.127  lemma sats_Exists_iff [simp]:
   4.128 -  "env \<in> list(A) 
   4.129 -   ==> sats(A, Exists(p), env) <-> (\<exists>x\<in>A. sats(A, p, Cons(x,env)))"
   4.130 +  "env \<in> list(A)
   4.131 +   ==> sats(A, Exists(p), env) \<longleftrightarrow> (\<exists>x\<in>A. sats(A, p, Cons(x,env)))"
   4.132  by (simp add: Exists_def)
   4.133  
   4.134  
   4.135 @@ -146,50 +146,50 @@
   4.136  
   4.137  lemma mem_iff_sats:
   4.138        "[| nth(i,env) = x; nth(j,env) = y; env \<in> list(A)|]
   4.139 -       ==> (x\<in>y) <-> sats(A, Member(i,j), env)" 
   4.140 +       ==> (x\<in>y) \<longleftrightarrow> sats(A, Member(i,j), env)"
   4.141  by (simp add: satisfies.simps)
   4.142  
   4.143  lemma equal_iff_sats:
   4.144        "[| nth(i,env) = x; nth(j,env) = y; env \<in> list(A)|]
   4.145 -       ==> (x=y) <-> sats(A, Equal(i,j), env)" 
   4.146 +       ==> (x=y) \<longleftrightarrow> sats(A, Equal(i,j), env)"
   4.147  by (simp add: satisfies.simps)
   4.148  
   4.149  lemma not_iff_sats:
   4.150 -      "[| P <-> sats(A,p,env); env \<in> list(A)|]
   4.151 -       ==> (~P) <-> sats(A, Neg(p), env)"
   4.152 +      "[| P \<longleftrightarrow> sats(A,p,env); env \<in> list(A)|]
   4.153 +       ==> (~P) \<longleftrightarrow> sats(A, Neg(p), env)"
   4.154  by simp
   4.155  
   4.156  lemma conj_iff_sats:
   4.157 -      "[| P <-> sats(A,p,env); Q <-> sats(A,q,env); env \<in> list(A)|]
   4.158 -       ==> (P & Q) <-> sats(A, And(p,q), env)"
   4.159 +      "[| P \<longleftrightarrow> sats(A,p,env); Q \<longleftrightarrow> sats(A,q,env); env \<in> list(A)|]
   4.160 +       ==> (P & Q) \<longleftrightarrow> sats(A, And(p,q), env)"
   4.161  by (simp add: sats_And_iff)
   4.162  
   4.163  lemma disj_iff_sats:
   4.164 -      "[| P <-> sats(A,p,env); Q <-> sats(A,q,env); env \<in> list(A)|]
   4.165 -       ==> (P | Q) <-> sats(A, Or(p,q), env)"
   4.166 +      "[| P \<longleftrightarrow> sats(A,p,env); Q \<longleftrightarrow> sats(A,q,env); env \<in> list(A)|]
   4.167 +       ==> (P | Q) \<longleftrightarrow> sats(A, Or(p,q), env)"
   4.168  by (simp add: sats_Or_iff)
   4.169  
   4.170  lemma iff_iff_sats:
   4.171 -      "[| P <-> sats(A,p,env); Q <-> sats(A,q,env); env \<in> list(A)|]
   4.172 -       ==> (P <-> Q) <-> sats(A, Iff(p,q), env)"
   4.173 -by (simp add: sats_Forall_iff) 
   4.174 +      "[| P \<longleftrightarrow> sats(A,p,env); Q \<longleftrightarrow> sats(A,q,env); env \<in> list(A)|]
   4.175 +       ==> (P \<longleftrightarrow> Q) \<longleftrightarrow> sats(A, Iff(p,q), env)"
   4.176 +by (simp add: sats_Forall_iff)
   4.177  
   4.178  lemma imp_iff_sats:
   4.179 -      "[| P <-> sats(A,p,env); Q <-> sats(A,q,env); env \<in> list(A)|]
   4.180 -       ==> (P --> Q) <-> sats(A, Implies(p,q), env)"
   4.181 -by (simp add: sats_Forall_iff) 
   4.182 +      "[| P \<longleftrightarrow> sats(A,p,env); Q \<longleftrightarrow> sats(A,q,env); env \<in> list(A)|]
   4.183 +       ==> (P \<longrightarrow> Q) \<longleftrightarrow> sats(A, Implies(p,q), env)"
   4.184 +by (simp add: sats_Forall_iff)
   4.185  
   4.186  lemma ball_iff_sats:
   4.187 -      "[| !!x. x\<in>A ==> P(x) <-> sats(A, p, Cons(x, env)); env \<in> list(A)|]
   4.188 -       ==> (\<forall>x\<in>A. P(x)) <-> sats(A, Forall(p), env)"
   4.189 -by (simp add: sats_Forall_iff) 
   4.190 +      "[| !!x. x\<in>A ==> P(x) \<longleftrightarrow> sats(A, p, Cons(x, env)); env \<in> list(A)|]
   4.191 +       ==> (\<forall>x\<in>A. P(x)) \<longleftrightarrow> sats(A, Forall(p), env)"
   4.192 +by (simp add: sats_Forall_iff)
   4.193  
   4.194  lemma bex_iff_sats:
   4.195 -      "[| !!x. x\<in>A ==> P(x) <-> sats(A, p, Cons(x, env)); env \<in> list(A)|]
   4.196 -       ==> (\<exists>x\<in>A. P(x)) <-> sats(A, Exists(p), env)"
   4.197 -by (simp add: sats_Exists_iff) 
   4.198 +      "[| !!x. x\<in>A ==> P(x) \<longleftrightarrow> sats(A, p, Cons(x, env)); env \<in> list(A)|]
   4.199 +       ==> (\<exists>x\<in>A. P(x)) \<longleftrightarrow> sats(A, Exists(p), env)"
   4.200 +by (simp add: sats_Exists_iff)
   4.201  
   4.202 -lemmas FOL_iff_sats = 
   4.203 +lemmas FOL_iff_sats =
   4.204          mem_iff_sats equal_iff_sats not_iff_sats conj_iff_sats
   4.205          disj_iff_sats imp_iff_sats iff_iff_sats imp_iff_sats ball_iff_sats
   4.206          bex_iff_sats
   4.207 @@ -209,43 +209,43 @@
   4.208  
   4.209  
   4.210  lemma arity_type [TC]: "p \<in> formula ==> arity(p) \<in> nat"
   4.211 -by (induct_tac p, simp_all) 
   4.212 +by (induct_tac p, simp_all)
   4.213  
   4.214  lemma arity_Neg [simp]: "arity(Neg(p)) = arity(p)"
   4.215 -by (simp add: Neg_def) 
   4.216 +by (simp add: Neg_def)
   4.217  
   4.218  lemma arity_And [simp]: "arity(And(p,q)) = arity(p) \<union> arity(q)"
   4.219 -by (simp add: And_def) 
   4.220 +by (simp add: And_def)
   4.221  
   4.222  lemma arity_Or [simp]: "arity(Or(p,q)) = arity(p) \<union> arity(q)"
   4.223 -by (simp add: Or_def) 
   4.224 +by (simp add: Or_def)
   4.225  
   4.226  lemma arity_Implies [simp]: "arity(Implies(p,q)) = arity(p) \<union> arity(q)"
   4.227 -by (simp add: Implies_def) 
   4.228 +by (simp add: Implies_def)
   4.229  
   4.230  lemma arity_Iff [simp]: "arity(Iff(p,q)) = arity(p) \<union> arity(q)"
   4.231  by (simp add: Iff_def, blast)
   4.232  
   4.233  lemma arity_Exists [simp]: "arity(Exists(p)) = Arith.pred(arity(p))"
   4.234 -by (simp add: Exists_def) 
   4.235 +by (simp add: Exists_def)
   4.236  
   4.237  
   4.238  lemma arity_sats_iff [rule_format]:
   4.239    "[| p \<in> formula; extra \<in> list(A) |]
   4.240 -   ==> \<forall>env \<in> list(A). 
   4.241 -           arity(p) \<le> length(env) --> 
   4.242 -           sats(A, p, env @ extra) <-> sats(A, p, env)"
   4.243 +   ==> \<forall>env \<in> list(A).
   4.244 +           arity(p) \<le> length(env) \<longrightarrow>
   4.245 +           sats(A, p, env @ extra) \<longleftrightarrow> sats(A, p, env)"
   4.246  apply (induct_tac p)
   4.247  apply (simp_all add: Arith.pred_def nth_append Un_least_lt_iff nat_imp_quasinat
   4.248 -                split: split_nat_case, auto) 
   4.249 +                split: split_nat_case, auto)
   4.250  done
   4.251  
   4.252  lemma arity_sats1_iff:
   4.253 -  "[| arity(p) \<le> succ(length(env)); p \<in> formula; x \<in> A; env \<in> list(A); 
   4.254 +  "[| arity(p) \<le> succ(length(env)); p \<in> formula; x \<in> A; env \<in> list(A);
   4.255        extra \<in> list(A) |]
   4.256 -   ==> sats(A, p, Cons(x, env @ extra)) <-> sats(A, p, Cons(x, env))"
   4.257 +   ==> sats(A, p, Cons(x, env @ extra)) \<longleftrightarrow> sats(A, p, Cons(x, env))"
   4.258  apply (insert arity_sats_iff [of p extra A "Cons(x,env)"])
   4.259 -apply simp 
   4.260 +apply simp
   4.261  done
   4.262  
   4.263  
   4.264 @@ -259,30 +259,30 @@
   4.265  by (simp add: incr_var_def)
   4.266  
   4.267  lemma incr_var_le: "nq\<le>x ==> incr_var(x,nq) = succ(x)"
   4.268 -apply (simp add: incr_var_def) 
   4.269 -apply (blast dest: lt_trans1) 
   4.270 +apply (simp add: incr_var_def)
   4.271 +apply (blast dest: lt_trans1)
   4.272  done
   4.273  
   4.274  consts   incr_bv :: "i=>i"
   4.275  primrec
   4.276 -  "incr_bv(Member(x,y)) = 
   4.277 +  "incr_bv(Member(x,y)) =
   4.278        (\<lambda>nq \<in> nat. Member (incr_var(x,nq), incr_var(y,nq)))"
   4.279  
   4.280 -  "incr_bv(Equal(x,y)) = 
   4.281 +  "incr_bv(Equal(x,y)) =
   4.282        (\<lambda>nq \<in> nat. Equal (incr_var(x,nq), incr_var(y,nq)))"
   4.283  
   4.284    "incr_bv(Nand(p,q)) =
   4.285        (\<lambda>nq \<in> nat. Nand (incr_bv(p)`nq, incr_bv(q)`nq))"
   4.286  
   4.287 -  "incr_bv(Forall(p)) = 
   4.288 +  "incr_bv(Forall(p)) =
   4.289        (\<lambda>nq \<in> nat. Forall (incr_bv(p) ` succ(nq)))"
   4.290  
   4.291  
   4.292  lemma [TC]: "x \<in> nat ==> incr_var(x,nq) \<in> nat"
   4.293 -by (simp add: incr_var_def) 
   4.294 +by (simp add: incr_var_def)
   4.295  
   4.296  lemma incr_bv_type [TC]: "p \<in> formula ==> incr_bv(p) \<in> nat -> formula"
   4.297 -by (induct_tac p, simp_all) 
   4.298 +by (induct_tac p, simp_all)
   4.299  
   4.300  text{*Obviously, @{term DPow} is closed under complements and finite
   4.301  intersections and unions.  Needs an inductive lemma to allow two lists of
   4.302 @@ -290,8 +290,8 @@
   4.303  
   4.304  lemma sats_incr_bv_iff [rule_format]:
   4.305    "[| p \<in> formula; env \<in> list(A); x \<in> A |]
   4.306 -   ==> \<forall>bvs \<in> list(A). 
   4.307 -           sats(A, incr_bv(p) ` length(bvs), bvs @ Cons(x,env)) <-> 
   4.308 +   ==> \<forall>bvs \<in> list(A).
   4.309 +           sats(A, incr_bv(p) ` length(bvs), bvs @ Cons(x,env)) \<longleftrightarrow>
   4.310             sats(A, p, bvs@env)"
   4.311  apply (induct_tac p)
   4.312  apply (simp_all add: incr_var_def nth_append succ_lt_iff length_type)
   4.313 @@ -305,35 +305,35 @@
   4.314        ==> succ(x) \<union> incr_var(y,nq) = succ(x \<union> y)"
   4.315  apply (simp add: incr_var_def Ord_Un_if, auto)
   4.316    apply (blast intro: leI)
   4.317 - apply (simp add: not_lt_iff_le)  
   4.318 - apply (blast intro: le_anti_sym) 
   4.319 -apply (blast dest: lt_trans2) 
   4.320 + apply (simp add: not_lt_iff_le)
   4.321 + apply (blast intro: le_anti_sym)
   4.322 +apply (blast dest: lt_trans2)
   4.323  done
   4.324  
   4.325  lemma incr_And_lemma:
   4.326       "y < x ==> y \<union> succ(x) = succ(x \<union> y)"
   4.327 -apply (simp add: Ord_Un_if lt_Ord lt_Ord2 succ_lt_iff) 
   4.328 -apply (blast dest: lt_asym) 
   4.329 +apply (simp add: Ord_Un_if lt_Ord lt_Ord2 succ_lt_iff)
   4.330 +apply (blast dest: lt_asym)
   4.331  done
   4.332  
   4.333  lemma arity_incr_bv_lemma [rule_format]:
   4.334 -  "p \<in> formula 
   4.335 -   ==> \<forall>n \<in> nat. arity (incr_bv(p) ` n) = 
   4.336 +  "p \<in> formula
   4.337 +   ==> \<forall>n \<in> nat. arity (incr_bv(p) ` n) =
   4.338                   (if n < arity(p) then succ(arity(p)) else arity(p))"
   4.339 -apply (induct_tac p) 
   4.340 +apply (induct_tac p)
   4.341  apply (simp_all add: imp_disj not_lt_iff_le Un_least_lt_iff lt_Un_iff le_Un_iff
   4.342                       succ_Un_distrib [symmetric] incr_var_lt incr_var_le
   4.343                       Un_commute incr_var_lemma Arith.pred_def nat_imp_quasinat
   4.344 -            split: split_nat_case) 
   4.345 +            split: split_nat_case)
   4.346   txt{*the Forall case reduces to linear arithmetic*}
   4.347   prefer 2
   4.348 - apply clarify 
   4.349 - apply (blast dest: lt_trans1) 
   4.350 + apply clarify
   4.351 + apply (blast dest: lt_trans1)
   4.352  txt{*left with the And case*}
   4.353  apply safe
   4.354 - apply (blast intro: incr_And_lemma lt_trans1) 
   4.355 + apply (blast intro: incr_And_lemma lt_trans1)
   4.356  apply (subst incr_And_lemma)
   4.357 - apply (blast intro: lt_trans1) 
   4.358 + apply (blast intro: lt_trans1)
   4.359  apply (simp add: Un_commute)
   4.360  done
   4.361  
   4.362 @@ -346,26 +346,26 @@
   4.363  
   4.364  
   4.365  lemma incr_bv1_type [TC]: "p \<in> formula ==> incr_bv1(p) \<in> formula"
   4.366 -by (simp add: incr_bv1_def) 
   4.367 +by (simp add: incr_bv1_def)
   4.368  
   4.369  (*For renaming all but the bound variable at level 0*)
   4.370  lemma sats_incr_bv1_iff:
   4.371    "[| p \<in> formula; env \<in> list(A); x \<in> A; y \<in> A |]
   4.372 -   ==> sats(A, incr_bv1(p), Cons(x, Cons(y, env))) <-> 
   4.373 +   ==> sats(A, incr_bv1(p), Cons(x, Cons(y, env))) \<longleftrightarrow>
   4.374         sats(A, p, Cons(x,env))"
   4.375  apply (insert sats_incr_bv_iff [of p env A y "Cons(x,Nil)"])
   4.376 -apply (simp add: incr_bv1_def) 
   4.377 +apply (simp add: incr_bv1_def)
   4.378  done
   4.379  
   4.380  lemma formula_add_params1 [rule_format]:
   4.381    "[| p \<in> formula; n \<in> nat; x \<in> A |]
   4.382 -   ==> \<forall>bvs \<in> list(A). \<forall>env \<in> list(A). 
   4.383 -          length(bvs) = n --> 
   4.384 -          sats(A, iterates(incr_bv1, n, p), Cons(x, bvs@env)) <-> 
   4.385 +   ==> \<forall>bvs \<in> list(A). \<forall>env \<in> list(A).
   4.386 +          length(bvs) = n \<longrightarrow>
   4.387 +          sats(A, iterates(incr_bv1, n, p), Cons(x, bvs@env)) \<longleftrightarrow>
   4.388            sats(A, p, Cons(x,env))"
   4.389 -apply (induct_tac n, simp, clarify) 
   4.390 +apply (induct_tac n, simp, clarify)
   4.391  apply (erule list.cases)
   4.392 -apply (simp_all add: sats_incr_bv1_iff) 
   4.393 +apply (simp_all add: sats_incr_bv1_iff)
   4.394  done
   4.395  
   4.396  
   4.397 @@ -374,17 +374,17 @@
   4.398     ==> arity(incr_bv1(p)) =
   4.399          (if 1 < arity(p) then succ(arity(p)) else arity(p))"
   4.400  apply (insert arity_incr_bv_lemma [of p 1])
   4.401 -apply (simp add: incr_bv1_def) 
   4.402 +apply (simp add: incr_bv1_def)
   4.403  done
   4.404  
   4.405  lemma arity_iterates_incr_bv1_eq:
   4.406    "[| p \<in> formula; n \<in> nat |]
   4.407     ==> arity(incr_bv1^n(p)) =
   4.408           (if 1 < arity(p) then n #+ arity(p) else arity(p))"
   4.409 -apply (induct_tac n) 
   4.410 +apply (induct_tac n)
   4.411  apply (simp_all add: arity_incr_bv1_eq)
   4.412  apply (simp add: not_lt_iff_le)
   4.413 -apply (blast intro: le_trans add_le_self2 arity_type) 
   4.414 +apply (blast intro: le_trans add_le_self2 arity_type)
   4.415  done
   4.416  
   4.417  
   4.418 @@ -394,112 +394,112 @@
   4.419  text{*The definable powerset operation: Kunen's definition VI 1.1, page 165.*}
   4.420  definition
   4.421    DPow :: "i => i" where
   4.422 -  "DPow(A) == {X \<in> Pow(A). 
   4.423 -               \<exists>env \<in> list(A). \<exists>p \<in> formula. 
   4.424 -                 arity(p) \<le> succ(length(env)) & 
   4.425 +  "DPow(A) == {X \<in> Pow(A).
   4.426 +               \<exists>env \<in> list(A). \<exists>p \<in> formula.
   4.427 +                 arity(p) \<le> succ(length(env)) &
   4.428                   X = {x\<in>A. sats(A, p, Cons(x,env))}}"
   4.429  
   4.430  lemma DPowI:
   4.431    "[|env \<in> list(A);  p \<in> formula;  arity(p) \<le> succ(length(env))|]
   4.432     ==> {x\<in>A. sats(A, p, Cons(x,env))} \<in> DPow(A)"
   4.433 -by (simp add: DPow_def, blast) 
   4.434 +by (simp add: DPow_def, blast)
   4.435  
   4.436  text{*With this rule we can specify @{term p} later.*}
   4.437  lemma DPowI2 [rule_format]:
   4.438 -  "[|\<forall>x\<in>A. P(x) <-> sats(A, p, Cons(x,env));
   4.439 +  "[|\<forall>x\<in>A. P(x) \<longleftrightarrow> sats(A, p, Cons(x,env));
   4.440       env \<in> list(A);  p \<in> formula;  arity(p) \<le> succ(length(env))|]
   4.441     ==> {x\<in>A. P(x)} \<in> DPow(A)"
   4.442 -by (simp add: DPow_def, blast) 
   4.443 +by (simp add: DPow_def, blast)
   4.444  
   4.445  lemma DPowD:
   4.446 -  "X \<in> DPow(A) 
   4.447 -   ==> X <= A &
   4.448 -       (\<exists>env \<in> list(A). 
   4.449 -        \<exists>p \<in> formula. arity(p) \<le> succ(length(env)) & 
   4.450 +  "X \<in> DPow(A)
   4.451 +   ==> X \<subseteq> A &
   4.452 +       (\<exists>env \<in> list(A).
   4.453 +        \<exists>p \<in> formula. arity(p) \<le> succ(length(env)) &
   4.454                        X = {x\<in>A. sats(A, p, Cons(x,env))})"
   4.455 -by (simp add: DPow_def) 
   4.456 +by (simp add: DPow_def)
   4.457  
   4.458  lemmas DPow_imp_subset = DPowD [THEN conjunct1]
   4.459  
   4.460  (*Kunen's Lemma VI 1.2*)
   4.461 -lemma "[| p \<in> formula; env \<in> list(A); arity(p) \<le> succ(length(env)) |] 
   4.462 +lemma "[| p \<in> formula; env \<in> list(A); arity(p) \<le> succ(length(env)) |]
   4.463         ==> {x\<in>A. sats(A, p, Cons(x,env))} \<in> DPow(A)"
   4.464  by (blast intro: DPowI)
   4.465  
   4.466 -lemma DPow_subset_Pow: "DPow(A) <= Pow(A)"
   4.467 +lemma DPow_subset_Pow: "DPow(A) \<subseteq> Pow(A)"
   4.468  by (simp add: DPow_def, blast)
   4.469  
   4.470  lemma empty_in_DPow: "0 \<in> DPow(A)"
   4.471  apply (simp add: DPow_def)
   4.472 -apply (rule_tac x=Nil in bexI) 
   4.473 - apply (rule_tac x="Neg(Equal(0,0))" in bexI) 
   4.474 -  apply (auto simp add: Un_least_lt_iff) 
   4.475 +apply (rule_tac x=Nil in bexI)
   4.476 + apply (rule_tac x="Neg(Equal(0,0))" in bexI)
   4.477 +  apply (auto simp add: Un_least_lt_iff)
   4.478  done
   4.479  
   4.480  lemma Compl_in_DPow: "X \<in> DPow(A) ==> (A-X) \<in> DPow(A)"
   4.481 -apply (simp add: DPow_def, clarify, auto) 
   4.482 -apply (rule bexI) 
   4.483 - apply (rule_tac x="Neg(p)" in bexI) 
   4.484 -  apply auto 
   4.485 +apply (simp add: DPow_def, clarify, auto)
   4.486 +apply (rule bexI)
   4.487 + apply (rule_tac x="Neg(p)" in bexI)
   4.488 +  apply auto
   4.489  done
   4.490  
   4.491 -lemma Int_in_DPow: "[| X \<in> DPow(A); Y \<in> DPow(A) |] ==> X Int Y \<in> DPow(A)"
   4.492 -apply (simp add: DPow_def, auto) 
   4.493 -apply (rename_tac envp p envq q) 
   4.494 -apply (rule_tac x="envp@envq" in bexI) 
   4.495 +lemma Int_in_DPow: "[| X \<in> DPow(A); Y \<in> DPow(A) |] ==> X \<inter> Y \<in> DPow(A)"
   4.496 +apply (simp add: DPow_def, auto)
   4.497 +apply (rename_tac envp p envq q)
   4.498 +apply (rule_tac x="envp@envq" in bexI)
   4.499   apply (rule_tac x="And(p, iterates(incr_bv1,length(envp),q))" in bexI)
   4.500    apply typecheck
   4.501 -apply (rule conjI) 
   4.502 +apply (rule conjI)
   4.503  (*finally check the arity!*)
   4.504   apply (simp add: arity_iterates_incr_bv1_eq length_app Un_least_lt_iff)
   4.505 - apply (force intro: add_le_self le_trans) 
   4.506 -apply (simp add: arity_sats1_iff formula_add_params1, blast) 
   4.507 + apply (force intro: add_le_self le_trans)
   4.508 +apply (simp add: arity_sats1_iff formula_add_params1, blast)
   4.509  done
   4.510  
   4.511 -lemma Un_in_DPow: "[| X \<in> DPow(A); Y \<in> DPow(A) |] ==> X Un Y \<in> DPow(A)"
   4.512 -apply (subgoal_tac "X Un Y = A - ((A-X) Int (A-Y))") 
   4.513 -apply (simp add: Int_in_DPow Compl_in_DPow) 
   4.514 -apply (simp add: DPow_def, blast) 
   4.515 +lemma Un_in_DPow: "[| X \<in> DPow(A); Y \<in> DPow(A) |] ==> X \<union> Y \<in> DPow(A)"
   4.516 +apply (subgoal_tac "X \<union> Y = A - ((A-X) \<inter> (A-Y))")
   4.517 +apply (simp add: Int_in_DPow Compl_in_DPow)
   4.518 +apply (simp add: DPow_def, blast)
   4.519  done
   4.520  
   4.521  lemma singleton_in_DPow: "a \<in> A ==> {a} \<in> DPow(A)"
   4.522  apply (simp add: DPow_def)
   4.523 -apply (rule_tac x="Cons(a,Nil)" in bexI) 
   4.524 - apply (rule_tac x="Equal(0,1)" in bexI) 
   4.525 +apply (rule_tac x="Cons(a,Nil)" in bexI)
   4.526 + apply (rule_tac x="Equal(0,1)" in bexI)
   4.527    apply typecheck
   4.528 -apply (force simp add: succ_Un_distrib [symmetric])  
   4.529 +apply (force simp add: succ_Un_distrib [symmetric])
   4.530  done
   4.531  
   4.532  lemma cons_in_DPow: "[| a \<in> A; X \<in> DPow(A) |] ==> cons(a,X) \<in> DPow(A)"
   4.533 -apply (rule cons_eq [THEN subst]) 
   4.534 -apply (blast intro: singleton_in_DPow Un_in_DPow) 
   4.535 +apply (rule cons_eq [THEN subst])
   4.536 +apply (blast intro: singleton_in_DPow Un_in_DPow)
   4.537  done
   4.538  
   4.539  (*Part of Lemma 1.3*)
   4.540  lemma Fin_into_DPow: "X \<in> Fin(A) ==> X \<in> DPow(A)"
   4.541 -apply (erule Fin.induct) 
   4.542 - apply (rule empty_in_DPow) 
   4.543 -apply (blast intro: cons_in_DPow) 
   4.544 +apply (erule Fin.induct)
   4.545 + apply (rule empty_in_DPow)
   4.546 +apply (blast intro: cons_in_DPow)
   4.547  done
   4.548  
   4.549  text{*@{term DPow} is not monotonic.  For example, let @{term A} be some
   4.550  non-constructible set of natural numbers, and let @{term B} be @{term nat}.
   4.551 -Then @{term "A<=B"} and obviously @{term "A \<in> DPow(A)"} but @{term "A ~:
   4.552 +Then @{term "A<=B"} and obviously @{term "A \<in> DPow(A)"} but @{term "A \<notin>
   4.553  DPow(B)"}.*}
   4.554  
   4.555 -(*This may be true but the proof looks difficult, requiring relativization 
   4.556 -lemma DPow_insert: "DPow (cons(a,A)) = DPow(A) Un {cons(a,X) . X: DPow(A)}"
   4.557 +(*This may be true but the proof looks difficult, requiring relativization
   4.558 +lemma DPow_insert: "DPow (cons(a,A)) = DPow(A) \<union> {cons(a,X) . X: DPow(A)}"
   4.559  apply (rule equalityI, safe)
   4.560  oops
   4.561  *)
   4.562  
   4.563 -lemma Finite_Pow_subset_Pow: "Finite(A) ==> Pow(A) <= DPow(A)" 
   4.564 +lemma Finite_Pow_subset_Pow: "Finite(A) ==> Pow(A) \<subseteq> DPow(A)"
   4.565  by (blast intro: Fin_into_DPow Finite_into_Fin Fin_subset)
   4.566  
   4.567  lemma Finite_DPow_eq_Pow: "Finite(A) ==> DPow(A) = Pow(A)"
   4.568 -apply (rule equalityI) 
   4.569 -apply (rule DPow_subset_Pow) 
   4.570 -apply (erule Finite_Pow_subset_Pow) 
   4.571 +apply (rule equalityI)
   4.572 +apply (rule DPow_subset_Pow)
   4.573 +apply (erule Finite_Pow_subset_Pow)
   4.574  done
   4.575  
   4.576  
   4.577 @@ -520,18 +520,18 @@
   4.578    "subset_fm(x,y) == Forall(Implies(Member(0,succ(x)), Member(0,succ(y))))"
   4.579  
   4.580  lemma subset_type [TC]: "[| x \<in> nat; y \<in> nat |] ==> subset_fm(x,y) \<in> formula"
   4.581 -by (simp add: subset_fm_def) 
   4.582 +by (simp add: subset_fm_def)
   4.583  
   4.584  lemma arity_subset_fm [simp]:
   4.585       "[| x \<in> nat; y \<in> nat |] ==> arity(subset_fm(x,y)) = succ(x) \<union> succ(y)"
   4.586 -by (simp add: subset_fm_def succ_Un_distrib [symmetric]) 
   4.587 +by (simp add: subset_fm_def succ_Un_distrib [symmetric])
   4.588  
   4.589  lemma sats_subset_fm [simp]:
   4.590     "[|x < length(env); y \<in> nat; env \<in> list(A); Transset(A)|]
   4.591 -    ==> sats(A, subset_fm(x,y), env) <-> nth(x,env) \<subseteq> nth(y,env)"
   4.592 -apply (frule lt_length_in_nat, assumption)  
   4.593 -apply (simp add: subset_fm_def Transset_def) 
   4.594 -apply (blast intro: nth_type) 
   4.595 +    ==> sats(A, subset_fm(x,y), env) \<longleftrightarrow> nth(x,env) \<subseteq> nth(y,env)"
   4.596 +apply (frule lt_length_in_nat, assumption)
   4.597 +apply (simp add: subset_fm_def Transset_def)
   4.598 +apply (blast intro: nth_type)
   4.599  done
   4.600  
   4.601  subsubsection{*Transitive sets*}
   4.602 @@ -541,50 +541,50 @@
   4.603    "transset_fm(x) == Forall(Implies(Member(0,succ(x)), subset_fm(0,succ(x))))"
   4.604  
   4.605  lemma transset_type [TC]: "x \<in> nat ==> transset_fm(x) \<in> formula"
   4.606 -by (simp add: transset_fm_def) 
   4.607 +by (simp add: transset_fm_def)
   4.608  
   4.609  lemma arity_transset_fm [simp]:
   4.610       "x \<in> nat ==> arity(transset_fm(x)) = succ(x)"
   4.611 -by (simp add: transset_fm_def succ_Un_distrib [symmetric]) 
   4.612 +by (simp add: transset_fm_def succ_Un_distrib [symmetric])
   4.613  
   4.614  lemma sats_transset_fm [simp]:
   4.615     "[|x < length(env); env \<in> list(A); Transset(A)|]
   4.616 -    ==> sats(A, transset_fm(x), env) <-> Transset(nth(x,env))"
   4.617 -apply (frule lt_nat_in_nat, erule length_type) 
   4.618 -apply (simp add: transset_fm_def Transset_def) 
   4.619 -apply (blast intro: nth_type) 
   4.620 +    ==> sats(A, transset_fm(x), env) \<longleftrightarrow> Transset(nth(x,env))"
   4.621 +apply (frule lt_nat_in_nat, erule length_type)
   4.622 +apply (simp add: transset_fm_def Transset_def)
   4.623 +apply (blast intro: nth_type)
   4.624  done
   4.625  
   4.626  subsubsection{*Ordinals*}
   4.627  
   4.628  definition
   4.629    ordinal_fm :: "i=>i" where
   4.630 -  "ordinal_fm(x) == 
   4.631 +  "ordinal_fm(x) ==
   4.632      And(transset_fm(x), Forall(Implies(Member(0,succ(x)), transset_fm(0))))"
   4.633  
   4.634  lemma ordinal_type [TC]: "x \<in> nat ==> ordinal_fm(x) \<in> formula"
   4.635 -by (simp add: ordinal_fm_def) 
   4.636 +by (simp add: ordinal_fm_def)
   4.637  
   4.638  lemma arity_ordinal_fm [simp]:
   4.639       "x \<in> nat ==> arity(ordinal_fm(x)) = succ(x)"
   4.640 -by (simp add: ordinal_fm_def succ_Un_distrib [symmetric]) 
   4.641 +by (simp add: ordinal_fm_def succ_Un_distrib [symmetric])
   4.642  
   4.643  lemma sats_ordinal_fm:
   4.644     "[|x < length(env); env \<in> list(A); Transset(A)|]
   4.645 -    ==> sats(A, ordinal_fm(x), env) <-> Ord(nth(x,env))"
   4.646 -apply (frule lt_nat_in_nat, erule length_type) 
   4.647 +    ==> sats(A, ordinal_fm(x), env) \<longleftrightarrow> Ord(nth(x,env))"
   4.648 +apply (frule lt_nat_in_nat, erule length_type)
   4.649  apply (simp add: ordinal_fm_def Ord_def Transset_def)
   4.650 -apply (blast intro: nth_type) 
   4.651 +apply (blast intro: nth_type)
   4.652  done
   4.653  
   4.654  text{*The subset consisting of the ordinals is definable.  Essential lemma for
   4.655  @{text Ord_in_Lset}.  This result is the objective of the present subsection.*}
   4.656  theorem Ords_in_DPow: "Transset(A) ==> {x \<in> A. Ord(x)} \<in> DPow(A)"
   4.657 -apply (simp add: DPow_def Collect_subset) 
   4.658 -apply (rule_tac x=Nil in bexI) 
   4.659 - apply (rule_tac x="ordinal_fm(0)" in bexI) 
   4.660 +apply (simp add: DPow_def Collect_subset)
   4.661 +apply (rule_tac x=Nil in bexI)
   4.662 + apply (rule_tac x="ordinal_fm(0)" in bexI)
   4.663  apply (simp_all add: sats_ordinal_fm)
   4.664 -done 
   4.665 +done
   4.666  
   4.667  
   4.668  subsection{* Constant Lset: Levels of the Constructible Universe *}
   4.669 @@ -596,37 +596,37 @@
   4.670  definition
   4.671    L :: "i=>o" where --{*Kunen's definition VI 1.5, page 167*}
   4.672    "L(x) == \<exists>i. Ord(i) & x \<in> Lset(i)"
   4.673 -  
   4.674 +
   4.675  text{*NOT SUITABLE FOR REWRITING -- RECURSIVE!*}
   4.676 -lemma Lset: "Lset(i) = (UN j:i. DPow(Lset(j)))"
   4.677 +lemma Lset: "Lset(i) = (\<Union>j\<in>i. DPow(Lset(j)))"
   4.678  by (subst Lset_def [THEN def_transrec], simp)
   4.679  
   4.680  lemma LsetI: "[|y\<in>x; A \<in> DPow(Lset(y))|] ==> A \<in> Lset(x)";
   4.681  by (subst Lset, blast)
   4.682  
   4.683  lemma LsetD: "A \<in> Lset(x) ==> \<exists>y\<in>x. A \<in> DPow(Lset(y))";
   4.684 -apply (insert Lset [of x]) 
   4.685 -apply (blast intro: elim: equalityE) 
   4.686 +apply (insert Lset [of x])
   4.687 +apply (blast intro: elim: equalityE)
   4.688  done
   4.689  
   4.690  subsubsection{* Transitivity *}
   4.691  
   4.692  lemma elem_subset_in_DPow: "[|X \<in> A; X \<subseteq> A|] ==> X \<in> DPow(A)"
   4.693  apply (simp add: Transset_def DPow_def)
   4.694 -apply (rule_tac x="[X]" in bexI) 
   4.695 - apply (rule_tac x="Member(0,1)" in bexI) 
   4.696 -  apply (auto simp add: Un_least_lt_iff) 
   4.697 +apply (rule_tac x="[X]" in bexI)
   4.698 + apply (rule_tac x="Member(0,1)" in bexI)
   4.699 +  apply (auto simp add: Un_least_lt_iff)
   4.700  done
   4.701  
   4.702 -lemma Transset_subset_DPow: "Transset(A) ==> A <= DPow(A)"
   4.703 -apply clarify  
   4.704 +lemma Transset_subset_DPow: "Transset(A) ==> A \<subseteq> DPow(A)"
   4.705 +apply clarify
   4.706  apply (simp add: Transset_def)
   4.707 -apply (blast intro: elem_subset_in_DPow) 
   4.708 +apply (blast intro: elem_subset_in_DPow)
   4.709  done
   4.710  
   4.711  lemma Transset_DPow: "Transset(A) ==> Transset(DPow(A))"
   4.712 -apply (simp add: Transset_def) 
   4.713 -apply (blast intro: elem_subset_in_DPow dest: DPowD) 
   4.714 +apply (simp add: Transset_def)
   4.715 +apply (blast intro: elem_subset_in_DPow dest: DPowD)
   4.716  done
   4.717  
   4.718  text{*Kunen's VI 1.6 (a)*}
   4.719 @@ -637,61 +637,61 @@
   4.720  done
   4.721  
   4.722  lemma mem_Lset_imp_subset_Lset: "a \<in> Lset(i) ==> a \<subseteq> Lset(i)"
   4.723 -apply (insert Transset_Lset) 
   4.724 -apply (simp add: Transset_def) 
   4.725 +apply (insert Transset_Lset)
   4.726 +apply (simp add: Transset_def)
   4.727  done
   4.728  
   4.729  subsubsection{* Monotonicity *}
   4.730  
   4.731  text{*Kunen's VI 1.6 (b)*}
   4.732  lemma Lset_mono [rule_format]:
   4.733 -     "ALL j. i<=j --> Lset(i) <= Lset(j)"
   4.734 +     "\<forall>j. i<=j \<longrightarrow> Lset(i) \<subseteq> Lset(j)"
   4.735  proof (induct i rule: eps_induct, intro allI impI)
   4.736    fix x j
   4.737    assume "\<forall>y\<in>x. \<forall>j. y \<subseteq> j \<longrightarrow> Lset(y) \<subseteq> Lset(j)"
   4.738       and "x \<subseteq> j"
   4.739    thus "Lset(x) \<subseteq> Lset(j)"
   4.740 -    by (force simp add: Lset [of x] Lset [of j]) 
   4.741 +    by (force simp add: Lset [of x] Lset [of j])
   4.742  qed
   4.743  
   4.744  text{*This version lets us remove the premise @{term "Ord(i)"} sometimes.*}
   4.745  lemma Lset_mono_mem [rule_format]:
   4.746 -     "ALL j. i:j --> Lset(i) <= Lset(j)"
   4.747 +     "\<forall>j. i:j \<longrightarrow> Lset(i) \<subseteq> Lset(j)"
   4.748  proof (induct i rule: eps_induct, intro allI impI)
   4.749    fix x j
   4.750    assume "\<forall>y\<in>x. \<forall>j. y \<in> j \<longrightarrow> Lset(y) \<subseteq> Lset(j)"
   4.751       and "x \<in> j"
   4.752    thus "Lset(x) \<subseteq> Lset(j)"
   4.753 -    by (force simp add: Lset [of j] 
   4.754 -              intro!: bexI intro: elem_subset_in_DPow dest: LsetD DPowD) 
   4.755 +    by (force simp add: Lset [of j]
   4.756 +              intro!: bexI intro: elem_subset_in_DPow dest: LsetD DPowD)
   4.757  qed
   4.758  
   4.759  
   4.760  text{*Useful with Reflection to bump up the ordinal*}
   4.761  lemma subset_Lset_ltD: "[|A \<subseteq> Lset(i); i < j|] ==> A \<subseteq> Lset(j)"
   4.762 -by (blast dest: ltD [THEN Lset_mono_mem]) 
   4.763 +by (blast dest: ltD [THEN Lset_mono_mem])
   4.764  
   4.765  subsubsection{* 0, successor and limit equations for Lset *}
   4.766  
   4.767  lemma Lset_0 [simp]: "Lset(0) = 0"
   4.768  by (subst Lset, blast)
   4.769  
   4.770 -lemma Lset_succ_subset1: "DPow(Lset(i)) <= Lset(succ(i))"
   4.771 +lemma Lset_succ_subset1: "DPow(Lset(i)) \<subseteq> Lset(succ(i))"
   4.772  by (subst Lset, rule succI1 [THEN RepFunI, THEN Union_upper])
   4.773  
   4.774 -lemma Lset_succ_subset2: "Lset(succ(i)) <= DPow(Lset(i))"
   4.775 +lemma Lset_succ_subset2: "Lset(succ(i)) \<subseteq> DPow(Lset(i))"
   4.776  apply (subst Lset, rule UN_least)
   4.777 -apply (erule succE) 
   4.778 - apply blast 
   4.779 +apply (erule succE)
   4.780 + apply blast
   4.781  apply clarify
   4.782  apply (rule elem_subset_in_DPow)
   4.783   apply (subst Lset)
   4.784 - apply blast 
   4.785 -apply (blast intro: dest: DPowD Lset_mono_mem) 
   4.786 + apply blast
   4.787 +apply (blast intro: dest: DPowD Lset_mono_mem)
   4.788  done
   4.789  
   4.790  lemma Lset_succ: "Lset(succ(i)) = DPow(Lset(i))"
   4.791 -by (intro equalityI Lset_succ_subset1 Lset_succ_subset2) 
   4.792 +by (intro equalityI Lset_succ_subset1 Lset_succ_subset2)
   4.793  
   4.794  lemma Lset_Union [simp]: "Lset(\<Union>(X)) = (\<Union>y\<in>X. Lset(y))"
   4.795  apply (subst Lset)
   4.796 @@ -722,7 +722,7 @@
   4.797  apply (rule classical)
   4.798  apply (rule Limit_Lset_eq [THEN equalityD1, THEN subsetD, THEN UN_E])
   4.799    prefer 2 apply assumption
   4.800 - apply blast 
   4.801 + apply blast
   4.802  apply (blast intro: ltI  Limit_is_Ord)
   4.803  done
   4.804  
   4.805 @@ -734,7 +734,7 @@
   4.806  lemma notin_Lset: "x \<notin> Lset(x)"
   4.807  apply (rule_tac a=x in eps_induct)
   4.808  apply (subst Lset)
   4.809 -apply (blast dest: DPowD)  
   4.810 +apply (blast dest: DPowD)
   4.811  done
   4.812  
   4.813  
   4.814 @@ -743,20 +743,20 @@
   4.815  lemma Ords_of_Lset_eq: "Ord(i) ==> {x\<in>Lset(i). Ord(x)} = i"
   4.816  apply (erule trans_induct3)
   4.817    apply (simp_all add: Lset_succ Limit_Lset_eq Limit_Union_eq)
   4.818 -txt{*The successor case remains.*} 
   4.819 +txt{*The successor case remains.*}
   4.820  apply (rule equalityI)
   4.821  txt{*First inclusion*}
   4.822 - apply clarify  
   4.823 - apply (erule Ord_linear_lt, assumption) 
   4.824 -   apply (blast dest: DPow_imp_subset ltD notE [OF notin_Lset]) 
   4.825 -  apply blast 
   4.826 + apply clarify
   4.827 + apply (erule Ord_linear_lt, assumption)
   4.828 +   apply (blast dest: DPow_imp_subset ltD notE [OF notin_Lset])
   4.829 +  apply blast
   4.830   apply (blast dest: ltD)
   4.831  txt{*Opposite inclusion, @{term "succ(x) \<subseteq> DPow(Lset(x)) \<inter> ON"}*}
   4.832  apply auto
   4.833  txt{*Key case: *}
   4.834 -  apply (erule subst, rule Ords_in_DPow [OF Transset_Lset]) 
   4.835 - apply (blast intro: elem_subset_in_DPow dest: OrdmemD elim: equalityE) 
   4.836 -apply (blast intro: Ord_in_Ord) 
   4.837 +  apply (erule subst, rule Ords_in_DPow [OF Transset_Lset])
   4.838 + apply (blast intro: elem_subset_in_DPow dest: OrdmemD elim: equalityE)
   4.839 +apply (blast intro: Ord_in_Ord)
   4.840  done
   4.841  
   4.842  
   4.843 @@ -765,8 +765,8 @@
   4.844  
   4.845  lemma Ord_in_Lset: "Ord(i) ==> i \<in> Lset(succ(i))"
   4.846  apply (simp add: Lset_succ)
   4.847 -apply (subst Ords_of_Lset_eq [symmetric], assumption, 
   4.848 -       rule Ords_in_DPow [OF Transset_Lset]) 
   4.849 +apply (subst Ords_of_Lset_eq [symmetric], assumption,
   4.850 +       rule Ords_in_DPow [OF Transset_Lset])
   4.851  done
   4.852  
   4.853  lemma Ord_in_L: "Ord(i) ==> L(i)"
   4.854 @@ -775,34 +775,34 @@
   4.855  subsubsection{* Unions *}
   4.856  
   4.857  lemma Union_in_Lset:
   4.858 -     "X \<in> Lset(i) ==> Union(X) \<in> Lset(succ(i))"
   4.859 +     "X \<in> Lset(i) ==> \<Union>(X) \<in> Lset(succ(i))"
   4.860  apply (insert Transset_Lset)
   4.861  apply (rule LsetI [OF succI1])
   4.862 -apply (simp add: Transset_def DPow_def) 
   4.863 +apply (simp add: Transset_def DPow_def)
   4.864  apply (intro conjI, blast)
   4.865  txt{*Now to create the formula @{term "\<exists>y. y \<in> X \<and> x \<in> y"} *}
   4.866 -apply (rule_tac x="Cons(X,Nil)" in bexI) 
   4.867 - apply (rule_tac x="Exists(And(Member(0,2), Member(1,0)))" in bexI) 
   4.868 +apply (rule_tac x="Cons(X,Nil)" in bexI)
   4.869 + apply (rule_tac x="Exists(And(Member(0,2), Member(1,0)))" in bexI)
   4.870    apply typecheck
   4.871 -apply (simp add: succ_Un_distrib [symmetric], blast) 
   4.872 +apply (simp add: succ_Un_distrib [symmetric], blast)
   4.873  done
   4.874  
   4.875 -theorem Union_in_L: "L(X) ==> L(Union(X))"
   4.876 -by (simp add: L_def, blast dest: Union_in_Lset) 
   4.877 +theorem Union_in_L: "L(X) ==> L(\<Union>(X))"
   4.878 +by (simp add: L_def, blast dest: Union_in_Lset)
   4.879  
   4.880  subsubsection{* Finite sets and ordered pairs *}
   4.881  
   4.882  lemma singleton_in_Lset: "a: Lset(i) ==> {a} \<in> Lset(succ(i))"
   4.883 -by (simp add: Lset_succ singleton_in_DPow) 
   4.884 +by (simp add: Lset_succ singleton_in_DPow)
   4.885  
   4.886  lemma doubleton_in_Lset:
   4.887       "[| a: Lset(i);  b: Lset(i) |] ==> {a,b} \<in> Lset(succ(i))"
   4.888 -by (simp add: Lset_succ empty_in_DPow cons_in_DPow) 
   4.889 +by (simp add: Lset_succ empty_in_DPow cons_in_DPow)
   4.890  
   4.891  lemma Pair_in_Lset:
   4.892      "[| a: Lset(i);  b: Lset(i); Ord(i) |] ==> <a,b> \<in> Lset(succ(succ(i)))"
   4.893  apply (unfold Pair_def)
   4.894 -apply (blast intro: doubleton_in_Lset) 
   4.895 +apply (blast intro: doubleton_in_Lset)
   4.896  done
   4.897  
   4.898  lemmas Lset_UnI1 = Un_upper1 [THEN Lset_mono [THEN subsetD]]
   4.899 @@ -818,9 +818,9 @@
   4.900  done
   4.901  
   4.902  theorem doubleton_in_L: "[| L(a); L(b) |] ==> L({a, b})"
   4.903 -apply (simp add: L_def, clarify) 
   4.904 -apply (drule Ord2_imp_greater_Limit, assumption) 
   4.905 -apply (blast intro: lt_LsetI doubleton_in_LLimit Limit_is_Ord) 
   4.906 +apply (simp add: L_def, clarify)
   4.907 +apply (drule Ord2_imp_greater_Limit, assumption)
   4.908 +apply (blast intro: lt_LsetI doubleton_in_LLimit Limit_is_Ord)
   4.909  done
   4.910  
   4.911  lemma Pair_in_LLimit:
   4.912 @@ -828,7 +828,7 @@
   4.913  txt{*Infer that a, b occur at ordinals x,xa < i.*}
   4.914  apply (erule Limit_LsetE, assumption)
   4.915  apply (erule Limit_LsetE, assumption)
   4.916 -txt{*Infer that succ(succ(x Un xa)) < i *}
   4.917 +txt{*Infer that @{term"succ(succ(x \<union> xa)) < i"} *}
   4.918  apply (blast intro: lt_Ord lt_LsetI [OF Pair_in_Lset]
   4.919                      Lset_UnI1 Lset_UnI2 Limit_has_succ Un_least_lt)
   4.920  done
   4.921 @@ -849,38 +849,38 @@
   4.922  lemma Ord_lrank [simp]: "Ord(lrank(a))"
   4.923  by (simp add: lrank_def)
   4.924  
   4.925 -lemma Lset_lrank_lt [rule_format]: "Ord(i) ==> x \<in> Lset(i) --> lrank(x) < i"
   4.926 +lemma Lset_lrank_lt [rule_format]: "Ord(i) ==> x \<in> Lset(i) \<longrightarrow> lrank(x) < i"
   4.927  apply (erule trans_induct3)
   4.928 -  apply simp   
   4.929 - apply (simp only: lrank_def) 
   4.930 - apply (blast intro: Least_le) 
   4.931 -apply (simp_all add: Limit_Lset_eq) 
   4.932 -apply (blast intro: ltI Limit_is_Ord lt_trans) 
   4.933 +  apply simp
   4.934 + apply (simp only: lrank_def)
   4.935 + apply (blast intro: Least_le)
   4.936 +apply (simp_all add: Limit_Lset_eq)
   4.937 +apply (blast intro: ltI Limit_is_Ord lt_trans)
   4.938  done
   4.939  
   4.940  text{*Kunen's VI 1.8.  The proof is much harder than the text would
   4.941  suggest.  For a start, it needs the previous lemma, which is proved by
   4.942  induction.*}
   4.943 -lemma Lset_iff_lrank_lt: "Ord(i) ==> x \<in> Lset(i) <-> L(x) & lrank(x) < i"
   4.944 -apply (simp add: L_def, auto) 
   4.945 - apply (blast intro: Lset_lrank_lt) 
   4.946 - apply (unfold lrank_def) 
   4.947 -apply (drule succI1 [THEN Lset_mono_mem, THEN subsetD]) 
   4.948 -apply (drule_tac P="\<lambda>i. x \<in> Lset(succ(i))" in LeastI, assumption) 
   4.949 -apply (blast intro!: le_imp_subset Lset_mono [THEN subsetD]) 
   4.950 +lemma Lset_iff_lrank_lt: "Ord(i) ==> x \<in> Lset(i) \<longleftrightarrow> L(x) & lrank(x) < i"
   4.951 +apply (simp add: L_def, auto)
   4.952 + apply (blast intro: Lset_lrank_lt)
   4.953 + apply (unfold lrank_def)
   4.954 +apply (drule succI1 [THEN Lset_mono_mem, THEN subsetD])
   4.955 +apply (drule_tac P="\<lambda>i. x \<in> Lset(succ(i))" in LeastI, assumption)
   4.956 +apply (blast intro!: le_imp_subset Lset_mono [THEN subsetD])
   4.957  done
   4.958  
   4.959 -lemma Lset_succ_lrank_iff [simp]: "x \<in> Lset(succ(lrank(x))) <-> L(x)"
   4.960 +lemma Lset_succ_lrank_iff [simp]: "x \<in> Lset(succ(lrank(x))) \<longleftrightarrow> L(x)"
   4.961  by (simp add: Lset_iff_lrank_lt)
   4.962  
   4.963  text{*Kunen's VI 1.9 (a)*}
   4.964  lemma lrank_of_Ord: "Ord(i) ==> lrank(i) = i"
   4.965 -apply (unfold lrank_def) 
   4.966 -apply (rule Least_equality) 
   4.967 -  apply (erule Ord_in_Lset) 
   4.968 +apply (unfold lrank_def)
   4.969 +apply (rule Least_equality)
   4.970 +  apply (erule Ord_in_Lset)
   4.971   apply assumption
   4.972 -apply (insert notin_Lset [of i]) 
   4.973 -apply (blast intro!: le_imp_subset Lset_mono [THEN subsetD]) 
   4.974 +apply (insert notin_Lset [of i])
   4.975 +apply (blast intro!: le_imp_subset Lset_mono [THEN subsetD])
   4.976  done
   4.977  
   4.978  
   4.979 @@ -889,41 +889,41 @@
   4.980  
   4.981  text{*Kunen's VI 1.10 *}
   4.982  lemma Lset_in_Lset_succ: "Lset(i) \<in> Lset(succ(i))";
   4.983 -apply (simp add: Lset_succ DPow_def) 
   4.984 -apply (rule_tac x=Nil in bexI) 
   4.985 - apply (rule_tac x="Equal(0,0)" in bexI) 
   4.986 -apply auto 
   4.987 +apply (simp add: Lset_succ DPow_def)
   4.988 +apply (rule_tac x=Nil in bexI)
   4.989 + apply (rule_tac x="Equal(0,0)" in bexI)
   4.990 +apply auto
   4.991  done
   4.992  
   4.993  lemma lrank_Lset: "Ord(i) ==> lrank(Lset(i)) = i"
   4.994 -apply (unfold lrank_def) 
   4.995 -apply (rule Least_equality) 
   4.996 -  apply (rule Lset_in_Lset_succ) 
   4.997 +apply (unfold lrank_def)
   4.998 +apply (rule Least_equality)
   4.999 +  apply (rule Lset_in_Lset_succ)
  4.1000   apply assumption
  4.1001 -apply clarify 
  4.1002 -apply (subgoal_tac "Lset(succ(ia)) <= Lset(i)")
  4.1003 - apply (blast dest: mem_irrefl) 
  4.1004 -apply (blast intro!: le_imp_subset Lset_mono) 
  4.1005 +apply clarify
  4.1006 +apply (subgoal_tac "Lset(succ(ia)) \<subseteq> Lset(i)")
  4.1007 + apply (blast dest: mem_irrefl)
  4.1008 +apply (blast intro!: le_imp_subset Lset_mono)
  4.1009  done
  4.1010  
  4.1011  text{*Kunen's VI 1.11 *}
  4.1012 -lemma Lset_subset_Vset: "Ord(i) ==> Lset(i) <= Vset(i)";
  4.1013 +lemma Lset_subset_Vset: "Ord(i) ==> Lset(i) \<subseteq> Vset(i)";
  4.1014  apply (erule trans_induct)
  4.1015 -apply (subst Lset) 
  4.1016 -apply (subst Vset) 
  4.1017 -apply (rule UN_mono [OF subset_refl]) 
  4.1018 -apply (rule subset_trans [OF DPow_subset_Pow]) 
  4.1019 -apply (rule Pow_mono, blast) 
  4.1020 +apply (subst Lset)
  4.1021 +apply (subst Vset)
  4.1022 +apply (rule UN_mono [OF subset_refl])
  4.1023 +apply (rule subset_trans [OF DPow_subset_Pow])
  4.1024 +apply (rule Pow_mono, blast)
  4.1025  done
  4.1026  
  4.1027  text{*Kunen's VI 1.12 *}
  4.1028  lemma Lset_subset_Vset': "i \<in> nat ==> Lset(i) = Vset(i)";
  4.1029  apply (erule nat_induct)
  4.1030 - apply (simp add: Vfrom_0) 
  4.1031 -apply (simp add: Lset_succ Vset_succ Finite_Vset Finite_DPow_eq_Pow) 
  4.1032 + apply (simp add: Vfrom_0)
  4.1033 +apply (simp add: Lset_succ Vset_succ Finite_Vset Finite_DPow_eq_Pow)
  4.1034  done
  4.1035  
  4.1036 -text{*Every set of constructible sets is included in some @{term Lset}*} 
  4.1037 +text{*Every set of constructible sets is included in some @{term Lset}*}
  4.1038  lemma subset_Lset:
  4.1039       "(\<forall>x\<in>A. L(x)) ==> \<exists>i. Ord(i) & A \<subseteq> Lset(i)"
  4.1040  by (rule_tac x = "\<Union>x\<in>A. succ(lrank(x))" in exI, force)
  4.1041 @@ -932,32 +932,32 @@
  4.1042       "[|\<forall>x\<in>A. L(x);
  4.1043          !!i. [|Ord(i); A \<subseteq> Lset(i)|] ==> P|]
  4.1044        ==> P"
  4.1045 -by (blast dest: subset_Lset) 
  4.1046 +by (blast dest: subset_Lset)
  4.1047  
  4.1048  subsubsection{*For L to satisfy the Powerset axiom *}
  4.1049  
  4.1050  lemma LPow_env_typing:
  4.1051 -    "[| y \<in> Lset(i); Ord(i); y \<subseteq> X |] 
  4.1052 +    "[| y \<in> Lset(i); Ord(i); y \<subseteq> X |]
  4.1053       ==> \<exists>z \<in> Pow(X). y \<in> Lset(succ(lrank(z)))"
  4.1054 -by (auto intro: L_I iff: Lset_succ_lrank_iff) 
  4.1055 +by (auto intro: L_I iff: Lset_succ_lrank_iff)
  4.1056  
  4.1057  lemma LPow_in_Lset:
  4.1058       "[|X \<in> Lset(i); Ord(i)|] ==> \<exists>j. Ord(j) & {y \<in> Pow(X). L(y)} \<in> Lset(j)"
  4.1059  apply (rule_tac x="succ(\<Union>y \<in> Pow(X). succ(lrank(y)))" in exI)
  4.1060 -apply simp 
  4.1061 +apply simp
  4.1062  apply (rule LsetI [OF succI1])
  4.1063 -apply (simp add: DPow_def) 
  4.1064 -apply (intro conjI, clarify) 
  4.1065 - apply (rule_tac a=x in UN_I, simp+)  
  4.1066 +apply (simp add: DPow_def)
  4.1067 +apply (intro conjI, clarify)
  4.1068 + apply (rule_tac a=x in UN_I, simp+)
  4.1069  txt{*Now to create the formula @{term "y \<subseteq> X"} *}
  4.1070 -apply (rule_tac x="Cons(X,Nil)" in bexI) 
  4.1071 - apply (rule_tac x="subset_fm(0,1)" in bexI) 
  4.1072 +apply (rule_tac x="Cons(X,Nil)" in bexI)
  4.1073 + apply (rule_tac x="subset_fm(0,1)" in bexI)
  4.1074    apply typecheck
  4.1075 - apply (rule conjI) 
  4.1076 -apply (simp add: succ_Un_distrib [symmetric]) 
  4.1077 -apply (rule equality_iffI) 
  4.1078 + apply (rule conjI)
  4.1079 +apply (simp add: succ_Un_distrib [symmetric])
  4.1080 +apply (rule equality_iffI)
  4.1081  apply (simp add: Transset_UN [OF Transset_Lset] LPow_env_typing)
  4.1082 -apply (auto intro: L_I iff: Lset_succ_lrank_iff) 
  4.1083 +apply (auto intro: L_I iff: Lset_succ_lrank_iff)
  4.1084  done
  4.1085  
  4.1086  theorem LPow_in_L: "L(X) ==> L({y \<in> Pow(X). L(y)})"
  4.1087 @@ -971,7 +971,7 @@
  4.1088  
  4.1089  lemma sats_app_0_iff [rule_format]:
  4.1090    "[| p \<in> formula; 0 \<in> A |]
  4.1091 -   ==> \<forall>env \<in> list(A). sats(A,p, env@[0]) <-> sats(A,p,env)"
  4.1092 +   ==> \<forall>env \<in> list(A). sats(A,p, env@[0]) \<longleftrightarrow> sats(A,p,env)"
  4.1093  apply (induct_tac p)
  4.1094  apply (simp_all del: app_Cons add: app_Cons [symmetric]
  4.1095                  add: nth_zero_eq_0 nth_append not_lt_iff_le nth_eq_0)
  4.1096 @@ -979,17 +979,17 @@
  4.1097  
  4.1098  lemma sats_app_zeroes_iff:
  4.1099    "[| p \<in> formula; 0 \<in> A; env \<in> list(A); n \<in> nat |]
  4.1100 -   ==> sats(A,p,env @ repeat(0,n)) <-> sats(A,p,env)"
  4.1101 -apply (induct_tac n, simp) 
  4.1102 +   ==> sats(A,p,env @ repeat(0,n)) \<longleftrightarrow> sats(A,p,env)"
  4.1103 +apply (induct_tac n, simp)
  4.1104  apply (simp del: repeat.simps
  4.1105 -            add: repeat_succ_app sats_app_0_iff app_assoc [symmetric]) 
  4.1106 +            add: repeat_succ_app sats_app_0_iff app_assoc [symmetric])
  4.1107  done
  4.1108  
  4.1109  lemma exists_bigger_env:
  4.1110    "[| p \<in> formula; 0 \<in> A; env \<in> list(A) |]
  4.1111 -   ==> \<exists>env' \<in> list(A). arity(p) \<le> succ(length(env')) & 
  4.1112 -              (\<forall>a\<in>A. sats(A,p,Cons(a,env')) <-> sats(A,p,Cons(a,env)))"
  4.1113 -apply (rule_tac x="env @ repeat(0,arity(p))" in bexI) 
  4.1114 +   ==> \<exists>env' \<in> list(A). arity(p) \<le> succ(length(env')) &
  4.1115 +              (\<forall>a\<in>A. sats(A,p,Cons(a,env')) \<longleftrightarrow> sats(A,p,Cons(a,env)))"
  4.1116 +apply (rule_tac x="env @ repeat(0,arity(p))" in bexI)
  4.1117  apply (simp del: app_Cons add: app_Cons [symmetric]
  4.1118              add: length_repeat sats_app_zeroes_iff, typecheck)
  4.1119  done
  4.1120 @@ -998,28 +998,28 @@
  4.1121  text{*A simpler version of @{term DPow}: no arity check!*}
  4.1122  definition
  4.1123    DPow' :: "i => i" where
  4.1124 -  "DPow'(A) == {X \<in> Pow(A). 
  4.1125 -                \<exists>env \<in> list(A). \<exists>p \<in> formula. 
  4.1126 +  "DPow'(A) == {X \<in> Pow(A).
  4.1127 +                \<exists>env \<in> list(A). \<exists>p \<in> formula.
  4.1128                      X = {x\<in>A. sats(A, p, Cons(x,env))}}"
  4.1129  
  4.1130 -lemma DPow_subset_DPow': "DPow(A) <= DPow'(A)";
  4.1131 +lemma DPow_subset_DPow': "DPow(A) \<subseteq> DPow'(A)";
  4.1132  by (simp add: DPow_def DPow'_def, blast)
  4.1133  
  4.1134  lemma DPow'_0: "DPow'(0) = {0}"
  4.1135  by (auto simp add: DPow'_def)
  4.1136  
  4.1137  lemma DPow'_subset_DPow: "0 \<in> A ==> DPow'(A) \<subseteq> DPow(A)"
  4.1138 -apply (auto simp add: DPow'_def DPow_def) 
  4.1139 -apply (frule exists_bigger_env, assumption+, force)  
  4.1140 +apply (auto simp add: DPow'_def DPow_def)
  4.1141 +apply (frule exists_bigger_env, assumption+, force)
  4.1142  done
  4.1143  
  4.1144  lemma DPow_eq_DPow': "Transset(A) ==> DPow(A) = DPow'(A)"
  4.1145 -apply (drule Transset_0_disj) 
  4.1146 -apply (erule disjE) 
  4.1147 - apply (simp add: DPow'_0 Finite_DPow_eq_Pow) 
  4.1148 +apply (drule Transset_0_disj)
  4.1149 +apply (erule disjE)
  4.1150 + apply (simp add: DPow'_0 Finite_DPow_eq_Pow)
  4.1151  apply (rule equalityI)
  4.1152 - apply (rule DPow_subset_DPow') 
  4.1153 -apply (erule DPow'_subset_DPow) 
  4.1154 + apply (rule DPow_subset_DPow')
  4.1155 +apply (erule DPow'_subset_DPow)
  4.1156  done
  4.1157  
  4.1158  text{*And thus we can relativize @{term Lset} without bothering with
  4.1159 @@ -1028,15 +1028,15 @@
  4.1160  apply (rule_tac a=i in eps_induct)
  4.1161  apply (subst Lset)
  4.1162  apply (subst transrec)
  4.1163 -apply (simp only: DPow_eq_DPow' [OF Transset_Lset], simp) 
  4.1164 +apply (simp only: DPow_eq_DPow' [OF Transset_Lset], simp)
  4.1165  done
  4.1166  
  4.1167  text{*With this rule we can specify @{term p} later and don't worry about
  4.1168        arities at all!*}
  4.1169  lemma DPow_LsetI [rule_format]:
  4.1170 -  "[|\<forall>x\<in>Lset(i). P(x) <-> sats(Lset(i), p, Cons(x,env));
  4.1171 +  "[|\<forall>x\<in>Lset(i). P(x) \<longleftrightarrow> sats(Lset(i), p, Cons(x,env));
  4.1172       env \<in> list(Lset(i));  p \<in> formula|]
  4.1173     ==> {x\<in>Lset(i). P(x)} \<in> DPow(Lset(i))"
  4.1174 -by (simp add: DPow_eq_DPow' [OF Transset_Lset] DPow'_def, blast) 
  4.1175 +by (simp add: DPow_eq_DPow' [OF Transset_Lset] DPow'_def, blast)
  4.1176  
  4.1177  end
     5.1 --- a/src/ZF/Constructible/Internalize.thy	Tue Mar 06 16:46:27 2012 +0000
     5.2 +++ b/src/ZF/Constructible/Internalize.thy	Tue Mar 06 17:01:37 2012 +0000
     5.3 @@ -19,13 +19,13 @@
     5.4  
     5.5  lemma sats_Inl_fm [simp]:
     5.6     "[| x \<in> nat; z \<in> nat; env \<in> list(A)|]
     5.7 -    ==> sats(A, Inl_fm(x,z), env) <-> is_Inl(##A, nth(x,env), nth(z,env))"
     5.8 +    ==> sats(A, Inl_fm(x,z), env) \<longleftrightarrow> is_Inl(##A, nth(x,env), nth(z,env))"
     5.9  by (simp add: Inl_fm_def is_Inl_def)
    5.10  
    5.11  lemma Inl_iff_sats:
    5.12        "[| nth(i,env) = x; nth(k,env) = z;
    5.13            i \<in> nat; k \<in> nat; env \<in> list(A)|]
    5.14 -       ==> is_Inl(##A, x, z) <-> sats(A, Inl_fm(i,k), env)"
    5.15 +       ==> is_Inl(##A, x, z) \<longleftrightarrow> sats(A, Inl_fm(i,k), env)"
    5.16  by simp
    5.17  
    5.18  theorem Inl_reflection:
    5.19 @@ -49,13 +49,13 @@
    5.20  
    5.21  lemma sats_Inr_fm [simp]:
    5.22     "[| x \<in> nat; z \<in> nat; env \<in> list(A)|]
    5.23 -    ==> sats(A, Inr_fm(x,z), env) <-> is_Inr(##A, nth(x,env), nth(z,env))"
    5.24 +    ==> sats(A, Inr_fm(x,z), env) \<longleftrightarrow> is_Inr(##A, nth(x,env), nth(z,env))"
    5.25  by (simp add: Inr_fm_def is_Inr_def)
    5.26  
    5.27  lemma Inr_iff_sats:
    5.28        "[| nth(i,env) = x; nth(k,env) = z;
    5.29            i \<in> nat; k \<in> nat; env \<in> list(A)|]
    5.30 -       ==> is_Inr(##A, x, z) <-> sats(A, Inr_fm(i,k), env)"
    5.31 +       ==> is_Inr(##A, x, z) \<longleftrightarrow> sats(A, Inr_fm(i,k), env)"
    5.32  by simp
    5.33  
    5.34  theorem Inr_reflection:
    5.35 @@ -79,12 +79,12 @@
    5.36  
    5.37  lemma sats_Nil_fm [simp]:
    5.38     "[| x \<in> nat; env \<in> list(A)|]
    5.39 -    ==> sats(A, Nil_fm(x), env) <-> is_Nil(##A, nth(x,env))"
    5.40 +    ==> sats(A, Nil_fm(x), env) \<longleftrightarrow> is_Nil(##A, nth(x,env))"
    5.41  by (simp add: Nil_fm_def is_Nil_def)
    5.42  
    5.43  lemma Nil_iff_sats:
    5.44        "[| nth(i,env) = x; i \<in> nat; env \<in> list(A)|]
    5.45 -       ==> is_Nil(##A, x) <-> sats(A, Nil_fm(i), env)"
    5.46 +       ==> is_Nil(##A, x) \<longleftrightarrow> sats(A, Nil_fm(i), env)"
    5.47  by simp
    5.48  
    5.49  theorem Nil_reflection:
    5.50 @@ -110,14 +110,14 @@
    5.51  
    5.52  lemma sats_Cons_fm [simp]:
    5.53     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
    5.54 -    ==> sats(A, Cons_fm(x,y,z), env) <->
    5.55 +    ==> sats(A, Cons_fm(x,y,z), env) \<longleftrightarrow>
    5.56         is_Cons(##A, nth(x,env), nth(y,env), nth(z,env))"
    5.57  by (simp add: Cons_fm_def is_Cons_def)
    5.58  
    5.59  lemma Cons_iff_sats:
    5.60        "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
    5.61            i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
    5.62 -       ==>is_Cons(##A, x, y, z) <-> sats(A, Cons_fm(i,j,k), env)"
    5.63 +       ==>is_Cons(##A, x, y, z) \<longleftrightarrow> sats(A, Cons_fm(i,j,k), env)"
    5.64  by simp
    5.65  
    5.66  theorem Cons_reflection:
    5.67 @@ -141,12 +141,12 @@
    5.68  
    5.69  lemma sats_quasilist_fm [simp]:
    5.70     "[| x \<in> nat; env \<in> list(A)|]
    5.71 -    ==> sats(A, quasilist_fm(x), env) <-> is_quasilist(##A, nth(x,env))"
    5.72 +    ==> sats(A, quasilist_fm(x), env) \<longleftrightarrow> is_quasilist(##A, nth(x,env))"
    5.73  by (simp add: quasilist_fm_def is_quasilist_def)
    5.74  
    5.75  lemma quasilist_iff_sats:
    5.76        "[| nth(i,env) = x; i \<in> nat; env \<in> list(A)|]
    5.77 -       ==> is_quasilist(##A, x) <-> sats(A, quasilist_fm(i), env)"
    5.78 +       ==> is_quasilist(##A, x) \<longleftrightarrow> sats(A, quasilist_fm(i), env)"
    5.79  by simp
    5.80  
    5.81  theorem quasilist_reflection:
    5.82 @@ -163,7 +163,7 @@
    5.83  subsubsection{*The Formula @{term is_hd}, Internalized*}
    5.84  
    5.85  (*   "is_hd(M,xs,H) == 
    5.86 -       (is_Nil(M,xs) --> empty(M,H)) &
    5.87 +       (is_Nil(M,xs) \<longrightarrow> empty(M,H)) &
    5.88         (\<forall>x[M]. \<forall>l[M]. ~ is_Cons(M,x,l,xs) | H=x) &
    5.89         (is_quasilist(M,xs) | empty(M,H))" *)
    5.90  definition
    5.91 @@ -179,13 +179,13 @@
    5.92  
    5.93  lemma sats_hd_fm [simp]:
    5.94     "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
    5.95 -    ==> sats(A, hd_fm(x,y), env) <-> is_hd(##A, nth(x,env), nth(y,env))"
    5.96 +    ==> sats(A, hd_fm(x,y), env) \<longleftrightarrow> is_hd(##A, nth(x,env), nth(y,env))"
    5.97  by (simp add: hd_fm_def is_hd_def)
    5.98  
    5.99  lemma hd_iff_sats:
   5.100        "[| nth(i,env) = x; nth(j,env) = y;
   5.101            i \<in> nat; j \<in> nat; env \<in> list(A)|]
   5.102 -       ==> is_hd(##A, x, y) <-> sats(A, hd_fm(i,j), env)"
   5.103 +       ==> is_hd(##A, x, y) \<longleftrightarrow> sats(A, hd_fm(i,j), env)"
   5.104  by simp
   5.105  
   5.106  theorem hd_reflection:
   5.107 @@ -200,7 +200,7 @@
   5.108  subsubsection{*The Formula @{term is_tl}, Internalized*}
   5.109  
   5.110  (*     "is_tl(M,xs,T) ==
   5.111 -       (is_Nil(M,xs) --> T=xs) &
   5.112 +       (is_Nil(M,xs) \<longrightarrow> T=xs) &
   5.113         (\<forall>x[M]. \<forall>l[M]. ~ is_Cons(M,x,l,xs) | T=l) &
   5.114         (is_quasilist(M,xs) | empty(M,T))" *)
   5.115  definition
   5.116 @@ -216,13 +216,13 @@
   5.117  
   5.118  lemma sats_tl_fm [simp]:
   5.119     "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   5.120 -    ==> sats(A, tl_fm(x,y), env) <-> is_tl(##A, nth(x,env), nth(y,env))"
   5.121 +    ==> sats(A, tl_fm(x,y), env) \<longleftrightarrow> is_tl(##A, nth(x,env), nth(y,env))"
   5.122  by (simp add: tl_fm_def is_tl_def)
   5.123  
   5.124  lemma tl_iff_sats:
   5.125        "[| nth(i,env) = x; nth(j,env) = y;
   5.126            i \<in> nat; j \<in> nat; env \<in> list(A)|]
   5.127 -       ==> is_tl(##A, x, y) <-> sats(A, tl_fm(i,j), env)"
   5.128 +       ==> is_tl(##A, x, y) \<longleftrightarrow> sats(A, tl_fm(i,j), env)"
   5.129  by simp
   5.130  
   5.131  theorem tl_reflection:
   5.132 @@ -251,16 +251,16 @@
   5.133  by (simp add: bool_of_o_fm_def)
   5.134  
   5.135  lemma sats_bool_of_o_fm:
   5.136 -  assumes p_iff_sats: "P <-> sats(A, p, env)"
   5.137 +  assumes p_iff_sats: "P \<longleftrightarrow> sats(A, p, env)"
   5.138    shows 
   5.139        "[|z \<in> nat; env \<in> list(A)|]
   5.140 -       ==> sats(A, bool_of_o_fm(p,z), env) <->
   5.141 +       ==> sats(A, bool_of_o_fm(p,z), env) \<longleftrightarrow>
   5.142             is_bool_of_o(##A, P, nth(z,env))"
   5.143  by (simp add: bool_of_o_fm_def is_bool_of_o_def p_iff_sats [THEN iff_sym])
   5.144  
   5.145  lemma is_bool_of_o_iff_sats:
   5.146 -  "[| P <-> sats(A, p, env); nth(k,env) = z; k \<in> nat; env \<in> list(A)|]
   5.147 -   ==> is_bool_of_o(##A, P, z) <-> sats(A, bool_of_o_fm(p,k), env)"
   5.148 +  "[| P \<longleftrightarrow> sats(A, p, env); nth(k,env) = z; k \<in> nat; env \<in> list(A)|]
   5.149 +   ==> is_bool_of_o(##A, P, z) \<longleftrightarrow> sats(A, bool_of_o_fm(p,k), env)"
   5.150  by (simp add: sats_bool_of_o_fm)
   5.151  
   5.152  theorem bool_of_o_reflection:
   5.153 @@ -281,7 +281,7 @@
   5.154  
   5.155  (* is_lambda :: "[i=>o, i, [i,i]=>o, i] => o"
   5.156      "is_lambda(M, A, is_b, z) == 
   5.157 -       \<forall>p[M]. p \<in> z <->
   5.158 +       \<forall>p[M]. p \<in> z \<longleftrightarrow>
   5.159          (\<exists>u[M]. \<exists>v[M]. u\<in>A & pair(M,u,v,p) & is_b(u,v))" *)
   5.160  definition
   5.161    lambda_fm :: "[i, i, i]=>i" where
   5.162 @@ -302,10 +302,10 @@
   5.163    assumes is_b_iff_sats: 
   5.164        "!!a0 a1 a2. 
   5.165          [|a0\<in>A; a1\<in>A; a2\<in>A|] 
   5.166 -        ==> is_b(a1, a0) <-> sats(A, p, Cons(a0,Cons(a1,Cons(a2,env))))"
   5.167 +        ==> is_b(a1, a0) \<longleftrightarrow> sats(A, p, Cons(a0,Cons(a1,Cons(a2,env))))"
   5.168    shows 
   5.169        "[|x \<in> nat; y \<in> nat; env \<in> list(A)|]
   5.170 -       ==> sats(A, lambda_fm(p,x,y), env) <-> 
   5.171 +       ==> sats(A, lambda_fm(p,x,y), env) \<longleftrightarrow> 
   5.172             is_lambda(##A, nth(x,env), is_b, nth(y,env))"
   5.173  by (simp add: lambda_fm_def is_lambda_def is_b_iff_sats [THEN iff_sym]) 
   5.174  
   5.175 @@ -335,14 +335,14 @@
   5.176  
   5.177  lemma sats_Member_fm [simp]:
   5.178     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   5.179 -    ==> sats(A, Member_fm(x,y,z), env) <->
   5.180 +    ==> sats(A, Member_fm(x,y,z), env) \<longleftrightarrow>
   5.181          is_Member(##A, nth(x,env), nth(y,env), nth(z,env))"
   5.182  by (simp add: Member_fm_def is_Member_def)
   5.183  
   5.184  lemma Member_iff_sats:
   5.185        "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   5.186            i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   5.187 -       ==> is_Member(##A, x, y, z) <-> sats(A, Member_fm(i,j,k), env)"
   5.188 +       ==> is_Member(##A, x, y, z) \<longleftrightarrow> sats(A, Member_fm(i,j,k), env)"
   5.189  by (simp add: sats_Member_fm)
   5.190  
   5.191  theorem Member_reflection:
   5.192 @@ -368,14 +368,14 @@
   5.193  
   5.194  lemma sats_Equal_fm [simp]:
   5.195     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   5.196 -    ==> sats(A, Equal_fm(x,y,z), env) <->
   5.197 +    ==> sats(A, Equal_fm(x,y,z), env) \<longleftrightarrow>
   5.198          is_Equal(##A, nth(x,env), nth(y,env), nth(z,env))"
   5.199  by (simp add: Equal_fm_def is_Equal_def)
   5.200  
   5.201  lemma Equal_iff_sats:
   5.202        "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   5.203            i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   5.204 -       ==> is_Equal(##A, x, y, z) <-> sats(A, Equal_fm(i,j,k), env)"
   5.205 +       ==> is_Equal(##A, x, y, z) \<longleftrightarrow> sats(A, Equal_fm(i,j,k), env)"
   5.206  by (simp add: sats_Equal_fm)
   5.207  
   5.208  theorem Equal_reflection:
   5.209 @@ -401,14 +401,14 @@
   5.210  
   5.211  lemma sats_Nand_fm [simp]:
   5.212     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   5.213 -    ==> sats(A, Nand_fm(x,y,z), env) <->
   5.214 +    ==> sats(A, Nand_fm(x,y,z), env) \<longleftrightarrow>
   5.215          is_Nand(##A, nth(x,env), nth(y,env), nth(z,env))"
   5.216  by (simp add: Nand_fm_def is_Nand_def)
   5.217  
   5.218  lemma Nand_iff_sats:
   5.219        "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   5.220            i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   5.221 -       ==> is_Nand(##A, x, y, z) <-> sats(A, Nand_fm(i,j,k), env)"
   5.222 +       ==> is_Nand(##A, x, y, z) \<longleftrightarrow> sats(A, Nand_fm(i,j,k), env)"
   5.223  by (simp add: sats_Nand_fm)
   5.224  
   5.225  theorem Nand_reflection:
   5.226 @@ -432,14 +432,14 @@
   5.227  
   5.228  lemma sats_Forall_fm [simp]:
   5.229     "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   5.230 -    ==> sats(A, Forall_fm(x,y), env) <->
   5.231 +    ==> sats(A, Forall_fm(x,y), env) \<longleftrightarrow>
   5.232          is_Forall(##A, nth(x,env), nth(y,env))"
   5.233  by (simp add: Forall_fm_def is_Forall_def)
   5.234  
   5.235  lemma Forall_iff_sats:
   5.236        "[| nth(i,env) = x; nth(j,env) = y; 
   5.237            i \<in> nat; j \<in> nat; env \<in> list(A)|]
   5.238 -       ==> is_Forall(##A, x, y) <-> sats(A, Forall_fm(i,j), env)"
   5.239 +       ==> is_Forall(##A, x, y) \<longleftrightarrow> sats(A, Forall_fm(i,j), env)"
   5.240  by (simp add: sats_Forall_fm)
   5.241  
   5.242  theorem Forall_reflection:
   5.243 @@ -466,14 +466,14 @@
   5.244  
   5.245  lemma sats_and_fm [simp]:
   5.246     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   5.247 -    ==> sats(A, and_fm(x,y,z), env) <->
   5.248 +    ==> sats(A, and_fm(x,y,z), env) \<longleftrightarrow>
   5.249          is_and(##A, nth(x,env), nth(y,env), nth(z,env))"
   5.250  by (simp add: and_fm_def is_and_def)
   5.251  
   5.252  lemma is_and_iff_sats:
   5.253        "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   5.254            i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   5.255 -       ==> is_and(##A, x, y, z) <-> sats(A, and_fm(i,j,k), env)"
   5.256 +       ==> is_and(##A, x, y, z) \<longleftrightarrow> sats(A, and_fm(i,j,k), env)"
   5.257  by simp
   5.258  
   5.259  theorem is_and_reflection:
   5.260 @@ -501,14 +501,14 @@
   5.261  
   5.262  lemma sats_or_fm [simp]:
   5.263     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   5.264 -    ==> sats(A, or_fm(x,y,z), env) <->
   5.265 +    ==> sats(A, or_fm(x,y,z), env) \<longleftrightarrow>
   5.266          is_or(##A, nth(x,env), nth(y,env), nth(z,env))"
   5.267  by (simp add: or_fm_def is_or_def)
   5.268  
   5.269  lemma is_or_iff_sats:
   5.270        "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   5.271            i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   5.272 -       ==> is_or(##A, x, y, z) <-> sats(A, or_fm(i,j,k), env)"
   5.273 +       ==> is_or(##A, x, y, z) \<longleftrightarrow> sats(A, or_fm(i,j,k), env)"
   5.274  by simp
   5.275  
   5.276  theorem is_or_reflection:
   5.277 @@ -536,13 +536,13 @@
   5.278  
   5.279  lemma sats_is_not_fm [simp]:
   5.280     "[| x \<in> nat; z \<in> nat; env \<in> list(A)|]
   5.281 -    ==> sats(A, not_fm(x,z), env) <-> is_not(##A, nth(x,env), nth(z,env))"
   5.282 +    ==> sats(A, not_fm(x,z), env) \<longleftrightarrow> is_not(##A, nth(x,env), nth(z,env))"
   5.283  by (simp add: not_fm_def is_not_def)
   5.284  
   5.285  lemma is_not_iff_sats:
   5.286        "[| nth(i,env) = x; nth(k,env) = z;
   5.287            i \<in> nat; k \<in> nat; env \<in> list(A)|]
   5.288 -       ==> is_not(##A, x, z) <-> sats(A, not_fm(i,k), env)"
   5.289 +       ==> is_not(##A, x, z) \<longleftrightarrow> sats(A, not_fm(i,k), env)"
   5.290  by simp
   5.291  
   5.292  theorem is_not_reflection:
   5.293 @@ -565,8 +565,8 @@
   5.294  
   5.295  text{*Alternative definition, minimizing nesting of quantifiers around MH*}
   5.296  lemma M_is_recfun_iff:
   5.297 -   "M_is_recfun(M,MH,r,a,f) <->
   5.298 -    (\<forall>z[M]. z \<in> f <-> 
   5.299 +   "M_is_recfun(M,MH,r,a,f) \<longleftrightarrow>
   5.300 +    (\<forall>z[M]. z \<in> f \<longleftrightarrow> 
   5.301       (\<exists>x[M]. \<exists>f_r_sx[M]. \<exists>y[M]. 
   5.302               MH(x, f_r_sx, y) & pair(M,x,y,z) &
   5.303               (\<exists>xa[M]. \<exists>sx[M]. \<exists>r_sx[M]. 
   5.304 @@ -580,7 +580,7 @@
   5.305  
   5.306  (* M_is_recfun :: "[i=>o, [i,i,i]=>o, i, i, i] => o"
   5.307     "M_is_recfun(M,MH,r,a,f) ==
   5.308 -     \<forall>z[M]. z \<in> f <->
   5.309 +     \<forall>z[M]. z \<in> f \<longleftrightarrow>
   5.310                 2      1           0
   5.311  new def     (\<exists>x[M]. \<exists>f_r_sx[M]. \<exists>y[M]. 
   5.312               MH(x, f_r_sx, y) & pair(M,x,y,z) &
   5.313 @@ -614,10 +614,10 @@
   5.314    assumes MH_iff_sats: 
   5.315        "!!a0 a1 a2 a3. 
   5.316          [|a0\<in>A; a1\<in>A; a2\<in>A; a3\<in>A|] 
   5.317 -        ==> MH(a2, a1, a0) <-> sats(A, p, Cons(a0,Cons(a1,Cons(a2,Cons(a3,env)))))"
   5.318 +        ==> MH(a2, a1, a0) \<longleftrightarrow> sats(A, p, Cons(a0,Cons(a1,Cons(a2,Cons(a3,env)))))"
   5.319    shows 
   5.320        "[|x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   5.321 -       ==> sats(A, is_recfun_fm(p,x,y,z), env) <->
   5.322 +       ==> sats(A, is_recfun_fm(p,x,y,z), env) \<longleftrightarrow>
   5.323             M_is_recfun(##A, MH, nth(x,env), nth(y,env), nth(z,env))"
   5.324  by (simp add: is_recfun_fm_def M_is_recfun_iff MH_iff_sats [THEN iff_sym])
   5.325  
   5.326 @@ -625,11 +625,11 @@
   5.327    assumes MH_iff_sats: 
   5.328        "!!a0 a1 a2 a3. 
   5.329          [|a0\<in>A; a1\<in>A; a2\<in>A; a3\<in>A|] 
   5.330 -        ==> MH(a2, a1, a0) <-> sats(A, p, Cons(a0,Cons(a1,Cons(a2,Cons(a3,env)))))"
   5.331 +        ==> MH(a2, a1, a0) \<longleftrightarrow> sats(A, p, Cons(a0,Cons(a1,Cons(a2,Cons(a3,env)))))"
   5.332    shows
   5.333    "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
   5.334        i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   5.335 -   ==> M_is_recfun(##A, MH, x, y, z) <-> sats(A, is_recfun_fm(p,i,j,k), env)"
   5.336 +   ==> M_is_recfun(##A, MH, x, y, z) \<longleftrightarrow> sats(A, is_recfun_fm(p,i,j,k), env)"
   5.337  by (simp add: sats_is_recfun_fm [OF MH_iff_sats]) 
   5.338  
   5.339  text{*The additional variable in the premise, namely @{term f'}, is essential.
   5.340 @@ -676,10 +676,10 @@
   5.341    assumes MH_iff_sats: 
   5.342        "!!a0 a1 a2 a3 a4. 
   5.343          [|a0\<in>A; a1\<in>A; a2\<in>A; a3\<in>A; a4\<in>A|] 
   5.344 -        ==> MH(a2, a1, a0) <-> sats(A, p, Cons(a0,Cons(a1,Cons(a2,Cons(a3,Cons(a4,env))))))"
   5.345 +        ==> MH(a2, a1, a0) \<longleftrightarrow> sats(A, p, Cons(a0,Cons(a1,Cons(a2,Cons(a3,Cons(a4,env))))))"
   5.346    shows 
   5.347        "[|x \<in> nat; y < length(env); z < length(env); env \<in> list(A)|]
   5.348 -       ==> sats(A, is_wfrec_fm(p,x,y,z), env) <-> 
   5.349 +       ==> sats(A, is_wfrec_fm(p,x,y,z), env) \<longleftrightarrow> 
   5.350             is_wfrec(##A, MH, nth(x,env), nth(y,env), nth(z,env))"
   5.351  apply (frule_tac x=z in lt_length_in_nat, assumption)  
   5.352  apply (frule lt_length_in_nat, assumption)  
   5.353 @@ -691,11 +691,11 @@
   5.354    assumes MH_iff_sats: 
   5.355        "!!a0 a1 a2 a3 a4. 
   5.356          [|a0\<in>A; a1\<in>A; a2\<in>A; a3\<in>A; a4\<in>A|] 
   5.357 -        ==> MH(a2, a1, a0) <-> sats(A, p, Cons(a0,Cons(a1,Cons(a2,Cons(a3,Cons(a4,env))))))"
   5.358 +        ==> MH(a2, a1, a0) \<longleftrightarrow> sats(A, p, Cons(a0,Cons(a1,Cons(a2,Cons(a3,Cons(a4,env))))))"
   5.359    shows
   5.360    "[|nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
   5.361        i \<in> nat; j < length(env); k < length(env); env \<in> list(A)|]
   5.362 -   ==> is_wfrec(##A, MH, x, y, z) <-> sats(A, is_wfrec_fm(p,i,j,k), env)" 
   5.363 +   ==> is_wfrec(##A, MH, x, y, z) \<longleftrightarrow> sats(A, is_wfrec_fm(p,i,j,k), env)" 
   5.364  by (simp add: sats_is_wfrec_fm [OF MH_iff_sats])
   5.365  
   5.366  theorem is_wfrec_reflection:
   5.367 @@ -716,7 +716,7 @@
   5.368  definition
   5.369    cartprod_fm :: "[i,i,i]=>i" where
   5.370  (* "cartprod(M,A,B,z) ==
   5.371 -        \<forall>u[M]. u \<in> z <-> (\<exists>x[M]. x\<in>A & (\<exists>y[M]. y\<in>B & pair(M,x,y,u)))" *)
   5.372 +        \<forall>u[M]. u \<in> z \<longleftrightarrow> (\<exists>x[M]. x\<in>A & (\<exists>y[M]. y\<in>B & pair(M,x,y,u)))" *)
   5.373      "cartprod_fm(A,B,z) ==
   5.374         Forall(Iff(Member(0,succ(z)),
   5.375                    Exists(And(Member(0,succ(succ(A))),
   5.376 @@ -729,14 +729,14 @@
   5.377  
   5.378  lemma sats_cartprod_fm [simp]:
   5.379     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   5.380 -    ==> sats(A, cartprod_fm(x,y,z), env) <->
   5.381 +    ==> sats(A, cartprod_fm(x,y,z), env) \<longleftrightarrow>
   5.382          cartprod(##A, nth(x,env), nth(y,env), nth(z,env))"
   5.383  by (simp add: cartprod_fm_def cartprod_def)
   5.384  
   5.385  lemma cartprod_iff_sats:
   5.386        "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   5.387            i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   5.388 -       ==> cartprod(##A, x, y, z) <-> sats(A, cartprod_fm(i,j,k), env)"
   5.389 +       ==> cartprod(##A, x, y, z) \<longleftrightarrow> sats(A, cartprod_fm(i,j,k), env)"
   5.390  by (simp add: sats_cartprod_fm)
   5.391  
   5.392  theorem cartprod_reflection:
   5.393 @@ -769,14 +769,14 @@
   5.394  
   5.395  lemma sats_sum_fm [simp]:
   5.396     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   5.397 -    ==> sats(A, sum_fm(x,y,z), env) <->
   5.398 +    ==> sats(A, sum_fm(x,y,z), env) \<longleftrightarrow>
   5.399          is_sum(##A, nth(x,env), nth(y,env), nth(z,env))"
   5.400  by (simp add: sum_fm_def is_sum_def)
   5.401  
   5.402  lemma sum_iff_sats:
   5.403        "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   5.404            i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   5.405 -       ==> is_sum(##A, x, y, z) <-> sats(A, sum_fm(i,j,k), env)"
   5.406 +       ==> is_sum(##A, x, y, z) \<longleftrightarrow> sats(A, sum_fm(i,j,k), env)"
   5.407  by simp
   5.408  
   5.409  theorem sum_reflection:
   5.410 @@ -800,13 +800,13 @@
   5.411  
   5.412  lemma sats_quasinat_fm [simp]:
   5.413     "[| x \<in> nat; env \<in> list(A)|]
   5.414 -    ==> sats(A, quasinat_fm(x), env) <-> is_quasinat(##A, nth(x,env))"
   5.415 +    ==> sats(A, quasinat_fm(x), env) \<longleftrightarrow> is_quasinat(##A, nth(x,env))"
   5.416  by (simp add: quasinat_fm_def is_quasinat_def)
   5.417  
   5.418  lemma quasinat_iff_sats:
   5.419        "[| nth(i,env) = x; nth(j,env) = y;
   5.420            i \<in> nat; env \<in> list(A)|]
   5.421 -       ==> is_quasinat(##A, x) <-> sats(A, quasinat_fm(i), env)"
   5.422 +       ==> is_quasinat(##A, x) \<longleftrightarrow> sats(A, quasinat_fm(i), env)"
   5.423  by simp
   5.424  
   5.425  theorem quasinat_reflection:
   5.426 @@ -824,8 +824,8 @@
   5.427  
   5.428  (* is_nat_case :: "[i=>o, i, [i,i]=>o, i, i] => o"
   5.429      "is_nat_case(M, a, is_b, k, z) ==
   5.430 -       (empty(M,k) --> z=a) &
   5.431 -       (\<forall>m[M]. successor(M,m,k) --> is_b(m,z)) &
   5.432 +       (empty(M,k) \<longrightarrow> z=a) &
   5.433 +       (\<forall>m[M]. successor(M,m,k) \<longrightarrow> is_b(m,z)) &
   5.434         (is_quasinat(M,k) | empty(M,z))" *)
   5.435  text{*The formula @{term is_b} has free variables 1 and 0.*}
   5.436  definition
   5.437 @@ -844,22 +844,22 @@
   5.438  
   5.439  lemma sats_is_nat_case_fm:
   5.440    assumes is_b_iff_sats: 
   5.441 -      "!!a. a \<in> A ==> is_b(a,nth(z, env)) <-> 
   5.442 +      "!!a. a \<in> A ==> is_b(a,nth(z, env)) \<longleftrightarrow> 
   5.443                        sats(A, p, Cons(nth(z,env), Cons(a, env)))"
   5.444    shows 
   5.445        "[|x \<in> nat; y \<in> nat; z < length(env); env \<in> list(A)|]
   5.446 -       ==> sats(A, is_nat_case_fm(x,p,y,z), env) <->
   5.447 +       ==> sats(A, is_nat_case_fm(x,p,y,z), env) \<longleftrightarrow>
   5.448             is_nat_case(##A, nth(x,env), is_b, nth(y,env), nth(z,env))"
   5.449  apply (frule lt_length_in_nat, assumption)
   5.450  apply (simp add: is_nat_case_fm_def is_nat_case_def is_b_iff_sats [THEN iff_sym])
   5.451  done
   5.452  
   5.453  lemma is_nat_case_iff_sats:
   5.454 -  "[| (!!a. a \<in> A ==> is_b(a,z) <->
   5.455 +  "[| (!!a. a \<in> A ==> is_b(a,z) \<longleftrightarrow>
   5.456                        sats(A, p, Cons(z, Cons(a,env))));
   5.457        nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
   5.458        i \<in> nat; j \<in> nat; k < length(env); env \<in> list(A)|]
   5.459 -   ==> is_nat_case(##A, x, is_b, y, z) <-> sats(A, is_nat_case_fm(i,p,j,k), env)"
   5.460 +   ==> is_nat_case(##A, x, is_b, y, z) \<longleftrightarrow> sats(A, is_nat_case_fm(i,p,j,k), env)"
   5.461  by (simp add: sats_is_nat_case_fm [of A is_b])
   5.462  
   5.463  
   5.464 @@ -901,11 +901,11 @@
   5.465  lemma sats_iterates_MH_fm:
   5.466    assumes is_F_iff_sats:
   5.467        "!!a b c d. [| a \<in> A; b \<in> A; c \<in> A; d \<in> A|]
   5.468 -              ==> is_F(a,b) <->
   5.469 +              ==> is_F(a,b) \<longleftrightarrow>
   5.470                    sats(A, p, Cons(b, Cons(a, Cons(c, Cons(d,env)))))"
   5.471    shows 
   5.472        "[|v \<in> nat; x \<in> nat; y \<in> nat; z < length(env); env \<in> list(A)|]
   5.473 -       ==> sats(A, iterates_MH_fm(p,v,x,y,z), env) <->
   5.474 +       ==> sats(A, iterates_MH_fm(p,v,x,y,z), env) \<longleftrightarrow>
   5.475             iterates_MH(##A, is_F, nth(v,env), nth(x,env), nth(y,env), nth(z,env))"
   5.476  apply (frule lt_length_in_nat, assumption)  
   5.477  apply (simp add: iterates_MH_fm_def iterates_MH_def sats_is_nat_case_fm 
   5.478 @@ -917,12 +917,12 @@
   5.479  lemma iterates_MH_iff_sats:
   5.480    assumes is_F_iff_sats:
   5.481        "!!a b c d. [| a \<in> A; b \<in> A; c \<in> A; d \<in> A|]
   5.482 -              ==> is_F(a,b) <->
   5.483 +              ==> is_F(a,b) \<longleftrightarrow>
   5.484                    sats(A, p, Cons(b, Cons(a, Cons(c, Cons(d,env)))))"
   5.485    shows 
   5.486    "[| nth(i',env) = v; nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
   5.487        i' \<in> nat; i \<in> nat; j \<in> nat; k < length(env); env \<in> list(A)|]
   5.488 -   ==> iterates_MH(##A, is_F, v, x, y, z) <->
   5.489 +   ==> iterates_MH(##A, is_F, v, x, y, z) \<longleftrightarrow>
   5.490         sats(A, iterates_MH_fm(p,i',i,j,k), env)"
   5.491  by (simp add: sats_iterates_MH_fm [OF is_F_iff_sats]) 
   5.492  
   5.493 @@ -973,12 +973,12 @@
   5.494        "!!a b c d e f g h i j k. 
   5.495                [| a \<in> A; b \<in> A; c \<in> A; d \<in> A; e \<in> A; f \<in> A; 
   5.496                   g \<in> A; h \<in> A; i \<in> A; j \<in> A; k \<in> A|]
   5.497 -              ==> is_F(a,b) <->
   5.498 +              ==> is_F(a,b) \<longleftrightarrow>
   5.499                    sats(A, p, Cons(b, Cons(a, Cons(c, Cons(d, Cons(e, Cons(f, 
   5.500                        Cons(g, Cons(h, Cons(i, Cons(j, Cons(k, env))))))))))))"
   5.501    shows 
   5.502        "[|x \<in> nat; y < length(env); z < length(env); env \<in> list(A)|]
   5.503 -       ==> sats(A, is_iterates_fm(p,x,y,z), env) <->
   5.504 +       ==> sats(A, is_iterates_fm(p,x,y,z), env) \<longleftrightarrow>
   5.505             is_iterates(##A, is_F, nth(x,env), nth(y,env), nth(z,env))"
   5.506  apply (frule_tac x=z in lt_length_in_nat, assumption)  
   5.507  apply (frule lt_length_in_nat, assumption)  
   5.508 @@ -992,13 +992,13 @@
   5.509        "!!a b c d e f g h i j k. 
   5.510                [| a \<in> A; b \<in> A; c \<in> A; d \<in> A; e \<in> A; f \<in> A; 
   5.511                   g \<in> A; h \<in> A; i \<in> A; j \<in> A; k \<in> A|]
   5.512 -              ==> is_F(a,b) <->
   5.513 +              ==> is_F(a,b) \<longleftrightarrow>
   5.514                    sats(A, p, Cons(b, Cons(a, Cons(c, Cons(d, Cons(e, Cons(f, 
   5.515                        Cons(g, Cons(h, Cons(i, Cons(j, Cons(k, env))))))))))))"
   5.516    shows 
   5.517    "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z; 
   5.518        i \<in> nat; j < length(env); k < length(env); env \<in> list(A)|]
   5.519 -   ==> is_iterates(##A, is_F, x, y, z) <->
   5.520 +   ==> is_iterates(##A, is_F, x, y, z) \<longleftrightarrow>
   5.521         sats(A, is_iterates_fm(p,i,j,k), env)"
   5.522  by (simp add: sats_is_iterates_fm [OF is_F_iff_sats]) 
   5.523  
   5.524 @@ -1031,7 +1031,7 @@
   5.525  
   5.526  lemma sats_eclose_n_fm [simp]:
   5.527     "[| x \<in> nat; y < length(env); z < length(env); env \<in> list(A)|]
   5.528 -    ==> sats(A, eclose_n_fm(x,y,z), env) <->
   5.529 +    ==> sats(A, eclose_n_fm(x,y,z), env) \<longleftrightarrow>
   5.530          is_eclose_n(##A, nth(x,env), nth(y,env), nth(z,env))"
   5.531  apply (frule_tac x=z in lt_length_in_nat, assumption)  
   5.532  apply (frule_tac x=y in lt_length_in_nat, assumption)  
   5.533 @@ -1042,7 +1042,7 @@
   5.534  lemma eclose_n_iff_sats:
   5.535        "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   5.536            i \<in> nat; j < length(env); k < length(env); env \<in> list(A)|]
   5.537 -       ==> is_eclose_n(##A, x, y, z) <-> sats(A, eclose_n_fm(i,j,k), env)"
   5.538 +       ==> is_eclose_n(##A, x, y, z) \<longleftrightarrow> sats(A, eclose_n_fm(i,j,k), env)"
   5.539  by (simp add: sats_eclose_n_fm)
   5.540  
   5.541  theorem eclose_n_reflection:
   5.542 @@ -1071,13 +1071,13 @@
   5.543  
   5.544  lemma sats_mem_eclose_fm [simp]:
   5.545     "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   5.546 -    ==> sats(A, mem_eclose_fm(x,y), env) <-> mem_eclose(##A, nth(x,env), nth(y,env))"
   5.547 +    ==> sats(A, mem_eclose_fm(x,y), env) \<longleftrightarrow> mem_eclose(##A, nth(x,env), nth(y,env))"
   5.548  by (simp add: mem_eclose_fm_def mem_eclose_def)
   5.549  
   5.550  lemma mem_eclose_iff_sats:
   5.551        "[| nth(i,env) = x; nth(j,env) = y;
   5.552            i \<in> nat; j \<in> nat; env \<in> list(A)|]
   5.553 -       ==> mem_eclose(##A, x, y) <-> sats(A, mem_eclose_fm(i,j), env)"
   5.554 +       ==> mem_eclose(##A, x, y) \<longleftrightarrow> sats(A, mem_eclose_fm(i,j), env)"
   5.555  by simp
   5.556  
   5.557  theorem mem_eclose_reflection:
   5.558 @@ -1090,7 +1090,7 @@
   5.559  
   5.560  subsubsection{*The Predicate ``Is @{term "eclose(A)"}''*}
   5.561  
   5.562 -(* is_eclose(M,A,Z) == \<forall>l[M]. l \<in> Z <-> mem_eclose(M,A,l) *)
   5.563 +(* is_eclose(M,A,Z) == \<forall>l[M]. l \<in> Z \<longleftrightarrow> mem_eclose(M,A,l) *)
   5.564  definition
   5.565    is_eclose_fm :: "[i,i]=>i" where
   5.566      "is_eclose_fm(A,Z) ==
   5.567 @@ -1102,13 +1102,13 @@
   5.568  
   5.569  lemma sats_is_eclose_fm [simp]:
   5.570     "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   5.571 -    ==> sats(A, is_eclose_fm(x,y), env) <-> is_eclose(##A, nth(x,env), nth(y,env))"
   5.572 +    ==> sats(A, is_eclose_fm(x,y), env) \<longleftrightarrow> is_eclose(##A, nth(x,env), nth(y,env))"
   5.573  by (simp add: is_eclose_fm_def is_eclose_def)
   5.574  
   5.575  lemma is_eclose_iff_sats:
   5.576        "[| nth(i,env) = x; nth(j,env) = y;
   5.577            i \<in> nat; j \<in> nat; env \<in> list(A)|]
   5.578 -       ==> is_eclose(##A, x, y) <-> sats(A, is_eclose_fm(i,j), env)"
   5.579 +       ==> is_eclose(##A, x, y) \<longleftrightarrow> sats(A, is_eclose_fm(i,j), env)"
   5.580  by simp
   5.581  
   5.582  theorem is_eclose_reflection:
   5.583 @@ -1137,14 +1137,14 @@
   5.584  
   5.585  lemma sats_list_functor_fm [simp]:
   5.586     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   5.587 -    ==> sats(A, list_functor_fm(x,y,z), env) <->
   5.588 +    ==> sats(A, list_functor_fm(x,y,z), env) \<longleftrightarrow>
   5.589          is_list_functor(##A, nth(x,env), nth(y,env), nth(z,env))"
   5.590  by (simp add: list_functor_fm_def is_list_functor_def)
   5.591  
   5.592  lemma list_functor_iff_sats:
   5.593    "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   5.594        i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   5.595 -   ==> is_list_functor(##A, x, y, z) <-> sats(A, list_functor_fm(i,j,k), env)"
   5.596 +   ==> is_list_functor(##A, x, y, z) \<longleftrightarrow> sats(A, list_functor_fm(i,j,k), env)"
   5.597  by simp
   5.598  
   5.599  theorem list_functor_reflection:
   5.600 @@ -1175,7 +1175,7 @@
   5.601  
   5.602  lemma sats_list_N_fm [simp]:
   5.603     "[| x \<in> nat; y < length(env); z < length(env); env \<in> list(A)|]
   5.604 -    ==> sats(A, list_N_fm(x,y,z), env) <->
   5.605 +    ==> sats(A, list_N_fm(x,y,z), env) \<longleftrightarrow>
   5.606          is_list_N(##A, nth(x,env), nth(y,env), nth(z,env))"
   5.607  apply (frule_tac x=z in lt_length_in_nat, assumption)  
   5.608  apply (frule_tac x=y in lt_length_in_nat, assumption)  
   5.609 @@ -1185,7 +1185,7 @@
   5.610  lemma list_N_iff_sats:
   5.611        "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   5.612            i \<in> nat; j < length(env); k < length(env); env \<in> list(A)|]
   5.613 -       ==> is_list_N(##A, x, y, z) <-> sats(A, list_N_fm(i,j,k), env)"
   5.614 +       ==> is_list_N(##A, x, y, z) \<longleftrightarrow> sats(A, list_N_fm(i,j,k), env)"
   5.615  by (simp add: sats_list_N_fm)
   5.616  
   5.617  theorem list_N_reflection:
   5.618 @@ -1216,13 +1216,13 @@
   5.619  
   5.620  lemma sats_mem_list_fm [simp]:
   5.621     "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   5.622 -    ==> sats(A, mem_list_fm(x,y), env) <-> mem_list(##A, nth(x,env), nth(y,env))"
   5.623 +    ==> sats(A, mem_list_fm(x,y), env) \<longleftrightarrow> mem_list(##A, nth(x,env), nth(y,env))"
   5.624  by (simp add: mem_list_fm_def mem_list_def)
   5.625  
   5.626  lemma mem_list_iff_sats:
   5.627        "[| nth(i,env) = x; nth(j,env) = y;
   5.628            i \<in> nat; j \<in> nat; env \<in> list(A)|]
   5.629 -       ==> mem_list(##A, x, y) <-> sats(A, mem_list_fm(i,j), env)"
   5.630 +       ==> mem_list(##A, x, y) \<longleftrightarrow> sats(A, mem_list_fm(i,j), env)"
   5.631  by simp
   5.632  
   5.633  theorem mem_list_reflection:
   5.634 @@ -1235,7 +1235,7 @@
   5.635  
   5.636  subsubsection{*The Predicate ``Is @{term "list(A)"}''*}
   5.637  
   5.638 -(* is_list(M,A,Z) == \<forall>l[M]. l \<in> Z <-> mem_list(M,A,l) *)
   5.639 +(* is_list(M,A,Z) == \<forall>l[M]. l \<in> Z \<longleftrightarrow> mem_list(M,A,l) *)
   5.640  definition
   5.641    is_list_fm :: "[i,i]=>i" where
   5.642      "is_list_fm(A,Z) ==
   5.643 @@ -1247,13 +1247,13 @@
   5.644  
   5.645  lemma sats_is_list_fm [simp]:
   5.646     "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   5.647 -    ==> sats(A, is_list_fm(x,y), env) <-> is_list(##A, nth(x,env), nth(y,env))"
   5.648 +    ==> sats(A, is_list_fm(x,y), env) \<longleftrightarrow> is_list(##A, nth(x,env), nth(y,env))"
   5.649  by (simp add: is_list_fm_def is_list_def)
   5.650  
   5.651  lemma is_list_iff_sats:
   5.652        "[| nth(i,env) = x; nth(j,env) = y;
   5.653            i \<in> nat; j \<in> nat; env \<in> list(A)|]
   5.654 -       ==> is_list(##A, x, y) <-> sats(A, is_list_fm(i,j), env)"
   5.655 +       ==> is_list(##A, x, y) \<longleftrightarrow> sats(A, is_list_fm(i,j), env)"
   5.656  by simp
   5.657  
   5.658  theorem is_list_reflection:
   5.659 @@ -1288,14 +1288,14 @@
   5.660  
   5.661  lemma sats_formula_functor_fm [simp]:
   5.662     "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   5.663 -    ==> sats(A, formula_functor_fm(x,y), env) <->
   5.664 +    ==> sats(A, formula_functor_fm(x,y), env) \<longleftrightarrow>
   5.665          is_formula_functor(##A, nth(x,env), nth(y,env))"
   5.666  by (simp add: formula_functor_fm_def is_formula_functor_def)
   5.667  
   5.668  lemma formula_functor_iff_sats:
   5.669    "[| nth(i,env) = x; nth(j,env) = y;
   5.670        i \<in> nat; j \<in> nat; env \<in> list(A)|]
   5.671 -   ==> is_formula_functor(##A, x, y) <-> sats(A, formula_functor_fm(i,j), env)"
   5.672 +   ==> is_formula_functor(##A, x, y) \<longleftrightarrow> sats(A, formula_functor_fm(i,j), env)"
   5.673  by simp
   5.674  
   5.675  theorem formula_functor_reflection:
   5.676 @@ -1325,7 +1325,7 @@
   5.677  
   5.678  lemma sats_formula_N_fm [simp]:
   5.679     "[| x < length(env); y < length(env); env \<in> list(A)|]
   5.680 -    ==> sats(A, formula_N_fm(x,y), env) <->
   5.681 +    ==> sats(A, formula_N_fm(x,y), env) \<longleftrightarrow>
   5.682          is_formula_N(##A, nth(x,env), nth(y,env))"
   5.683  apply (frule_tac x=y in lt_length_in_nat, assumption)  
   5.684  apply (frule lt_length_in_nat, assumption)  
   5.685 @@ -1335,7 +1335,7 @@
   5.686  lemma formula_N_iff_sats:
   5.687        "[| nth(i,env) = x; nth(j,env) = y; 
   5.688            i < length(env); j < length(env); env \<in> list(A)|]
   5.689 -       ==> is_formula_N(##A, x, y) <-> sats(A, formula_N_fm(i,j), env)"
   5.690 +       ==> is_formula_N(##A, x, y) \<longleftrightarrow> sats(A, formula_N_fm(i,j), env)"
   5.691  by (simp add: sats_formula_N_fm)
   5.692  
   5.693  theorem formula_N_reflection:
   5.694 @@ -1366,12 +1366,12 @@
   5.695  
   5.696  lemma sats_mem_formula_fm [simp]:
   5.697     "[| x \<in> nat; env \<in> list(A)|]
   5.698 -    ==> sats(A, mem_formula_fm(x), env) <-> mem_formula(##A, nth(x,env))"
   5.699 +    ==> sats(A, mem_formula_fm(x), env) \<longleftrightarrow> mem_formula(##A, nth(x,env))"
   5.700  by (simp add: mem_formula_fm_def mem_formula_def)
   5.701  
   5.702  lemma mem_formula_iff_sats:
   5.703        "[| nth(i,env) = x; i \<in> nat; env \<in> list(A)|]
   5.704 -       ==> mem_formula(##A, x) <-> sats(A, mem_formula_fm(i), env)"
   5.705 +       ==> mem_formula(##A, x) \<longleftrightarrow> sats(A, mem_formula_fm(i), env)"
   5.706  by simp
   5.707  
   5.708  theorem mem_formula_reflection:
   5.709 @@ -1385,7 +1385,7 @@
   5.710  
   5.711  subsubsection{*The Predicate ``Is @{term "formula"}''*}
   5.712  
   5.713 -(* is_formula(M,Z) == \<forall>p[M]. p \<in> Z <-> mem_formula(M,p) *)
   5.714 +(* is_formula(M,Z) == \<forall>p[M]. p \<in> Z \<longleftrightarrow> mem_formula(M,p) *)
   5.715  definition
   5.716    is_formula_fm :: "i=>i" where
   5.717      "is_formula_fm(Z) == Forall(Iff(Member(0,succ(Z)), mem_formula_fm(0)))"
   5.718 @@ -1396,12 +1396,12 @@
   5.719  
   5.720  lemma sats_is_formula_fm [simp]:
   5.721     "[| x \<in> nat; env \<in> list(A)|]
   5.722 -    ==> sats(A, is_formula_fm(x), env) <-> is_formula(##A, nth(x,env))"
   5.723 +    ==> sats(A, is_formula_fm(x), env) \<longleftrightarrow> is_formula(##A, nth(x,env))"
   5.724  by (simp add: is_formula_fm_def is_formula_def)
   5.725  
   5.726  lemma is_formula_iff_sats:
   5.727        "[| nth(i,env) = x; i \<in> nat; env \<in> list(A)|]
   5.728 -       ==> is_formula(##A, x) <-> sats(A, is_formula_fm(i), env)"
   5.729 +       ==> is_formula(##A, x) \<longleftrightarrow> sats(A, is_formula_fm(i), env)"
   5.730  by simp
   5.731  
   5.732  theorem is_formula_reflection:
   5.733 @@ -1443,12 +1443,12 @@
   5.734    assumes MH_iff_sats: 
   5.735        "!!a0 a1 a2 a3 a4 a5 a6 a7. 
   5.736          [|a0\<in>A; a1\<in>A; a2\<in>A; a3\<in>A; a4\<in>A; a5\<in>A; a6\<in>A; a7\<in>A|] 
   5.737 -        ==> MH(a2, a1, a0) <-> 
   5.738 +        ==> MH(a2, a1, a0) \<longleftrightarrow> 
   5.739              sats(A, p, Cons(a0,Cons(a1,Cons(a2,Cons(a3,
   5.740                            Cons(a4,Cons(a5,Cons(a6,Cons(a7,env)))))))))"
   5.741    shows 
   5.742        "[|x < length(env); z < length(env); env \<in> list(A)|]
   5.743 -       ==> sats(A, is_transrec_fm(p,x,z), env) <-> 
   5.744 +       ==> sats(A, is_transrec_fm(p,x,z), env) \<longleftrightarrow> 
   5.745             is_transrec(##A, MH, nth(x,env), nth(z,env))"
   5.746  apply (frule_tac x=z in lt_length_in_nat, assumption)  
   5.747  apply (frule_tac x=x in lt_length_in_nat, assumption)  
   5.748 @@ -1460,13 +1460,13 @@
   5.749    assumes MH_iff_sats: 
   5.750        "!!a0 a1 a2 a3 a4 a5 a6 a7. 
   5.751          [|a0\<in>A; a1\<in>A; a2\<in>A; a3\<in>A; a4\<in>A; a5\<in>A; a6\<in>A; a7\<in>A|] 
   5.752 -        ==> MH(a2, a1, a0) <-> 
   5.753 +        ==> MH(a2, a1, a0) \<longleftrightarrow> 
   5.754              sats(A, p, Cons(a0,Cons(a1,Cons(a2,Cons(a3,
   5.755                            Cons(a4,Cons(a5,Cons(a6,Cons(a7,env)))))))))"
   5.756    shows
   5.757    "[|nth(i,env) = x; nth(k,env) = z; 
   5.758        i < length(env); k < length(env); env \<in> list(A)|]
   5.759 -   ==> is_transrec(##A, MH, x, z) <-> sats(A, is_transrec_fm(p,i,k), env)" 
   5.760 +   ==> is_transrec(##A, MH, x, z) \<longleftrightarrow> sats(A, is_transrec_fm(p,i,k), env)" 
   5.761  by (simp add: sats_is_transrec_fm [OF MH_iff_sats])
   5.762  
   5.763  theorem is_transrec_reflection:
     6.1 --- a/src/ZF/Constructible/L_axioms.thy	Tue Mar 06 16:46:27 2012 +0000
     6.2 +++ b/src/ZF/Constructible/L_axioms.thy	Tue Mar 06 17:01:37 2012 +0000
     6.3 @@ -26,7 +26,7 @@
     6.4  
     6.5  theorem Union_ax: "Union_ax(L)"
     6.6  apply (simp add: Union_ax_def big_union_def, clarify)
     6.7 -apply (rule_tac x="Union(x)" in rexI)
     6.8 +apply (rule_tac x="\<Union>(x)" in rexI)
     6.9  apply (simp_all add: Union_in_L, auto)
    6.10  apply (blast intro: transL)
    6.11  done
    6.12 @@ -116,7 +116,7 @@
    6.13  
    6.14  definition
    6.15    L_F0 :: "[i=>o,i] => i" where
    6.16 -    "L_F0(P,y) == \<mu> b. (\<exists>z. L(z) \<and> P(<y,z>)) --> (\<exists>z\<in>Lset(b). P(<y,z>))"
    6.17 +    "L_F0(P,y) == \<mu> b. (\<exists>z. L(z) \<and> P(<y,z>)) \<longrightarrow> (\<exists>z\<in>Lset(b). P(<y,z>))"
    6.18  
    6.19  definition
    6.20    L_FF :: "[i=>o,i] => i" where
    6.21 @@ -132,7 +132,7 @@
    6.22  definition
    6.23    L_Reflects :: "[i=>o,[i,i]=>o] => prop"  ("(3REFLECTS/ [_,/ _])") where
    6.24      "REFLECTS[P,Q] == (??Cl. Closed_Unbounded(Cl) &
    6.25 -                           (\<forall>a. Cl(a) --> (\<forall>x \<in> Lset(a). P(x) <-> Q(a,x))))"
    6.26 +                           (\<forall>a. Cl(a) \<longrightarrow> (\<forall>x \<in> Lset(a). P(x) \<longleftrightarrow> Q(a,x))))"
    6.27  
    6.28  
    6.29  theorem Triv_reflection:
    6.30 @@ -169,7 +169,7 @@
    6.31  
    6.32  theorem Imp_reflection:
    6.33       "[| REFLECTS[P,Q]; REFLECTS[P',Q'] |]
    6.34 -      ==> REFLECTS[\<lambda>x. P(x) --> P'(x), \<lambda>a x. Q(a,x) --> Q'(a,x)]"
    6.35 +      ==> REFLECTS[\<lambda>x. P(x) \<longrightarrow> P'(x), \<lambda>a x. Q(a,x) \<longrightarrow> Q'(a,x)]"
    6.36  apply (unfold L_Reflects_def)
    6.37  apply (elim meta_exE)
    6.38  apply (rule_tac x="\<lambda>a. Cl(a) \<and> Cla(a)" in meta_exI)
    6.39 @@ -178,7 +178,7 @@
    6.40  
    6.41  theorem Iff_reflection:
    6.42       "[| REFLECTS[P,Q]; REFLECTS[P',Q'] |]
    6.43 -      ==> REFLECTS[\<lambda>x. P(x) <-> P'(x), \<lambda>a x. Q(a,x) <-> Q'(a,x)]"
    6.44 +      ==> REFLECTS[\<lambda>x. P(x) \<longleftrightarrow> P'(x), \<lambda>a x. Q(a,x) \<longleftrightarrow> Q'(a,x)]"
    6.45  apply (unfold L_Reflects_def)
    6.46  apply (elim meta_exE)
    6.47  apply (rule_tac x="\<lambda>a. Cl(a) \<and> Cla(a)" in meta_exI)
    6.48 @@ -202,7 +202,7 @@
    6.49  
    6.50  theorem All_reflection:
    6.51       "REFLECTS[\<lambda>x. P(fst(x),snd(x)), \<lambda>a x. Q(a,fst(x),snd(x))]
    6.52 -      ==> REFLECTS[\<lambda>x. \<forall>z. L(z) --> P(x,z), \<lambda>a x. \<forall>z\<in>Lset(a). Q(a,x,z)]"
    6.53 +      ==> REFLECTS[\<lambda>x. \<forall>z. L(z) \<longrightarrow> P(x,z), \<lambda>a x. \<forall>z\<in>Lset(a). Q(a,x,z)]"
    6.54  apply (unfold L_Reflects_def L_ClEx_def L_FF_def L_F0_def L_def)
    6.55  apply (elim meta_exE)
    6.56  apply (rule meta_exI)
    6.57 @@ -247,7 +247,7 @@
    6.58  
    6.59  lemma ReflectsD:
    6.60       "[|REFLECTS[P,Q]; Ord(i)|]
    6.61 -      ==> \<exists>j. i<j & (\<forall>x \<in> Lset(j). P(x) <-> Q(j,x))"
    6.62 +      ==> \<exists>j. i<j & (\<forall>x \<in> Lset(j). P(x) \<longleftrightarrow> Q(j,x))"
    6.63  apply (unfold L_Reflects_def Closed_Unbounded_def)
    6.64  apply (elim meta_exE, clarify)
    6.65  apply (blast dest!: UnboundedD)
    6.66 @@ -255,7 +255,7 @@
    6.67  
    6.68  lemma ReflectsE:
    6.69       "[| REFLECTS[P,Q]; Ord(i);
    6.70 -         !!j. [|i<j;  \<forall>x \<in> Lset(j). P(x) <-> Q(j,x)|] ==> R |]
    6.71 +         !!j. [|i<j;  \<forall>x \<in> Lset(j). P(x) \<longleftrightarrow> Q(j,x)|] ==> R |]
    6.72        ==> R"
    6.73  by (drule ReflectsD, assumption, blast)
    6.74  
    6.75 @@ -301,13 +301,13 @@
    6.76  
    6.77  lemma sats_empty_fm [simp]:
    6.78     "[| x \<in> nat; env \<in> list(A)|]
    6.79 -    ==> sats(A, empty_fm(x), env) <-> empty(##A, nth(x,env))"
    6.80 +    ==> sats(A, empty_fm(x), env) \<longleftrightarrow> empty(##A, nth(x,env))"
    6.81  by (simp add: empty_fm_def empty_def)
    6.82  
    6.83  lemma empty_iff_sats:
    6.84        "[| nth(i,env) = x; nth(j,env) = y;
    6.85            i \<in> nat; env \<in> list(A)|]
    6.86 -       ==> empty(##A, x) <-> sats(A, empty_fm(i), env)"
    6.87 +       ==> empty(##A, x) \<longleftrightarrow> sats(A, empty_fm(i), env)"
    6.88  by simp
    6.89  
    6.90  theorem empty_reflection:
    6.91 @@ -320,7 +320,7 @@
    6.92  text{*Not used.  But maybe useful?*}
    6.93  lemma Transset_sats_empty_fm_eq_0:
    6.94     "[| n \<in> nat; env \<in> list(A); Transset(A)|]
    6.95 -    ==> sats(A, empty_fm(n), env) <-> nth(n,env) = 0"
    6.96 +    ==> sats(A, empty_fm(n), env) \<longleftrightarrow> nth(n,env) = 0"
    6.97  apply (simp add: empty_fm_def empty_def Transset_def, auto)
    6.98  apply (case_tac "n < length(env)")
    6.99  apply (frule nth_type, assumption+, blast)
   6.100 @@ -344,20 +344,20 @@
   6.101  
   6.102  lemma sats_upair_fm [simp]:
   6.103     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   6.104 -    ==> sats(A, upair_fm(x,y,z), env) <->
   6.105 +    ==> sats(A, upair_fm(x,y,z), env) \<longleftrightarrow>
   6.106              upair(##A, nth(x,env), nth(y,env), nth(z,env))"
   6.107  by (simp add: upair_fm_def upair_def)
   6.108  
   6.109  lemma upair_iff_sats:
   6.110        "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   6.111            i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   6.112 -       ==> upair(##A, x, y, z) <-> sats(A, upair_fm(i,j,k), env)"
   6.113 +       ==> upair(##A, x, y, z) \<longleftrightarrow> sats(A, upair_fm(i,j,k), env)"
   6.114  by (simp add: sats_upair_fm)
   6.115  
   6.116  text{*Useful? At least it refers to "real" unordered pairs*}
   6.117  lemma sats_upair_fm2 [simp]:
   6.118     "[| x \<in> nat; y \<in> nat; z < length(env); env \<in> list(A); Transset(A)|]
   6.119 -    ==> sats(A, upair_fm(x,y,z), env) <->
   6.120 +    ==> sats(A, upair_fm(x,y,z), env) \<longleftrightarrow>
   6.121          nth(z,env) = {nth(x,env), nth(y,env)}"
   6.122  apply (frule lt_length_in_nat, assumption)
   6.123  apply (simp add: upair_fm_def Transset_def, auto)
   6.124 @@ -386,14 +386,14 @@
   6.125  
   6.126  lemma sats_pair_fm [simp]:
   6.127     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   6.128 -    ==> sats(A, pair_fm(x,y,z), env) <->
   6.129 +    ==> sats(A, pair_fm(x,y,z), env) \<longleftrightarrow>
   6.130          pair(##A, nth(x,env), nth(y,env), nth(z,env))"
   6.131  by (simp add: pair_fm_def pair_def)
   6.132  
   6.133  lemma pair_iff_sats:
   6.134        "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   6.135            i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   6.136 -       ==> pair(##A, x, y, z) <-> sats(A, pair_fm(i,j,k), env)"
   6.137 +       ==> pair(##A, x, y, z) \<longleftrightarrow> sats(A, pair_fm(i,j,k), env)"
   6.138  by (simp add: sats_pair_fm)
   6.139  
   6.140  theorem pair_reflection:
   6.141 @@ -418,14 +418,14 @@
   6.142  
   6.143  lemma sats_union_fm [simp]:
   6.144     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   6.145 -    ==> sats(A, union_fm(x,y,z), env) <->
   6.146 +    ==> sats(A, union_fm(x,y,z), env) \<longleftrightarrow>
   6.147          union(##A, nth(x,env), nth(y,env), nth(z,env))"
   6.148  by (simp add: union_fm_def union_def)
   6.149  
   6.150  lemma union_iff_sats:
   6.151        "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   6.152            i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   6.153 -       ==> union(##A, x, y, z) <-> sats(A, union_fm(i,j,k), env)"
   6.154 +       ==> union(##A, x, y, z) \<longleftrightarrow> sats(A, union_fm(i,j,k), env)"
   6.155  by (simp add: sats_union_fm)
   6.156  
   6.157  theorem union_reflection:
   6.158 @@ -451,14 +451,14 @@
   6.159  
   6.160  lemma sats_cons_fm [simp]:
   6.161     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   6.162 -    ==> sats(A, cons_fm(x,y,z), env) <->
   6.163 +    ==> sats(A, cons_fm(x,y,z), env) \<longleftrightarrow>
   6.164          is_cons(##A, nth(x,env), nth(y,env), nth(z,env))"
   6.165  by (simp add: cons_fm_def is_cons_def)
   6.166  
   6.167  lemma cons_iff_sats:
   6.168        "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   6.169            i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   6.170 -       ==> is_cons(##A, x, y, z) <-> sats(A, cons_fm(i,j,k), env)"
   6.171 +       ==> is_cons(##A, x, y, z) \<longleftrightarrow> sats(A, cons_fm(i,j,k), env)"
   6.172  by simp
   6.173  
   6.174  theorem cons_reflection:
   6.175 @@ -481,14 +481,14 @@
   6.176  
   6.177  lemma sats_succ_fm [simp]:
   6.178     "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   6.179 -    ==> sats(A, succ_fm(x,y), env) <->
   6.180 +    ==> sats(A, succ_fm(x,y), env) \<longleftrightarrow>
   6.181          successor(##A, nth(x,env), nth(y,env))"
   6.182  by (simp add: succ_fm_def successor_def)
   6.183  
   6.184  lemma successor_iff_sats:
   6.185        "[| nth(i,env) = x; nth(j,env) = y;
   6.186            i \<in> nat; j \<in> nat; env \<in> list(A)|]
   6.187 -       ==> successor(##A, x, y) <-> sats(A, succ_fm(i,j), env)"
   6.188 +       ==> successor(##A, x, y) \<longleftrightarrow> sats(A, succ_fm(i,j), env)"
   6.189  by simp
   6.190  
   6.191  theorem successor_reflection:
   6.192 @@ -512,13 +512,13 @@
   6.193  
   6.194  lemma sats_number1_fm [simp]:
   6.195     "[| x \<in> nat; env \<in> list(A)|]
   6.196 -    ==> sats(A, number1_fm(x), env) <-> number1(##A, nth(x,env))"
   6.197 +    ==> sats(A, number1_fm(x), env) \<longleftrightarrow> number1(##A, nth(x,env))"
   6.198  by (simp add: number1_fm_def number1_def)
   6.199  
   6.200  lemma number1_iff_sats:
   6.201        "[| nth(i,env) = x; nth(j,env) = y;
   6.202            i \<in> nat; env \<in> list(A)|]
   6.203 -       ==> number1(##A, x) <-> sats(A, number1_fm(i), env)"
   6.204 +       ==> number1(##A, x) \<longleftrightarrow> sats(A, number1_fm(i), env)"
   6.205  by simp
   6.206  
   6.207  theorem number1_reflection:
   6.208 @@ -531,7 +531,7 @@
   6.209  
   6.210  subsubsection{*Big Union, Internalized*}
   6.211  
   6.212 -(*  "big_union(M,A,z) == \<forall>x[M]. x \<in> z <-> (\<exists>y[M]. y\<in>A & x \<in> y)" *)
   6.213 +(*  "big_union(M,A,z) == \<forall>x[M]. x \<in> z \<longleftrightarrow> (\<exists>y[M]. y\<in>A & x \<in> y)" *)
   6.214  definition
   6.215    big_union_fm :: "[i,i]=>i" where
   6.216      "big_union_fm(A,z) ==
   6.217 @@ -544,14 +544,14 @@
   6.218  
   6.219  lemma sats_big_union_fm [simp]:
   6.220     "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   6.221 -    ==> sats(A, big_union_fm(x,y), env) <->
   6.222 +    ==> sats(A, big_union_fm(x,y), env) \<longleftrightarrow>
   6.223          big_union(##A, nth(x,env), nth(y,env))"
   6.224  by (simp add: big_union_fm_def big_union_def)
   6.225  
   6.226  lemma big_union_iff_sats:
   6.227        "[| nth(i,env) = x; nth(j,env) = y;
   6.228            i \<in> nat; j \<in> nat; env \<in> list(A)|]
   6.229 -       ==> big_union(##A, x, y) <-> sats(A, big_union_fm(i,j), env)"
   6.230 +       ==> big_union(##A, x, y) \<longleftrightarrow> sats(A, big_union_fm(i,j), env)"
   6.231  by simp
   6.232  
   6.233  theorem big_union_reflection:
   6.234 @@ -572,7 +572,7 @@
   6.235  
   6.236  lemma sats_subset_fm':
   6.237     "[|x \<in> nat; y \<in> nat; env \<in> list(A)|]
   6.238 -    ==> sats(A, subset_fm(x,y), env) <-> subset(##A, nth(x,env), nth(y,env))"
   6.239 +    ==> sats(A, subset_fm(x,y), env) \<longleftrightarrow> subset(##A, nth(x,env), nth(y,env))"
   6.240  by (simp add: subset_fm_def Relative.subset_def)
   6.241  
   6.242  theorem subset_reflection:
   6.243 @@ -584,7 +584,7 @@
   6.244  
   6.245  lemma sats_transset_fm':
   6.246     "[|x \<in> nat; env \<in> list(A)|]
   6.247 -    ==> sats(A, transset_fm(x), env) <-> transitive_set(##A, nth(x,env))"
   6.248 +    ==> sats(A, transset_fm(x), env) \<longleftrightarrow> transitive_set(##A, nth(x,env))"
   6.249  by (simp add: sats_subset_fm' transset_fm_def transitive_set_def)
   6.250  
   6.251  theorem transitive_set_reflection:
   6.252 @@ -596,12 +596,12 @@
   6.253  
   6.254  lemma sats_ordinal_fm':
   6.255     "[|x \<in> nat; env \<in> list(A)|]
   6.256 -    ==> sats(A, ordinal_fm(x), env) <-> ordinal(##A,nth(x,env))"
   6.257 +    ==> sats(A, ordinal_fm(x), env) \<longleftrightarrow> ordinal(##A,nth(x,env))"
   6.258  by (simp add: sats_transset_fm' ordinal_fm_def ordinal_def)
   6.259  
   6.260  lemma ordinal_iff_sats:
   6.261        "[| nth(i,env) = x;  i \<in> nat; env \<in> list(A)|]
   6.262 -       ==> ordinal(##A, x) <-> sats(A, ordinal_fm(i), env)"
   6.263 +       ==> ordinal(##A, x) \<longleftrightarrow> sats(A, ordinal_fm(i), env)"
   6.264  by (simp add: sats_ordinal_fm')
   6.265  
   6.266  theorem ordinal_reflection:
   6.267 @@ -628,14 +628,14 @@
   6.268  
   6.269  lemma sats_Memrel_fm [simp]:
   6.270     "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   6.271 -    ==> sats(A, Memrel_fm(x,y), env) <->
   6.272 +    ==> sats(A, Memrel_fm(x,y), env) \<longleftrightarrow>
   6.273          membership(##A, nth(x,env), nth(y,env))"
   6.274  by (simp add: Memrel_fm_def membership_def)
   6.275  
   6.276  lemma Memrel_iff_sats:
   6.277        "[| nth(i,env) = x; nth(j,env) = y;
   6.278            i \<in> nat; j \<in> nat; env \<in> list(A)|]
   6.279 -       ==> membership(##A, x, y) <-> sats(A, Memrel_fm(i,j), env)"
   6.280 +       ==> membership(##A, x, y) \<longleftrightarrow> sats(A, Memrel_fm(i,j), env)"
   6.281  by simp
   6.282  
   6.283  theorem membership_reflection:
   6.284 @@ -663,14 +663,14 @@
   6.285  
   6.286  lemma sats_pred_set_fm [simp]:
   6.287     "[| U \<in> nat; x \<in> nat; r \<in> nat; B \<in> nat; env \<in> list(A)|]
   6.288 -    ==> sats(A, pred_set_fm(U,x,r,B), env) <->
   6.289 +    ==> sats(A, pred_set_fm(U,x,r,B), env) \<longleftrightarrow>
   6.290          pred_set(##A, nth(U,env), nth(x,env), nth(r,env), nth(B,env))"
   6.291  by (simp add: pred_set_fm_def pred_set_def)
   6.292  
   6.293  lemma pred_set_iff_sats:
   6.294        "[| nth(i,env) = U; nth(j,env) = x; nth(k,env) = r; nth(l,env) = B;
   6.295            i \<in> nat; j \<in> nat; k \<in> nat; l \<in> nat; env \<in> list(A)|]
   6.296 -       ==> pred_set(##A,U,x,r,B) <-> sats(A, pred_set_fm(i,j,k,l), env)"
   6.297 +       ==> pred_set(##A,U,x,r,B) \<longleftrightarrow> sats(A, pred_set_fm(i,j,k,l), env)"
   6.298  by (simp add: sats_pred_set_fm)
   6.299  
   6.300  theorem pred_set_reflection:
   6.301 @@ -685,7 +685,7 @@
   6.302  subsubsection{*Domain of a Relation, Internalized*}
   6.303  
   6.304  (* "is_domain(M,r,z) ==
   6.305 -        \<forall>x[M]. (x \<in> z <-> (\<exists>w[M]. w\<in>r & (\<exists>y[M]. pair(M,x,y,w))))" *)
   6.306 +        \<forall>x[M]. (x \<in> z \<longleftrightarrow> (\<exists>w[M]. w\<in>r & (\<exists>y[M]. pair(M,x,y,w))))" *)
   6.307  definition
   6.308    domain_fm :: "[i,i]=>i" where
   6.309      "domain_fm(r,z) ==
   6.310 @@ -699,14 +699,14 @@
   6.311  
   6.312  lemma sats_domain_fm [simp]:
   6.313     "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   6.314 -    ==> sats(A, domain_fm(x,y), env) <->
   6.315 +    ==> sats(A, domain_fm(x,y), env) \<longleftrightarrow>
   6.316          is_domain(##A, nth(x,env), nth(y,env))"
   6.317  by (simp add: domain_fm_def is_domain_def)
   6.318  
   6.319  lemma domain_iff_sats:
   6.320        "[| nth(i,env) = x; nth(j,env) = y;
   6.321            i \<in> nat; j \<in> nat; env \<in> list(A)|]
   6.322 -       ==> is_domain(##A, x, y) <-> sats(A, domain_fm(i,j), env)"
   6.323 +       ==> is_domain(##A, x, y) \<longleftrightarrow> sats(A, domain_fm(i,j), env)"
   6.324  by simp
   6.325  
   6.326  theorem domain_reflection:
   6.327 @@ -720,7 +720,7 @@
   6.328  subsubsection{*Range of a Relation, Internalized*}
   6.329  
   6.330  (* "is_range(M,r,z) ==
   6.331 -        \<forall>y[M]. (y \<in> z <-> (\<exists>w[M]. w\<in>r & (\<exists>x[M]. pair(M,x,y,w))))" *)
   6.332 +        \<forall>y[M]. (y \<in> z \<longleftrightarrow> (\<exists>w[M]. w\<in>r & (\<exists>x[M]. pair(M,x,y,w))))" *)
   6.333  definition
   6.334    range_fm :: "[i,i]=>i" where
   6.335      "range_fm(r,z) ==
   6.336 @@ -734,14 +734,14 @@
   6.337  
   6.338  lemma sats_range_fm [simp]:
   6.339     "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   6.340 -    ==> sats(A, range_fm(x,y), env) <->
   6.341 +    ==> sats(A, range_fm(x,y), env) \<longleftrightarrow>
   6.342          is_range(##A, nth(x,env), nth(y,env))"
   6.343  by (simp add: range_fm_def is_range_def)
   6.344  
   6.345  lemma range_iff_sats:
   6.346        "[| nth(i,env) = x; nth(j,env) = y;
   6.347            i \<in> nat; j \<in> nat; env \<in> list(A)|]
   6.348 -       ==> is_range(##A, x, y) <-> sats(A, range_fm(i,j), env)"
   6.349 +       ==> is_range(##A, x, y) \<longleftrightarrow> sats(A, range_fm(i,j), env)"
   6.350  by simp
   6.351  
   6.352  theorem range_reflection:
   6.353 @@ -770,14 +770,14 @@
   6.354  
   6.355  lemma sats_field_fm [simp]:
   6.356     "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   6.357 -    ==> sats(A, field_fm(x,y), env) <->
   6.358 +    ==> sats(A, field_fm(x,y), env) \<longleftrightarrow>
   6.359          is_field(##A, nth(x,env), nth(y,env))"
   6.360  by (simp add: field_fm_def is_field_def)
   6.361  
   6.362  lemma field_iff_sats:
   6.363        "[| nth(i,env) = x; nth(j,env) = y;
   6.364            i \<in> nat; j \<in> nat; env \<in> list(A)|]
   6.365 -       ==> is_field(##A, x, y) <-> sats(A, field_fm(i,j), env)"
   6.366 +       ==> is_field(##A, x, y) \<longleftrightarrow> sats(A, field_fm(i,j), env)"
   6.367  by simp
   6.368  
   6.369  theorem field_reflection:
   6.370 @@ -792,7 +792,7 @@
   6.371  subsubsection{*Image under a Relation, Internalized*}
   6.372  
   6.373  (* "image(M,r,A,z) ==
   6.374 -        \<forall>y[M]. (y \<in> z <-> (\<exists>w[M]. w\<in>r & (\<exists>x[M]. x\<in>A & pair(M,x,y,w))))" *)
   6.375 +        \<forall>y[M]. (y \<in> z \<longleftrightarrow> (\<exists>w[M]. w\<in>r & (\<exists>x[M]. x\<in>A & pair(M,x,y,w))))" *)
   6.376  definition
   6.377    image_fm :: "[i,i,i]=>i" where
   6.378      "image_fm(r,A,z) ==
   6.379 @@ -807,14 +807,14 @@
   6.380  
   6.381  lemma sats_image_fm [simp]:
   6.382     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   6.383 -    ==> sats(A, image_fm(x,y,z), env) <->
   6.384 +    ==> sats(A, image_fm(x,y,z), env) \<longleftrightarrow>
   6.385          image(##A, nth(x,env), nth(y,env), nth(z,env))"
   6.386  by (simp add: image_fm_def Relative.image_def)
   6.387  
   6.388  lemma image_iff_sats:
   6.389        "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   6.390            i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   6.391 -       ==> image(##A, x, y, z) <-> sats(A, image_fm(i,j,k), env)"
   6.392 +       ==> image(##A, x, y, z) \<longleftrightarrow> sats(A, image_fm(i,j,k), env)"
   6.393  by (simp add: sats_image_fm)
   6.394  
   6.395  theorem image_reflection:
   6.396 @@ -828,7 +828,7 @@
   6.397  subsubsection{*Pre-Image under a Relation, Internalized*}
   6.398  
   6.399  (* "pre_image(M,r,A,z) ==
   6.400 -        \<forall>x[M]. x \<in> z <-> (\<exists>w[M]. w\<in>r & (\<exists>y[M]. y\<in>A & pair(M,x,y,w)))" *)
   6.401 +        \<forall>x[M]. x \<in> z \<longleftrightarrow> (\<exists>w[M]. w\<in>r & (\<exists>y[M]. y\<in>A & pair(M,x,y,w)))" *)
   6.402  definition
   6.403    pre_image_fm :: "[i,i,i]=>i" where
   6.404      "pre_image_fm(r,A,z) ==
   6.405 @@ -843,14 +843,14 @@
   6.406  
   6.407  lemma sats_pre_image_fm [simp]:
   6.408     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   6.409 -    ==> sats(A, pre_image_fm(x,y,z), env) <->
   6.410 +    ==> sats(A, pre_image_fm(x,y,z), env) \<longleftrightarrow>
   6.411          pre_image(##A, nth(x,env), nth(y,env), nth(z,env))"
   6.412  by (simp add: pre_image_fm_def Relative.pre_image_def)
   6.413  
   6.414  lemma pre_image_iff_sats:
   6.415        "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   6.416            i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   6.417 -       ==> pre_image(##A, x, y, z) <-> sats(A, pre_image_fm(i,j,k), env)"
   6.418 +       ==> pre_image(##A, x, y, z) \<longleftrightarrow> sats(A, pre_image_fm(i,j,k), env)"
   6.419  by (simp add: sats_pre_image_fm)
   6.420  
   6.421  theorem pre_image_reflection:
   6.422 @@ -879,14 +879,14 @@
   6.423  
   6.424  lemma sats_fun_apply_fm [simp]:
   6.425     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   6.426 -    ==> sats(A, fun_apply_fm(x,y,z), env) <->
   6.427 +    ==> sats(A, fun_apply_fm(x,y,z), env) \<longleftrightarrow>
   6.428          fun_apply(##A, nth(x,env), nth(y,env), nth(z,env))"
   6.429  by (simp add: fun_apply_fm_def fun_apply_def)
   6.430  
   6.431  lemma fun_apply_iff_sats:
   6.432        "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   6.433            i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   6.434 -       ==> fun_apply(##A, x, y, z) <-> sats(A, fun_apply_fm(i,j,k), env)"
   6.435 +       ==> fun_apply(##A, x, y, z) \<longleftrightarrow> sats(A, fun_apply_fm(i,j,k), env)"
   6.436  by simp
   6.437  
   6.438  theorem fun_apply_reflection:
   6.439 @@ -901,7 +901,7 @@
   6.440  subsubsection{*The Concept of Relation, Internalized*}
   6.441  
   6.442  (* "is_relation(M,r) ==
   6.443 -        (\<forall>z[M]. z\<in>r --> (\<exists>x[M]. \<exists>y[M]. pair(M,x,y,z)))" *)
   6.444 +        (\<forall>z[M]. z\<in>r \<longrightarrow> (\<exists>x[M]. \<exists>y[M]. pair(M,x,y,z)))" *)
   6.445  definition
   6.446    relation_fm :: "i=>i" where
   6.447      "relation_fm(r) ==
   6.448 @@ -913,13 +913,13 @@
   6.449  
   6.450  lemma sats_relation_fm [simp]:
   6.451     "[| x \<in> nat; env \<in> list(A)|]
   6.452 -    ==> sats(A, relation_fm(x), env) <-> is_relation(##A, nth(x,env))"
   6.453 +    ==> sats(A, relation_fm(x), env) \<longleftrightarrow> is_relation(##A, nth(x,env))"
   6.454  by (simp add: relation_fm_def is_relation_def)
   6.455  
   6.456  lemma relation_iff_sats:
   6.457        "[| nth(i,env) = x; nth(j,env) = y;
   6.458            i \<in> nat; env \<in> list(A)|]
   6.459 -       ==> is_relation(##A, x) <-> sats(A, relation_fm(i), env)"
   6.460 +       ==> is_relation(##A, x) \<longleftrightarrow> sats(A, relation_fm(i), env)"
   6.461  by simp
   6.462  
   6.463  theorem is_relation_reflection:
   6.464 @@ -934,7 +934,7 @@
   6.465  
   6.466  (* "is_function(M,r) ==
   6.467          \<forall>x[M]. \<forall>y[M]. \<forall>y'[M]. \<forall>p[M]. \<forall>p'[M].
   6.468 -           pair(M,x,y,p) --> pair(M,x,y',p') --> p\<in>r --> p'\<in>r --> y=y'" *)
   6.469 +           pair(M,x,y,p) \<longrightarrow> pair(M,x,y',p') \<longrightarrow> p\<in>r \<longrightarrow> p'\<in>r \<longrightarrow> y=y'" *)
   6.470  definition
   6.471    function_fm :: "i=>i" where
   6.472      "function_fm(r) ==
   6.473 @@ -950,13 +950,13 @@
   6.474  
   6.475  lemma sats_function_fm [simp]:
   6.476     "[| x \<in> nat; env \<in> list(A)|]
   6.477 -    ==> sats(A, function_fm(x), env) <-> is_function(##A, nth(x,env))"
   6.478 +    ==> sats(A, function_fm(x), env) \<longleftrightarrow> is_function(##A, nth(x,env))"
   6.479  by (simp add: function_fm_def is_function_def)
   6.480  
   6.481  lemma is_function_iff_sats:
   6.482        "[| nth(i,env) = x; nth(j,env) = y;
   6.483            i \<in> nat; env \<in> list(A)|]
   6.484 -       ==> is_function(##A, x) <-> sats(A, function_fm(i), env)"
   6.485 +       ==> is_function(##A, x) \<longleftrightarrow> sats(A, function_fm(i), env)"
   6.486  by simp
   6.487  
   6.488  theorem is_function_reflection:
   6.489 @@ -971,7 +971,7 @@
   6.490  
   6.491  (* "typed_function(M,A,B,r) ==
   6.492          is_function(M,r) & is_relation(M,r) & is_domain(M,r,A) &
   6.493 -        (\<forall>u[M]. u\<in>r --> (\<forall>x[M]. \<forall>y[M]. pair(M,x,y,u) --> y\<in>B))" *)
   6.494 +        (\<forall>u[M]. u\<in>r \<longrightarrow> (\<forall>x[M]. \<forall>y[M]. pair(M,x,y,u) \<longrightarrow> y\<in>B))" *)
   6.495  
   6.496  definition
   6.497    typed_function_fm :: "[i,i,i]=>i" where
   6.498 @@ -988,14 +988,14 @@
   6.499  
   6.500  lemma sats_typed_function_fm [simp]:
   6.501     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   6.502 -    ==> sats(A, typed_function_fm(x,y,z), env) <->
   6.503 +    ==> sats(A, typed_function_fm(x,y,z), env) \<longleftrightarrow>
   6.504          typed_function(##A, nth(x,env), nth(y,env), nth(z,env))"
   6.505  by (simp add: typed_function_fm_def typed_function_def)
   6.506  
   6.507  lemma typed_function_iff_sats:
   6.508    "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   6.509        i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   6.510 -   ==> typed_function(##A, x, y, z) <-> sats(A, typed_function_fm(i,j,k), env)"
   6.511 +   ==> typed_function(##A, x, y, z) \<longleftrightarrow> sats(A, typed_function_fm(i,j,k), env)"
   6.512  by simp
   6.513  
   6.514  lemmas function_reflections =
   6.515 @@ -1029,7 +1029,7 @@
   6.516  subsubsection{*Composition of Relations, Internalized*}
   6.517  
   6.518  (* "composition(M,r,s,t) ==
   6.519 -        \<forall>p[M]. p \<in> t <->
   6.520 +        \<forall>p[M]. p \<in> t \<longleftrightarrow>
   6.521                 (\<exists>x[M]. \<exists>y[M]. \<exists>z[M]. \<exists>xy[M]. \<exists>yz[M].
   6.522                  pair(M,x,z,p) & pair(M,x,y,xy) & pair(M,y,z,yz) &
   6.523                  xy \<in> s & yz \<in> r)" *)
   6.524 @@ -1049,14 +1049,14 @@
   6.525  
   6.526  lemma sats_composition_fm [simp]:
   6.527     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   6.528 -    ==> sats(A, composition_fm(x,y,z), env) <->
   6.529 +    ==> sats(A, composition_fm(x,y,z), env) \<longleftrightarrow>
   6.530          composition(##A, nth(x,env), nth(y,env), nth(z,env))"
   6.531  by (simp add: composition_fm_def composition_def)
   6.532  
   6.533  lemma composition_iff_sats:
   6.534        "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   6.535            i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   6.536 -       ==> composition(##A, x, y, z) <-> sats(A, composition_fm(i,j,k), env)"
   6.537 +       ==> composition(##A, x, y, z) \<longleftrightarrow> sats(A, composition_fm(i,j,k), env)"
   6.538  by simp
   6.539  
   6.540  theorem composition_reflection:
   6.541 @@ -1072,7 +1072,7 @@
   6.542  (* "injection(M,A,B,f) ==
   6.543          typed_function(M,A,B,f) &
   6.544          (\<forall>x[M]. \<forall>x'[M]. \<forall>y[M]. \<forall>p[M]. \<forall>p'[M].
   6.545 -          pair(M,x,y,p) --> pair(M,x',y,p') --> p\<in>f --> p'\<in>f --> x=x')" *)
   6.546 +          pair(M,x,y,p) \<longrightarrow> pair(M,x',y,p') \<longrightarrow> p\<in>f \<longrightarrow> p'\<in>f \<longrightarrow> x=x')" *)
   6.547  definition
   6.548    injection_fm :: "[i,i,i]=>i" where
   6.549    "injection_fm(A,B,f) ==
   6.550 @@ -1090,14 +1090,14 @@
   6.551  
   6.552  lemma sats_injection_fm [simp]:
   6.553     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   6.554 -    ==> sats(A, injection_fm(x,y,z), env) <->
   6.555 +    ==> sats(A, injection_fm(x,y,z), env) \<longleftrightarrow>
   6.556          injection(##A, nth(x,env), nth(y,env), nth(z,env))"
   6.557  by (simp add: injection_fm_def injection_def)
   6.558  
   6.559  lemma injection_iff_sats:
   6.560    "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   6.561        i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   6.562 -   ==> injection(##A, x, y, z) <-> sats(A, injection_fm(i,j,k), env)"
   6.563 +   ==> injection(##A, x, y, z) \<longleftrightarrow> sats(A, injection_fm(i,j,k), env)"
   6.564  by simp
   6.565  
   6.566  theorem injection_reflection:
   6.567 @@ -1113,7 +1113,7 @@
   6.568  (*  surjection :: "[i=>o,i,i,i] => o"
   6.569      "surjection(M,A,B,f) ==
   6.570          typed_function(M,A,B,f) &
   6.571 -        (\<forall>y[M]. y\<in>B --> (\<exists>x[M]. x\<in>A & fun_apply(M,f,x,y)))" *)
   6.572 +        (\<forall>y[M]. y\<in>B \<longrightarrow> (\<exists>x[M]. x\<in>A & fun_apply(M,f,x,y)))" *)
   6.573  definition
   6.574    surjection_fm :: "[i,i,i]=>i" where
   6.575    "surjection_fm(A,B,f) ==
   6.576 @@ -1128,14 +1128,14 @@
   6.577  
   6.578  lemma sats_surjection_fm [simp]:
   6.579     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   6.580 -    ==> sats(A, surjection_fm(x,y,z), env) <->
   6.581 +    ==> sats(A, surjection_fm(x,y,z), env) \<longleftrightarrow>
   6.582          surjection(##A, nth(x,env), nth(y,env), nth(z,env))"
   6.583  by (simp add: surjection_fm_def surjection_def)
   6.584  
   6.585  lemma surjection_iff_sats:
   6.586    "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   6.587        i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   6.588 -   ==> surjection(##A, x, y, z) <-> sats(A, surjection_fm(i,j,k), env)"
   6.589 +   ==> surjection(##A, x, y, z) \<longleftrightarrow> sats(A, surjection_fm(i,j,k), env)"
   6.590  by simp
   6.591  
   6.592  theorem surjection_reflection:
   6.593 @@ -1161,14 +1161,14 @@
   6.594  
   6.595  lemma sats_bijection_fm [simp]:
   6.596     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   6.597 -    ==> sats(A, bijection_fm(x,y,z), env) <->
   6.598 +    ==> sats(A, bijection_fm(x,y,z), env) \<longleftrightarrow>
   6.599          bijection(##A, nth(x,env), nth(y,env), nth(z,env))"
   6.600  by (simp add: bijection_fm_def bijection_def)
   6.601  
   6.602  lemma bijection_iff_sats:
   6.603    "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   6.604        i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   6.605 -   ==> bijection(##A, x, y, z) <-> sats(A, bijection_fm(i,j,k), env)"
   6.606 +   ==> bijection(##A, x, y, z) \<longleftrightarrow> sats(A, bijection_fm(i,j,k), env)"
   6.607  by simp
   6.608  
   6.609  theorem bijection_reflection:
   6.610 @@ -1183,7 +1183,7 @@
   6.611  
   6.612  
   6.613  (* "restriction(M,r,A,z) ==
   6.614 -        \<forall>x[M]. x \<in> z <-> (x \<in> r & (\<exists>u[M]. u\<in>A & (\<exists>v[M]. pair(M,u,v,x))))" *)
   6.615 +        \<forall>x[M]. x \<in> z \<longleftrightarrow> (x \<in> r & (\<exists>u[M]. u\<in>A & (\<exists>v[M]. pair(M,u,v,x))))" *)
   6.616  definition
   6.617    restriction_fm :: "[i,i,i]=>i" where
   6.618      "restriction_fm(r,A,z) ==
   6.619 @@ -1198,14 +1198,14 @@
   6.620  
   6.621  lemma sats_restriction_fm [simp]:
   6.622     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   6.623 -    ==> sats(A, restriction_fm(x,y,z), env) <->
   6.624 +    ==> sats(A, restriction_fm(x,y,z), env) \<longleftrightarrow>
   6.625          restriction(##A, nth(x,env), nth(y,env), nth(z,env))"
   6.626  by (simp add: restriction_fm_def restriction_def)
   6.627  
   6.628  lemma restriction_iff_sats:
   6.629        "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   6.630            i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   6.631 -       ==> restriction(##A, x, y, z) <-> sats(A, restriction_fm(i,j,k), env)"
   6.632 +       ==> restriction(##A, x, y, z) \<longleftrightarrow> sats(A, restriction_fm(i,j,k), env)"
   6.633  by simp
   6.634  
   6.635  theorem restriction_reflection:
   6.636 @@ -1220,10 +1220,10 @@
   6.637  (*  order_isomorphism :: "[i=>o,i,i,i,i,i] => o"
   6.638     "order_isomorphism(M,A,r,B,s,f) ==
   6.639          bijection(M,A,B,f) &
   6.640 -        (\<forall>x[M]. x\<in>A --> (\<forall>y[M]. y\<in>A -->
   6.641 +        (\<forall>x[M]. x\<in>A \<longrightarrow> (\<forall>y[M]. y\<in>A \<longrightarrow>
   6.642            (\<forall>p[M]. \<forall>fx[M]. \<forall>fy[M]. \<forall>q[M].
   6.643 -            pair(M,x,y,p) --> fun_apply(M,f,x,fx) --> fun_apply(M,f,y,fy) -->
   6.644 -            pair(M,fx,fy,q) --> (p\<in>r <-> q\<in>s))))"
   6.645 +            pair(M,x,y,p) \<longrightarrow> fun_apply(M,f,x,fx) \<longrightarrow> fun_apply(M,f,y,fy) \<longrightarrow>
   6.646 +            pair(M,fx,fy,q) \<longrightarrow> (p\<in>r \<longleftrightarrow> q\<in>s))))"
   6.647    *)
   6.648  
   6.649  definition
   6.650 @@ -1246,7 +1246,7 @@
   6.651  
   6.652  lemma sats_order_isomorphism_fm [simp]:
   6.653     "[| U \<in> nat; r \<in> nat; B \<in> nat; s \<in> nat; f \<in> nat; env \<in> list(A)|]
   6.654 -    ==> sats(A, order_isomorphism_fm(U,r,B,s,f), env) <->
   6.655 +    ==> sats(A, order_isomorphism_fm(U,r,B,s,f), env) \<longleftrightarrow>
   6.656          order_isomorphism(##A, nth(U,env), nth(r,env), nth(B,env),
   6.657                                 nth(s,env), nth(f,env))"
   6.658  by (simp add: order_isomorphism_fm_def order_isomorphism_def)
   6.659 @@ -1255,7 +1255,7 @@
   6.660    "[| nth(i,env) = U; nth(j,env) = r; nth(k,env) = B; nth(j',env) = s;
   6.661        nth(k',env) = f;
   6.662        i \<in> nat; j \<in> nat; k \<in> nat; j' \<in> nat; k' \<in> nat; env \<in> list(A)|]
   6.663 -   ==> order_isomorphism(##A,U,r,B,s,f) <->
   6.664 +   ==> order_isomorphism(##A,U,r,B,s,f) \<longleftrightarrow>
   6.665         sats(A, order_isomorphism_fm(i,j,k,j',k'), env)"
   6.666  by simp
   6.667  
   6.668 @@ -1272,7 +1272,7 @@
   6.669  
   6.670  (* "limit_ordinal(M,a) ==
   6.671          ordinal(M,a) & ~ empty(M,a) &
   6.672 -        (\<forall>x[M]. x\<in>a --> (\<exists>y[M]. y\<in>a & successor(M,x,y)))" *)
   6.673 +        (\<forall>x[M]. x\<in>a \<longrightarrow> (\<exists>y[M]. y\<in>a & successor(M,x,y)))" *)
   6.674  
   6.675  definition
   6.676    limit_ordinal_fm :: "i=>i" where
   6.677 @@ -1289,13 +1289,13 @@
   6.678  
   6.679  lemma sats_limit_ordinal_fm [simp]:
   6.680     "[| x \<in> nat; env \<in> list(A)|]
   6.681 -    ==> sats(A, limit_ordinal_fm(x), env) <-> limit_ordinal(##A, nth(x,env))"
   6.682 +    ==> sats(A, limit_ordinal_fm(x), env) \<longleftrightarrow> limit_ordinal(##A, nth(x,env))"
   6.683  by (simp add: limit_ordinal_fm_def limit_ordinal_def sats_ordinal_fm')
   6.684  
   6.685  lemma limit_ordinal_iff_sats:
   6.686        "[| nth(i,env) = x; nth(j,env) = y;
   6.687            i \<in> nat; env \<in> list(A)|]
   6.688 -       ==> limit_ordinal(##A, x) <-> sats(A, limit_ordinal_fm(i), env)"
   6.689 +       ==> limit_ordinal(##A, x) \<longleftrightarrow> sats(A, limit_ordinal_fm(i), env)"
   6.690  by simp
   6.691  
   6.692  theorem limit_ordinal_reflection:
   6.693 @@ -1310,7 +1310,7 @@
   6.694  
   6.695  (*     "finite_ordinal(M,a) == 
   6.696          ordinal(M,a) & ~ limit_ordinal(M,a) & 
   6.697 -        (\<forall>x[M]. x\<in>a --> ~ limit_ordinal(M,x))" *)
   6.698 +        (\<forall>x[M]. x\<in>a \<longrightarrow> ~ limit_ordinal(M,x))" *)
   6.699  definition
   6.700    finite_ordinal_fm :: "i=>i" where
   6.701      "finite_ordinal_fm(x) ==
   6.702 @@ -1325,13 +1325,13 @@
   6.703  
   6.704  lemma sats_finite_ordinal_fm [simp]:
   6.705     "[| x \<in> nat; env \<in> list(A)|]
   6.706 -    ==> sats(A, finite_ordinal_fm(x), env) <-> finite_ordinal(##A, nth(x,env))"
   6.707 +    ==> sats(A, finite_ordinal_fm(x), env) \<longleftrightarrow> finite_ordinal(##A, nth(x,env))"
   6.708  by (simp add: finite_ordinal_fm_def sats_ordinal_fm' finite_ordinal_def)
   6.709  
   6.710  lemma finite_ordinal_iff_sats:
   6.711        "[| nth(i,env) = x; nth(j,env) = y;
   6.712            i \<in> nat; env \<in> list(A)|]
   6.713 -       ==> finite_ordinal(##A, x) <-> sats(A, finite_ordinal_fm(i), env)"
   6.714 +       ==> finite_ordinal(##A, x) \<longleftrightarrow> sats(A, finite_ordinal_fm(i), env)"
   6.715  by simp
   6.716  
   6.717  theorem finite_ordinal_reflection:
   6.718 @@ -1344,7 +1344,7 @@
   6.719  
   6.720  subsubsection{*Omega: The Set of Natural Numbers*}
   6.721  
   6.722 -(* omega(M,a) == limit_ordinal(M,a) & (\<forall>x[M]. x\<in>a --> ~ limit_ordinal(M,x)) *)
   6.723 +(* omega(M,a) == limit_ordinal(M,a) & (\<forall>x[M]. x\<in>a \<longrightarrow> ~ limit_ordinal(M,x)) *)
   6.724  definition
   6.725    omega_fm :: "i=>i" where
   6.726      "omega_fm(x) ==
   6.727 @@ -1358,13 +1358,13 @@
   6.728  
   6.729  lemma sats_omega_fm [simp]:
   6.730     "[| x \<in> nat; env \<in> list(A)|]
   6.731 -    ==> sats(A, omega_fm(x), env) <-> omega(##A, nth(x,env))"
   6.732 +    ==> sats(A, omega_fm(x), env) \<longleftrightarrow> omega(##A, nth(x,env))"
   6.733  by (simp add: omega_fm_def omega_def)
   6.734  
   6.735  lemma omega_iff_sats:
   6.736        "[| nth(i,env) = x; nth(j,env) = y;
   6.737            i \<in> nat; env \<in> list(A)|]
   6.738 -       ==> omega(##A, x) <-> sats(A, omega_fm(i), env)"
   6.739 +       ==> omega(##A, x) \<longleftrightarrow> sats(A, omega_fm(i), env)"
   6.740  by simp
   6.741  
   6.742  theorem omega_reflection:
     7.1 --- a/src/ZF/Constructible/Normal.thy	Tue Mar 06 16:46:27 2012 +0000
     7.2 +++ b/src/ZF/Constructible/Normal.thy	Tue Mar 06 17:01:37 2012 +0000
     7.3 @@ -19,11 +19,11 @@
     7.4  
     7.5  definition
     7.6    Closed :: "(i=>o) => o" where
     7.7 -    "Closed(P) == \<forall>I. I \<noteq> 0 --> (\<forall>i\<in>I. Ord(i) \<and> P(i)) --> P(\<Union>(I))"
     7.8 +    "Closed(P) == \<forall>I. I \<noteq> 0 \<longrightarrow> (\<forall>i\<in>I. Ord(i) \<and> P(i)) \<longrightarrow> P(\<Union>(I))"
     7.9  
    7.10  definition
    7.11    Unbounded :: "(i=>o) => o" where
    7.12 -    "Unbounded(P) == \<forall>i. Ord(i) --> (\<exists>j. i<j \<and> P(j))"
    7.13 +    "Unbounded(P) == \<forall>i. Ord(i) \<longrightarrow> (\<exists>j. i<j \<and> P(j))"
    7.14  
    7.15  definition
    7.16    Closed_Unbounded :: "(i=>o) => o" where
    7.17 @@ -188,7 +188,7 @@
    7.18  done
    7.19  
    7.20  lemma Int_iff_INT2:
    7.21 -     "P(x) \<and> Q(x)  <->  (\<forall>i\<in>2. (i=0 --> P(x)) \<and> (i=1 --> Q(x)))"
    7.22 +     "P(x) \<and> Q(x)  \<longleftrightarrow>  (\<forall>i\<in>2. (i=0 \<longrightarrow> P(x)) \<and> (i=1 \<longrightarrow> Q(x)))"
    7.23  by auto
    7.24  
    7.25  theorem Closed_Unbounded_Int:
    7.26 @@ -203,15 +203,15 @@
    7.27  
    7.28  definition
    7.29    mono_le_subset :: "(i=>i) => o" where
    7.30 -    "mono_le_subset(M) == \<forall>i j. i\<le>j --> M(i) \<subseteq> M(j)"
    7.31 +    "mono_le_subset(M) == \<forall>i j. i\<le>j \<longrightarrow> M(i) \<subseteq> M(j)"
    7.32  
    7.33  definition
    7.34    mono_Ord :: "(i=>i) => o" where
    7.35 -    "mono_Ord(F) == \<forall>i j. i<j --> F(i) < F(j)"
    7.36 +    "mono_Ord(F) == \<forall>i j. i<j \<longrightarrow> F(i) < F(j)"
    7.37  
    7.38  definition
    7.39    cont_Ord :: "(i=>i) => o" where
    7.40 -    "cont_Ord(F) == \<forall>l. Limit(l) --> F(l) = (\<Union>i<l. F(i))"
    7.41 +    "cont_Ord(F) == \<forall>l. Limit(l) \<longrightarrow> F(l) = (\<Union>i<l. F(i))"
    7.42  
    7.43  definition
    7.44    Normal :: "(i=>i) => o" where
    7.45 @@ -267,11 +267,11 @@
    7.46  
    7.47  text{*The following equation is taken for granted in any set theory text.*}
    7.48  lemma cont_Ord_Union:
    7.49 -     "[| cont_Ord(F); mono_le_subset(F); X=0 --> F(0)=0; \<forall>x\<in>X. Ord(x) |] 
    7.50 -      ==> F(Union(X)) = (\<Union>y\<in>X. F(y))"
    7.51 +     "[| cont_Ord(F); mono_le_subset(F); X=0 \<longrightarrow> F(0)=0; \<forall>x\<in>X. Ord(x) |] 
    7.52 +      ==> F(\<Union>(X)) = (\<Union>y\<in>X. F(y))"
    7.53  apply (frule Ord_set_cases)
    7.54  apply (erule disjE, force) 
    7.55 -apply (thin_tac "X=0 --> ?Q", auto)
    7.56 +apply (thin_tac "X=0 \<longrightarrow> ?Q", auto)
    7.57   txt{*The trival case of @{term "\<Union>X \<in> X"}*}
    7.58   apply (rule equalityI, blast intro: Ord_Union_eq_succD) 
    7.59   apply (simp add: mono_le_subset_def UN_subset_iff le_subset_iff) 
    7.60 @@ -293,7 +293,7 @@
    7.61  done
    7.62  
    7.63  lemma Normal_Union:
    7.64 -     "[| X\<noteq>0; \<forall>x\<in>X. Ord(x); Normal(F) |] ==> F(Union(X)) = (\<Union>y\<in>X. F(y))"
    7.65 +     "[| X\<noteq>0; \<forall>x\<in>X. Ord(x); Normal(F) |] ==> F(\<Union>(X)) = (\<Union>y\<in>X. F(y))"
    7.66  apply (simp add: Normal_def) 
    7.67  apply (blast intro: mono_Ord_imp_le_subset cont_Ord_Union) 
    7.68  done
    7.69 @@ -378,7 +378,7 @@
    7.70  *}
    7.71  definition
    7.72    normalize :: "[i=>i, i] => i" where
    7.73 -    "normalize(F,a) == transrec2(a, F(0), \<lambda>x r. F(succ(x)) Un succ(r))"
    7.74 +    "normalize(F,a) == transrec2(a, F(0), \<lambda>x r. F(succ(x)) \<union> succ(r))"
    7.75  
    7.76  
    7.77  lemma Ord_normalize [simp, intro]:
    7.78 @@ -389,7 +389,7 @@
    7.79  
    7.80  lemma normalize_lemma [rule_format]:
    7.81       "[| Ord(b); !!x. Ord(x) ==> Ord(F(x)) |] 
    7.82 -      ==> \<forall>a. a < b --> normalize(F, a) < normalize(F, b)"
    7.83 +      ==> \<forall>a. a < b \<longrightarrow> normalize(F, a) < normalize(F, b)"
    7.84  apply (erule trans_induct3)
    7.85    apply (simp_all add: le_iff def_transrec2 [OF normalize_def])
    7.86   apply clarify
    7.87 @@ -443,7 +443,7 @@
    7.88  done
    7.89  
    7.90  lemma Aleph_lemma [rule_format]:
    7.91 -     "Ord(b) ==> \<forall>a. a < b --> Aleph(a) < Aleph(b)"
    7.92 +     "Ord(b) ==> \<forall>a. a < b \<longrightarrow> Aleph(a) < Aleph(b)"
    7.93  apply (erule trans_induct3) 
    7.94  apply (simp_all add: le_iff def_transrec2 [OF Aleph_def])  
    7.95  apply (blast intro: lt_trans lt_csucc Card_is_Ord, clarify)
     8.1 --- a/src/ZF/Constructible/Rank.thy	Tue Mar 06 16:46:27 2012 +0000
     8.2 +++ b/src/ZF/Constructible/Rank.thy	Tue Mar 06 17:01:37 2012 +0000
     8.3 @@ -12,7 +12,7 @@
     8.4  locale M_ordertype = M_basic +
     8.5  assumes well_ord_iso_separation:
     8.6       "[| M(A); M(f); M(r) |]
     8.7 -      ==> separation (M, \<lambda>x. x\<in>A --> (\<exists>y[M]. (\<exists>p[M].
     8.8 +      ==> separation (M, \<lambda>x. x\<in>A \<longrightarrow> (\<exists>y[M]. (\<exists>p[M].
     8.9                       fun_apply(M,f,x,y) & pair(M,y,x,p) & p \<in> r)))"
    8.10    and obase_separation:
    8.11       --{*part of the order type formalization*}
    8.12 @@ -22,7 +22,7 @@
    8.13               order_isomorphism(M,par,r,x,mx,g))"
    8.14    and obase_equals_separation:
    8.15       "[| M(A); M(r) |]
    8.16 -      ==> separation (M, \<lambda>x. x\<in>A --> ~(\<exists>y[M]. \<exists>g[M].
    8.17 +      ==> separation (M, \<lambda>x. x\<in>A \<longrightarrow> ~(\<exists>y[M]. \<exists>g[M].
    8.18                                ordinal(M,y) & (\<exists>my[M]. \<exists>pxr[M].
    8.19                                membership(M,y,my) & pred_set(M,A,x,r,pxr) &
    8.20                                order_isomorphism(M,pxr,r,y,my,g))))"
    8.21 @@ -146,7 +146,7 @@
    8.22      --{*the function that maps wosets to order types*}
    8.23     "omap(M,A,r,f) == 
    8.24          \<forall>z[M].
    8.25 -         z \<in> f <-> (\<exists>a\<in>A. \<exists>x[M]. \<exists>g[M]. z = <a,x> & Ord(x) & 
    8.26 +         z \<in> f \<longleftrightarrow> (\<exists>a\<in>A. \<exists>x[M]. \<exists>g[M]. z = <a,x> & Ord(x) & 
    8.27                          g \<in> ord_iso(Order.pred(A,a,r),r,x,Memrel(x)))"
    8.28  
    8.29  definition
    8.30 @@ -159,7 +159,7 @@
    8.31        is also more useful than the definition, @{text omap_def}.*}
    8.32  lemma (in M_ordertype) omap_iff:
    8.33       "[| omap(M,A,r,f); M(A); M(f) |] 
    8.34 -      ==> z \<in> f <->
    8.35 +      ==> z \<in> f \<longleftrightarrow>
    8.36            (\<exists>a\<in>A. \<exists>x[M]. \<exists>g[M]. z = <a,x> & Ord(x) & 
    8.37                                  g \<in> ord_iso(Order.pred(A,a,r),r,x,Memrel(x)))"
    8.38  apply (simp add: omap_def Memrel_closed pred_closed) 
    8.39 @@ -181,7 +181,7 @@
    8.40  
    8.41  lemma (in M_ordertype) otype_iff:
    8.42       "[| otype(M,A,r,i); M(A); M(r); M(i) |] 
    8.43 -      ==> x \<in> i <-> 
    8.44 +      ==> x \<in> i \<longleftrightarrow> 
    8.45            (M(x) & Ord(x) & 
    8.46             (\<exists>a\<in>A. \<exists>g[M]. g \<in> ord_iso(Order.pred(A,a,r),r,x,Memrel(x))))"
    8.47  apply (auto simp add: omap_iff otype_def)
    8.48 @@ -324,7 +324,7 @@
    8.49   apply (frule obase_equals_separation [of A r], assumption) 
    8.50   apply (simp, clarify) 
    8.51  apply (rename_tac b) 
    8.52 -apply (subgoal_tac "Order.pred(A,b,r) <= obase(M,A,r)") 
    8.53 +apply (subgoal_tac "Order.pred(A,b,r) \<subseteq> obase(M,A,r)") 
    8.54   apply (blast intro!: restrict_omap_ord_iso Ord_omap_image_pred)
    8.55  apply (force simp add: pred_iff obase_def)  
    8.56  done
    8.57 @@ -394,7 +394,7 @@
    8.58  
    8.59  text{*(a) The notion of Wellordering is absolute*}
    8.60  theorem (in M_ordertype) well_ord_abs [simp]: 
    8.61 -     "[| M(A); M(r) |] ==> wellordered(M,A,r) <-> well_ord(A,r)" 
    8.62 +     "[| M(A); M(r) |] ==> wellordered(M,A,r) \<longleftrightarrow> well_ord(A,r)" 
    8.63  by (blast intro: well_ord_imp_relativized relativized_imp_well_ord)  
    8.64  
    8.65  
    8.66 @@ -420,8 +420,8 @@
    8.67  definition
    8.68    is_oadd_fun :: "[i=>o,i,i,i,i] => o" where
    8.69      "is_oadd_fun(M,i,j,x,f) == 
    8.70 -       (\<forall>sj msj. M(sj) --> M(msj) --> 
    8.71 -                 successor(M,j,sj) --> membership(M,sj,msj) --> 
    8.72 +       (\<forall>sj msj. M(sj) \<longrightarrow> M(msj) \<longrightarrow> 
    8.73 +                 successor(M,j,sj) \<longrightarrow> membership(M,sj,msj) \<longrightarrow> 
    8.74                   M_is_recfun(M, 
    8.75                       %x g y. \<exists>gx[M]. image(M,g,x,gx) & union(M,i,gx,y),
    8.76                       msj, x, f))"
    8.77 @@ -442,9 +442,9 @@
    8.78    omult_eqns :: "[i,i,i,i] => o" where
    8.79      "omult_eqns(i,x,g,z) ==
    8.80              Ord(x) & 
    8.81 -            (x=0 --> z=0) &
    8.82 -            (\<forall>j. x = succ(j) --> z = g`j ++ i) &
    8.83 -            (Limit(x) --> z = \<Union>(g``x))"
    8.84 +            (x=0 \<longrightarrow> z=0) &
    8.85 +            (\<forall>j. x = succ(j) \<longrightarrow> z = g`j ++ i) &
    8.86 +            (Limit(x) \<longrightarrow> z = \<Union>(g``x))"
    8.87  
    8.88  definition
    8.89    is_omult_fun :: "[i=>o,i,i,i] => o" where
    8.90 @@ -467,7 +467,7 @@
    8.91      strong_replacement(M, 
    8.92           \<lambda>x z. \<exists>y[M]. pair(M,x,y,z) & 
    8.93                    (\<exists>f[M]. \<exists>fx[M]. is_oadd_fun(M,i,j,x,f) & 
    8.94 -                           image(M,f,x,fx) & y = i Un fx))"
    8.95 +                           image(M,f,x,fx) & y = i \<union> fx))"
    8.96  
    8.97   and omult_strong_replacement':
    8.98     "[| M(i); M(j) |] ==>
    8.99 @@ -481,11 +481,11 @@
   8.100  text{*@{text is_oadd_fun}: Relating the pure "language of set theory" to Isabelle/ZF*}
   8.101  lemma (in M_ord_arith) is_oadd_fun_iff:
   8.102     "[| a\<le>j; M(i); M(j); M(a); M(f) |] 
   8.103 -    ==> is_oadd_fun(M,i,j,a,f) <->
   8.104 -        f \<in> a \<rightarrow> range(f) & (\<forall>x. M(x) --> x < a --> f`x = i Un f``x)"
   8.105 +    ==> is_oadd_fun(M,i,j,a,f) \<longleftrightarrow>
   8.106 +        f \<in> a \<rightarrow> range(f) & (\<forall>x. M(x) \<longrightarrow> x < a \<longrightarrow> f`x = i \<union> f``x)"
   8.107  apply (frule lt_Ord) 
   8.108  apply (simp add: is_oadd_fun_def Memrel_closed Un_closed 
   8.109 -             relation2_def is_recfun_abs [of "%x g. i Un g``x"]
   8.110 +             relation2_def is_recfun_abs [of "%x g. i \<union> g``x"]
   8.111               image_closed is_recfun_iff_equation  
   8.112               Ball_def lt_trans [OF ltI, of _ a] lt_Memrel)
   8.113  apply (simp add: lt_def) 
   8.114 @@ -497,17 +497,17 @@
   8.115      "[| M(i); M(j) |] ==>
   8.116       strong_replacement(M, 
   8.117              \<lambda>x z. \<exists>y[M]. z = <x,y> &
   8.118 -                  (\<exists>g[M]. is_recfun(Memrel(succ(j)),x,%x g. i Un g``x,g) & 
   8.119 -                  y = i Un g``x))" 
   8.120 +                  (\<exists>g[M]. is_recfun(Memrel(succ(j)),x,%x g. i \<union> g``x,g) & 
   8.121 +                  y = i \<union> g``x))" 
   8.122  apply (insert oadd_strong_replacement [of i j]) 
   8.123  apply (simp add: is_oadd_fun_def relation2_def
   8.124 -                 is_recfun_abs [of "%x g. i Un g``x"])  
   8.125 +                 is_recfun_abs [of "%x g. i \<union> g``x"])  
   8.126  done
   8.127  
   8.128  
   8.129  lemma (in M_ord_arith) exists_oadd:
   8.130      "[| Ord(j);  M(i);  M(j) |]
   8.131 -     ==> \<exists>f[M]. is_recfun(Memrel(succ(j)), j, %x g. i Un g``x, f)"
   8.132 +     ==> \<exists>f[M]. is_recfun(Memrel(succ(j)), j, %x g. i \<union> g``x, f)"
   8.133  apply (rule wf_exists_is_recfun [OF wf_Memrel trans_Memrel])
   8.134      apply (simp_all add: Memrel_type oadd_strong_replacement') 
   8.135  done 
   8.136 @@ -525,7 +525,7 @@
   8.137  
   8.138  lemma (in M_ord_arith) is_oadd_fun_apply:
   8.139      "[| x < j; M(i); M(j); M(f); is_oadd_fun(M,i,j,j,f) |] 
   8.140 -     ==> f`x = i Un (\<Union>k\<in>x. {f ` k})"
   8.141 +     ==> f`x = i \<union> (\<Union>k\<in>x. {f ` k})"
   8.142  apply (simp add: is_oadd_fun_iff lt_Ord2, clarify) 
   8.143  apply (frule lt_closed, simp)
   8.144  apply (frule leI [THEN le_imp_subset])  
   8.145 @@ -534,7 +534,7 @@
   8.146  
   8.147  lemma (in M_ord_arith) is_oadd_fun_iff_oadd [rule_format]:
   8.148      "[| is_oadd_fun(M,i,J,J,f); M(i); M(J); M(f); Ord(i); Ord(j) |] 
   8.149 -     ==> j<J --> f`j = i++j"
   8.150 +     ==> j<J \<longrightarrow> f`j = i++j"
   8.151  apply (erule_tac i=j in trans_induct, clarify) 
   8.152  apply (subgoal_tac "\<forall>k\<in>x. k<J")
   8.153   apply (simp (no_asm_simp) add: is_oadd_def oadd_unfold is_oadd_fun_apply)
   8.154 @@ -542,13 +542,13 @@
   8.155  done
   8.156  
   8.157  lemma (in M_ord_arith) Ord_oadd_abs:
   8.158 -    "[| M(i); M(j); M(k); Ord(i); Ord(j) |] ==> is_oadd(M,i,j,k) <-> k = i++j"
   8.159 +    "[| M(i); M(j); M(k); Ord(i); Ord(j) |] ==> is_oadd(M,i,j,k) \<longleftrightarrow> k = i++j"
   8.160  apply (simp add: is_oadd_def is_oadd_fun_iff_oadd)
   8.161  apply (frule exists_oadd_fun [of j i], blast+)
   8.162  done
   8.163  
   8.164  lemma (in M_ord_arith) oadd_abs:
   8.165 -    "[| M(i); M(j); M(k) |] ==> is_oadd(M,i,j,k) <-> k = i++j"
   8.166 +    "[| M(i); M(j); M(k) |] ==> is_oadd(M,i,j,k) \<longleftrightarrow> k = i++j"
   8.167  apply (case_tac "Ord(i) & Ord(j)")
   8.168   apply (simp add: Ord_oadd_abs)
   8.169  apply (auto simp add: is_oadd_def oadd_eq_if_raw_oadd)
   8.170 @@ -571,13 +571,13 @@
   8.171  apply (erule Ord_cases, simp_all) 
   8.172  done
   8.173  
   8.174 -lemma omult_eqns_0: "omult_eqns(i,0,g,z) <-> z=0"
   8.175 +lemma omult_eqns_0: "omult_eqns(i,0,g,z) \<longleftrightarrow> z=0"
   8.176  by (simp add: omult_eqns_def)
   8.177  
   8.178  lemma the_omult_eqns_0: "(THE z. omult_eqns(i,0,g,z)) = 0"
   8.179  by (simp add: omult_eqns_0)
   8.180  
   8.181 -lemma omult_eqns_succ: "omult_eqns(i,succ(j),g,z) <-> Ord(j) & z = g`j ++ i"
   8.182 +lemma omult_eqns_succ: "omult_eqns(i,succ(j),g,z) \<longleftrightarrow> Ord(j) & z = g`j ++ i"
   8.183  by (simp add: omult_eqns_def)
   8.184  
   8.185  lemma the_omult_eqns_succ:
   8.186 @@ -585,7 +585,7 @@
   8.187  by (simp add: omult_eqns_succ) 
   8.188  
   8.189  lemma omult_eqns_Limit:
   8.190 -     "Limit(x) ==> omult_eqns(i,x,g,z) <-> z = \<Union>(g``x)"
   8.191 +     "Limit(x) ==> omult_eqns(i,x,g,z) \<longleftrightarrow> z = \<Union>(g``x)"
   8.192  apply (simp add: omult_eqns_def) 
   8.193  apply (blast intro: Limit_is_Ord) 
   8.194  done
   8.195 @@ -649,7 +649,7 @@
   8.196  
   8.197  lemma (in M_ord_arith) is_omult_fun_eq_omult:
   8.198      "[| is_omult_fun(M,i,J,f); M(J); M(f); Ord(i); Ord(j) |] 
   8.199 -     ==> j<J --> f`j = i**j"
   8.200 +     ==> j<J \<longrightarrow> f`j = i**j"
   8.201  apply (erule_tac i=j in trans_induct3)
   8.202  apply (safe del: impCE)
   8.203    apply (simp add: is_omult_fun_apply_0) 
   8.204 @@ -662,7 +662,7 @@
   8.205  done
   8.206  
   8.207  lemma (in M_ord_arith) omult_abs:
   8.208 -    "[| M(i); M(j); M(k); Ord(i); Ord(j) |] ==> is_omult(M,i,j,k) <-> k = i**j"
   8.209 +    "[| M(i); M(j); M(k); Ord(i); Ord(j) |] ==> is_omult(M,i,j,k) \<longleftrightarrow> k = i**j"
   8.210  apply (simp add: is_omult_def is_omult_fun_eq_omult)
   8.211  apply (frule exists_omult_fun [of j i], blast+)
   8.212  done
   8.213 @@ -679,22 +679,22 @@
   8.214    assumes wfrank_separation:
   8.215       "M(r) ==>
   8.216        separation (M, \<lambda>x. 
   8.217 -         \<forall>rplus[M]. tran_closure(M,r,rplus) -->
   8.218 +         \<forall>rplus[M]. tran_closure(M,r,rplus) \<longrightarrow>
   8.219           ~ (\<exists>f[M]. M_is_recfun(M, %x f y. is_range(M,f,y), rplus, x, f)))"
   8.220   and wfrank_strong_replacement:
   8.221       "M(r) ==>
   8.222        strong_replacement(M, \<lambda>x z. 
   8.223 -         \<forall>rplus[M]. tran_closure(M,r,rplus) -->
   8.224 +         \<forall>rplus[M]. tran_closure(M,r,rplus) \<longrightarrow>
   8.225           (\<exists>y[M]. \<exists>f[M]. pair(M,x,y,z)  & 
   8.226                          M_is_recfun(M, %x f y. is_range(M,f,y), rplus, x, f) &
   8.227                          is_range(M,f,y)))"
   8.228   and Ord_wfrank_separation:
   8.229       "M(r) ==>
   8.230        separation (M, \<lambda>x.
   8.231 -         \<forall>rplus[M]. tran_closure(M,r,rplus) --> 
   8.232 +         \<forall>rplus[M]. tran_closure(M,r,rplus) \<longrightarrow> 
   8.233            ~ (\<forall>f[M]. \<forall>rangef[M]. 
   8.234 -             is_range(M,f,rangef) -->
   8.235 -             M_is_recfun(M, \<lambda>x f y. is_range(M,f,y), rplus, x, f) -->
   8.236 +             is_range(M,f,rangef) \<longrightarrow>
   8.237 +             M_is_recfun(M, \<lambda>x f y. is_range(M,f,y), rplus, x, f) \<longrightarrow>
   8.238               ordinal(M,rangef)))" 
   8.239  
   8.240  
   8.241 @@ -721,7 +721,7 @@
   8.242  lemma (in M_wfrank) Ord_wfrank_separation':
   8.243       "M(r) ==>
   8.244        separation (M, \<lambda>x. 
   8.245 -         ~ (\<forall>f[M]. is_recfun(r^+, x, \<lambda>x. range, f) --> Ord(range(f))))" 
   8.246 +         ~ (\<forall>f[M]. is_recfun(r^+, x, \<lambda>x. range, f) \<longrightarrow> Ord(range(f))))" 
   8.247  apply (insert Ord_wfrank_separation [of r])
   8.248  apply (simp add: relation2_def is_recfun_abs [of "%x. range"])
   8.249  done
   8.250 @@ -761,7 +761,7 @@
   8.251  
   8.252  lemma (in M_wfrank) Ord_wfrank_range [rule_format]:
   8.253      "[| wellfounded(M,r); a\<in>A; M(r); M(A) |]
   8.254 -     ==> \<forall>f[M]. is_recfun(r^+, a, %x f. range(f), f) --> Ord(range(f))"
   8.255 +     ==> \<forall>f[M]. is_recfun(r^+, a, %x f. range(f), f) \<longrightarrow> Ord(range(f))"
   8.256  apply (drule wellfounded_trancl, assumption)
   8.257  apply (rule wellfounded_induct, assumption, erule (1) transM)
   8.258    apply simp
   8.259 @@ -911,7 +911,7 @@
   8.260  
   8.261  lemma (in M_wfrank) wellfounded_imp_subset_rvimage:
   8.262       "[|wellfounded(M,r); r \<subseteq> A*A; M(r); M(A)|]
   8.263 -      ==> \<exists>i f. Ord(i) & r <= rvimage(A, f, Memrel(i))"
   8.264 +      ==> \<exists>i f. Ord(i) & r \<subseteq> rvimage(A, f, Memrel(i))"
   8.265  apply (rule_tac x="range(wellfoundedrank(M,r,A))" in exI)
   8.266  apply (rule_tac x="wellfoundedrank(M,r,A)" in exI)
   8.267  apply (simp add: Ord_range_wellfoundedrank, clarify)
   8.268 @@ -934,11 +934,11 @@
   8.269  
   8.270  
   8.271  theorem (in M_wfrank) wf_abs:
   8.272 -     "[|relation(r); M(r)|] ==> wellfounded(M,r) <-> wf(r)"
   8.273 +     "[|relation(r); M(r)|] ==> wellfounded(M,r) \<longleftrightarrow> wf(r)"
   8.274  by (blast intro: wellfounded_imp_wf wf_imp_relativized)
   8.275  
   8.276  theorem (in M_wfrank) wf_on_abs:
   8.277 -     "[|relation(r); M(r); M(A)|] ==> wellfounded_on(M,A,r) <-> wf[A](r)"
   8.278 +     "[|relation(r); M(r); M(A)|] ==> wellfounded_on(M,A,r) \<longleftrightarrow> wf[A](r)"
   8.279  by (blast intro: wellfounded_on_imp_wf_on wf_on_imp_relativized)
   8.280  
   8.281  end
   8.282 \ No newline at end of file
     9.1 --- a/src/ZF/Constructible/Rank_Separation.thy	Tue Mar 06 16:46:27 2012 +0000
     9.2 +++ b/src/ZF/Constructible/Rank_Separation.thy	Tue Mar 06 17:01:37 2012 +0000
     9.3 @@ -17,15 +17,15 @@
     9.4  subsubsection{*Separation for Order-Isomorphisms*}
     9.5  
     9.6  lemma well_ord_iso_Reflects:
     9.7 -  "REFLECTS[\<lambda>x. x\<in>A -->
     9.8 +  "REFLECTS[\<lambda>x. x\<in>A \<longrightarrow>
     9.9                  (\<exists>y[L]. \<exists>p[L]. fun_apply(L,f,x,y) & pair(L,y,x,p) & p \<in> r),
    9.10 -        \<lambda>i x. x\<in>A --> (\<exists>y \<in> Lset(i). \<exists>p \<in> Lset(i).
    9.11 +        \<lambda>i x. x\<in>A \<longrightarrow> (\<exists>y \<in> Lset(i). \<exists>p \<in> Lset(i).
    9.12                  fun_apply(##Lset(i),f,x,y) & pair(##Lset(i),y,x,p) & p \<in> r)]"
    9.13  by (intro FOL_reflections function_reflections)
    9.14  
    9.15  lemma well_ord_iso_separation:
    9.16       "[| L(A); L(f); L(r) |]
    9.17 -      ==> separation (L, \<lambda>x. x\<in>A --> (\<exists>y[L]. (\<exists>p[L].
    9.18 +      ==> separation (L, \<lambda>x. x\<in>A \<longrightarrow> (\<exists>y[L]. (\<exists>p[L].
    9.19                       fun_apply(L,f,x,y) & pair(L,y,x,p) & p \<in> r)))"
    9.20  apply (rule gen_separation_multi [OF well_ord_iso_Reflects, of "{A,f,r}"], 
    9.21         auto)
    9.22 @@ -60,11 +60,11 @@
    9.23  subsubsection{*Separation for a Theorem about @{term "obase"}*}
    9.24  
    9.25  lemma obase_equals_reflects:
    9.26 -  "REFLECTS[\<lambda>x. x\<in>A --> ~(\<exists>y[L]. \<exists>g[L].
    9.27 +  "REFLECTS[\<lambda>x. x\<in>A \<longrightarrow> ~(\<exists>y[L]. \<exists>g[L].
    9.28                  ordinal(L,y) & (\<exists>my[L]. \<exists>pxr[L].
    9.29                  membership(L,y,my) & pred_set(L,A,x,r,pxr) &
    9.30                  order_isomorphism(L,pxr,r,y,my,g))),
    9.31 -        \<lambda>i x. x\<in>A --> ~(\<exists>y \<in> Lset(i). \<exists>g \<in> Lset(i).
    9.32 +        \<lambda>i x. x\<in>A \<longrightarrow> ~(\<exists>y \<in> Lset(i). \<exists>g \<in> Lset(i).
    9.33                  ordinal(##Lset(i),y) & (\<exists>my \<in> Lset(i). \<exists>pxr \<in> Lset(i).
    9.34                  membership(##Lset(i),y,my) & pred_set(##Lset(i),A,x,r,pxr) &
    9.35                  order_isomorphism(##Lset(i),pxr,r,y,my,g)))]"
    9.36 @@ -72,7 +72,7 @@
    9.37  
    9.38  lemma obase_equals_separation:
    9.39       "[| L(A); L(r) |]
    9.40 -      ==> separation (L, \<lambda>x. x\<in>A --> ~(\<exists>y[L]. \<exists>g[L].
    9.41 +      ==> separation (L, \<lambda>x. x\<in>A \<longrightarrow> ~(\<exists>y[L]. \<exists>g[L].
    9.42                                ordinal(L,y) & (\<exists>my[L]. \<exists>pxr[L].
    9.43                                membership(L,y,my) & pred_set(L,A,x,r,pxr) &
    9.44                                order_isomorphism(L,pxr,r,y,my,g))))"
    9.45 @@ -132,9 +132,9 @@
    9.46  subsubsection{*Separation for @{term "wfrank"}*}
    9.47  
    9.48  lemma wfrank_Reflects:
    9.49 - "REFLECTS[\<lambda>x. \<forall>rplus[L]. tran_closure(L,r,rplus) -->
    9.50 + "REFLECTS[\<lambda>x. \<forall>rplus[L]. tran_closure(L,r,rplus) \<longrightarrow>
    9.51                ~ (\<exists>f[L]. M_is_recfun(L, %x f y. is_range(L,f,y), rplus, x, f)),
    9.52 -      \<lambda>i x. \<forall>rplus \<in> Lset(i). tran_closure(##Lset(i),r,rplus) -->
    9.53 +      \<lambda>i x. \<forall>rplus \<in> Lset(i). tran_closure(##Lset(i),r,rplus) \<longrightarrow>
    9.54           ~ (\<exists>f \<in> Lset(i).
    9.55              M_is_recfun(##Lset(i), %x f y. is_range(##Lset(i),f,y),
    9.56                          rplus, x, f))]"
    9.57 @@ -142,7 +142,7 @@
    9.58  
    9.59  lemma wfrank_separation:
    9.60       "L(r) ==>
    9.61 -      separation (L, \<lambda>x. \<forall>rplus[L]. tran_closure(L,r,rplus) -->
    9.62 +      separation (L, \<lambda>x. \<forall>rplus[L]. tran_closure(L,r,rplus) \<longrightarrow>
    9.63           ~ (\<exists>f[L]. M_is_recfun(L, %x f y. is_range(L,f,y), rplus, x, f)))"
    9.64  apply (rule gen_separation [OF wfrank_Reflects], simp)
    9.65  apply (rule_tac env="[r]" in DPow_LsetI)
    9.66 @@ -154,12 +154,12 @@
    9.67  
    9.68  lemma wfrank_replacement_Reflects:
    9.69   "REFLECTS[\<lambda>z. \<exists>x[L]. x \<in> A &
    9.70 -        (\<forall>rplus[L]. tran_closure(L,r,rplus) -->
    9.71 +        (\<forall>rplus[L]. tran_closure(L,r,rplus) \<longrightarrow>
    9.72           (\<exists>y[L]. \<exists>f[L]. pair(L,x,y,z)  &
    9.73                          M_is_recfun(L, %x f y. is_range(L,f,y), rplus, x, f) &
    9.74                          is_range(L,f,y))),
    9.75   \<lambda>i z. \<exists>x \<in> Lset(i). x \<in> A &
    9.76 -      (\<forall>rplus \<in> Lset(i). tran_closure(##Lset(i),r,rplus) -->
    9.77 +      (\<forall>rplus \<in> Lset(i). tran_closure(##Lset(i),r,rplus) \<longrightarrow>
    9.78         (\<exists>y \<in> Lset(i). \<exists>f \<in> Lset(i). pair(##Lset(i),x,y,z)  &
    9.79           M_is_recfun(##Lset(i), %x f y. is_range(##Lset(i),f,y), rplus, x, f) &
    9.80           is_range(##Lset(i),f,y)))]"
    9.81 @@ -169,7 +169,7 @@
    9.82  lemma wfrank_strong_replacement:
    9.83       "L(r) ==>
    9.84        strong_replacement(L, \<lambda>x z.
    9.85 -         \<forall>rplus[L]. tran_closure(L,r,rplus) -->
    9.86 +         \<forall>rplus[L]. tran_closure(L,r,rplus) \<longrightarrow>
    9.87           (\<exists>y[L]. \<exists>f[L]. pair(L,x,y,z)  &
    9.88                          M_is_recfun(L, %x f y. is_range(L,f,y), rplus, x, f) &
    9.89                          is_range(L,f,y)))"
    9.90 @@ -185,16 +185,16 @@
    9.91  subsubsection{*Separation for Proving @{text Ord_wfrank_range}*}
    9.92  
    9.93  lemma Ord_wfrank_Reflects:
    9.94 - "REFLECTS[\<lambda>x. \<forall>rplus[L]. tran_closure(L,r,rplus) -->
    9.95 + "REFLECTS[\<lambda>x. \<forall>rplus[L]. tran_closure(L,r,rplus) \<longrightarrow>
    9.96            ~ (\<forall>f[L]. \<forall>rangef[L].
    9.97 -             is_range(L,f,rangef) -->
    9.98 -             M_is_recfun(L, \<lambda>x f y. is_range(L,f,y), rplus, x, f) -->
    9.99 +             is_range(L,f,rangef) \<longrightarrow>
   9.100 +             M_is_recfun(L, \<lambda>x f y. is_range(L,f,y), rplus, x, f) \<longrightarrow>
   9.101               ordinal(L,rangef)),
   9.102 -      \<lambda>i x. \<forall>rplus \<in> Lset(i). tran_closure(##Lset(i),r,rplus) -->
   9.103 +      \<lambda>i x. \<forall>rplus \<in> Lset(i). tran_closure(##Lset(i),r,rplus) \<longrightarrow>
   9.104            ~ (\<forall>f \<in> Lset(i). \<forall>rangef \<in> Lset(i).
   9.105 -             is_range(##Lset(i),f,rangef) -->
   9.106 +             is_range(##Lset(i),f,rangef) \<longrightarrow>
   9.107               M_is_recfun(##Lset(i), \<lambda>x f y. is_range(##Lset(i),f,y),
   9.108 -                         rplus, x, f) -->
   9.109 +                         rplus, x, f) \<longrightarrow>
   9.110               ordinal(##Lset(i),rangef))]"
   9.111  by (intro FOL_reflections function_reflections is_recfun_reflection
   9.112            tran_closure_reflection ordinal_reflection)
   9.113 @@ -202,10 +202,10 @@
   9.114  lemma  Ord_wfrank_separation:
   9.115       "L(r) ==>
   9.116        separation (L, \<lambda>x.
   9.117 -         \<forall>rplus[L]. tran_closure(L,r,rplus) -->
   9.118 +         \<forall>rplus[L]. tran_closure(L,r,rplus) \<longrightarrow>
   9.119            ~ (\<forall>f[L]. \<forall>rangef[L].
   9.120 -             is_range(L,f,rangef) -->
   9.121 -             M_is_recfun(L, \<lambda>x f y. is_range(L,f,y), rplus, x, f) -->
   9.122 +             is_range(L,f,rangef) \<longrightarrow>
   9.123 +             M_is_recfun(L, \<lambda>x f y. is_range(L,f,y), rplus, x, f) \<longrightarrow>
   9.124               ordinal(L,rangef)))"
   9.125  apply (rule gen_separation [OF Ord_wfrank_Reflects], simp)
   9.126  apply (rule_tac env="[r]" in DPow_LsetI)
    10.1 --- a/src/ZF/Constructible/Rec_Separation.thy	Tue Mar 06 16:46:27 2012 +0000
    10.2 +++ b/src/ZF/Constructible/Rec_Separation.thy	Tue Mar 06 17:01:37 2012 +0000
    10.3 @@ -25,7 +25,7 @@
    10.4         (\<exists>f[M]. typed_function(M,n',A,f) &
    10.5          (\<exists>x[M]. \<exists>y[M]. \<exists>zero[M]. pair(M,x,y,p) & empty(M,zero) &
    10.6            fun_apply(M,f,zero,x) & fun_apply(M,f,n,y)) &
    10.7 -        (\<forall>j[M]. j\<in>n -->
    10.8 +        (\<forall>j[M]. j\<in>n \<longrightarrow>
    10.9            (\<exists>fj[M]. \<exists>sj[M]. \<exists>fsj[M]. \<exists>ffp[M].
   10.10              fun_apply(M,f,j,fj) & successor(M,j,sj) &
   10.11              fun_apply(M,f,sj,fsj) & pair(M,fj,fsj,ffp) & ffp \<in> r)))"*)
   10.12 @@ -55,14 +55,14 @@
   10.13  
   10.14  lemma sats_rtran_closure_mem_fm [simp]:
   10.15     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
   10.16 -    ==> sats(A, rtran_closure_mem_fm(x,y,z), env) <->
   10.17 +    ==> sats(A, rtran_closure_mem_fm(x,y,z), env) \<longleftrightarrow>
   10.18          rtran_closure_mem(##A, nth(x,env), nth(y,env), nth(z,env))"
   10.19  by (simp add: rtran_closure_mem_fm_def rtran_closure_mem_def)
   10.20  
   10.21  lemma rtran_closure_mem_iff_sats:
   10.22        "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   10.23            i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
   10.24 -       ==> rtran_closure_mem(##A, x, y, z) <-> sats(A, rtran_closure_mem_fm(i,j,k), env)"
   10.25 +       ==> rtran_closure_mem(##A, x, y, z) \<longleftrightarrow> sats(A, rtran_closure_mem_fm(i,j,k), env)"
   10.26  by (simp add: sats_rtran_closure_mem_fm)
   10.27  
   10.28  lemma rtran_closure_mem_reflection:
   10.29 @@ -85,8 +85,8 @@
   10.30  subsubsection{*Reflexive/Transitive Closure, Internalized*}
   10.31  
   10.32  (*  "rtran_closure(M,r,s) ==
   10.33 -        \<forall>A[M]. is_field(M,r,A) -->
   10.34 -         (\<forall>p[M]. p \<in> s <-> rtran_closure_mem(M,A,r,p))" *)
   10.35 +        \<forall>A[M]. is_field(M,r,A) \<longrightarrow>
   10.36 +         (\<forall>p[M]. p \<in> s \<longleftrightarrow> rtran_closure_mem(M,A,r,p))" *)
   10.37  definition
   10.38    rtran_closure_fm :: "[i,i]=>i" where
   10.39    "rtran_closure_fm(r,s) ==
   10.40 @@ -100,14 +100,14 @@
   10.41  
   10.42  lemma sats_rtran_closure_fm [simp]:
   10.43     "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   10.44 -    ==> sats(A, rtran_closure_fm(x,y), env) <->
   10.45 +    ==> sats(A, rtran_closure_fm(x,y), env) \<longleftrightarrow>
   10.46          rtran_closure(##A, nth(x,env), nth(y,env))"
   10.47  by (simp add: rtran_closure_fm_def rtran_closure_def)
   10.48  
   10.49  lemma rtran_closure_iff_sats:
   10.50        "[| nth(i,env) = x; nth(j,env) = y;
   10.51            i \<in> nat; j \<in> nat; env \<in> list(A)|]
   10.52 -       ==> rtran_closure(##A, x, y) <-> sats(A, rtran_closure_fm(i,j), env)"
   10.53 +       ==> rtran_closure(##A, x, y) \<longleftrightarrow> sats(A, rtran_closure_fm(i,j), env)"
   10.54  by simp
   10.55  
   10.56  theorem rtran_closure_reflection:
   10.57 @@ -133,14 +133,14 @@
   10.58  
   10.59  lemma sats_tran_closure_fm [simp]:
   10.60     "[| x \<in> nat; y \<in> nat; env \<in> list(A)|]
   10.61 -    ==> sats(A, tran_closure_fm(x,y), env) <->
   10.62 +    ==> sats(A, tran_closure_fm(x,y), env) \<longleftrightarrow>
   10.63          tran_closure(##A, nth(x,env), nth(y,env))"
   10.64  by (simp add: tran_closure_fm_def tran_closure_def)
   10.65  
   10.66  lemma tran_closure_iff_sats:
   10.67        "[| nth(i,env) = x; nth(j,env) = y;
   10.68            i \<in> nat; j \<in> nat; env \<in> list(A)|]
   10.69 -       ==> tran_closure(##A, x, y) <-> sats(A, tran_closure_fm(i,j), env)"
   10.70 +       ==> tran_closure(##A, x, y) \<longleftrightarrow> sats(A, tran_closure_fm(i,j), env)"
   10.71  by simp
   10.72  
   10.73  theorem tran_closure_reflection:
   10.74 @@ -307,7 +307,7 @@
   10.75  
   10.76  lemma sats_nth_fm [simp]:
   10.77     "[| x < length(env); y \<in> nat; z \<in> nat; env \<in> list(A)|]
   10.78 -    ==> sats(A, nth_fm(x,y,z), env) <->
   10.79 +    ==> sats(A, nth_fm(x,y,z), env) \<longleftrightarrow>
   10.80          is_nth(##A, nth(x,env), nth(y,env), nth(z,env))"
   10.81  apply (frule lt_length_in_nat, assumption)  
   10.82  apply (simp add: nth_fm_def is_nth_def sats_is_iterates_fm) 
   10.83 @@ -316,7 +316,7 @@
   10.84  lemma nth_iff_sats:
   10.85        "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
   10.86            i < length(env); j \<in> nat; k \<in> nat; env \<in> list(A)|]
   10.87 -       ==> is_nth(##A, x, y, z) <-> sats(A, nth_fm(i,j,k), env)"
   10.88 +       ==> is_nth(##A, x, y, z) \<longleftrightarrow> sats(A, nth_fm(i,j,k), env)"
   10.89  by (simp add: sats_nth_fm)
   10.90  
   10.91  theorem nth_reflection:
    11.1 --- a/src/ZF/Constructible/Reflection.thy	Tue Mar 06 16:46:27 2012 +0000
    11.2 +++ b/src/ZF/Constructible/Reflection.thy	Tue Mar 06 17:01:37 2012 +0000
    11.3 @@ -6,26 +6,26 @@
    11.4  
    11.5  theory Reflection imports Normal begin
    11.6  
    11.7 -lemma all_iff_not_ex_not: "(\<forall>x. P(x)) <-> (~ (\<exists>x. ~ P(x)))";
    11.8 +lemma all_iff_not_ex_not: "(\<forall>x. P(x)) \<longleftrightarrow> (~ (\<exists>x. ~ P(x)))";
    11.9  by blast
   11.10  
   11.11 -lemma ball_iff_not_bex_not: "(\<forall>x\<in>A. P(x)) <-> (~ (\<exists>x\<in>A. ~ P(x)))";
   11.12 +lemma ball_iff_not_bex_not: "(\<forall>x\<in>A. P(x)) \<longleftrightarrow> (~ (\<exists>x\<in>A. ~ P(x)))";
   11.13  by blast
   11.14  
   11.15 -text{*From the notes of A. S. Kechris, page 6, and from 
   11.16 +text{*From the notes of A. S. Kechris, page 6, and from
   11.17        Andrzej Mostowski, \emph{Constructible Sets with Applications},
   11.18        North-Holland, 1969, page 23.*}
   11.19  
   11.20  
   11.21  subsection{*Basic Definitions*}
   11.22  
   11.23 -text{*First part: the cumulative hierarchy defining the class @{text M}.  
   11.24 +text{*First part: the cumulative hierarchy defining the class @{text M}.
   11.25  To avoid handling multiple arguments, we assume that @{text "Mset(l)"} is
   11.26  closed under ordered pairing provided @{text l} is limit.  Possibly this
   11.27 -could be avoided: the induction hypothesis @{term Cl_reflects} 
   11.28 +could be avoided: the induction hypothesis @{term Cl_reflects}
   11.29  (in locale @{text ex_reflection}) could be weakened to
   11.30 -@{term "\<forall>y\<in>Mset(a). \<forall>z\<in>Mset(a). P(<y,z>) <-> Q(a,<y,z>)"}, removing most
   11.31 -uses of @{term Pair_in_Mset}.  But there isn't much point in doing so, since 
   11.32 +@{term "\<forall>y\<in>Mset(a). \<forall>z\<in>Mset(a). P(<y,z>) \<longleftrightarrow> Q(a,<y,z>)"}, removing most
   11.33 +uses of @{term Pair_in_Mset}.  But there isn't much point in doing so, since
   11.34  ultimately the @{text ex_reflection} proof is packaged up using the
   11.35  predicate @{text Reflects}.
   11.36  *}
   11.37 @@ -33,29 +33,29 @@
   11.38    fixes Mset and M and Reflects
   11.39    assumes Mset_mono_le : "mono_le_subset(Mset)"
   11.40        and Mset_cont    : "cont_Ord(Mset)"
   11.41 -      and Pair_in_Mset : "[| x \<in> Mset(a); y \<in> Mset(a); Limit(a) |] 
   11.42 +      and Pair_in_Mset : "[| x \<in> Mset(a); y \<in> Mset(a); Limit(a) |]
   11.43                            ==> <x,y> \<in> Mset(a)"
   11.44    defines "M(x) == \<exists>a. Ord(a) & x \<in> Mset(a)"
   11.45        and "Reflects(Cl,P,Q) == Closed_Unbounded(Cl) &
   11.46 -                              (\<forall>a. Cl(a) --> (\<forall>x\<in>Mset(a). P(x) <-> Q(a,x)))"
   11.47 +                              (\<forall>a. Cl(a) \<longrightarrow> (\<forall>x\<in>Mset(a). P(x) \<longleftrightarrow> Q(a,x)))"
   11.48    fixes F0 --{*ordinal for a specific value @{term y}*}
   11.49    fixes FF --{*sup over the whole level, @{term "y\<in>Mset(a)"}*}
   11.50    fixes ClEx --{*Reflecting ordinals for the formula @{term "\<exists>z. P"}*}
   11.51 -  defines "F0(P,y) == \<mu> b. (\<exists>z. M(z) & P(<y,z>)) --> 
   11.52 +  defines "F0(P,y) == \<mu> b. (\<exists>z. M(z) & P(<y,z>)) \<longrightarrow>
   11.53                                 (\<exists>z\<in>Mset(b). P(<y,z>))"
   11.54        and "FF(P)   == \<lambda>a. \<Union>y\<in>Mset(a). F0(P,y)"
   11.55        and "ClEx(P,a) == Limit(a) & normalize(FF(P),a) = a"
   11.56  
   11.57 -lemma (in reflection) Mset_mono: "i\<le>j ==> Mset(i) <= Mset(j)"
   11.58 -apply (insert Mset_mono_le) 
   11.59 -apply (simp add: mono_le_subset_def leI) 
   11.60 +lemma (in reflection) Mset_mono: "i\<le>j ==> Mset(i) \<subseteq> Mset(j)"
   11.61 +apply (insert Mset_mono_le)
   11.62 +apply (simp add: mono_le_subset_def leI)
   11.63  done
   11.64  
   11.65  text{*Awkward: we need a version of @{text ClEx_def} as an equality
   11.66        at the level of classes, which do not really exist*}
   11.67  lemma (in reflection) ClEx_eq:
   11.68       "ClEx(P) == \<lambda>a. Limit(a) & normalize(FF(P),a) = a"
   11.69 -by (simp add: ClEx_def [symmetric]) 
   11.70 +by (simp add: ClEx_def [symmetric])
   11.71  
   11.72  
   11.73  subsection{*Easy Cases of the Reflection Theorem*}
   11.74 @@ -66,33 +66,33 @@
   11.75  
   11.76  theorem (in reflection) Not_reflection [intro]:
   11.77       "Reflects(Cl,P,Q) ==> Reflects(Cl, \<lambda>x. ~P(x), \<lambda>a x. ~Q(a,x))"
   11.78 -by (simp add: Reflects_def) 
   11.79 +by (simp add: Reflects_def)
   11.80  
   11.81  theorem (in reflection) And_reflection [intro]:
   11.82 -     "[| Reflects(Cl,P,Q); Reflects(C',P',Q') |] 
   11.83 -      ==> Reflects(\<lambda>a. Cl(a) & C'(a), \<lambda>x. P(x) & P'(x), 
   11.84 +     "[| Reflects(Cl,P,Q); Reflects(C',P',Q') |]
   11.85 +      ==> Reflects(\<lambda>a. Cl(a) & C'(a), \<lambda>x. P(x) & P'(x),
   11.86                                        \<lambda>a x. Q(a,x) & Q'(a,x))"
   11.87  by (simp add: Reflects_def Closed_Unbounded_Int, blast)
   11.88  
   11.89  theorem (in reflection) Or_reflection [intro]:
   11.90 -     "[| Reflects(Cl,P,Q); Reflects(C',P',Q') |] 
   11.91 -      ==> Reflects(\<lambda>a. Cl(a) & C'(a), \<lambda>x. P(x) | P'(x), 
   11.92 +     "[| Reflects(Cl,P,Q); Reflects(C',P',Q') |]
   11.93 +      ==> Reflects(\<lambda>a. Cl(a) & C'(a), \<lambda>x. P(x) | P'(x),
   11.94                                        \<lambda>a x. Q(a,x) | Q'(a,x))"
   11.95  by (simp add: Reflects_def Closed_Unbounded_Int, blast)
   11.96  
   11.97  theorem (in reflection) Imp_reflection [intro]:
   11.98 -     "[| Reflects(Cl,P,Q); Reflects(C',P',Q') |] 
   11.99 -      ==> Reflects(\<lambda>a. Cl(a) & C'(a), 
  11.100 -                   \<lambda>x. P(x) --> P'(x), 
  11.101 -                   \<lambda>a x. Q(a,x) --> Q'(a,x))"
  11.102 +     "[| Reflects(Cl,P,Q); Reflects(C',P',Q') |]
  11.103 +      ==> Reflects(\<lambda>a. Cl(a) & C'(a),
  11.104 +                   \<lambda>x. P(x) \<longrightarrow> P'(x),
  11.105 +                   \<lambda>a x. Q(a,x) \<longrightarrow> Q'(a,x))"
  11.106  by (simp add: Reflects_def Closed_Unbounded_Int, blast)
  11.107  
  11.108  theorem (in reflection) Iff_reflection [intro]:
  11.109 -     "[| Reflects(Cl,P,Q); Reflects(C',P',Q') |] 
  11.110 -      ==> Reflects(\<lambda>a. Cl(a) & C'(a), 
  11.111 -                   \<lambda>x. P(x) <-> P'(x), 
  11.112 -                   \<lambda>a x. Q(a,x) <-> Q'(a,x))"
  11.113 -by (simp add: Reflects_def Closed_Unbounded_Int, blast) 
  11.114 +     "[| Reflects(Cl,P,Q); Reflects(C',P',Q') |]
  11.115 +      ==> Reflects(\<lambda>a. Cl(a) & C'(a),
  11.116 +                   \<lambda>x. P(x) \<longleftrightarrow> P'(x),
  11.117 +                   \<lambda>a x. Q(a,x) \<longleftrightarrow> Q'(a,x))"
  11.118 +by (simp add: Reflects_def Closed_Unbounded_Int, blast)
  11.119  
  11.120  subsection{*Reflection for Existential Quantifiers*}
  11.121  
  11.122 @@ -115,20 +115,20 @@
  11.123  apply (simp add: cont_Ord_def FF_def, blast)
  11.124  done
  11.125  
  11.126 -text{*Recall that @{term F0} depends upon @{term "y\<in>Mset(a)"}, 
  11.127 +text{*Recall that @{term F0} depends upon @{term "y\<in>Mset(a)"},
  11.128  while @{term FF} depends only upon @{term a}. *}
  11.129  lemma (in reflection) FF_works:
  11.130       "[| M(z); y\<in>Mset(a); P(<y,z>); Ord(a) |] ==> \<exists>z\<in>Mset(FF(P,a)). P(<y,z>)"
  11.131  apply (simp add: FF_def)
  11.132 -apply (simp_all add: cont_Ord_Union [of concl: Mset] 
  11.133 +apply (simp_all add: cont_Ord_Union [of concl: Mset]
  11.134                       Mset_cont Mset_mono_le not_emptyI Ord_F0)
  11.135 -apply (blast intro: F0_works)  
  11.136 +apply (blast intro: F0_works)
  11.137  done
  11.138  
  11.139  lemma (in reflection) FFN_works:
  11.140 -     "[| M(z); y\<in>Mset(a); P(<y,z>); Ord(a) |] 
  11.141 +     "[| M(z); y\<in>Mset(a); P(<y,z>); Ord(a) |]
  11.142        ==> \<exists>z\<in>Mset(normalize(FF(P),a)). P(<y,z>)"
  11.143 -apply (drule FF_works [of concl: P], assumption+) 
  11.144 +apply (drule FF_works [of concl: P], assumption+)
  11.145  apply (blast intro: cont_Ord_FF le_normalize [THEN Mset_mono, THEN subsetD])
  11.146  done
  11.147  
  11.148 @@ -139,20 +139,20 @@
  11.149    fixes P  --"the original formula"
  11.150    fixes Q  --"the reflected formula"
  11.151    fixes Cl --"the class of reflecting ordinals"
  11.152 -  assumes Cl_reflects: "[| Cl(a); Ord(a) |] ==> \<forall>x\<in>Mset(a). P(x) <-> Q(a,x)"
  11.153 +  assumes Cl_reflects: "[| Cl(a); Ord(a) |] ==> \<forall>x\<in>Mset(a). P(x) \<longleftrightarrow> Q(a,x)"
  11.154  
  11.155  lemma (in ex_reflection) ClEx_downward:
  11.156 -     "[| M(z); y\<in>Mset(a); P(<y,z>); Cl(a); ClEx(P,a) |] 
  11.157 +     "[| M(z); y\<in>Mset(a); P(<y,z>); Cl(a); ClEx(P,a) |]
  11.158        ==> \<exists>z\<in>Mset(a). Q(a,<y,z>)"
  11.159 -apply (simp add: ClEx_def, clarify) 
  11.160 -apply (frule Limit_is_Ord) 
  11.161 -apply (frule FFN_works [of concl: P], assumption+) 
  11.162 -apply (drule Cl_reflects, assumption+) 
  11.163 +apply (simp add: ClEx_def, clarify)
  11.164 +apply (frule Limit_is_Ord)
  11.165 +apply (frule FFN_works [of concl: P], assumption+)
  11.166 +apply (drule Cl_reflects, assumption+)
  11.167  apply (auto simp add: Limit_is_Ord Pair_in_Mset)
  11.168  done
  11.169  
  11.170  lemma (in ex_reflection) ClEx_upward:
  11.171 -     "[| z\<in>Mset(a); y\<in>Mset(a); Q(a,<y,z>); Cl(a); ClEx(P,a) |] 
  11.172 +     "[| z\<in>Mset(a); y\<in>Mset(a); Q(a,<y,z>); Cl(a); ClEx(P,a) |]
  11.173        ==> \<exists>z. M(z) & P(<y,z>)"
  11.174  apply (simp add: ClEx_def M_def)
  11.175  apply (blast dest: Cl_reflects
  11.176 @@ -161,9 +161,9 @@
  11.177  
  11.178  text{*Class @{text ClEx} indeed consists of reflecting ordinals...*}
  11.179  lemma (in ex_reflection) ZF_ClEx_iff:
  11.180 -     "[| y\<in>Mset(a); Cl(a); ClEx(P,a) |] 
  11.181 -      ==> (\<exists>z. M(z) & P(<y,z>)) <-> (\<exists>z\<in>Mset(a). Q(a,<y,z>))"
  11.182 -by (blast intro: dest: ClEx_downward ClEx_upward) 
  11.183 +     "[| y\<in>Mset(a); Cl(a); ClEx(P,a) |]
  11.184 +      ==> (\<exists>z. M(z) & P(<y,z>)) \<longleftrightarrow> (\<exists>z\<in>Mset(a). Q(a,<y,z>))"
  11.185 +by (blast intro: dest: ClEx_downward ClEx_upward)
  11.186  
  11.187  text{*...and it is closed and unbounded*}
  11.188  lemma (in ex_reflection) ZF_Closed_Unbounded_ClEx:
  11.189 @@ -178,8 +178,8 @@
  11.190  text{*Class @{text ClEx} indeed consists of reflecting ordinals...*}
  11.191  lemma (in reflection) ClEx_iff:
  11.192       "[| y\<in>Mset(a); Cl(a); ClEx(P,a);
  11.193 -        !!a. [| Cl(a); Ord(a) |] ==> \<forall>x\<in>Mset(a). P(x) <-> Q(a,x) |] 
  11.194 -      ==> (\<exists>z. M(z) & P(<y,z>)) <-> (\<exists>z\<in>Mset(a). Q(a,<y,z>))"
  11.195 +        !!a. [| Cl(a); Ord(a) |] ==> \<forall>x\<in>Mset(a). P(x) \<longleftrightarrow> Q(a,x) |]
  11.196 +      ==> (\<exists>z. M(z) & P(<y,z>)) \<longleftrightarrow> (\<exists>z\<in>Mset(a). Q(a,<y,z>))"
  11.197  apply (unfold ClEx_def FF_def F0_def M_def)
  11.198  apply (rule ex_reflection.ZF_ClEx_iff
  11.199    [OF ex_reflection.intro, OF reflection.intro ex_reflection_axioms.intro,
  11.200 @@ -195,9 +195,9 @@
  11.201  *)
  11.202  
  11.203  lemma (in reflection) Closed_Unbounded_ClEx:
  11.204 -     "(!!a. [| Cl(a); Ord(a) |] ==> \<forall>x\<in>Mset(a). P(x) <-> Q(a,x))
  11.205 +     "(!!a. [| Cl(a); Ord(a) |] ==> \<forall>x\<in>Mset(a). P(x) \<longleftrightarrow> Q(a,x))
  11.206        ==> Closed_Unbounded(ClEx(P))"
  11.207 -apply (unfold ClEx_eq FF_def F0_def M_def) 
  11.208 +apply (unfold ClEx_eq FF_def F0_def M_def)
  11.209  apply (rule ex_reflection.ZF_Closed_Unbounded_ClEx [of Mset _ _ Cl])
  11.210  apply (rule ex_reflection.intro, rule reflection_axioms)
  11.211  apply (blast intro: ex_reflection_axioms.intro)
  11.212 @@ -206,58 +206,58 @@
  11.213  subsection{*Packaging the Quantifier Reflection Rules*}
  11.214  
  11.215  lemma (in reflection) Ex_reflection_0:
  11.216 -     "Reflects(Cl,P0,Q0) 
  11.217 -      ==> Reflects(\<lambda>a. Cl(a) & ClEx(P0,a), 
  11.218 -                   \<lambda>x. \<exists>z. M(z) & P0(<x,z>), 
  11.219 -                   \<lambda>a x. \<exists>z\<in>Mset(a). Q0(a,<x,z>))" 
  11.220 -apply (simp add: Reflects_def) 
  11.221 +     "Reflects(Cl,P0,Q0)
  11.222 +      ==> Reflects(\<lambda>a. Cl(a) & ClEx(P0,a),
  11.223 +                   \<lambda>x. \<exists>z. M(z) & P0(<x,z>),
  11.224 +                   \<lambda>a x. \<exists>z\<in>Mset(a). Q0(a,<x,z>))"
  11.225 +apply (simp add: Reflects_def)
  11.226  apply (intro conjI Closed_Unbounded_Int)
  11.227 -  apply blast 
  11.228 - apply (rule Closed_Unbounded_ClEx [of Cl P0 Q0], blast, clarify) 
  11.229 -apply (rule_tac Cl=Cl in  ClEx_iff, assumption+, blast) 
  11.230 +  apply blast
  11.231 + apply (rule Closed_Unbounded_ClEx [of Cl P0 Q0], blast, clarify)
  11.232 +apply (rule_tac Cl=Cl in  ClEx_iff, assumption+, blast)
  11.233  done
  11.234  
  11.235  lemma (in reflection) All_reflection_0:
  11.236 -     "Reflects(Cl,P0,Q0) 
  11.237 -      ==> Reflects(\<lambda>a. Cl(a) & ClEx(\<lambda>x.~P0(x), a), 
  11.238 -                   \<lambda>x. \<forall>z. M(z) --> P0(<x,z>), 
  11.239 -                   \<lambda>a x. \<forall>z\<in>Mset(a). Q0(a,<x,z>))" 
  11.240 -apply (simp only: all_iff_not_ex_not ball_iff_not_bex_not) 
  11.241 -apply (rule Not_reflection, drule Not_reflection, simp) 
  11.242 +     "Reflects(Cl,P0,Q0)
  11.243 +      ==> Reflects(\<lambda>a. Cl(a) & ClEx(\<lambda>x.~P0(x), a),
  11.244 +                   \<lambda>x. \<forall>z. M(z) \<longrightarrow> P0(<x,z>),
  11.245 +                   \<lambda>a x. \<forall>z\<in>Mset(a). Q0(a,<x,z>))"
  11.246 +apply (simp only: all_iff_not_ex_not ball_iff_not_bex_not)
  11.247 +apply (rule Not_reflection, drule Not_reflection, simp)
  11.248  apply (erule Ex_reflection_0)
  11.249  done
  11.250  
  11.251  theorem (in reflection) Ex_reflection [intro]:
  11.252 -     "Reflects(Cl, \<lambda>x. P(fst(x),snd(x)), \<lambda>a x. Q(a,fst(x),snd(x))) 
  11.253 -      ==> Reflects(\<lambda>a. Cl(a) & ClEx(\<lambda>x. P(fst(x),snd(x)), a), 
  11.254 -                   \<lambda>x. \<exists>z. M(z) & P(x,z), 
  11.255 +     "Reflects(Cl, \<lambda>x. P(fst(x),snd(x)), \<lambda>a x. Q(a,fst(x),snd(x)))
  11.256 +      ==> Reflects(\<lambda>a. Cl(a) & ClEx(\<lambda>x. P(fst(x),snd(x)), a),
  11.257 +                   \<lambda>x. \<exists>z. M(z) & P(x,z),
  11.258                     \<lambda>a x. \<exists>z\<in>Mset(a). Q(a,x,z))"
  11.259 -by (rule Ex_reflection_0 [of _ " \<lambda>x. P(fst(x),snd(x))" 
  11.260 +by (rule Ex_reflection_0 [of _ " \<lambda>x. P(fst(x),snd(x))"
  11.261                                 "\<lambda>a x. Q(a,fst(x),snd(x))", simplified])
  11.262  
  11.263  theorem (in reflection) All_reflection [intro]:
  11.264       "Reflects(Cl,  \<lambda>x. P(fst(x),snd(x)), \<lambda>a x. Q(a,fst(x),snd(x)))
  11.265 -      ==> Reflects(\<lambda>a. Cl(a) & ClEx(\<lambda>x. ~P(fst(x),snd(x)), a), 
  11.266 -                   \<lambda>x. \<forall>z. M(z) --> P(x,z), 
  11.267 -                   \<lambda>a x. \<forall>z\<in>Mset(a). Q(a,x,z))" 
  11.268 -by (rule All_reflection_0 [of _ "\<lambda>x. P(fst(x),snd(x))" 
  11.269 +      ==> Reflects(\<lambda>a. Cl(a) & ClEx(\<lambda>x. ~P(fst(x),snd(x)), a),
  11.270 +                   \<lambda>x. \<forall>z. M(z) \<longrightarrow> P(x,z),
  11.271 +                   \<lambda>a x. \<forall>z\<in>Mset(a). Q(a,x,z))"
  11.272 +by (rule All_reflection_0 [of _ "\<lambda>x. P(fst(x),snd(x))"
  11.273                                  "\<lambda>a x. Q(a,fst(x),snd(x))", simplified])
  11.274  
  11.275  text{*And again, this time using class-bounded quantifiers*}
  11.276  
  11.277  theorem (in reflection) Rex_reflection [intro]:
  11.278 -     "Reflects(Cl, \<lambda>x. P(fst(x),snd(x)), \<lambda>a x. Q(a,fst(x),snd(x))) 
  11.279 -      ==> Reflects(\<lambda>a. Cl(a) & ClEx(\<lambda>x. P(fst(x),snd(x)), a), 
  11.280 -                   \<lambda>x. \<exists>z[M]. P(x,z), 
  11.281 +     "Reflects(Cl, \<lambda>x. P(fst(x),snd(x)), \<lambda>a x. Q(a,fst(x),snd(x)))
  11.282 +      ==> Reflects(\<lambda>a. Cl(a) & ClEx(\<lambda>x. P(fst(x),snd(x)), a),
  11.283 +                   \<lambda>x. \<exists>z[M]. P(x,z),
  11.284                     \<lambda>a x. \<exists>z\<in>Mset(a). Q(a,x,z))"
  11.285 -by (unfold rex_def, blast) 
  11.286 +by (unfold rex_def, blast)
  11.287  
  11.288  theorem (in reflection) Rall_reflection [intro]:
  11.289       "Reflects(Cl,  \<lambda>x. P(fst(x),snd(x)), \<lambda>a x. Q(a,fst(x),snd(x)))
  11.290 -      ==> Reflects(\<lambda>a. Cl(a) & ClEx(\<lambda>x. ~P(fst(x),snd(x)), a), 
  11.291 -                   \<lambda>x. \<forall>z[M]. P(x,z), 
  11.292 -                   \<lambda>a x. \<forall>z\<in>Mset(a). Q(a,x,z))" 
  11.293 -by (unfold rall_def, blast) 
  11.294 +      ==> Reflects(\<lambda>a. Cl(a) & ClEx(\<lambda>x. ~P(fst(x),snd(x)), a),
  11.295 +                   \<lambda>x. \<forall>z[M]. P(x,z),
  11.296 +                   \<lambda>a x. \<forall>z\<in>Mset(a). Q(a,x,z))"
  11.297 +by (unfold rall_def, blast)
  11.298  
  11.299  
  11.300  text{*No point considering bounded quantifiers, where reflection is trivial.*}
  11.301 @@ -266,62 +266,62 @@
  11.302  subsection{*Simple Examples of Reflection*}
  11.303  
  11.304  text{*Example 1: reflecting a simple formula.  The reflecting class is first
  11.305 -given as the variable @{text ?Cl} and later retrieved from the final 
  11.306 +given as the variable @{text ?Cl} and later retrieved from the final
  11.307  proof state.*}
  11.308 -schematic_lemma (in reflection) 
  11.309 +schematic_lemma (in reflection)
  11.310       "Reflects(?Cl,
  11.311 -               \<lambda>x. \<exists>y. M(y) & x \<in> y, 
  11.312 +               \<lambda>x. \<exists>y. M(y) & x \<in> y,
  11.313                 \<lambda>a x. \<exists>y\<in>Mset(a). x \<in> y)"
  11.314  by fast
  11.315  
  11.316  text{*Problem here: there needs to be a conjunction (class intersection)
  11.317  in the class of reflecting ordinals.  The @{term "Ord(a)"} is redundant,
  11.318  though harmless.*}
  11.319 -lemma (in reflection) 
  11.320 -     "Reflects(\<lambda>a. Ord(a) & ClEx(\<lambda>x. fst(x) \<in> snd(x), a),   
  11.321 -               \<lambda>x. \<exists>y. M(y) & x \<in> y, 
  11.322 -               \<lambda>a x. \<exists>y\<in>Mset(a). x \<in> y)" 
  11.323 +lemma (in reflection)
  11.324 +     "Reflects(\<lambda>a. Ord(a) & ClEx(\<lambda>x. fst(x) \<in> snd(x), a),
  11.325 +               \<lambda>x. \<exists>y. M(y) & x \<in> y,
  11.326 +               \<lambda>a x. \<exists>y\<in>Mset(a). x \<in> y)"
  11.327  by fast
  11.328  
  11.329  
  11.330  text{*Example 2*}
  11.331 -schematic_lemma (in reflection) 
  11.332 +schematic_lemma (in reflection)
  11.333       "Reflects(?Cl,
  11.334 -               \<lambda>x. \<exists>y. M(y) & (\<forall>z. M(z) --> z \<subseteq> x --> z \<in> y), 
  11.335 -               \<lambda>a x. \<exists>y\<in>Mset(a). \<forall>z\<in>Mset(a). z \<subseteq> x --> z \<in> y)" 
  11.336 +               \<lambda>x. \<exists>y. M(y) & (\<forall>z. M(z) \<longrightarrow> z \<subseteq> x \<longrightarrow> z \<in> y),
  11.337 +               \<lambda>a x. \<exists>y\<in>Mset(a). \<forall>z\<in>Mset(a). z \<subseteq> x \<longrightarrow> z \<in> y)"
  11.338  by fast
  11.339  
  11.340  text{*Example 2'.  We give the reflecting class explicitly. *}
  11.341 -lemma (in reflection) 
  11.342 +lemma (in reflection)
  11.343    "Reflects
  11.344      (\<lambda>a. (Ord(a) &
  11.345 -          ClEx(\<lambda>x. ~ (snd(x) \<subseteq> fst(fst(x)) --> snd(x) \<in> snd(fst(x))), a)) &
  11.346 -          ClEx(\<lambda>x. \<forall>z. M(z) --> z \<subseteq> fst(x) --> z \<in> snd(x), a),
  11.347 -            \<lambda>x. \<exists>y. M(y) & (\<forall>z. M(z) --> z \<subseteq> x --> z \<in> y), 
  11.348 -            \<lambda>a x. \<exists>y\<in>Mset(a). \<forall>z\<in>Mset(a). z \<subseteq> x --> z \<in> y)" 
  11.349 +          ClEx(\<lambda>x. ~ (snd(x) \<subseteq> fst(fst(x)) \<longrightarrow> snd(x) \<in> snd(fst(x))), a)) &
  11.350 +          ClEx(\<lambda>x. \<forall>z. M(z) \<longrightarrow> z \<subseteq> fst(x) \<longrightarrow> z \<in> snd(x), a),
  11.351 +            \<lambda>x. \<exists>y. M(y) & (\<forall>z. M(z) \<longrightarrow> z \<subseteq> x \<longrightarrow> z \<in> y),
  11.352 +            \<lambda>a x. \<exists>y\<in>Mset(a). \<forall>z\<in>Mset(a). z \<subseteq> x \<longrightarrow> z \<in> y)"
  11.353  by fast
  11.354  
  11.355  text{*Example 2''.  We expand the subset relation.*}
  11.356 -schematic_lemma (in reflection) 
  11.357 +schematic_lemma (in reflection)
  11.358    "Reflects(?Cl,
  11.359 -        \<lambda>x. \<exists>y. M(y) & (\<forall>z. M(z) --> (\<forall>w. M(w) --> w\<in>z --> w\<in>x) --> z\<in>y),
  11.360 -        \<lambda>a x. \<exists>y\<in>Mset(a). \<forall>z\<in>Mset(a). (\<forall>w\<in>Mset(a). w\<in>z --> w\<in>x) --> z\<in>y)"
  11.361 +        \<lambda>x. \<exists>y. M(y) & (\<forall>z. M(z) \<longrightarrow> (\<forall>w. M(w) \<longrightarrow> w\<in>z \<longrightarrow> w\<in>x) \<longrightarrow> z\<in>y),
  11.362 +        \<lambda>a x. \<exists>y\<in>Mset(a). \<forall>z\<in>Mset(a). (\<forall>w\<in>Mset(a). w\<in>z \<longrightarrow> w\<in>x) \<longrightarrow> z\<in>y)"
  11.363  by fast
  11.364  
  11.365  text{*Example 2'''.  Single-step version, to reveal the reflecting class.*}
  11.366 -schematic_lemma (in reflection) 
  11.367 +schematic_lemma (in reflection)
  11.368       "Reflects(?Cl,
  11.369 -               \<lambda>x. \<exists>y. M(y) & (\<forall>z. M(z) --> z \<subseteq> x --> z \<in> y), 
  11.370 -               \<lambda>a x. \<exists>y\<in>Mset(a). \<forall>z\<in>Mset(a). z \<subseteq> x --> z \<in> y)" 
  11.371 -apply (rule Ex_reflection) 
  11.372 +               \<lambda>x. \<exists>y. M(y) & (\<forall>z. M(z) \<longrightarrow> z \<subseteq> x \<longrightarrow> z \<in> y),
  11.373 +               \<lambda>a x. \<exists>y\<in>Mset(a). \<forall>z\<in>Mset(a). z \<subseteq> x \<longrightarrow> z \<in> y)"
  11.374 +apply (rule Ex_reflection)
  11.375  txt{*
  11.376  @{goals[display,indent=0,margin=60]}
  11.377  *}
  11.378 -apply (rule All_reflection) 
  11.379 +apply (rule All_reflection)
  11.380  txt{*
  11.381  @{goals[display,indent=0,margin=60]}
  11.382  *}
  11.383 -apply (rule Triv_reflection) 
  11.384 +apply (rule Triv_reflection)
  11.385  txt{*
  11.386  @{goals[display,indent=0,margin=60]}
  11.387  *}
  11.388 @@ -329,21 +329,21 @@
  11.389  
  11.390  text{*Example 3.  Warning: the following examples make sense only
  11.391  if @{term P} is quantifier-free, since it is not being relativized.*}
  11.392 -schematic_lemma (in reflection) 
  11.393 +schematic_lemma (in reflection)
  11.394       "Reflects(?Cl,
  11.395 -               \<lambda>x. \<exists>y. M(y) & (\<forall>z. M(z) --> z \<in> y <-> z \<in> x & P(z)), 
  11.396 -               \<lambda>a x. \<exists>y\<in>Mset(a). \<forall>z\<in>Mset(a). z \<in> y <-> z \<in> x & P(z))"
  11.397 +               \<lambda>x. \<exists>y. M(y) & (\<forall>z. M(z) \<longrightarrow> z \<in> y \<longleftrightarrow> z \<in> x & P(z)),
  11.398 +               \<lambda>a x. \<exists>y\<in>Mset(a). \<forall>z\<in>Mset(a). z \<in> y \<longleftrightarrow> z \<in> x & P(z))"
  11.399  by fast
  11.400  
  11.401  text{*Example 3'*}
  11.402 -schematic_lemma (in reflection) 
  11.403 +schematic_lemma (in reflection)
  11.404       "Reflects(?Cl,
  11.405                 \<lambda>x. \<exists>y. M(y) & y = Collect(x,P),
  11.406                 \<lambda>a x. \<exists>y\<in>Mset(a). y = Collect(x,P))";
  11.407  by fast
  11.408  
  11.409  text{*Example 3''*}
  11.410 -schematic_lemma (in reflection) 
  11.411 +schematic_lemma (in reflection)
  11.412       "Reflects(?Cl,
  11.413                 \<lambda>x. \<exists>y. M(y) & y = Replace(x,P),
  11.414                 \<lambda>a x. \<exists>y\<in>Mset(a). y = Replace(x,P))";
  11.415 @@ -351,10 +351,10 @@
  11.416  
  11.417  text{*Example 4: Axiom of Choice.  Possibly wrong, since @{text \<Pi>} needs
  11.418  to be relativized.*}
  11.419 -schematic_lemma (in reflection) 
  11.420 +schematic_lemma (in reflection)
  11.421       "Reflects(?Cl,
  11.422 -               \<lambda>A. 0\<notin>A --> (\<exists>f. M(f) & f \<in> (\<Pi> X \<in> A. X)),
  11.423 -               \<lambda>a A. 0\<notin>A --> (\<exists>f\<in>Mset(a). f \<in> (\<Pi> X \<in> A. X)))"
  11.424 +               \<lambda>A. 0\<notin>A \<longrightarrow> (\<exists>f. M(f) & f \<in> (\<Pi> X \<in> A. X)),
  11.425 +               \<lambda>a A. 0\<notin>A \<longrightarrow> (\<exists>f\<in>Mset(a). f \<in> (\<Pi> X \<in> A. X)))"
  11.426  by fast
  11.427  
  11.428  end
    12.1 --- a/src/ZF/Constructible/Relative.thy	Tue Mar 06 16:46:27 2012 +0000
    12.2 +++ b/src/ZF/Constructible/Relative.thy	Tue Mar 06 17:01:37 2012 +0000
    12.3 @@ -14,11 +14,11 @@
    12.4  
    12.5  definition
    12.6    subset :: "[i=>o,i,i] => o" where
    12.7 -    "subset(M,A,B) == \<forall>x[M]. x\<in>A --> x \<in> B"
    12.8 +    "subset(M,A,B) == \<forall>x[M]. x\<in>A \<longrightarrow> x \<in> B"
    12.9  
   12.10  definition
   12.11    upair :: "[i=>o,i,i,i] => o" where
   12.12 -    "upair(M,a,b,z) == a \<in> z & b \<in> z & (\<forall>x[M]. x\<in>z --> x = a | x = b)"
   12.13 +    "upair(M,a,b,z) == a \<in> z & b \<in> z & (\<forall>x[M]. x\<in>z \<longrightarrow> x = a | x = b)"
   12.14  
   12.15  definition
   12.16    pair :: "[i=>o,i,i,i] => o" where
   12.17 @@ -28,7 +28,7 @@
   12.18  
   12.19  definition
   12.20    union :: "[i=>o,i,i,i] => o" where
   12.21 -    "union(M,a,b,z) == \<forall>x[M]. x \<in> z <-> x \<in> a | x \<in> b"
   12.22 +    "union(M,a,b,z) == \<forall>x[M]. x \<in> z \<longleftrightarrow> x \<in> a | x \<in> b"
   12.23  
   12.24  definition
   12.25    is_cons :: "[i=>o,i,i,i] => o" where
   12.26 @@ -52,38 +52,38 @@
   12.27  
   12.28  definition
   12.29    powerset :: "[i=>o,i,i] => o" where
   12.30 -    "powerset(M,A,z) == \<forall>x[M]. x \<in> z <-> subset(M,x,A)"
   12.31 +    "powerset(M,A,z) == \<forall>x[M]. x \<in> z \<longleftrightarrow> subset(M,x,A)"
   12.32  
   12.33  definition
   12.34    is_Collect :: "[i=>o,i,i=>o,i] => o" where
   12.35 -    "is_Collect(M,A,P,z) == \<forall>x[M]. x \<in> z <-> x \<in> A & P(x)"
   12.36 +    "is_Collect(M,A,P,z) == \<forall>x[M]. x \<in> z \<longleftrightarrow> x \<in> A & P(x)"
   12.37  
   12.38  definition
   12.39    is_Replace :: "[i=>o,i,[i,i]=>o,i] => o" where
   12.40 -    "is_Replace(M,A,P,z) == \<forall>u[M]. u \<in> z <-> (\<exists>x[M]. x\<in>A & P(x,u))"
   12.41 +    "is_Replace(M,A,P,z) == \<forall>u[M]. u \<in> z \<longleftrightarrow> (\<exists>x[M]. x\<in>A & P(x,u))"
   12.42  
   12.43  definition
   12.44    inter :: "[i=>o,i,i,i] => o" where
   12.45 -    "inter(M,a,b,z) == \<forall>x[M]. x \<in> z <-> x \<in> a & x \<in> b"
   12.46 +    "inter(M,a,b,z) == \<forall>x[M]. x \<in> z \<longleftrightarrow> x \<in> a & x \<in> b"
   12.47  
   12.48  definition
   12.49    setdiff :: "[i=>o,i,i,i] => o" where
   12.50 -    "setdiff(M,a,b,z) == \<forall>x[M]. x \<in> z <-> x \<in> a & x \<notin> b"
   12.51 +    "setdiff(M,a,b,z) == \<forall>x[M]. x \<in> z \<longleftrightarrow> x \<in> a & x \<notin> b"
   12.52  
   12.53  definition
   12.54    big_union :: "[i=>o,i,i] => o" where
   12.55 -    "big_union(M,A,z) == \<forall>x[M]. x \<in> z <-> (\<exists>y[M]. y\<in>A & x \<in> y)"
   12.56 +    "big_union(M,A,z) == \<forall>x[M]. x \<in> z \<longleftrightarrow> (\<exists>y[M]. y\<in>A & x \<in> y)"
   12.57  
   12.58  definition
   12.59    big_inter :: "[i=>o,i,i] => o" where
   12.60      "big_inter(M,A,z) ==
   12.61 -             (A=0 --> z=0) &
   12.62 -             (A\<noteq>0 --> (\<forall>x[M]. x \<in> z <-> (\<forall>y[M]. y\<in>A --> x \<in> y)))"
   12.63 +             (A=0 \<longrightarrow> z=0) &
   12.64 +             (A\<noteq>0 \<longrightarrow> (\<forall>x[M]. x \<in> z \<longleftrightarrow> (\<forall>y[M]. y\<in>A \<longrightarrow> x \<in> y)))"
   12.65  
   12.66  definition
   12.67    cartprod :: "[i=>o,i,i,i] => o" where
   12.68      "cartprod(M,A,B,z) ==
   12.69 -        \<forall>u[M]. u \<in> z <-> (\<exists>x[M]. x\<in>A & (\<exists>y[M]. y\<in>B & pair(M,x,y,u)))"
   12.70 +        \<forall>u[M]. u \<in> z \<longleftrightarrow> (\<exists>x[M]. x\<in>A & (\<exists>y[M]. y\<in>B & pair(M,x,y,u)))"
   12.71  
   12.72  definition
   12.73    is_sum :: "[i=>o,i,i,i] => o" where
   12.74 @@ -103,23 +103,23 @@
   12.75  definition
   12.76    is_converse :: "[i=>o,i,i] => o" where
   12.77      "is_converse(M,r,z) ==
   12.78 -        \<forall>x[M]. x \<in> z <->
   12.79 +        \<forall>x[M]. x \<in> z \<longleftrightarrow>
   12.80               (\<exists>w[M]. w\<in>r & (\<exists>u[M]. \<exists>v[M]. pair(M,u,v,w) & pair(M,v,u,x)))"
   12.81  
   12.82  definition
   12.83    pre_image :: "[i=>o,i,i,i] => o" where
   12.84      "pre_image(M,r,A,z) ==
   12.85 -        \<forall>x[M]. x \<in> z <-> (\<exists>w[M]. w\<in>r & (\<exists>y[M]. y\<in>A & pair(M,x,y,w)))"
   12.86 +        \<forall>x[M]. x \<in> z \<longleftrightarrow> (\<exists>w[M]. w\<in>r & (\<exists>y[M]. y\<in>A & pair(M,x,y,w)))"
   12.87  
   12.88  definition
   12.89    is_domain :: "[i=>o,i,i] => o" where
   12.90      "is_domain(M,r,z) ==
   12.91 -        \<forall>x[M]. x \<in> z <-> (\<exists>w[M]. w\<in>r & (\<exists>y[M]. pair(M,x,y,w)))"
   12.92 +        \<forall>x[M]. x \<in> z \<longleftrightarrow> (\<exists>w[M]. w\<in>r & (\<exists>y[M]. pair(M,x,y,w)))"
   12.93  
   12.94  definition
   12.95    image :: "[i=>o,i,i,i] => o" where
   12.96      "image(M,r,A,z) ==
   12.97 -        \<forall>y[M]. y \<in> z <-> (\<exists>w[M]. w\<in>r & (\<exists>x[M]. x\<in>A & pair(M,x,y,w)))"
   12.98 +        \<forall>y[M]. y \<in> z \<longleftrightarrow> (\<exists>w[M]. w\<in>r & (\<exists>x[M]. x\<in>A & pair(M,x,y,w)))"
   12.99  
  12.100  definition
  12.101    is_range :: "[i=>o,i,i] => o" where
  12.102 @@ -128,7 +128,7 @@
  12.103        unfortunately needs an instance of separation in order to prove
  12.104          @{term "M(converse(r))"}.*}
  12.105      "is_range(M,r,z) ==
  12.106 -        \<forall>y[M]. y \<in> z <-> (\<exists>w[M]. w\<in>r & (\<exists>x[M]. pair(M,x,y,w)))"
  12.107 +        \<forall>y[M]. y \<in> z \<longleftrightarrow> (\<exists>w[M]. w\<in>r & (\<exists>x[M]. pair(M,x,y,w)))"
  12.108  
  12.109  definition
  12.110    is_field :: "[i=>o,i,i] => o" where
  12.111 @@ -139,13 +139,13 @@
  12.112  definition
  12.113    is_relation :: "[i=>o,i] => o" where
  12.114      "is_relation(M,r) ==
  12.115 -        (\<forall>z[M]. z\<in>r --> (\<exists>x[M]. \<exists>y[M]. pair(M,x,y,z)))"
  12.116 +        (\<forall>z[M]. z\<in>r \<longrightarrow> (\<exists>x[M]. \<exists>y[M]. pair(M,x,y,z)))"
  12.117  
  12.118  definition
  12.119    is_function :: "[i=>o,i] => o" where
  12.120      "is_function(M,r) ==
  12.121          \<forall>x[M]. \<forall>y[M]. \<forall>y'[M]. \<forall>p[M]. \<forall>p'[M].
  12.122 -           pair(M,x,y,p) --> pair(M,x,y',p') --> p\<in>r --> p'\<in>r --> y=y'"
  12.123 +           pair(M,x,y,p) \<longrightarrow> pair(M,x,y',p') \<longrightarrow> p\<in>r \<longrightarrow> p'\<in>r \<longrightarrow> y=y'"
  12.124  
  12.125  definition
  12.126    fun_apply :: "[i=>o,i,i,i] => o" where
  12.127 @@ -157,17 +157,17 @@
  12.128    typed_function :: "[i=>o,i,i,i] => o" where
  12.129      "typed_function(M,A,B,r) ==
  12.130          is_function(M,r) & is_relation(M,r) & is_domain(M,r,A) &
  12.131 -        (\<forall>u[M]. u\<in>r --> (\<forall>x[M]. \<forall>y[M]. pair(M,x,y,u) --> y\<in>B))"
  12.132 +        (\<forall>u[M]. u\<in>r \<longrightarrow> (\<forall>x[M]. \<forall>y[M]. pair(M,x,y,u) \<longrightarrow> y\<in>B))"
  12.133  
  12.134  definition
  12.135    is_funspace :: "[i=>o,i,i,i] => o" where
  12.136      "is_funspace(M,A,B,F) ==
  12.137 -        \<forall>f[M]. f \<in> F <-> typed_function(M,A,B,f)"
  12.138 +        \<forall>f[M]. f \<in> F \<longleftrightarrow> typed_function(M,A,B,f)"
  12.139  
  12.140  definition
  12.141    composition :: "[i=>o,i,i,i] => o" where
  12.142      "composition(M,r,s,t) ==
  12.143 -        \<forall>p[M]. p \<in> t <->
  12.144 +        \<forall>p[M]. p \<in> t \<longleftrightarrow>
  12.145                 (\<exists>x[M]. \<exists>y[M]. \<exists>z[M]. \<exists>xy[M]. \<exists>yz[M].
  12.146                  pair(M,x,z,p) & pair(M,x,y,xy) & pair(M,y,z,yz) &
  12.147                  xy \<in> s & yz \<in> r)"
  12.148 @@ -177,13 +177,13 @@
  12.149      "injection(M,A,B,f) ==
  12.150          typed_function(M,A,B,f) &
  12.151          (\<forall>x[M]. \<forall>x'[M]. \<forall>y[M]. \<forall>p[M]. \<forall>p'[M].
  12.152 -          pair(M,x,y,p) --> pair(M,x',y,p') --> p\<in>f --> p'\<in>f --> x=x')"
  12.153 +          pair(M,x,y,p) \<longrightarrow> pair(M,x',y,p') \<longrightarrow> p\<in>f \<longrightarrow> p'\<in>f \<longrightarrow> x=x')"
  12.154  
  12.155  definition
  12.156    surjection :: "[i=>o,i,i,i] => o" where
  12.157      "surjection(M,A,B,f) ==
  12.158          typed_function(M,A,B,f) &
  12.159 -        (\<forall>y[M]. y\<in>B --> (\<exists>x[M]. x\<in>A & fun_apply(M,f,x,y)))"
  12.160 +        (\<forall>y[M]. y\<in>B \<longrightarrow> (\<exists>x[M]. x\<in>A & fun_apply(M,f,x,y)))"
  12.161  
  12.162  definition
  12.163    bijection :: "[i=>o,i,i,i] => o" where
  12.164 @@ -192,23 +192,23 @@
  12.165  definition
  12.166    restriction :: "[i=>o,i,i,i] => o" where
  12.167      "restriction(M,r,A,z) ==
  12.168 -        \<forall>x[M]. x \<in> z <-> (x \<in> r & (\<exists>u[M]. u\<in>A & (\<exists>v[M]. pair(M,u,v,x))))"
  12.169 +        \<forall>x[M]. x \<in> z \<longleftrightarrow> (x \<in> r & (\<exists>u[M]. u\<in>A & (\<exists>v[M]. pair(M,u,v,x))))"
  12.170  
  12.171  definition
  12.172    transitive_set :: "[i=>o,i] => o" where
  12.173 -    "transitive_set(M,a) == \<forall>x[M]. x\<in>a --> subset(M,x,a)"
  12.174 +    "transitive_set(M,a) == \<forall>x[M]. x\<in>a \<longrightarrow> subset(M,x,a)"
  12.175  
  12.176  definition
  12.177    ordinal :: "[i=>o,i] => o" where
  12.178       --{*an ordinal is a transitive set of transitive sets*}
  12.179 -    "ordinal(M,a) == transitive_set(M,a) & (\<forall>x[M]. x\<in>a --> transitive_set(M,x))"
  12.180 +    "ordinal(M,a) == transitive_set(M,a) & (\<forall>x[M]. x\<in>a \<longrightarrow> transitive_set(M,x))"
  12.181  
  12.182  definition
  12.183    limit_ordinal :: "[i=>o,i] => o" where
  12.184      --{*a limit ordinal is a non-empty, successor-closed ordinal*}
  12.185      "limit_ordinal(M,a) ==
  12.186          ordinal(M,a) & ~ empty(M,a) &
  12.187 -        (\<forall>x[M]. x\<in>a --> (\<exists>y[M]. y\<in>a & successor(M,x,y)))"
  12.188 +        (\<forall>x[M]. x\<in>a \<longrightarrow> (\<exists>y[M]. y\<in>a & successor(M,x,y)))"
  12.189  
  12.190  definition
  12.191    successor_ordinal :: "[i=>o,i] => o" where
  12.192 @@ -221,12 +221,12 @@
  12.193      --{*an ordinal is finite if neither it nor any of its elements are limit*}
  12.194      "finite_ordinal(M,a) ==
  12.195          ordinal(M,a) & ~ limit_ordinal(M,a) &
  12.196 -        (\<forall>x[M]. x\<in>a --> ~ limit_ordinal(M,x))"
  12.197 +        (\<forall>x[M]. x\<in>a \<longrightarrow> ~ limit_ordinal(M,x))"
  12.198  
  12.199  definition
  12.200    omega :: "[i=>o,i] => o" where
  12.201      --{*omega is a limit ordinal none of whose elements are limit*}
  12.202 -    "omega(M,a) == limit_ordinal(M,a) & (\<forall>x[M]. x\<in>a --> ~ limit_ordinal(M,x))"
  12.203 +    "omega(M,a) == limit_ordinal(M,a) & (\<forall>x[M]. x\<in>a \<longrightarrow> ~ limit_ordinal(M,x))"
  12.204  
  12.205  definition
  12.206    is_quasinat :: "[i=>o,i] => o" where
  12.207 @@ -235,44 +235,44 @@
  12.208  definition
  12.209    is_nat_case :: "[i=>o, i, [i,i]=>o, i, i] => o" where
  12.210      "is_nat_case(M, a, is_b, k, z) ==
  12.211 -       (empty(M,k) --> z=a) &
  12.212 -       (\<forall>m[M]. successor(M,m,k) --> is_b(m,z)) &
  12.213 +       (empty(M,k) \<longrightarrow> z=a) &
  12.214 +       (\<forall>m[M]. successor(M,m,k) \<longrightarrow> is_b(m,z)) &
  12.215         (is_quasinat(M,k) | empty(M,z))"
  12.216  
  12.217  definition
  12.218    relation1 :: "[i=>o, [i,i]=>o, i=>i] => o" where
  12.219 -    "relation1(M,is_f,f) == \<forall>x[M]. \<forall>y[M]. is_f(x,y) <-> y = f(x)"
  12.220 +    "relation1(M,is_f,f) == \<forall>x[M]. \<forall>y[M]. is_f(x,y) \<longleftrightarrow> y = f(x)"
  12.221  
  12.222  definition
  12.223    Relation1 :: "[i=>o, i, [i,i]=>o, i=>i] => o" where
  12.224      --{*as above, but typed*}
  12.225      "Relation1(M,A,is_f,f) ==
  12.226 -        \<forall>x[M]. \<forall>y[M]. x\<in>A --> is_f(x,y) <-> y = f(x)"
  12.227 +        \<forall>x[M]. \<forall>y[M]. x\<in>A \<longrightarrow> is_f(x,y) \<longleftrightarrow> y = f(x)"
  12.228  
  12.229  definition
  12.230    relation2 :: "[i=>o, [i,i,i]=>o, [i,i]=>i] => o" where
  12.231 -    "relation2(M,is_f,f) == \<forall>x[M]. \<forall>y[M]. \<forall>z[M]. is_f(x,y,z) <-> z = f(x,y)"
  12.232 +    "relation2(M,is_f,f) == \<forall>x[M]. \<forall>y[M]. \<forall>z[M]. is_f(x,y,z) \<longleftrightarrow> z = f(x,y)"
  12.233  
  12.234  definition
  12.235    Relation2 :: "[i=>o, i, i, [i,i,i]=>o, [i,i]=>i] => o" where
  12.236      "Relation2(M,A,B,is_f,f) ==
  12.237 -        \<forall>x[M]. \<forall>y[M]. \<forall>z[M]. x\<in>A --> y\<in>B --> is_f(x,y,z) <-> z = f(x,y)"
  12.238 +        \<forall>x[M]. \<forall>y[M]. \<forall>z[M]. x\<in>A \<longrightarrow> y\<in>B \<longrightarrow> is_f(x,y,z) \<longleftrightarrow> z = f(x,y)"
  12.239  
  12.240  definition
  12.241    relation3 :: "[i=>o, [i,i,i,i]=>o, [i,i,i]=>i] => o" where
  12.242      "relation3(M,is_f,f) ==
  12.243 -       \<forall>x[M]. \<forall>y[M]. \<forall>z[M]. \<forall>u[M]. is_f(x,y,z,u) <-> u = f(x,y,z)"
  12.244 +       \<forall>x[M]. \<forall>y[M]. \<forall>z[M]. \<forall>u[M]. is_f(x,y,z,u) \<longleftrightarrow> u = f(x,y,z)"
  12.245  
  12.246  definition
  12.247    Relation3 :: "[i=>o, i, i, i, [i,i,i,i]=>o, [i,i,i]=>i] => o" where
  12.248      "Relation3(M,A,B,C,is_f,f) ==
  12.249         \<forall>x[M]. \<forall>y[M]. \<forall>z[M]. \<forall>u[M].
  12.250 -         x\<in>A --> y\<in>B --> z\<in>C --> is_f(x,y,z,u) <-> u = f(x,y,z)"
  12.251 +         x\<in>A \<longrightarrow> y\<in>B \<longrightarrow> z\<in>C \<longrightarrow> is_f(x,y,z,u) \<longleftrightarrow> u = f(x,y,z)"
  12.252  
  12.253  definition
  12.254    relation4 :: "[i=>o, [i,i,i,i,i]=>o, [i,i,i,i]=>i] => o" where
  12.255      "relation4(M,is_f,f) ==
  12.256 -       \<forall>u[M]. \<forall>x[M]. \<forall>y[M]. \<forall>z[M]. \<forall>a[M]. is_f(u,x,y,z,a) <-> a = f(u,x,y,z)"
  12.257 +       \<forall>u[M]. \<forall>x[M]. \<forall>y[M]. \<forall>z[M]. \<forall>a[M]. is_f(u,x,y,z,a) \<longleftrightarrow> a = f(u,x,y,z)"
  12.258  
  12.259  
  12.260  text{*Useful when absoluteness reasoning has replaced the predicates by terms*}
  12.261 @@ -290,7 +290,7 @@
  12.262  definition
  12.263    extensionality :: "(i=>o) => o" where
  12.264      "extensionality(M) ==
  12.265 -        \<forall>x[M]. \<forall>y[M]. (\<forall>z[M]. z \<in> x <-> z \<in> y) --> x=y"
  12.266 +        \<forall>x[M]. \<forall>y[M]. (\<forall>z[M]. z \<in> x \<longleftrightarrow> z \<in> y) \<longrightarrow> x=y"
  12.267  
  12.268  definition
  12.269    separation :: "[i=>o, i=>o] => o" where
  12.270 @@ -299,7 +299,7 @@
  12.271          to @{text M}.  We do not have separation as a scheme; every instance
  12.272          that we need must be assumed (and later proved) separately.*}
  12.273      "separation(M,P) ==
  12.274 -        \<forall>z[M]. \<exists>y[M]. \<forall>x[M]. x \<in> y <-> x \<in> z & P(x)"
  12.275 +        \<forall>z[M]. \<exists>y[M]. \<forall>x[M]. x \<in> y \<longleftrightarrow> x \<in> z & P(x)"
  12.276  
  12.277  definition
  12.278    upair_ax :: "(i=>o) => o" where
  12.279 @@ -316,24 +316,24 @@
  12.280  definition
  12.281    univalent :: "[i=>o, i, [i,i]=>o] => o" where
  12.282      "univalent(M,A,P) ==
  12.283 -        \<forall>x[M]. x\<in>A --> (\<forall>y[M]. \<forall>z[M]. P(x,y) & P(x,z) --> y=z)"
  12.284 +        \<forall>x[M]. x\<in>A \<longrightarrow> (\<forall>y[M]. \<forall>z[M]. P(x,y) & P(x,z) \<longrightarrow> y=z)"
  12.285  
  12.286  definition
  12.287    replacement :: "[i=>o, [i,i]=>o] => o" where
  12.288      "replacement(M,P) ==
  12.289 -      \<forall>A[M]. univalent(M,A,P) -->
  12.290 -      (\<exists>Y[M]. \<forall>b[M]. (\<exists>x[M]. x\<in>A & P(x,b)) --> b \<in> Y)"
  12.291 +      \<forall>A[M]. univalent(M,A,P) \<longrightarrow>
  12.292 +      (\<exists>Y[M]. \<forall>b[M]. (\<exists>x[M]. x\<in>A & P(x,b)) \<longrightarrow> b \<in> Y)"
  12.293  
  12.294  definition
  12.295    strong_replacement :: "[i=>o, [i,i]=>o] => o" where
  12.296      "strong_replacement(M,P) ==
  12.297 -      \<forall>A[M]. univalent(M,A,P) -->
  12.298 -      (\<exists>Y[M]. \<forall>b[M]. b \<in> Y <-> (\<exists>x[M]. x\<in>A & P(x,b)))"
  12.299 +      \<forall>A[M]. univalent(M,A,P) \<longrightarrow>
  12.300 +      (\<exists>Y[M]. \<forall>b[M]. b \<in> Y \<longleftrightarrow> (\<exists>x[M]. x\<in>A & P(x,b)))"
  12.301  
  12.302  definition
  12.303    foundation_ax :: "(i=>o) => o" where
  12.304      "foundation_ax(M) ==
  12.305 -        \<forall>x[M]. (\<exists>y[M]. y\<in>x) --> (\<exists>y[M]. y\<in>x & ~(\<exists>z[M]. z\<in>x & z \<in> y))"
  12.306 +        \<forall>x[M]. (\<exists>y[M]. y\<in>x) \<longrightarrow> (\<exists>y[M]. y\<in>x & ~(\<exists>z[M]. z\<in>x & z \<in> y))"
  12.307  
  12.308  
  12.309  subsection{*A trivial consistency proof for $V_\omega$ *}
  12.310 @@ -348,22 +348,22 @@
  12.311  done
  12.312  
  12.313  lemma univ0_Ball_abs [simp]:
  12.314 -     "A \<in> univ(0) ==> (\<forall>x\<in>A. x \<in> univ(0) --> P(x)) <-> (\<forall>x\<in>A. P(x))"
  12.315 +     "A \<in> univ(0) ==> (\<forall>x\<in>A. x \<in> univ(0) \<longrightarrow> P(x)) \<longleftrightarrow> (\<forall>x\<in>A. P(x))"
  12.316  by (blast intro: univ0_downwards_mem)
  12.317  
  12.318  lemma univ0_Bex_abs [simp]:
  12.319 -     "A \<in> univ(0) ==> (\<exists>x\<in>A. x \<in> univ(0) & P(x)) <-> (\<exists>x\<in>A. P(x))"
  12.320 +     "A \<in> univ(0) ==> (\<exists>x\<in>A. x \<in> univ(0) & P(x)) \<longleftrightarrow> (\<exists>x\<in>A. P(x))"
  12.321  by (blast intro: univ0_downwards_mem)
  12.322  
  12.323  text{*Congruence rule for separation: can assume the variable is in @{text M}*}
  12.324  lemma separation_cong [cong]:
  12.325 -     "(!!x. M(x) ==> P(x) <-> P'(x))
  12.326 -      ==> separation(M, %x. P(x)) <-> separation(M, %x. P'(x))"
  12.327 +     "(!!x. M(x) ==> P(x) \<longleftrightarrow> P'(x))
  12.328 +      ==> separation(M, %x. P(x)) \<longleftrightarrow> separation(M, %x. P'(x))"
  12.329  by (simp add: separation_def)
  12.330  
  12.331  lemma univalent_cong [cong]:
  12.332 -     "[| A=A'; !!x y. [| x\<in>A; M(x); M(y) |] ==> P(x,y) <-> P'(x,y) |]
  12.333 -      ==> univalent(M, A, %x y. P(x,y)) <-> univalent(M, A', %x y. P'(x,y))"
  12.334 +     "[| A=A'; !!x y. [| x\<in>A; M(x); M(y) |] ==> P(x,y) \<longleftrightarrow> P'(x,y) |]
  12.335 +      ==> univalent(M, A, %x y. P(x,y)) \<longleftrightarrow> univalent(M, A', %x y. P'(x,y))"
  12.336  by (simp add: univalent_def)
  12.337  
  12.338  lemma univalent_triv [intro,simp]:
  12.339 @@ -376,8 +376,8 @@
  12.340  
  12.341  text{*Congruence rule for replacement*}
  12.342  lemma strong_replacement_cong [cong]:
  12.343 -     "[| !!x y. [| M(x); M(y) |] ==> P(x,y) <-> P'(x,y) |]
  12.344 -      ==> strong_replacement(M, %x y. P(x,y)) <->
  12.345 +     "[| !!x y. [| M(x); M(y) |] ==> P(x,y) \<longleftrightarrow> P'(x,y) |]
  12.346 +      ==> strong_replacement(M, %x y. P(x,y)) \<longleftrightarrow>
  12.347            strong_replacement(M, %x y. P'(x,y))"
  12.348  by (simp add: strong_replacement_def)
  12.349  
  12.350 @@ -457,13 +457,13 @@
  12.351  subsection{*Lemmas Needed to Reduce Some Set Constructions to Instances
  12.352        of Separation*}
  12.353  
  12.354 -lemma image_iff_Collect: "r `` A = {y \<in> Union(Union(r)). \<exists>p\<in>r. \<exists>x\<in>A. p=<x,y>}"
  12.355 +lemma image_iff_Collect: "r `` A = {y \<in> \<Union>(\<Union>(r)). \<exists>p\<in>r. \<exists>x\<in>A. p=<x,y>}"
  12.356  apply (rule equalityI, auto)
  12.357  apply (simp add: Pair_def, blast)
  12.358  done
  12.359  
  12.360  lemma vimage_iff_Collect:
  12.361 -     "r -`` A = {x \<in> Union(Union(r)). \<exists>p\<in>r. \<exists>y\<in>A. p=<x,y>}"
  12.362 +     "r -`` A = {x \<in> \<Union>(\<Union>(r)). \<exists>p\<in>r. \<exists>y\<in>A. p=<x,y>}"
  12.363  apply (rule equalityI, auto)
  12.364  apply (simp add: Pair_def, blast)
  12.365  done
  12.366 @@ -485,16 +485,16 @@
  12.367  
  12.368  lemma replacementD:
  12.369      "[| replacement(M,P); M(A);  univalent(M,A,P) |]
  12.370 -     ==> \<exists>Y[M]. (\<forall>b[M]. ((\<exists>x[M]. x\<in>A & P(x,b)) --> b \<in> Y))"
  12.371 +     ==> \<exists>Y[M]. (\<forall>b[M]. ((\<exists>x[M]. x\<in>A & P(x,b)) \<longrightarrow> b \<in> Y))"
  12.372  by (simp add: replacement_def)
  12.373  
  12.374  lemma strong_replacementD:
  12.375      "[| strong_replacement(M,P); M(A);  univalent(M,A,P) |]
  12.376 -     ==> \<exists>Y[M]. (\<forall>b[M]. (b \<in> Y <-> (\<exists>x[M]. x\<in>A & P(x,b))))"
  12.377 +     ==> \<exists>Y[M]. (\<forall>b[M]. (b \<in> Y \<longleftrightarrow> (\<exists>x[M]. x\<in>A & P(x,b))))"
  12.378  by (simp add: strong_replacement_def)
  12.379  
  12.380  lemma separationD:
  12.381 -    "[| separation(M,P); M(z) |] ==> \<exists>y[M]. \<forall>x[M]. x \<in> y <-> x \<in> z & P(x)"
  12.382 +    "[| separation(M,P); M(z) |] ==> \<exists>y[M]. \<forall>x[M]. x \<in> y \<longleftrightarrow> x \<in> z & P(x)"
  12.383  by (simp add: separation_def)
  12.384  
  12.385  
  12.386 @@ -504,20 +504,20 @@
  12.387    order_isomorphism :: "[i=>o,i,i,i,i,i] => o" where
  12.388      "order_isomorphism(M,A,r,B,s,f) ==
  12.389          bijection(M,A,B,f) &
  12.390 -        (\<forall>x[M]. x\<in>A --> (\<forall>y[M]. y\<in>A -->
  12.391 +        (\<forall>x[M]. x\<in>A \<longrightarrow> (\<forall>y[M]. y\<in>A \<longrightarrow>
  12.392            (\<forall>p[M]. \<forall>fx[M]. \<forall>fy[M]. \<forall>q[M].
  12.393 -            pair(M,x,y,p) --> fun_apply(M,f,x,fx) --> fun_apply(M,f,y,fy) -->
  12.394 -            pair(M,fx,fy,q) --> (p\<in>r <-> q\<in>s))))"
  12.395 +            pair(M,x,y,p) \<longrightarrow> fun_apply(M,f,x,fx) \<longrightarrow> fun_apply(M,f,y,fy) \<longrightarrow>
  12.396 +            pair(M,fx,fy,q) \<longrightarrow> (p\<in>r \<longleftrightarrow> q\<in>s))))"
  12.397  
  12.398  definition
  12.399    pred_set :: "[i=>o,i,i,i,i] => o" where
  12.400      "pred_set(M,A,x,r,B) ==
  12.401 -        \<forall>y[M]. y \<in> B <-> (\<exists>p[M]. p\<in>r & y \<in> A & pair(M,y,x,p))"
  12.402 +        \<forall>y[M]. y \<in> B \<longleftrightarrow> (\<exists>p[M]. p\<in>r & y \<in> A & pair(M,y,x,p))"
  12.403  
  12.404  definition
  12.405    membership :: "[i=>o,i,i] => o" where --{*membership relation*}
  12.406      "membership(M,A,r) ==
  12.407 -        \<forall>p[M]. p \<in> r <-> (\<exists>x[M]. x\<in>A & (\<exists>y[M]. y\<in>A & x\<in>y & pair(M,x,y,p)))"
  12.408 +        \<forall>p[M]. p \<in> r \<longleftrightarrow> (\<exists>x[M]. x\<in>A & (\<exists>y[M]. y\<in>A & x\<in>y & pair(M,x,y,p)))"
  12.409  
  12.410  
  12.411  subsection{*Introducing a Transitive Class Model*}
  12.412 @@ -540,65 +540,65 @@
  12.413  by (blast intro: transM)
  12.414  
  12.415  lemma (in M_trivial) rall_abs [simp]:
  12.416 -     "M(A) ==> (\<forall>x[M]. x\<in>A --> P(x)) <-> (\<forall>x\<in>A. P(x))"
  12.417 +     "M(A) ==> (\<forall>x[M]. x\<in>A \<longrightarrow> P(x)) \<longleftrightarrow> (\<forall>x\<in>A. P(x))"
  12.418  by (blast intro: transM)
  12.419  
  12.420  lemma (in M_trivial) rex_abs [simp]:
  12.421 -     "M(A) ==> (\<exists>x[M]. x\<in>A & P(x)) <-> (\<exists>x\<in>A. P(x))"
  12.422 +     "M(A) ==> (\<exists>x[M]. x\<in>A & P(x)) \<longleftrightarrow> (\<exists>x\<in>A. P(x))"
  12.423  by (blast intro: transM)
  12.424  
  12.425  lemma (in M_trivial) ball_iff_equiv:
  12.426 -     "M(A) ==> (\<forall>x[M]. (x\<in>A <-> P(x))) <->
  12.427 -               (\<forall>x\<in>A. P(x)) & (\<forall>x. P(x) --> M(x) --> x\<in>A)"
  12.428 +     "M(A) ==> (\<forall>x[M]. (x\<in>A \<longleftrightarrow> P(x))) \<longleftrightarrow>
  12.429 +               (\<forall>x\<in>A. P(x)) & (\<forall>x. P(x) \<longrightarrow> M(x) \<longrightarrow> x\<in>A)"
  12.430  by (blast intro: transM)
  12.431  
  12.432  text{*Simplifies proofs of equalities when there's an iff-equality
  12.433 -      available for rewriting, universally quantified over M.  
  12.434 +      available for rewriting, universally quantified over M.
  12.435        But it's not the only way to prove such equalities: its
  12.436        premises @{term "M(A)"} and  @{term "M(B)"} can be too strong.*}
  12.437  lemma (in M_trivial) M_equalityI:
  12.438 -     "[| !!x. M(x) ==> x\<in>A <-> x\<in>B; M(A); M(B) |] ==> A=B"
  12.439 +     "[| !!x. M(x) ==> x\<in>A \<longleftrightarrow> x\<in>B; M(A); M(B) |] ==> A=B"
  12.440  by (blast intro!: equalityI dest: transM)
  12.441  
  12.442  
  12.443  subsubsection{*Trivial Absoluteness Proofs: Empty Set, Pairs, etc.*}
  12.444  
  12.445  lemma (in M_trivial) empty_abs [simp]:
  12.446 -     "M(z) ==> empty(M,z) <-> z=0"
  12.447 +     "M(z) ==> empty(M,z) \<longleftrightarrow> z=0"
  12.448  apply (simp add: empty_def)
  12.449  apply (blast intro: transM)
  12.450  done
  12.451  
  12.452  lemma (in M_trivial) subset_abs [simp]:
  12.453 -     "M(A) ==> subset(M,A,B) <-> A \<subseteq> B"
  12.454 +     "M(A) ==> subset(M,A,B) \<longleftrightarrow> A \<subseteq> B"
  12.455  apply (simp add: subset_def)
  12.456  apply (blast intro: transM)
  12.457  done
  12.458  
  12.459  lemma (in M_trivial) upair_abs [simp]:
  12.460 -     "M(z) ==> upair(M,a,b,z) <-> z={a,b}"
  12.461 +     "M(z) ==> upair(M,a,b,z) \<longleftrightarrow> z={a,b}"
  12.462  apply (simp add: upair_def)
  12.463  apply (blast intro: transM)
  12.464  done
  12.465  
  12.466  lemma (in M_trivial) upair_in_M_iff [iff]:
  12.467 -     "M({a,b}) <-> M(a) & M(b)"
  12.468 +     "M({a,b}) \<longleftrightarrow> M(a) & M(b)"
  12.469  apply (insert upair_ax, simp add: upair_ax_def)
  12.470  apply (blast intro: transM)
  12.471  done
  12.472  
  12.473  lemma (in M_trivial) singleton_in_M_iff [iff]:
  12.474 -     "M({a}) <-> M(a)"
  12.475 +     "M({a}) \<longleftrightarrow> M(a)"
  12.476  by (insert upair_in_M_iff [of a a], simp)
  12.477  
  12.478  lemma (in M_trivial) pair_abs [simp]:
  12.479 -     "M(z) ==> pair(M,a,b,z) <-> z=<a,b>"
  12.480 +     "M(z) ==> pair(M,a,b,z) \<longleftrightarrow> z=<a,b>"
  12.481  apply (simp add: pair_def ZF.Pair_def)
  12.482  apply (blast intro: transM)
  12.483  done
  12.484  
  12.485  lemma (in M_trivial) pair_in_M_iff [iff]:
  12.486 -     "M(<a,b>) <-> M(a) & M(b)"
  12.487 +     "M(<a,b>) \<longleftrightarrow> M(a) & M(b)"
  12.488  by (simp add: ZF.Pair_def)
  12.489  
  12.490  lemma (in M_trivial) pair_components_in_M:
  12.491 @@ -608,7 +608,7 @@
  12.492  done
  12.493  
  12.494  lemma (in M_trivial) cartprod_abs [simp]:
  12.495 -     "[| M(A); M(B); M(z) |] ==> cartprod(M,A,B,z) <-> z = A*B"
  12.496 +     "[| M(A); M(B); M(z) |] ==> cartprod(M,A,B,z) \<longleftrightarrow> z = A*B"
  12.497  apply (simp add: cartprod_def)
  12.498  apply (rule iffI)
  12.499   apply (blast intro!: equalityI intro: transM dest!: rspec)
  12.500 @@ -618,35 +618,35 @@
  12.501  subsubsection{*Absoluteness for Unions and Intersections*}
  12.502  
  12.503  lemma (in M_trivial) union_abs [simp]:
  12.504 -     "[| M(a); M(b); M(z) |] ==> union(M,a,b,z) <-> z = a Un b"
  12.505 +     "[| M(a); M(b); M(z) |] ==> union(M,a,b,z) \<longleftrightarrow> z = a \<union> b"
  12.506  apply (simp add: union_def)
  12.507  apply (blast intro: transM)
  12.508  done
  12.509  
  12.510  lemma (in M_trivial) inter_abs [simp]:
  12.511 -     "[| M(a); M(b); M(z) |] ==> inter(M,a,b,z) <-> z = a Int b"
  12.512 +     "[| M(a); M(b); M(z) |] ==> inter(M,a,b,z) \<longleftrightarrow> z = a \<inter> b"
  12.513  apply (simp add: inter_def)
  12.514  apply (blast intro: transM)
  12.515  done
  12.516  
  12.517  lemma (in M_trivial) setdiff_abs [simp]:
  12.518 -     "[| M(a); M(b); M(z) |] ==> setdiff(M,a,b,z) <-> z = a-b"
  12.519 +     "[| M(a); M(b); M(z) |] ==> setdiff(M,a,b,z) \<longleftrightarrow> z = a-b"
  12.520  apply (simp add: setdiff_def)
  12.521  apply (blast intro: transM)
  12.522  done
  12.523  
  12.524  lemma (in M_trivial) Union_abs [simp]:
  12.525 -     "[| M(A); M(z) |] ==> big_union(M,A,z) <-> z = Union(A)"
  12.526 +     "[| M(A); M(z) |] ==> big_union(M,A,z) \<longleftrightarrow> z = \<Union>(A)"
  12.527  apply (simp add: big_union_def)
  12.528  apply (blast intro!: equalityI dest: transM)
  12.529  done
  12.530  
  12.531  lemma (in M_trivial) Union_closed [intro,simp]:
  12.532 -     "M(A) ==> M(Union(A))"
  12.533 +     "M(A) ==> M(\<Union>(A))"
  12.534  by (insert Union_ax, simp add: Union_ax_def)
  12.535  
  12.536  lemma (in M_trivial) Un_closed [intro,simp]:
  12.537 -     "[| M(A); M(B) |] ==> M(A Un B)"
  12.538 +     "[| M(A); M(B) |] ==> M(A \<union> B)"
  12.539  by (simp only: Un_eq_Union, blast)
  12.540  
  12.541  lemma (in M_trivial) cons_closed [intro,simp]:
  12.542 @@ -654,15 +654,15 @@
  12.543  by (subst cons_eq [symmetric], blast)
  12.544  
  12.545  lemma (in M_trivial) cons_abs [simp]:
  12.546 -     "[| M(b); M(z) |] ==> is_cons(M,a,b,z) <-> z = cons(a,b)"
  12.547 +     "[| M(b); M(z) |] ==> is_cons(M,a,b,z) \<longleftrightarrow> z = cons(a,b)"
  12.548  by (simp add: is_cons_def, blast intro: transM)
  12.549  
  12.550  lemma (in M_trivial) successor_abs [simp]:
  12.551 -     "[| M(a); M(z) |] ==> successor(M,a,z) <-> z = succ(a)"
  12.552 +     "[| M(a); M(z) |] ==> successor(M,a,z) \<longleftrightarrow> z = succ(a)"
  12.553  by (simp add: successor_def, blast)
  12.554  
  12.555  lemma (in M_trivial) succ_in_M_iff [iff]:
  12.556 -     "M(succ(a)) <-> M(a)"
  12.557 +     "M(succ(a)) \<longleftrightarrow> M(a)"
  12.558  apply (simp add: succ_def)
  12.559  apply (blast intro: transM)
  12.560  done
  12.561 @@ -678,11 +678,11 @@
  12.562  done
  12.563  
  12.564  lemma separation_iff:
  12.565 -     "separation(M,P) <-> (\<forall>z[M]. \<exists>y[M]. is_Collect(M,z,P,y))"
  12.566 +     "separation(M,P) \<longleftrightarrow> (\<forall>z[M]. \<exists>y[M]. is_Collect(M,z,P,y))"
  12.567  by (simp add: separation_def is_Collect_def)
  12.568  
  12.569  lemma (in M_trivial) Collect_abs [simp]:
  12.570 -     "[| M(A); M(z) |] ==> is_Collect(M,A,P,z) <-> z = Collect(A,P)"
  12.571 +     "[| M(A); M(z) |] ==> is_Collect(M,A,P,z) \<longleftrightarrow> z = Collect(A,P)"
  12.572  apply (simp add: is_Collect_def)
  12.573  apply (blast intro!: equalityI dest: transM)
  12.574  done
  12.575 @@ -703,16 +703,16 @@
  12.576  
  12.577  lemma is_Replace_cong [cong]:
  12.578       "[| A=A';
  12.579 -         !!x y. [| M(x); M(y) |] ==> P(x,y) <-> P'(x,y);
  12.580 +         !!x y. [| M(x); M(y) |] ==> P(x,y) \<longleftrightarrow> P'(x,y);
  12.581           z=z' |]
  12.582 -      ==> is_Replace(M, A, %x y. P(x,y), z) <->
  12.583 +      ==> is_Replace(M, A, %x y. P(x,y), z) \<longleftrightarrow>
  12.584            is_Replace(M, A', %x y. P'(x,y), z')"
  12.585  by (simp add: is_Replace_def)
  12.586  
  12.587  lemma (in M_trivial) univalent_Replace_iff:
  12.588       "[| M(A); univalent(M,A,P);
  12.589           !!x y. [| x\<in>A; P(x,y) |] ==> M(y) |]
  12.590 -      ==> u \<in> Replace(A,P) <-> (\<exists>x. x\<in>A & P(x,u))"
  12.591 +      ==> u \<in> Replace(A,P) \<longleftrightarrow> (\<exists>x. x\<in>A & P(x,u))"
  12.592  apply (simp add: Replace_iff univalent_def)
  12.593  apply (blast dest: transM)
  12.594  done
  12.595 @@ -731,13 +731,13 @@
  12.596  done
  12.597  
  12.598  lemma (in M_trivial) Replace_abs:
  12.599 -     "[| M(A); M(z); univalent(M,A,P); 
  12.600 +     "[| M(A); M(z); univalent(M,A,P);
  12.601           !!x y. [| x\<in>A; P(x,y) |] ==> M(y)  |]
  12.602 -      ==> is_Replace(M,A,P,z) <-> z = Replace(A,P)"
  12.603 +      ==> is_Replace(M,A,P,z) \<longleftrightarrow> z = Replace(A,P)"
  12.604  apply (simp add: is_Replace_def)
  12.605  apply (rule iffI)
  12.606   apply (rule equality_iffI)
  12.607 - apply (simp_all add: univalent_Replace_iff) 
  12.608 + apply (simp_all add: univalent_Replace_iff)
  12.609   apply (blast dest: transM)+
  12.610  done
  12.611  
  12.612 @@ -747,7 +747,7 @@
  12.613    Let K be a nonconstructible subset of nat and define
  12.614    f(x) = x if x:K and f(x)=0 otherwise.  Then RepFun(nat,f) = cons(0,K), a
  12.615    nonconstructible set.  So we cannot assume that M(X) implies M(RepFun(X,f))
  12.616 -  even for f : M -> M.
  12.617 +  even for f \<in> M -> M.
  12.618  *)
  12.619  lemma (in M_trivial) RepFun_closed:
  12.620       "[| strong_replacement(M, \<lambda>x y. y = f(x)); M(A); \<forall>x\<in>A. M(f(x)) |]
  12.621 @@ -775,7 +775,7 @@
  12.622  definition
  12.623   is_lambda :: "[i=>o, i, [i,i]=>o, i] => o" where
  12.624      "is_lambda(M, A, is_b, z) ==
  12.625 -       \<forall>p[M]. p \<in> z <->
  12.626 +       \<forall>p[M]. p \<in> z \<longleftrightarrow>
  12.627          (\<exists>u[M]. \<exists>v[M]. u\<in>A & pair(M,u,v,p) & is_b(u,v))"
  12.628  
  12.629  lemma (in M_trivial) lam_closed:
  12.630 @@ -786,33 +786,33 @@
  12.631  text{*Better than @{text lam_closed}: has the formula @{term "x\<in>A"}*}
  12.632  lemma (in M_trivial) lam_closed2:
  12.633    "[|strong_replacement(M, \<lambda>x y. x\<in>A & y = \<langle>x, b(x)\<rangle>);
  12.634 -     M(A); \<forall>m[M]. m\<in>A --> M(b(m))|] ==> M(Lambda(A,b))"
  12.635 +     M(A); \<forall>m[M]. m\<in>A \<longrightarrow> M(b(m))|] ==> M(Lambda(A,b))"
  12.636  apply (simp add: lam_def)
  12.637  apply (blast intro: RepFun_closed2 dest: transM)
  12.638  done
  12.639  
  12.640  lemma (in M_trivial) lambda_abs2:
  12.641 -     "[| Relation1(M,A,is_b,b); M(A); \<forall>m[M]. m\<in>A --> M(b(m)); M(z) |]
  12.642 -      ==> is_lambda(M,A,is_b,z) <-> z = Lambda(A,b)"
  12.643 +     "[| Relation1(M,A,is_b,b); M(A); \<forall>m[M]. m\<in>A \<longrightarrow> M(b(m)); M(z) |]
  12.644 +      ==> is_lambda(M,A,is_b,z) \<longleftrightarrow> z = Lambda(A,b)"
  12.645  apply (simp add: Relation1_def is_lambda_def)
  12.646  apply (rule iffI)
  12.647   prefer 2 apply (simp add: lam_def)
  12.648  apply (rule equality_iffI)
  12.649 -apply (simp add: lam_def) 
  12.650 -apply (rule iffI) 
  12.651 - apply (blast dest: transM) 
  12.652 -apply (auto simp add: transM [of _ A]) 
  12.653 +apply (simp add: lam_def)
  12.654 +apply (rule iffI)
  12.655 + apply (blast dest: transM)
  12.656 +apply (auto simp add: transM [of _ A])
  12.657  done
  12.658  
  12.659  lemma is_lambda_cong [cong]:
  12.660       "[| A=A';  z=z';
  12.661 -         !!x y. [| x\<in>A; M(x); M(y) |] ==> is_b(x,y) <-> is_b'(x,y) |]
  12.662 -      ==> is_lambda(M, A, %x y. is_b(x,y), z) <->
  12.663 +         !!x y. [| x\<in>A; M(x); M(y) |] ==> is_b(x,y) \<longleftrightarrow> is_b'(x,y) |]
  12.664 +      ==> is_lambda(M, A, %x y. is_b(x,y), z) \<longleftrightarrow>
  12.665            is_lambda(M, A', %x y. is_b'(x,y), z')"
  12.666  by (simp add: is_lambda_def)
  12.667  
  12.668  lemma (in M_trivial) image_abs [simp]:
  12.669 -     "[| M(r); M(A); M(z) |] ==> image(M,r,A,z) <-> z = r``A"
  12.670 +     "[| M(r); M(A); M(z) |] ==> image(M,r,A,z) \<longleftrightarrow> z = r``A"
  12.671  apply (simp add: image_def)
  12.672  apply (rule iffI)
  12.673   apply (blast intro!: equalityI dest: transM, blast)
  12.674 @@ -828,7 +828,7 @@
  12.675  text{*But we can't prove that the powerset in @{text M} includes the
  12.676        real powerset.*}
  12.677  lemma (in M_trivial) powerset_imp_subset_Pow:
  12.678 -     "[| powerset(M,x,y); M(y) |] ==> y <= Pow(x)"
  12.679 +     "[| powerset(M,x,y); M(y) |] ==> y \<subseteq> Pow(x)"
  12.680  apply (simp add: powerset_def)
  12.681  apply (blast dest: transM)
  12.682  done
  12.683 @@ -847,12 +847,12 @@
  12.684  done
  12.685  
  12.686  lemma (in M_trivial) quasinat_abs [simp]:
  12.687 -     "M(z) ==> is_quasinat(M,z) <-> quasinat(z)"
  12.688 +     "M(z) ==> is_quasinat(M,z) \<longleftrightarrow> quasinat(z)"
  12.689  by (auto simp add: is_quasinat_def quasinat_def)
  12.690  
  12.691  lemma (in M_trivial) nat_case_abs [simp]:
  12.692       "[| relation1(M,is_b,b); M(k); M(z) |]
  12.693 -      ==> is_nat_case(M,a,is_b,k,z) <-> z = nat_case(a,b,k)"
  12.694 +      ==> is_nat_case(M,a,is_b,k,z) \<longleftrightarrow> z = nat_case(a,b,k)"
  12.695  apply (case_tac "quasinat(k)")
  12.696   prefer 2
  12.697   apply (simp add: is_nat_case_def non_nat_case)
  12.698 @@ -867,8 +867,8 @@
  12.699    is_nat_case by nat_case before attempting congruence reasoning.*)
  12.700  lemma is_nat_case_cong:
  12.701       "[| a = a'; k = k';  z = z';  M(z');
  12.702 -       !!x y. [| M(x); M(y) |] ==> is_b(x,y) <-> is_b'(x,y) |]
  12.703 -      ==> is_nat_case(M, a, is_b, k, z) <-> is_nat_case(M, a', is_b', k', z')"
  12.704 +       !!x y. [| M(x); M(y) |] ==> is_b(x,y) \<longleftrightarrow> is_b'(x,y) |]
  12.705 +      ==> is_nat_case(M, a, is_b, k, z) \<longleftrightarrow> is_nat_case(M, a', is_b', k', z')"
  12.706  by (simp add: is_nat_case_def)
  12.707  
  12.708  
  12.709 @@ -880,22 +880,22 @@
  12.710  by (blast dest: ltD intro: transM)
  12.711  
  12.712  lemma (in M_trivial) transitive_set_abs [simp]:
  12.713 -     "M(a) ==> transitive_set(M,a) <-> Transset(a)"
  12.714 +     "M(a) ==> transitive_set(M,a) \<longleftrightarrow> Transset(a)"
  12.715  by (simp add: transitive_set_def Transset_def)
  12.716  
  12.717  lemma (in M_trivial) ordinal_abs [simp]:
  12.718 -     "M(a) ==> ordinal(M,a) <-> Ord(a)"
  12.719 +     "M(a) ==> ordinal(M,a) \<longleftrightarrow> Ord(a)"
  12.720  by (simp add: ordinal_def Ord_def)
  12.721  
  12.722  lemma (in M_trivial) limit_ordinal_abs [simp]:
  12.723 -     "M(a) ==> limit_ordinal(M,a) <-> Limit(a)"
  12.724 +     "M(a) ==> limit_ordinal(M,a) \<longleftrightarrow> Limit(a)"
  12.725  apply (unfold Limit_def limit_ordinal_def)
  12.726  apply (simp add: Ord_0_lt_iff)
  12.727  apply (simp add: lt_def, blast)
  12.728  done
  12.729  
  12.730  lemma (in M_trivial) successor_ordinal_abs [simp]:
  12.731 -     "M(a) ==> successor_ordinal(M,a) <-> Ord(a) & (\<exists>b[M]. a = succ(b))"
  12.732 +     "M(a) ==> successor_ordinal(M,a) \<longleftrightarrow> Ord(a) & (\<exists>b[M]. a = succ(b))"
  12.733  apply (simp add: successor_ordinal_def, safe)
  12.734  apply (drule Ord_cases_disj, auto)
  12.735  done
  12.736 @@ -905,7 +905,7 @@
  12.737  by (induct a rule: trans_induct3, simp_all)
  12.738  
  12.739  lemma (in M_trivial) finite_ordinal_abs [simp]:
  12.740 -     "M(a) ==> finite_ordinal(M,a) <-> a \<in> nat"
  12.741 +     "M(a) ==> finite_ordinal(M,a) \<longleftrightarrow> a \<in> nat"
  12.742  apply (simp add: finite_ordinal_def)
  12.743  apply (blast intro: finite_Ord_is_nat intro: nat_into_Ord
  12.744               dest: Ord_trans naturals_not_limit)
  12.745 @@ -921,21 +921,21 @@
  12.746  done
  12.747  
  12.748  lemma (in M_trivial) omega_abs [simp]:
  12.749 -     "M(a) ==> omega(M,a) <-> a = nat"
  12.750 +     "M(a) ==> omega(M,a) \<longleftrightarrow> a = nat"
  12.751  apply (simp add: omega_def)
  12.752  apply (blast intro: Limit_non_Limit_implies_nat dest: naturals_not_limit)
  12.753  done
  12.754  
  12.755  lemma (in M_trivial) number1_abs [simp]:
  12.756 -     "M(a) ==> number1(M,a) <-> a = 1"
  12.757 +     "M(a) ==> number1(M,a) \<longleftrightarrow> a = 1"
  12.758  by (simp add: number1_def)
  12.759  
  12.760  lemma (in M_trivial) number2_abs [simp]:
  12.761 -     "M(a) ==> number2(M,a) <-> a = succ(1)"
  12.762 +     "M(a) ==> number2(M,a) \<longleftrightarrow> a = succ(1)"
  12.763  by (simp add: number2_def)
  12.764  
  12.765  lemma (in M_trivial) number3_abs [simp]:
  12.766 -     "M(a) ==> number3(M,a) <-> a = succ(succ(1))"
  12.767 +     "M(a) ==> number3(M,a) \<longleftrightarrow> a = succ(succ(1))"
  12.768  by (simp add: number3_def)
  12.769  
  12.770  text{*Kunen continued to 20...*}
  12.771 @@ -965,7 +965,7 @@
  12.772  
  12.773  locale M_basic = M_trivial +
  12.774  assumes Inter_separation:
  12.775 -     "M(A) ==> separation(M, \<lambda>x. \<forall>y[M]. y\<in>A --> x\<in>y)"
  12.776 +     "M(A) ==> separation(M, \<lambda>x. \<forall>y[M]. y\<in>A \<longrightarrow> x\<in>y)"
  12.777    and Diff_separation:
  12.778       "M(B) ==> separation(M, \<lambda>x. x \<notin> B)"
  12.779    and cartprod_separation:
  12.780 @@ -1003,7 +1003,7 @@
  12.781                                     fx \<noteq> gx))"
  12.782  
  12.783  lemma (in M_basic) cartprod_iff_lemma:
  12.784 -     "[| M(C);  \<forall>u[M]. u \<in> C <-> (\<exists>x\<in>A. \<exists>y\<in>B. u = {{x}, {x,y}});
  12.785 +     "[| M(C);  \<forall>u[M]. u \<in> C \<longleftrightarrow> (\<exists>x\<in>A. \<exists>y\<in>B. u = {{x}, {x,y}});
  12.786           powerset(M, A \<union> B, p1); powerset(M, p1, p2);  M(p2) |]
  12.787         ==> C = {u \<in> p2 . \<exists>x\<in>A. \<exists>y\<in>B. u = {{x}, {x,y}}}"
  12.788  apply (simp add: powerset_def)
  12.789 @@ -1017,8 +1017,8 @@
  12.790  
  12.791  lemma (in M_basic) cartprod_iff:
  12.792       "[| M(A); M(B); M(C) |]
  12.793 -      ==> cartprod(M,A,B,C) <->
  12.794 -          (\<exists>p1[M]. \<exists>p2[M]. powerset(M,A Un B,p1) & powerset(M,p1,p2) &
  12.795 +      ==> cartprod(M,A,B,C) \<longleftrightarrow>
  12.796 +          (\<exists>p1[M]. \<exists>p2[M]. powerset(M,A \<union> B,p1) & powerset(M,p1,p2) &
  12.797                     C = {z \<in> p2. \<exists>x\<in>A. \<exists>y\<in>B. z = <x,y>})"
  12.798  apply (simp add: Pair_def cartprod_def, safe)
  12.799  defer 1
  12.800 @@ -1026,7 +1026,7 @@
  12.801   apply blast
  12.802  txt{*Final, difficult case: the left-to-right direction of the theorem.*}
  12.803  apply (insert power_ax, simp add: power_ax_def)
  12.804 -apply (frule_tac x="A Un B" and P="\<lambda>x. rex(M,?Q(x))" in rspec)
  12.805 +apply (frule_tac x="A \<union> B" and P="\<lambda>x. rex(M,?Q(x))" in rspec)
  12.806  apply (blast, clarify)
  12.807  apply (drule_tac x=z and P="\<lambda>x. rex(M,?Q(x))" in rspec)
  12.808  apply assumption
  12.809 @@ -1037,7 +1037,7 @@
  12.810       "[| M(A); M(B) |] ==> \<exists>C[M]. cartprod(M,A,B,C)"
  12.811  apply (simp del: cartprod_abs add: cartprod_iff)
  12.812  apply (insert power_ax, simp add: power_ax_def)
  12.813 -apply (frule_tac x="A Un B" and P="\<lambda>x. rex(M,?Q(x))" in rspec)
  12.814 +apply (frule_tac x="A \<union> B" and P="\<lambda>x. rex(M,?Q(x))" in rspec)
  12.815  apply (blast, clarify)
  12.816  apply (drule_tac x=z and P="\<lambda>x. rex(M,?Q(x))" in rspec, auto)
  12.817  apply (intro rexI conjI, simp+)
  12.818 @@ -1055,23 +1055,23 @@
  12.819  by (simp add: sum_def)
  12.820  
  12.821  lemma (in M_basic) sum_abs [simp]:
  12.822 -     "[| M(A); M(B); M(Z) |] ==> is_sum(M,A,B,Z) <-> (Z = A+B)"
  12.823 +     "[| M(A); M(B); M(Z) |] ==> is_sum(M,A,B,Z) \<longleftrightarrow> (Z = A+B)"
  12.824  by (simp add: is_sum_def sum_def singleton_0 nat_into_M)
  12.825  
  12.826  lemma (in M_trivial) Inl_in_M_iff [iff]:
  12.827 -     "M(Inl(a)) <-> M(a)"
  12.828 +     "M(Inl(a)) \<longleftrightarrow> M(a)"
  12.829  by (simp add: Inl_def)
  12.830  
  12.831  lemma (in M_trivial) Inl_abs [simp]:
  12.832 -     "M(Z) ==> is_Inl(M,a,Z) <-> (Z = Inl(a))"
  12.833 +     "M(Z) ==> is_Inl(M,a,Z) \<longleftrightarrow> (Z = Inl(a))"
  12.834  by (simp add: is_Inl_def Inl_def)
  12.835  
  12.836  lemma (in M_trivial) Inr_in_M_iff [iff]:
  12.837 -     "M(Inr(a)) <-> M(a)"
  12.838 +     "M(Inr(a)) \<longleftrightarrow> M(a)"
  12.839  by (simp add: Inr_def)
  12.840  
  12.841  lemma (in M_trivial) Inr_abs [simp]:
  12.842 -     "M(Z) ==> is_Inr(M,a,Z) <-> (Z = Inr(a))"
  12.843 +     "M(Z) ==> is_Inr(M,a,Z) \<longleftrightarrow> (Z = Inr(a))"
  12.844  by (simp add: is_Inr_def Inr_def)
  12.845  
  12.846  
  12.847 @@ -1080,7 +1080,7 @@
  12.848  lemma (in M_basic) M_converse_iff:
  12.849       "M(r) ==>
  12.850        converse(r) =
  12.851 -      {z \<in> Union(Union(r)) * Union(Union(r)).
  12.852 +      {z \<in> \<Union>(\<Union>(r)) * \<Union>(\<Union>(r)).
  12.853         \<exists>p\<in>r. \<exists>x[M]. \<exists>y[M]. p = \<langle>x,y\<rangle> & z = \<langle>y,x\<rangle>}"
  12.854  apply (rule equalityI)
  12.855   prefer 2 apply (blast dest: transM, clarify, simp)
  12.856 @@ -1095,7 +1095,7 @@
  12.857  done
  12.858  
  12.859  lemma (in M_basic) converse_abs [simp]:
  12.860 -     "[| M(r); M(z) |] ==> is_converse(M,r,z) <-> z = converse(r)"
  12.861 +     "[| M(r); M(z) |] ==> is_converse(M,r,z) \<longleftrightarrow> z = converse(r)"
  12.862  apply (simp add: is_converse_def)
  12.863  apply (rule iffI)
  12.864   prefer 2 apply blast
  12.865 @@ -1114,7 +1114,7 @@
  12.866  done
  12.867  
  12.868  lemma (in M_basic) vimage_abs [simp]:
  12.869 -     "[| M(r); M(A); M(z) |] ==> pre_image(M,r,A,z) <-> z = r-``A"
  12.870 +     "[| M(r); M(A); M(z) |] ==> pre_image(M,r,A,z) \<longleftrightarrow> z = r-``A"
  12.871  apply (simp add: pre_image_def)
  12.872  apply (rule iffI)
  12.873   apply (blast intro!: equalityI dest: transM, blast)
  12.874 @@ -1128,7 +1128,7 @@
  12.875  subsubsection{*Domain, range and field*}
  12.876  
  12.877  lemma (in M_basic) domain_abs [simp]:
  12.878 -     "[| M(r); M(z) |] ==> is_domain(M,r,z) <-> z = domain(r)"
  12.879 +     "[| M(r); M(z) |] ==> is_domain(M,r,z) \<longleftrightarrow> z = domain(r)"
  12.880  apply (simp add: is_domain_def)
  12.881  apply (blast intro!: equalityI dest: transM)
  12.882  done
  12.883 @@ -1139,7 +1139,7 @@
  12.884  done
  12.885  
  12.886  lemma (in M_basic) range_abs [simp]:
  12.887 -     "[| M(r); M(z) |] ==> is_range(M,r,z) <-> z = range(r)"
  12.888 +     "[| M(r); M(z) |] ==> is_range(M,r,z) \<longleftrightarrow> z = range(r)"
  12.889  apply (simp add: is_range_def)
  12.890  apply (blast intro!: equalityI dest: transM)
  12.891  done
  12.892 @@ -1150,7 +1150,7 @@
  12.893  done
  12.894  
  12.895  lemma (in M_basic) field_abs [simp]:
  12.896 -     "[| M(r); M(z) |] ==> is_field(M,r,z) <-> z = field(r)"
  12.897 +     "[| M(r); M(z) |] ==> is_field(M,r,z) \<longleftrightarrow> z = field(r)"
  12.898  by (simp add: domain_closed range_closed is_field_def field_def)
  12.899  
  12.900  lemma (in M_basic) field_closed [intro,simp]:
  12.901 @@ -1161,13 +1161,13 @@
  12.902  subsubsection{*Relations, functions and application*}
  12.903  
  12.904  lemma (in M_basic) relation_abs [simp]:
  12.905 -     "M(r) ==> is_relation(M,r) <-> relation(r)"
  12.906 +     "M(r) ==> is_relation(M,r) \<longleftrightarrow> relation(r)"
  12.907  apply (simp add: is_relation_def relation_def)
  12.908  apply (blast dest!: bspec dest: pair_components_in_M)+
  12.909  done
  12.910  
  12.911  lemma (in M_basic) function_abs [simp]:
  12.912 -     "M(r) ==> is_function(M,r) <-> function(r)"
  12.913 +     "M(r) ==> is_function(M,r) \<longleftrightarrow> function(r)"
  12.914  apply (simp add: is_function_def function_def, safe)
  12.915     apply (frule transM, assumption)
  12.916    apply (blast dest: pair_components_in_M)+
  12.917 @@ -1178,28 +1178,28 @@
  12.918  by (simp add: apply_def)
  12.919  
  12.920  lemma (in M_basic) apply_abs [simp]:
  12.921 -     "[| M(f); M(x); M(y) |] ==> fun_apply(M,f,x,y) <-> f`x = y"
  12.922 +     "[| M(f); M(x); M(y) |] ==> fun_apply(M,f,x,y) \<longleftrightarrow> f`x = y"
  12.923  apply (simp add: fun_apply_def apply_def, blast)
  12.924  done
  12.925  
  12.926  lemma (in M_basic) typed_function_abs [simp]:
  12.927 -     "[| M(A); M(f) |] ==> typed_function(M,A,B,f) <-> f \<in> A -> B"
  12.928 +     "[| M(A); M(f) |] ==> typed_function(M,A,B,f) \<longleftrightarrow> f \<in> A -> B"
  12.929  apply (auto simp add: typed_function_def relation_def Pi_iff)
  12.930  apply (blast dest: pair_components_in_M)+
  12.931  done
  12.932  
  12.933  lemma (in M_basic) injection_abs [simp]:
  12.934 -     "[| M(A); M(f) |] ==> injection(M,A,B,f) <-> f \<in> inj(A,B)"
  12.935 +     "[| M(A); M(f) |] ==> injection(M,A,B,f) \<longleftrightarrow> f \<in> inj(A,B)"
  12.936  apply (simp add: injection_def apply_iff inj_def apply_closed)
  12.937  apply (blast dest: transM [of _ A])
  12.938  done
  12.939  
  12.940  lemma (in M_basic) surjection_abs [simp]:
  12.941 -     "[| M(A); M(B); M(f) |] ==> surjection(M,A,B,f) <-> f \<in> surj(A,B)"
  12.942 +     "[| M(A); M(B); M(f) |] ==> surjection(M,A,B,f) \<longleftrightarrow> f \<in> surj(A,B)"
  12.943  by (simp add: surjection_def surj_def)
  12.944  
  12.945  lemma (in M_basic) bijection_abs [simp]:
  12.946 -     "[| M(A); M(B); M(f) |] ==> bijection(M,A,B,f) <-> f \<in> bij(A,B)"
  12.947 +     "[| M(A); M(B); M(f) |] ==> bijection(M,A,B,f) \<longleftrightarrow> f \<in> bij(A,B)"
  12.948  by (simp add: bijection_def bij_def)
  12.949  
  12.950  
  12.951 @@ -1224,7 +1224,7 @@
  12.952  done
  12.953  
  12.954  lemma (in M_basic) composition_abs [simp]:
  12.955 -     "[| M(r); M(s); M(t) |] ==> composition(M,r,s,t) <-> t = r O s"
  12.956 +     "[| M(r); M(s); M(t) |] ==> composition(M,r,s,t) \<longleftrightarrow> t = r O s"
  12.957  apply safe
  12.958   txt{*Proving @{term "composition(M, r, s, r O s)"}*}
  12.959   prefer 2
  12.960 @@ -1246,7 +1246,7 @@
  12.961  
  12.962  lemma (in M_basic) restriction_abs [simp]:
  12.963       "[| M(f); M(A); M(z) |]
  12.964 -      ==> restriction(M,f,A,z) <-> z = restrict(f,A)"
  12.965 +      ==> restriction(M,f,A,z) \<longleftrightarrow> z = restrict(f,A)"
  12.966  apply (simp add: ball_iff_equiv restriction_def restrict_def)
  12.967  apply (blast intro!: equalityI dest: transM)
  12.968  done
  12.969 @@ -1263,17 +1263,17 @@
  12.970  done
  12.971  
  12.972  lemma (in M_basic) Inter_abs [simp]:
  12.973 -     "[| M(A); M(z) |] ==> big_inter(M,A,z) <-> z = Inter(A)"
  12.974 +     "[| M(A); M(z) |] ==> big_inter(M,A,z) \<longleftrightarrow> z = \<Inter>(A)"
  12.975  apply (simp add: big_inter_def Inter_def)
  12.976  apply (blast intro!: equalityI dest: transM)
  12.977  done
  12.978  
  12.979  lemma (in M_basic) Inter_closed [intro,simp]:
  12.980 -     "M(A) ==> M(Inter(A))"
  12.981 +     "M(A) ==> M(\<Inter>(A))"
  12.982  by (insert Inter_separation, simp add: Inter_def)
  12.983  
  12.984  lemma (in M_basic) Int_closed [intro,simp]:
  12.985 -     "[| M(A); M(B) |] ==> M(A Int B)"
  12.986 +     "[| M(A); M(B) |] ==> M(A \<inter> B)"
  12.987  apply (subgoal_tac "M({A,B})")
  12.988  apply (frule Inter_closed, force+)
  12.989  done
  12.990 @@ -1291,7 +1291,7 @@
  12.991  
  12.992  (*???equalities*)
  12.993  lemma Collect_Un_Collect_eq:
  12.994 -     "Collect(A,P) Un Collect(A,Q) = Collect(A, %x. P(x) | Q(x))"
  12.995 +     "Collect(A,P) \<union> Collect(A,Q) = Collect(A, %x. P(x) | Q(x))"
  12.996  by blast
  12.997  
  12.998  lemma Diff_Collect_eq:
  12.999 @@ -1299,7 +1299,7 @@
 12.1000  by blast
 12.1001  
 12.1002  lemma (in M_trivial) Collect_rall_eq:
 12.1003 -     "M(Y) ==> Collect(A, %x. \<forall>y[M]. y\<in>Y --> P(x,y)) =
 12.1004 +     "M(Y) ==> Collect(A, %x. \<forall>y[M]. y\<in>Y \<longrightarrow> P(x,y)) =
 12.1005                 (if Y=0 then A else (\<Inter>y \<in> Y. {x \<in> A. P(x,y)}))"
 12.1006  apply simp
 12.1007  apply (blast intro!: equalityI dest: transM)
 12.1008 @@ -1317,7 +1317,7 @@
 12.1009  
 12.1010  lemma (in M_basic) separation_imp:
 12.1011       "[|separation(M,P); separation(M,Q)|]
 12.1012 -      ==> separation(M, \<lambda>z. P(z) --> Q(z))"
 12.1013 +      ==> separation(M, \<lambda>z. P(z) \<longrightarrow> Q(z))"
 12.1014  by (simp add: separation_neg separation_disj not_disj_iff_imp [symmetric])
 12.1015  
 12.1016  text{*This result is a hint of how little can be done without the Reflection
 12.1017 @@ -1326,7 +1326,7 @@
 12.1018  lemma (in M_basic) separation_rall:
 12.1019       "[|M(Y); \<forall>y[M]. separation(M, \<lambda>x. P(x,y));
 12.1020          \<forall>z[M]. strong_replacement(M, \<lambda>x y. y = {u \<in> z . P(u,x)})|]
 12.1021 -      ==> separation(M, \<lambda>x. \<forall>y[M]. y\<in>Y --> P(x,y))"
 12.1022 +      ==> separation(M, \<lambda>x. \<forall>y[M]. y\<in>Y \<longrightarrow> P(x,y))"
 12.1023  apply (simp del: separation_closed rall_abs
 12.1024           add: separation_iff Collect_rall_eq)
 12.1025  apply (blast intro!: Inter_closed RepFun_closed dest: transM)
 12.1026 @@ -1338,7 +1338,7 @@
 12.1027  text{*The assumption @{term "M(A->B)"} is unusual, but essential: in
 12.1028  all but trivial cases, A->B cannot be expected to belong to @{term M}.*}
 12.1029  lemma (in M_basic) is_funspace_abs [simp]:
 12.1030 -     "[|M(A); M(B); M(F); M(A->B)|] ==> is_funspace(M,A,B,F) <-> F = A->B";
 12.1031 +     "[|M(A); M(B); M(F); M(A->B)|] ==> is_funspace(M,A,B,F) \<longleftrightarrow> F = A->B";
 12.1032  apply (simp add: is_funspace_def)
 12.1033  apply (rule iffI)
 12.1034   prefer 2 apply blast
 12.1035 @@ -1392,20 +1392,20 @@
 12.1036                        (~number1(M,a) & z=b)"
 12.1037  
 12.1038  lemma (in M_trivial) bool_of_o_abs [simp]:
 12.1039 -     "M(z) ==> is_bool_of_o(M,P,z) <-> z = bool_of_o(P)"
 12.1040 +     "M(z) ==> is_bool_of_o(M,P,z) \<longleftrightarrow> z = bool_of_o(P)"
 12.1041  by (simp add: is_bool_of_o_def bool_of_o_def)
 12.1042  
 12.1043  
 12.1044  lemma (in M_trivial) not_abs [simp]:
 12.1045 -     "[| M(a); M(z)|] ==> is_not(M,a,z) <-> z = not(a)"
 12.1046 +     "[| M(a); M(z)|] ==> is_not(M,a,z) \<longleftrightarrow> z = not(a)"
 12.1047  by (simp add: Bool.not_def cond_def is_not_def)
 12.1048  
 12.1049  lemma (in M_trivial) and_abs [simp]:
 12.1050 -     "[| M(a); M(b); M(z)|] ==> is_and(M,a,b,z) <-> z = a and b"
 12.1051 +     "[| M(a); M(b); M(z)|] ==> is_and(M,a,b,z) \<longleftrightarrow> z = a and b"
 12.1052  by (simp add: Bool.and_def cond_def is_and_def)
 12.1053  
 12.1054  lemma (in M_trivial) or_abs [simp]:
 12.1055 -     "[| M(a); M(b); M(z)|] ==> is_or(M,a,b,z) <-> z = a or b"
 12.1056 +     "[| M(a); M(b); M(z)|] ==> is_or(M,a,b,z) \<longleftrightarrow> z = a or b"
 12.1057  by (simp add: Bool.or_def cond_def is_or_def)
 12.1058  
 12.1059  
 12.1060 @@ -1442,14 +1442,14 @@
 12.1061  lemma (in M_trivial) Nil_in_M [intro,simp]: "M(Nil)"
 12.1062  by (simp add: Nil_def)
 12.1063  
 12.1064 -lemma (in M_trivial) Nil_abs [simp]: "M(Z) ==> is_Nil(M,Z) <-> (Z = Nil)"
 12.1065 +lemma (in M_trivial) Nil_abs [simp]: "M(Z) ==> is_Nil(M,Z) \<longleftrightarrow> (Z = Nil)"
 12.1066  by (simp add: is_Nil_def Nil_def)
 12.1067  
 12.1068 -lemma (in M_trivial) Cons_in_M_iff [iff]: "M(Cons(a,l)) <-> M(a) & M(l)"
 12.1069 +lemma (in M_trivial) Cons_in_M_iff [iff]: "M(Cons(a,l)) \<longleftrightarrow> M(a) & M(l)"
 12.1070  by (simp add: Cons_def)
 12.1071  
 12.1072  lemma (in M_trivial) Cons_abs [simp]:
 12.1073 -     "[|M(a); M(l); M(Z)|] ==> is_Cons(M,a,l,Z) <-> (Z = Cons(a,l))"
 12.1074 +     "[|M(a); M(l); M(Z)|] ==> is_Cons(M,a,l,Z) \<longleftrightarrow> (Z = Cons(a,l))"
 12.1075  by (simp add: is_Cons_def Cons_def)
 12.1076  
 12.1077  
 12.1078 @@ -1471,8 +1471,8 @@
 12.1079    is_list_case :: "[i=>o, i, [i,i,i]=>o, i, i] => o" where
 12.1080      --{*Returns 0 for non-lists*}
 12.1081      "is_list_case(M, a, is_b, xs, z) ==
 12.1082 -       (is_Nil(M,xs) --> z=a) &
 12.1083 -       (\<forall>x[M]. \<forall>l[M]. is_Cons(M,x,l,xs) --> is_b(x,l,z)) &
 12.1084 +       (is_Nil(M,xs) \<longrightarrow> z=a) &
 12.1085 +       (\<forall>x[M]. \<forall>l[M]. is_Cons(M,x,l,xs) \<longrightarrow> is_b(x,l,z)) &
 12.1086         (is_quasilist(M,xs) | empty(M,z))"
 12.1087  
 12.1088  definition
 12.1089 @@ -1490,7 +1490,7 @@
 12.1090       --{* @{term "hd([]) = 0"} no constraints if not a list.
 12.1091            Avoiding implication prevents the simplifier's looping.*}
 12.1092      "is_hd(M,xs,H) ==
 12.1093 -       (is_Nil(M,xs) --> empty(M,H)) &
 12.1094 +       (is_Nil(M,xs) \<longrightarrow> empty(M,H)) &
 12.1095         (\<forall>x[M]. \<forall>l[M]. ~ is_Cons(M,x,l,xs) | H=x) &
 12.1096         (is_quasilist(M,xs) | empty(M,H))"
 12.1097  
 12.1098 @@ -1498,7 +1498,7 @@
 12.1099    is_tl :: "[i=>o,i,i] => o" where
 12.1100       --{* @{term "tl([]) = []"}; see comments about @{term is_hd}*}
 12.1101      "is_tl(M,xs,T) ==
 12.1102 -       (is_Nil(M,xs) --> T=xs) &
 12.1103 +       (is_Nil(M,xs) \<longrightarrow> T=xs) &
 12.1104         (\<forall>x[M]. \<forall>l[M]. ~ is_Cons(M,x,l,xs) | T=l) &
 12.1105         (is_quasilist(M,xs) | empty(M,T))"
 12.1106  
 12.1107 @@ -1536,12 +1536,12 @@
 12.1108  done
 12.1109  
 12.1110  lemma (in M_trivial) quasilist_abs [simp]:
 12.1111 -     "M(z) ==> is_quasilist(M,z) <-> quasilist(z)"
 12.1112 +     "M(z) ==> is_quasilist(M,z) \<longleftrightarrow> quasilist(z)"
 12.1113  by (auto simp add: is_quasilist_def quasilist_def)
 12.1114  
 12.1115  lemma (in M_trivial) list_case_abs [simp]:
 12.1116       "[| relation2(M,is_b,b); M(k); M(z) |]
 12.1117 -      ==> is_list_case(M,a,is_b,k,z) <-> z = list_case'(a,b,k)"
 12.1118 +      ==> is_list_case(M,a,is_b,k,z) \<longleftrightarrow> z = list_case'(a,b,k)"
 12.1119  apply (case_tac "quasilist(k)")
 12.1120   prefer 2
 12.1121   apply (simp add: is_list_case_def non_list_case)
 12.1122 @@ -1554,15 +1554,15 @@
 12.1123  
 12.1124  subsubsection{*The Modified Operators @{term hd'} and @{term tl'}*}
 12.1125  
 12.1126 -lemma (in M_trivial) is_hd_Nil: "is_hd(M,[],Z) <-> empty(M,Z)"
 12.1127 +lemma (in M_trivial) is_hd_Nil: "is_hd(M,[],Z) \<longleftrightarrow> empty(M,Z)"
 12.1128  by (simp add: is_hd_def)
 12.1129  
 12.1130  lemma (in M_trivial) is_hd_Cons:
 12.1131 -     "[|M(a); M(l)|] ==> is_hd(M,Cons(a,l),Z) <-> Z = a"
 12.1132 +     "[|M(a); M(l)|] ==> is_hd(M,Cons(a,l),Z) \<longleftrightarrow> Z = a"
 12.1133  by (force simp add: is_hd_def)
 12.1134  
 12.1135  lemma (in M_trivial) hd_abs [simp]:
 12.1136 -     "[|M(x); M(y)|] ==> is_hd(M,x,y) <-> y = hd'(x)"
 12.1137 +     "[|M(x); M(y)|] ==> is_hd(M,x,y) \<longleftrightarrow> y = hd'(x)"
 12.1138  apply (simp add: hd'_def)
 12.1139  apply (intro impI conjI)
 12.1140   prefer 2 apply (force simp add: is_hd_def)
 12.1141 @@ -1570,15 +1570,15 @@
 12.1142  apply (elim disjE exE, auto)
 12.1143  done
 12.1144  
 12.1145 -lemma (in M_trivial) is_tl_Nil: "is_tl(M,[],Z) <-> Z = []"
 12.1146 +lemma (in M_trivial) is_tl_Nil: "is_tl(M,[],Z) \<longleftrightarrow> Z = []"
 12.1147  by (simp add: is_tl_def)
 12.1148  
 12.1149  lemma (in M_trivial) is_tl_Cons:
 12.1150 -     "[|M(a); M(l)|] ==> is_tl(M,Cons(a,l),Z) <-> Z = l"
 12.1151 +     "[|M(a); M(l)|] ==> is_tl(M,Cons(a,l),Z) \<longleftrightarrow> Z = l"
 12.1152  by (force simp add: is_tl_def)
 12.1153  
 12.1154  lemma (in M_trivial) tl_abs [simp]:
 12.1155 -     "[|M(x); M(y)|] ==> is_tl(M,x,y) <-> y = tl'(x)"
 12.1156 +     "[|M(x); M(y)|] ==> is_tl(M,x,y) \<longleftrightarrow> y = tl'(x)"
 12.1157  apply (simp add: tl'_def)
 12.1158  apply (intro impI conjI)
 12.1159   prefer 2 apply (force simp add: is_tl_def)
    13.1 --- a/src/ZF/Constructible/Satisfies_absolute.thy	Tue Mar 06 16:46:27 2012 +0000
    13.2 +++ b/src/ZF/Constructible/Satisfies_absolute.thy	Tue Mar 06 17:01:37 2012 +0000
    13.3 @@ -31,7 +31,7 @@
    13.4  
    13.5  lemma sats_depth_fm [simp]:
    13.6     "[| x \<in> nat; y < length(env); env \<in> list(A)|]
    13.7 -    ==> sats(A, depth_fm(x,y), env) <->
    13.8 +    ==> sats(A, depth_fm(x,y), env) \<longleftrightarrow>
    13.9          is_depth(##A, nth(x,env), nth(y,env))"
   13.10  apply (frule_tac x=y in lt_length_in_nat, assumption)  
   13.11  apply (simp add: depth_fm_def is_depth_def) 
   13.12 @@ -40,7 +40,7 @@
   13.13  lemma depth_iff_sats:
   13.14        "[| nth(i,env) = x; nth(j,env) = y; 
   13.15            i \<in> nat; j < length(env); env \<in> list(A)|]
   13.16 -       ==> is_depth(##A, x, y) <-> sats(A, depth_fm(i,j), env)"
   13.17 +       ==> is_depth(##A, x, y) \<longleftrightarrow> sats(A, depth_fm(i,j), env)"
   13.18  by (simp add: sats_depth_fm)
   13.19  
   13.20  theorem depth_reflection:
   13.21 @@ -60,11 +60,11 @@
   13.22  (* is_formula_case :: 
   13.23      "[i=>o, [i,i,i]=>o, [i,i,i]=>o, [i,i,i]=>o, [i,i]=>o, i, i] => o"
   13.24    "is_formula_case(M, is_a, is_b, is_c, is_d, v, z) == 
   13.25 -      (\<forall>x[M]. \<forall>y[M]. x\<in>nat --> y\<in>nat --> is_Member(M,x,y,v) --> is_a(x,y,z)) &
   13.26 -      (\<forall>x[M]. \<forall>y[M]. x\<in>nat --> y\<in>nat --> is_Equal(M,x,y,v) --> is_b(x,y,z)) &
   13.27 -      (\<forall>x[M]. \<forall>y[M]. x\<in>formula --> y\<in>formula --> 
   13.28 -                     is_Nand(M,x,y,v) --> is_c(x,y,z)) &
   13.29 -      (\<forall>x[M]. x\<in>formula --> is_Forall(M,x,v) --> is_d(x,z))" *)
   13.30 +      (\<forall>x[M]. \<forall>y[M]. x\<in>nat \<longrightarrow> y\<in>nat \<longrightarrow> is_Member(M,x,y,v) \<longrightarrow> is_a(x,y,z)) &
   13.31 +      (\<forall>x[M]. \<forall>y[M]. x\<in>nat \<longrightarrow> y\<in>nat \<longrightarrow> is_Equal(M,x,y,v) \<longrightarrow> is_b(x,y,z)) &
   13.32 +      (\<forall>x[M]. \<forall>y[M]. x\<in>formula \<longrightarrow> y\<in>formula \<longrightarrow> 
   13.33 +                     is_Nand(M,x,y,v) \<longrightarrow> is_c(x,y,z)) &
   13.34 +      (\<forall>x[M]. x\<in>formula \<longrightarrow> is_Forall(M,x,v) \<longrightarrow> is_d(x,z))" *)
   13.35  
   13.36  definition
   13.37    formula_case_fm :: "[i, i, i, i, i, i]=>i" where
   13.38 @@ -96,22 +96,22 @@
   13.39    assumes is_a_iff_sats: 
   13.40        "!!a0 a1 a2. 
   13.41          [|a0\<in>A; a1\<in>A; a2\<in>A|]  
   13.42 -        ==> ISA(a2, a1, a0) <-> sats(A, is_a, Cons(a0,Cons(a1,Cons(a2,env))))"
   13.43 +        ==> ISA(a2, a1, a0) \<longleftrightarrow> sats(A, is_a, Cons(a0,Cons(a1,Cons(a2,env))))"
   13.44    and is_b_iff_sats: 
   13.45        "!!a0 a1 a2. 
   13.46          [|a0\<in>A; a1\<in>A; a2\<in>A|]  
   13.47 -        ==> ISB(a2, a1, a0) <-> sats(A, is_b, Cons(a0,Cons(a1,Cons(a2,env))))"
   13.48 +        ==> ISB(a2, a1, a0) \<longleftrightarrow> sats(A, is_b, Cons(a0,Cons(a1,Cons(a2,env))))"
   13.49    and is_c_iff_sats: 
   13.50        "!!a0 a1 a2. 
   13.51          [|a0\<in>A; a1\<in>A; a2\<in>A|]  
   13.52 -        ==> ISC(a2, a1, a0) <-> sats(A, is_c, Cons(a0,Cons(a1,Cons(a2,env))))"
   13.53 +        ==> ISC(a2, a1, a0) \<longleftrightarrow> sats(A, is_c, Cons(a0,Cons(a1,Cons(a2,env))))"
   13.54    and is_d_iff_sats: 
   13.55        "!!a0 a1. 
   13.56          [|a0\<in>A; a1\<in>A|]  
   13.57 -        ==> ISD(a1, a0) <-> sats(A, is_d, Cons(a0,Cons(a1,env)))"
   13.58 +        ==> ISD(a1, a0) \<longleftrightarrow> sats(A, is_d, Cons(a0,Cons(a1,env)))"
   13.59    shows 
   13.60        "[|x \<in> nat; y < length(env); env \<in> list(A)|]
   13.61 -       ==> sats(A, formula_case_fm(is_a,is_b,is_c,is_d,x,y), env) <->
   13.62 +       ==> sats(A, formula_case_fm(is_a,is_b,is_c,is_d,x,y), env) \<longleftrightarrow>
   13.63             is_formula_case(##A, ISA, ISB, ISC, ISD, nth(x,env), nth(y,env))"
   13.64  apply (frule_tac x=y in lt_length_in_nat, assumption)  
   13.65  apply (simp add: formula_case_fm_def is_formula_case_def 
   13.66 @@ -123,23 +123,23 @@
   13.67    assumes is_a_iff_sats: 
   13.68        "!!a0 a1 a2. 
   13.69          [|a0\<in>A; a1\<in>A; a2\<in>A|]  
   13.70 -        ==> ISA(a2, a1, a0) <-> sats(A, is_a, Cons(a0,Cons(a1,Cons(a2,env))))"
   13.71 +        ==> ISA(a2, a1, a0) \<longleftrightarrow> sats(A, is_a, Cons(a0,Cons(a1,Cons(a2,env))))"
   13.72    and is_b_iff_sats: 
   13.73        "!!a0 a1 a2. 
   13.74          [|a0\<in>A; a1\<in>A; a2\<in>A|]  
   13.75 -        ==> ISB(a2, a1, a0) <-> sats(A, is_b, Cons(a0,Cons(a1,Cons(a2,env))))"
   13.76 +        ==> ISB(a2, a1, a0) \<longleftrightarrow> sats(A, is_b, Cons(a0,Cons(a1,Cons(a2,env))))"
   13.77    and is_c_iff_sats: 
   13.78        "!!a0 a1 a2. 
   13.79          [|a0\<in>A; a1\<in>A; a2\<in>A|]  
   13.80 -        ==> ISC(a2, a1, a0) <-> sats(A, is_c, Cons(a0,Cons(a1,Cons(a2,env))))"
   13.81 +        ==> ISC(a2, a1, a0) \<longleftrightarrow> sats(A, is_c, Cons(a0,Cons(a1,Cons(a2,env))))"
   13.82    and is_d_iff_sats: 
   13.83        "!!a0 a1. 
   13.84          [|a0\<in>A; a1\<in>A|]  
   13.85 -        ==> ISD(a1, a0) <-> sats(A, is_d, Cons(a0,Cons(a1,env)))"
   13.86 +        ==> ISD(a1, a0) \<longleftrightarrow> sats(A, is_d, Cons(a0,Cons(a1,env)))"
   13.87    shows 
   13.88        "[|nth(i,env) = x; nth(j,env) = y; 
   13.89        i \<in> nat; j < length(env); env \<in> list(A)|]
   13.90 -       ==> is_formula_case(##A, ISA, ISB, ISC, ISD, x, y) <->
   13.91 +       ==> is_formula_case(##A, ISA, ISB, ISC, ISD, x, y) \<longleftrightarrow>
   13.92             sats(A, formula_case_fm(is_a,is_b,is_c,is_d,i,j), env)"
   13.93  by (simp add: sats_formula_case_fm [OF is_a_iff_sats is_b_iff_sats 
   13.94                                         is_c_iff_sats is_d_iff_sats])
   13.95 @@ -184,7 +184,7 @@
   13.96  
   13.97  lemma (in M_datatypes) is_depth_apply_abs [simp]:
   13.98       "[|M(h); p \<in> formula; M(z)|] 
   13.99 -      ==> is_depth_apply(M,h,p,z) <-> z = h ` succ(depth(p)) ` p"
  13.100 +      ==> is_depth_apply(M,h,p,z) \<longleftrightarrow> z = h ` succ(depth(p)) ` p"
  13.101  by (simp add: is_depth_apply_def formula_into_M depth_type eq_commute)
  13.102  
  13.103  
  13.104 @@ -202,7 +202,7 @@
  13.105  definition
  13.106    satisfies_is_a :: "[i=>o,i,i,i,i]=>o" where
  13.107     "satisfies_is_a(M,A) == 
  13.108 -    \<lambda>x y zz. \<forall>lA[M]. is_list(M,A,lA) -->
  13.109 +    \<lambda>x y zz. \<forall>lA[M]. is_list(M,A,lA) \<longrightarrow>
  13.110               is_lambda(M, lA, 
  13.111                  \<lambda>env z. is_bool_of_o(M, 
  13.112                        \<exists>nx[M]. \<exists>ny[M]. 
  13.113 @@ -219,7 +219,7 @@
  13.114     --{*We simplify the formula to have just @{term nx} rather than 
  13.115         introducing @{term ny} with  @{term "nx=ny"} *}
  13.116    "satisfies_is_b(M,A) == 
  13.117 -    \<lambda>x y zz. \<forall>lA[M]. is_list(M,A,lA) -->
  13.118 +    \<lambda>x y zz. \<forall>lA[M]. is_list(M,A,lA) \<longrightarrow>
  13.119               is_lambda(M, lA, 
  13.120                  \<lambda>env z. is_bool_of_o(M, 
  13.121                        \<exists>nx[M]. is_nth(M,x,env,nx) & is_nth(M,y,env,nx), z),
  13.122 @@ -232,7 +232,7 @@
  13.123  definition
  13.124    satisfies_is_c :: "[i=>o,i,i,i,i,i]=>o" where
  13.125     "satisfies_is_c(M,A,h) == 
  13.126 -    \<lambda>p q zz. \<forall>lA[M]. is_list(M,A,lA) -->
  13.127 +    \<lambda>p q zz. \<forall>lA[M]. is_list(M,A,lA) \<longrightarrow>
  13.128               is_lambda(M, lA, \<lambda>env z. \<exists>hp[M]. \<exists>hq[M]. 
  13.129                   (\<exists>rp[M]. is_depth_apply(M,h,p,rp) & fun_apply(M,rp,env,hp)) & 
  13.130                   (\<exists>rq[M]. is_depth_apply(M,h,q,rq) & fun_apply(M,rq,env,hq)) & 
  13.131 @@ -247,13 +247,13 @@
  13.132  definition
  13.133    satisfies_is_d :: "[i=>o,i,i,i,i]=>o" where
  13.134     "satisfies_is_d(M,A,h) == 
  13.135 -    \<lambda>p zz. \<forall>lA[M]. is_list(M,A,lA) -->
  13.136 +    \<lambda>p zz. \<forall>lA[M]. is_list(M,A,lA) \<longrightarrow>
  13.137               is_lambda(M, lA, 
  13.138                  \<lambda>env z. \<exists>rp[M]. is_depth_apply(M,h,p,rp) & 
  13.139                      is_bool_of_o(M, 
  13.140                             \<forall>x[M]. \<forall>xenv[M]. \<forall>hp[M]. 
  13.141 -                              x\<in>A --> is_Cons(M,x,env,xenv) --> 
  13.142 -                              fun_apply(M,rp,xenv,hp) --> number1(M,hp),
  13.143 +                              x\<in>A \<longrightarrow> is_Cons(M,x,env,xenv) \<longrightarrow> 
  13.144 +                              fun_apply(M,rp,xenv,hp) \<longrightarrow> number1(M,hp),
  13.145                    z),
  13.146                 zz)"
  13.147  
  13.148 @@ -263,7 +263,7 @@
  13.149          the correct arity.*}
  13.150    "satisfies_MH == 
  13.151      \<lambda>M A u f z. 
  13.152 -         \<forall>fml[M]. is_formula(M,fml) -->
  13.153 +         \<forall>fml[M]. is_formula(M,fml) \<longrightarrow>
  13.154               is_lambda (M, fml, 
  13.155                 is_formula_case (M, satisfies_is_a(M,A), 
  13.156                                  satisfies_is_b(M,A), 
  13.157 @@ -321,8 +321,8 @@
  13.158                env \<in> list(A) & 
  13.159                is_bool_of_o (M, 
  13.160                              \<forall>a[M]. \<forall>co[M]. \<forall>rpco[M]. 
  13.161 -                               a\<in>A --> is_Cons(M,a,env,co) -->
  13.162 -                               fun_apply(M,rp,co,rpco) --> number1(M, rpco), 
  13.163 +                               a\<in>A \<longrightarrow> is_Cons(M,a,env,co) \<longrightarrow>
  13.164 +                               fun_apply(M,rp,co,rpco) \<longrightarrow> number1(M, rpco), 
  13.165                              bo) &
  13.166                pair(M,env,bo,z))"
  13.167   and
  13.168 @@ -500,7 +500,7 @@
  13.169  
  13.170  lemma (in M_satisfies) satisfies_abs:
  13.171    "[|M(A); M(z); p \<in> formula|] 
  13.172 -   ==> is_satisfies(M,A,p,z) <-> z = satisfies(A,p)"
  13.173 +   ==> is_satisfies(M,A,p,z) \<longleftrightarrow> z = satisfies(A,p)"
  13.174  by (simp only: Formula_Rec.formula_rec_abs [OF Formula_Rec_M]  
  13.175                 satisfies_eq is_satisfies_def satisfies_MH_def)
  13.176  
  13.177 @@ -529,14 +529,14 @@
  13.178  
  13.179  lemma sats_depth_apply_fm [simp]:
  13.180     "[| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
  13.181 -    ==> sats(A, depth_apply_fm(x,y,z), env) <->
  13.182 +    ==> sats(A, depth_apply_fm(x,y,z), env) \<longleftrightarrow>
  13.183          is_depth_apply(##A, nth(x,env), nth(y,env), nth(z,env))"
  13.184  by (simp add: depth_apply_fm_def is_depth_apply_def)
  13.185  
  13.186  lemma depth_apply_iff_sats:
  13.187      "[| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
  13.188          i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)|]
  13.189 -     ==> is_depth_apply(##A, x, y, z) <-> sats(A, depth_apply_fm(i,j,k), env)"
  13.190 +     ==> is_depth_apply(##A, x, y, z) \<longleftrightarrow> sats(A, depth_apply_fm(i,j,k), env)"
  13.191  by simp
  13.192  
  13.193  lemma depth_apply_reflection:
  13.194 @@ -551,7 +551,7 @@
  13.195  subsubsection{*The Operator @{term satisfies_is_a}, Internalized*}
  13.196  
  13.197  (* satisfies_is_a(M,A) == 
  13.198 -    \<lambda>x y zz. \<forall>lA[M]. is_list(M,A,lA) -->
  13.199 +    \<lambda>x y zz. \<forall>lA[M]. is_list(M,A,lA) \<longrightarrow>
  13.200               is_lambda(M, lA, 
  13.201                  \<lambda>env z. is_bool_of_o(M, 
  13.202                        \<exists>nx[M]. \<exists>ny[M]. 
  13.203 @@ -577,7 +577,7 @@
  13.204  
  13.205  lemma sats_satisfies_is_a_fm [simp]:
  13.206     "[| u \<in> nat; x < length(env); y < length(env); z \<in> nat; env \<in> list(A)|]
  13.207 -    ==> sats(A, satisfies_is_a_fm(u,x,y,z), env) <->
  13.208 +    ==> sats(A, satisfies_is_a_fm(u,x,y,z), env) \<longleftrightarrow>
  13.209          satisfies_is_a(##A, nth(u,env), nth(x,env), nth(y,env), nth(z,env))"
  13.210  apply (frule_tac x=x in lt_length_in_nat, assumption)  
  13.211  apply (frule_tac x=y in lt_length_in_nat, assumption)  
  13.212 @@ -588,7 +588,7 @@
  13.213  lemma satisfies_is_a_iff_sats:
  13.214    "[| nth(u,env) = nu; nth(x,env) = nx; nth(y,env) = ny; nth(z,env) = nz;
  13.215        u \<in> nat; x < length(env); y < length(env); z \<in> nat; env \<in> list(A)|]
  13.216 -   ==> satisfies_is_a(##A,nu,nx,ny,nz) <->
  13.217 +   ==> satisfies_is_a(##A,nu,nx,ny,nz) \<longleftrightarrow>
  13.218         sats(A, satisfies_is_a_fm(u,x,y,z), env)"
  13.219  by simp
  13.220  
  13.221 @@ -604,7 +604,7 @@
  13.222  subsubsection{*The Operator @{term satisfies_is_b}, Internalized*}
  13.223  
  13.224  (* satisfies_is_b(M,A) == 
  13.225 -    \<lambda>x y zz. \<forall>lA[M]. is_list(M,A,lA) -->
  13.226 +    \<lambda>x y zz. \<forall>lA[M]. is_list(M,A,lA) \<longrightarrow>
  13.227               is_lambda(M, lA, 
  13.228                  \<lambda>env z. is_bool_of_o(M, 
  13.229                        \<exists>nx[M]. is_nth(M,x,env,nx) & is_nth(M,y,env,nx), z),
  13.230 @@ -626,7 +626,7 @@
  13.231  
  13.232  lemma sats_satisfies_is_b_fm [simp]:
  13.233     "[| u \<in> nat; x < length(env); y < length(env); z \<in> nat; env \<in> list(A)|]
  13.234 -    ==> sats(A, satisfies_is_b_fm(u,x,y,z), env) <->
  13.235 +    ==> sats(A, satisfies_is_b_fm(u,x,y,z), env) \<longleftrightarrow>
  13.236          satisfies_is_b(##A, nth(u,env), nth(x,env), nth(y,env), nth(z,env))"
  13.237  apply (frule_tac x=x in lt_length_in_nat, assumption)  
  13.238  apply (frule_tac x=y in lt_length_in_nat, assumption)  
  13.239 @@ -637,7 +637,7 @@
  13.240  lemma satisfies_is_b_iff_sats:
  13.241    "[| nth(u,env) = nu; nth(x,env) = nx; nth(y,env) = ny; nth(z,env) = nz;
  13.242        u \<in> nat; x < length(env); y < length(env); z \<in> nat; env \<in> list(A)|]
  13.243 -   ==> satisfies_is_b(##A,nu,nx,ny,nz) <->
  13.244 +   ==> satisfies_is_b(##A,nu,nx,ny,nz) \<longleftrightarrow>
  13.245         sats(A, satisfies_is_b_fm(u,x,y,z), env)"
  13.246  by simp
  13.247  
  13.248 @@ -653,7 +653,7 @@
  13.249  subsubsection{*The Operator @{term satisfies_is_c}, Internalized*}
  13.250  
  13.251  (* satisfies_is_c(M,A,h) == 
  13.252 -    \<lambda>p q zz. \<forall>lA[M]. is_list(M,A,lA) -->
  13.253 +    \<lambda>p q zz. \<forall>lA[M]. is_list(M,A,lA) \<longrightarrow>
  13.254               is_lambda(M, lA, \<lambda>env z. \<exists>hp[M]. \<exists>hq[M]. 
  13.255                   (\<exists>rp[M]. is_depth_apply(M,h,p,rp) & fun_apply(M,rp,env,hp)) & 
  13.256                   (\<exists>rq[M]. is_depth_apply(M,h,q,rq) & fun_apply(M,rq,env,hq)) & 
  13.257 @@ -679,7 +679,7 @@
  13.258  
  13.259  lemma sats_satisfies_is_c_fm [simp]:
  13.260     "[| u \<in> nat; v \<in> nat; x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
  13.261 -    ==> sats(A, satisfies_is_c_fm(u,v,x,y,z), env) <->
  13.262 +    ==> sats(A, satisfies_is_c_fm(u,v,x,y,z), env) \<longleftrightarrow>
  13.263          satisfies_is_c(##A, nth(u,env), nth(v,env), nth(x,env), 
  13.264                              nth(y,env), nth(z,env))"  
  13.265  by (simp add: satisfies_is_c_fm_def satisfies_is_c_def sats_lambda_fm)
  13.266 @@ -688,7 +688,7 @@
  13.267    "[| nth(u,env) = nu; nth(v,env) = nv; nth(x,env) = nx; nth(y,env) = ny; 
  13.268        nth(z,env) = nz;
  13.269        u \<in> nat; v \<in> nat; x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
  13.270 -   ==> satisfies_is_c(##A,nu,nv,nx,ny,nz) <->
  13.271 +   ==> satisfies_is_c(##A,nu,nv,nx,ny,nz) \<longleftrightarrow>
  13.272         sats(A, satisfies_is_c_fm(u,v,x,y,z), env)"
  13.273  by simp
  13.274  
  13.275 @@ -704,13 +704,13 @@
  13.276  subsubsection{*The Operator @{term satisfies_is_d}, Internalized*}
  13.277  
  13.278  (* satisfies_is_d(M,A,h) == 
  13.279 -    \<lambda>p zz. \<forall>lA[M]. is_list(M,A,lA) -->
  13.280 +    \<lambda>p zz. \<forall>lA[M]. is_list(M,A,lA) \<longrightarrow>
  13.281               is_lambda(M, lA, 
  13.282                  \<lambda>env z. \<exists>rp[M]. is_depth_apply(M,h,p,rp) & 
  13.283                      is_bool_of_o(M, 
  13.284                             \<forall>x[M]. \<forall>xenv[M]. \<forall>hp[M]. 
  13.285 -                              x\<in>A --> is_Cons(M,x,env,xenv) --> 
  13.286 -                              fun_apply(M,rp,xenv,hp) --> number1(M,hp),
  13.287 +                              x\<in>A \<longrightarrow> is_Cons(M,x,env,xenv) \<longrightarrow> 
  13.288 +                              fun_apply(M,rp,xenv,hp) \<longrightarrow> number1(M,hp),
  13.289                    z),
  13.290                 zz) *)
  13.291  
  13.292 @@ -736,7 +736,7 @@
  13.293  
  13.294  lemma sats_satisfies_is_d_fm [simp]:
  13.295     "[| u \<in> nat; x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
  13.296 -    ==> sats(A, satisfies_is_d_fm(u,x,y,z), env) <->
  13.297 +    ==> sats(A, satisfies_is_d_fm(u,x,y,z), env) \<longleftrightarrow>
  13.298          satisfies_is_d(##A, nth(u,env), nth(x,env), nth(y,env), nth(z,env))"  
  13.299  by (simp add: satisfies_is_d_fm_def satisfies_is_d_def sats_lambda_fm
  13.300                sats_bool_of_o_fm)
  13.301 @@ -744,7 +744,7 @@
  13.302  lemma satisfies_is_d_iff_sats:
  13.303    "[| nth(u,env) = nu; nth(x,env) = nx; nth(y,env) = ny; nth(z,env) = nz;
  13.304        u \<in> nat; x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
  13.305 -   ==> satisfies_is_d(##A,nu,nx,ny,nz) <->
  13.306 +   ==> satisfies_is_d(##A,nu,nx,ny,nz) \<longleftrightarrow>
  13.307         sats(A, satisfies_is_d_fm(u,x,y,z), env)"
  13.308  by simp
  13.309  
  13.310 @@ -762,7 +762,7 @@
  13.311  
  13.312  (* satisfies_MH == 
  13.313      \<lambda>M A u f zz. 
  13.314 -         \<forall>fml[M]. is_formula(M,fml) -->
  13.315 +         \<forall>fml[M]. is_formula(M,fml) \<longrightarrow>
  13.316               is_lambda (M, fml, 
  13.317                 is_formula_case (M, satisfies_is_a(M,A), 
  13.318                                  satisfies_is_b(M,A), 
  13.319 @@ -789,7 +789,7 @@
  13.320  
  13.321  lemma sats_satisfies_MH_fm [simp]:
  13.322     "[| u \<in> nat; x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
  13.323 -    ==> sats(A, satisfies_MH_fm(u,x,y,z), env) <->
  13.324 +    ==> sats(A, satisfies_MH_fm(u,x,y,z), env) \<longleftrightarrow>
  13.325          satisfies_MH(##A, nth(u,env), nth(x,env), nth(y,env), nth(z,env))"  
  13.326  by (simp add: satisfies_MH_fm_def satisfies_MH_def sats_lambda_fm
  13.327                sats_formula_case_fm)
  13.328 @@ -797,7 +797,7 @@
  13.329  lemma satisfies_MH_iff_sats:
  13.330    "[| nth(u,env) = nu; nth(x,env) = nx; nth(y,env) = ny; nth(z,env) = nz;
  13.331        u \<in> nat; x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)|]
  13.332 -   ==> satisfies_MH(##A,nu,nx,ny,nz) <->
  13.333 +   ==> satisfies_MH(##A,nu,nx,ny,nz) \<longleftrightarrow>
  13.334         sats(A, satisfies_MH_fm(u,x,y,z), env)"
  13.335  by simp 
  13.336  
  13.337 @@ -936,8 +936,8 @@
  13.338                env \<in> list(A) & 
  13.339                is_bool_of_o (L, 
  13.340                              \<forall>a[L]. \<forall>co[L]. \<forall>rpco[L]. 
  13.341 -                               a\<in>A --> is_Cons(L,a,env,co) -->
  13.342 -                               fun_apply(L,rp,co,rpco) --> number1(L, rpco), 
  13.343 +                               a\<in>A \<longrightarrow> is_Cons(L,a,env,co) \<longrightarrow>
  13.344 +                               fun_apply(L,rp,co,rpco) \<longrightarrow> number1(L, rpco), 
  13.345                              bo) &
  13.346                pair(L,env,bo,z))"
  13.347  apply (rule strong_replacementI)
    14.1 --- a/src/ZF/Constructible/Separation.thy	Tue Mar 06 16:46:27 2012 +0000
    14.2 +++ b/src/ZF/Constructible/Separation.thy	Tue Mar 06 17:01:37 2012 +0000
    14.3 @@ -38,7 +38,7 @@
    14.4  
    14.5  text{*Reduces the original comprehension to the reflected one*}
    14.6  lemma reflection_imp_L_separation:
    14.7 -      "[| \<forall>x\<in>Lset(j). P(x) <-> Q(x);
    14.8 +      "[| \<forall>x\<in>Lset(j). P(x) \<longleftrightarrow> Q(x);
    14.9            {x \<in> Lset(j) . Q(x)} \<in> DPow(Lset(j));
   14.10            Ord(j);  z \<in> Lset(j)|] ==> L({x \<in> z . P(x)})"
   14.11  apply (rule_tac i = "succ(j)" in L_I)
   14.12 @@ -85,12 +85,12 @@
   14.13  subsection{*Separation for Intersection*}
   14.14  
   14.15  lemma Inter_Reflects:
   14.16 -     "REFLECTS[\<lambda>x. \<forall>y[L]. y\<in>A --> x \<in> y,
   14.17 -               \<lambda>i x. \<forall>y\<in>Lset(i). y\<in>A --> x \<in> y]"
   14.18 +     "REFLECTS[\<lambda>x. \<forall>y[L]. y\<in>A \<longrightarrow> x \<in> y,
   14.19 +               \<lambda>i x. \<forall>y\<in>Lset(i). y\<in>A \<longrightarrow> x \<in> y]"
   14.20  by (intro FOL_reflections)
   14.21  
   14.22  lemma Inter_separation:
   14.23 -     "L(A) ==> separation(L, \<lambda>x. \<forall>y[L]. y\<in>A --> x\<in>y)"
   14.24 +     "L(A) ==> separation(L, \<lambda>x. \<forall>y[L]. y\<in>A \<longrightarrow> x\<in>y)"
   14.25  apply (rule gen_separation [OF Inter_Reflects], simp)
   14.26  apply (rule DPow_LsetI)
   14.27   txt{*I leave this one example of a manual proof.  The tedium of manually
    15.1 --- a/src/ZF/Constructible/WF_absolute.thy	Tue Mar 06 16:46:27 2012 +0000
    15.2 +++ b/src/ZF/Constructible/WF_absolute.thy	Tue Mar 06 17:01:37 2012 +0000
    15.3 @@ -18,7 +18,7 @@
    15.4  lemma alt_rtrancl_lemma1 [rule_format]:
    15.5      "n \<in> nat
    15.6       ==> \<forall>f \<in> succ(n) -> field(r).
    15.7 -         (\<forall>i\<in>n. \<langle>f`i, f ` succ(i)\<rangle> \<in> r) --> \<langle>f`0, f`n\<rangle> \<in> r^*"
    15.8 +         (\<forall>i\<in>n. \<langle>f`i, f ` succ(i)\<rangle> \<in> r) \<longrightarrow> \<langle>f`0, f`n\<rangle> \<in> r^*"
    15.9  apply (induct_tac n)
   15.10  apply (simp_all add: apply_funtype rtrancl_refl, clarify)
   15.11  apply (rename_tac n f)
   15.12 @@ -29,24 +29,24 @@
   15.13  apply (simp add: Ord_succ_mem_iff nat_0_le [THEN ltD] leI [THEN ltD] ltI)
   15.14  done
   15.15  
   15.16 -lemma rtrancl_alt_subset_rtrancl: "rtrancl_alt(field(r),r) <= r^*"
   15.17 +lemma rtrancl_alt_subset_rtrancl: "rtrancl_alt(field(r),r) \<subseteq> r^*"
   15.18  apply (simp add: rtrancl_alt_def)
   15.19  apply (blast intro: alt_rtrancl_lemma1)
   15.20  done
   15.21  
   15.22 -lemma rtrancl_subset_rtrancl_alt: "r^* <= rtrancl_alt(field(r),r)"
   15.23 +lemma rtrancl_subset_rtrancl_alt: "r^* \<subseteq> rtrancl_alt(field(r),r)"
   15.24  apply (simp add: rtrancl_alt_def, clarify)
   15.25  apply (frule rtrancl_type [THEN subsetD], clarify, simp)
   15.26  apply (erule rtrancl_induct)
   15.27   txt{*Base case, trivial*}
   15.28   apply (rule_tac x=0 in bexI)
   15.29 -  apply (rule_tac x="lam x:1. xa" in bexI)
   15.30 +  apply (rule_tac x="\<lambda>x\<in>1. xa" in bexI)
   15.31     apply simp_all
   15.32  txt{*Inductive step*}
   15.33  apply clarify
   15.34  apply (rename_tac n f)
   15.35  apply (rule_tac x="succ(n)" in bexI)
   15.36 - apply (rule_tac x="lam i:succ(succ(n)). if i=succ(n) then z else f`i" in bexI)
   15.37 + apply (rule_tac x="\<lambda>i\<in>succ(succ(n)). if i=succ(n) then z else f`i" in bexI)
   15.38    apply (simp add: Ord_succ_mem_iff nat_0_le [THEN ltD] leI [THEN ltD] ltI)
   15.39    apply (blast intro: mem_asym)
   15.40   apply typecheck
   15.41 @@ -67,7 +67,7 @@
   15.42                 (\<exists>f[M]. typed_function(M,n',A,f) &
   15.43                  (\<exists>x[M]. \<exists>y[M]. \<exists>zero[M]. pair(M,x,y,p) & empty(M,zero) &
   15.44                    fun_apply(M,f,zero,x) & fun_apply(M,f,n,y)) &
   15.45 -                  (\<forall>j[M]. j\<in>n --> 
   15.46 +                  (\<forall>j[M]. j\<in>n \<longrightarrow> 
   15.47                      (\<exists>fj[M]. \<exists>sj[M]. \<exists>fsj[M]. \<exists>ffp[M]. 
   15.48                        fun_apply(M,f,j,fj) & successor(M,j,sj) &
   15.49                        fun_apply(M,f,sj,fsj) & pair(M,fj,fsj,ffp) & ffp \<in> r)))"
   15.50 @@ -75,8 +75,8 @@
   15.51  definition
   15.52    rtran_closure :: "[i=>o,i,i] => o" where
   15.53      "rtran_closure(M,r,s) == 
   15.54 -        \<forall>A[M]. is_field(M,r,A) -->
   15.55 -         (\<forall>p[M]. p \<in> s <-> rtran_closure_mem(M,A,r,p))"
   15.56 +        \<forall>A[M]. is_field(M,r,A) \<longrightarrow>
   15.57 +         (\<forall>p[M]. p \<in> s \<longleftrightarrow> rtran_closure_mem(M,A,r,p))"
   15.58  
   15.59  definition
   15.60    tran_closure :: "[i=>o,i,i] => o" where
   15.61 @@ -85,7 +85,7 @@
   15.62  
   15.63  lemma (in M_basic) rtran_closure_mem_iff:
   15.64       "[|M(A); M(r); M(p)|]
   15.65 -      ==> rtran_closure_mem(M,A,r,p) <->
   15.66 +      ==> rtran_closure_mem(M,A,r,p) \<longleftrightarrow>
   15.67            (\<exists>n[M]. n\<in>nat & 
   15.68             (\<exists>f[M]. f \<in> succ(n) -> A &
   15.69              (\<exists>x[M]. \<exists>y[M]. p = <x,y> & f`0 = x & f`n = y) &
   15.70 @@ -118,7 +118,7 @@
   15.71  done
   15.72  
   15.73  lemma (in M_trancl) rtrancl_abs [simp]:
   15.74 -     "[| M(r); M(z) |] ==> rtran_closure(M,r,z) <-> z = rtrancl(r)"
   15.75 +     "[| M(r); M(z) |] ==> rtran_closure(M,r,z) \<longleftrightarrow> z = rtrancl(r)"
   15.76  apply (rule iffI)
   15.77   txt{*Proving the right-to-left implication*}
   15.78   prefer 2 apply (blast intro: rtran_closure_rtrancl)
   15.79 @@ -133,7 +133,7 @@
   15.80  by (simp add: trancl_def comp_closed rtrancl_closed)
   15.81  
   15.82  lemma (in M_trancl) trancl_abs [simp]:
   15.83 -     "[| M(r); M(z) |] ==> tran_closure(M,r,z) <-> z = trancl(r)"
   15.84 +     "[| M(r); M(z) |] ==> tran_closure(M,r,z) \<longleftrightarrow> z = trancl(r)"
   15.85  by (simp add: tran_closure_def trancl_def)
   15.86  
   15.87  lemma (in M_trancl) wellfounded_trancl_separation':
   15.88 @@ -142,7 +142,7 @@
   15.89  
   15.90  text{*Alternative proof of @{text wf_on_trancl}; inspiration for the
   15.91        relativized version.  Original version is on theory WF.*}
   15.92 -lemma "[| wf[A](r);  r-``A <= A |] ==> wf[A](r^+)"
   15.93 +lemma "[| wf[A](r);  r-``A \<subseteq> A |] ==> wf[A](r^+)"
   15.94  apply (simp add: wf_on_def wf_def)
   15.95  apply (safe intro!: equalityI)
   15.96  apply (drule_tac x = "{x\<in>A. \<exists>w. \<langle>w,x\<rangle> \<in> r^+ & w \<in> Z}" in spec)
   15.97 @@ -150,7 +150,7 @@
   15.98  done
   15.99  
  15.100  lemma (in M_trancl) wellfounded_on_trancl:
  15.101 -     "[| wellfounded_on(M,A,r);  r-``A <= A; M(r); M(A) |]
  15.102 +     "[| wellfounded_on(M,A,r);  r-``A \<subseteq> A; M(r); M(A) |]
  15.103        ==> wellfounded_on(M,A,r^+)"
  15.104  apply (simp add: wellfounded_on_def)
  15.105  apply (safe intro!: equalityI)
  15.106 @@ -186,8 +186,8 @@
  15.107            pair(M,x,y,z) & 
  15.108            is_recfun(r^+, x, \<lambda>x f. H(x, restrict(f, r -`` {x})), g) & 
  15.109            y = H(x, restrict(g, r -`` {x}))); 
  15.110 -     \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g))|] 
  15.111 -   ==> wfrec(r,a,H) = z <-> 
  15.112 +     \<forall>x[M]. \<forall>g[M]. function(g) \<longrightarrow> M(H(x,g))|] 
  15.113 +   ==> wfrec(r,a,H) = z \<longleftrightarrow> 
  15.114         (\<exists>f[M]. is_recfun(r^+, a, \<lambda>x f. H(x, restrict(f, r -`` {x})), f) & 
  15.115              z = H(a,restrict(f,r-``{a})))"
  15.116  apply (frule wf_trancl) 
  15.117 @@ -206,8 +206,8 @@
  15.118  theorem (in M_trancl) trans_wfrec_relativize:
  15.119    "[|wf(r);  trans(r);  relation(r);  M(r);  M(a);
  15.120       wfrec_replacement(M,MH,r);  relation2(M,MH,H);
  15.121 -     \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g))|] 
  15.122 -   ==> wfrec(r,a,H) = z <-> (\<exists>f[M]. is_recfun(r,a,H,f) & z = H(a,f))" 
  15.123 +     \<forall>x[M]. \<forall>g[M]. function(g) \<longrightarrow> M(H(x,g))|] 
  15.124 +   ==> wfrec(r,a,H) = z \<longleftrightarrow> (\<exists>f[M]. is_recfun(r,a,H,f) & z = H(a,f))" 
  15.125  apply (frule wfrec_replacement', assumption+) 
  15.126  apply (simp cong: is_recfun_cong
  15.127             add: wfrec_relativize trancl_eq_r
  15.128 @@ -217,16 +217,16 @@
  15.129  theorem (in M_trancl) trans_wfrec_abs:
  15.130    "[|wf(r);  trans(r);  relation(r);  M(r);  M(a);  M(z);
  15.131       wfrec_replacement(M,MH,r);  relation2(M,MH,H);
  15.132 -     \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g))|] 
  15.133 -   ==> is_wfrec(M,MH,r,a,z) <-> z=wfrec(r,a,H)" 
  15.134 +     \<forall>x[M]. \<forall>g[M]. function(g) \<longrightarrow> M(H(x,g))|] 
  15.135 +   ==> is_wfrec(M,MH,r,a,z) \<longleftrightarrow> z=wfrec(r,a,H)" 
  15.136  by (simp add: trans_wfrec_relativize [THEN iff_sym] is_wfrec_abs, blast) 
  15.137  
  15.138  
  15.139  lemma (in M_trancl) trans_eq_pair_wfrec_iff:
  15.140    "[|wf(r);  trans(r); relation(r); M(r);  M(y); 
  15.141       wfrec_replacement(M,MH,r);  relation2(M,MH,H);
  15.142 -     \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g))|] 
  15.143 -   ==> y = <x, wfrec(r, x, H)> <-> 
  15.144 +     \<forall>x[M]. \<forall>g[M]. function(g) \<longrightarrow> M(H(x,g))|] 
  15.145 +   ==> y = <x, wfrec(r, x, H)> \<longleftrightarrow> 
  15.146         (\<exists>f[M]. is_recfun(r,x,H,f) & y = <x, H(x,f)>)"
  15.147  apply safe 
  15.148   apply (simp add: trans_wfrec_relativize [THEN iff_sym, of concl: _ x]) 
  15.149 @@ -242,8 +242,8 @@
  15.150  lemma (in M_trancl) wfrec_closed_lemma [rule_format]:
  15.151       "[|wf(r); M(r); 
  15.152          strong_replacement(M, \<lambda>x y. y = \<langle>x, wfrec(r, x, H)\<rangle>);
  15.153 -        \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g)) |] 
  15.154 -      ==> M(a) --> M(wfrec(r,a,H))"
  15.155 +        \<forall>x[M]. \<forall>g[M]. function(g) \<longrightarrow> M(H(x,g)) |] 
  15.156 +      ==> M(a) \<longrightarrow> M(wfrec(r,a,H))"
  15.157  apply (rule_tac a=a in wf_induct, assumption+)
  15.158  apply (subst wfrec, assumption, clarify)
  15.159  apply (drule_tac x1=x and x="\<lambda>x\<in>r -`` {x}. wfrec(r, x, H)" 
  15.160 @@ -255,7 +255,7 @@
  15.161  text{*Eliminates one instance of replacement.*}
  15.162  lemma (in M_trancl) wfrec_replacement_iff:
  15.163       "strong_replacement(M, \<lambda>x z. 
  15.164 -          \<exists>y[M]. pair(M,x,y,z) & (\<exists>g[M]. is_recfun(r,x,H,g) & y = H(x,g))) <->
  15.165 +          \<exists>y[M]. pair(M,x,y,z) & (\<exists>g[M]. is_recfun(r,x,H,g) & y = H(x,g))) \<longleftrightarrow>
  15.166        strong_replacement(M, 
  15.167             \<lambda>x y. \<exists>f[M]. is_recfun(r,x,H,f) & y = <x, H(x,f)>)"
  15.168  apply simp 
  15.169 @@ -266,7 +266,7 @@
  15.170  theorem (in M_trancl) trans_wfrec_closed:
  15.171       "[|wf(r); trans(r); relation(r); M(r); M(a);
  15.172         wfrec_replacement(M,MH,r);  relation2(M,MH,H);
  15.173 -        \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g)) |] 
  15.174 +        \<forall>x[M]. \<forall>g[M]. function(g) \<longrightarrow> M(H(x,g)) |] 
  15.175        ==> M(wfrec(r,a,H))"
  15.176  apply (frule wfrec_replacement', assumption+) 
  15.177  apply (frule wfrec_replacement_iff [THEN iffD1]) 
  15.178 @@ -281,8 +281,8 @@
  15.179            pair(M,x,y,z) & 
  15.180            is_recfun(r^+, x, \<lambda>x f. H(x, restrict(f, r -`` {x})), g) & 
  15.181            y = H(x, restrict(g, r -`` {x}))); 
  15.182 -     \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g))|] 
  15.183 -   ==> y = <x, wfrec(r, x, H)> <-> 
  15.184 +     \<forall>x[M]. \<forall>g[M]. function(g) \<longrightarrow> M(H(x,g))|] 
  15.185 +   ==> y = <x, wfrec(r, x, H)> \<longleftrightarrow> 
  15.186         (\<exists>f[M]. is_recfun(r^+, x, \<lambda>x f. H(x, restrict(f, r -`` {x})), f) & 
  15.187              y = <x, H(x,restrict(f,r-``{x}))>)"
  15.188  apply safe  
  15.189 @@ -297,7 +297,7 @@
  15.190       "[|wf(r); M(r); M(a);
  15.191          wfrec_replacement(M,MH,r^+);  
  15.192          relation2(M,MH, \<lambda>x f. H(x, restrict(f, r -`` {x})));
  15.193 -        \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g)) |] 
  15.194 +        \<forall>x[M]. \<forall>g[M]. function(g) \<longrightarrow> M(H(x,g)) |] 
  15.195        ==> M(wfrec(r,a,H))"
  15.196  apply (frule wfrec_replacement' 
  15.197                 [of MH "r^+" "\<lambda>x f. H(x, restrict(f, r -`` {x}))"])
    16.1 --- a/src/ZF/Constructible/WFrec.thy	Tue Mar 06 16:46:27 2012 +0000
    16.2 +++ b/src/ZF/Constructible/WFrec.thy	Tue Mar 06 17:01:37 2012 +0000
    16.3 @@ -20,7 +20,7 @@
    16.4  
    16.5  text{*Expresses @{text is_recfun} as a recursion equation*}
    16.6  lemma is_recfun_iff_equation:
    16.7 -     "is_recfun(r,a,H,f) <->
    16.8 +     "is_recfun(r,a,H,f) \<longleftrightarrow>
    16.9             f \<in> r -`` {a} \<rightarrow> range(f) &
   16.10             (\<forall>x \<in> r-``{a}. f`x = H(x, restrict(f, r-``{x})))"  
   16.11  apply (rule iffI) 
   16.12 @@ -47,7 +47,7 @@
   16.13  
   16.14  lemma is_recfun_cong_lemma:
   16.15    "[| is_recfun(r,a,H,f); r = r'; a = a'; f = f'; 
   16.16 -      !!x g. [| <x,a'> \<in> r'; relation(g); domain(g) <= r' -``{x} |] 
   16.17 +      !!x g. [| <x,a'> \<in> r'; relation(g); domain(g) \<subseteq> r' -``{x} |] 
   16.18               ==> H(x,g) = H'(x,g) |]
   16.19     ==> is_recfun(r',a',H',f')"
   16.20  apply (simp add: is_recfun_def) 
   16.21 @@ -60,9 +60,9 @@
   16.22        whose domains are initial segments of @{term r}.*}
   16.23  lemma is_recfun_cong:
   16.24    "[| r = r'; a = a'; f = f'; 
   16.25 -      !!x g. [| <x,a'> \<in> r'; relation(g); domain(g) <= r' -``{x} |] 
   16.26 +      !!x g. [| <x,a'> \<in> r'; relation(g); domain(g) \<subseteq> r' -``{x} |] 
   16.27               ==> H(x,g) = H'(x,g) |]
   16.28 -   ==> is_recfun(r,a,H,f) <-> is_recfun(r',a',H',f')"
   16.29 +   ==> is_recfun(r,a,H,f) \<longleftrightarrow> is_recfun(r',a',H',f')"
   16.30  apply (rule iffI)
   16.31  txt{*Messy: fast and blast don't work for some reason*}
   16.32  apply (erule is_recfun_cong_lemma, auto) 
   16.33 @@ -91,7 +91,7 @@
   16.34      "[|is_recfun(r,a,H,f);  is_recfun(r,b,H,g);  
   16.35         wellfounded(M,r);  trans(r);
   16.36         M(f); M(g); M(r); M(x); M(a); M(b) |] 
   16.37 -     ==> <x,a> \<in> r --> <x,b> \<in> r --> f`x=g`x"
   16.38 +     ==> <x,a> \<in> r \<longrightarrow> <x,b> \<in> r \<longrightarrow> f`x=g`x"
   16.39  apply (frule_tac f=f in is_recfun_type) 
   16.40  apply (frule_tac f=g in is_recfun_type) 
   16.41  apply (simp add: is_recfun_def)
   16.42 @@ -104,7 +104,7 @@
   16.43  apply (simp (no_asm_simp) add: vimage_singleton_iff restrict_def)
   16.44  apply (rename_tac x1)
   16.45  apply (rule_tac t="%z. H(x1,z)" in subst_context) 
   16.46 -apply (subgoal_tac "\<forall>y \<in> r-``{x1}. ALL z. <y,z>\<in>f <-> <y,z>\<in>g")
   16.47 +apply (subgoal_tac "\<forall>y \<in> r-``{x1}. \<forall>z. <y,z>\<in>f \<longleftrightarrow> <y,z>\<in>g")
   16.48   apply (blast intro: transD) 
   16.49  apply (simp add: apply_iff) 
   16.50  apply (blast intro: transD sym) 
   16.51 @@ -132,9 +132,9 @@
   16.52  
   16.53  text{*Tells us that @{text is_recfun} can (in principle) be relativized.*}
   16.54  lemma (in M_basic) is_recfun_relativize:
   16.55 -  "[| M(r); M(f); \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g)) |] 
   16.56 -   ==> is_recfun(r,a,H,f) <->
   16.57 -       (\<forall>z[M]. z \<in> f <-> 
   16.58 +  "[| M(r); M(f); \<forall>x[M]. \<forall>g[M]. function(g) \<longrightarrow> M(H(x,g)) |] 
   16.59 +   ==> is_recfun(r,a,H,f) \<longleftrightarrow>
   16.60 +       (\<forall>z[M]. z \<in> f \<longleftrightarrow> 
   16.61          (\<exists>x[M]. <x,a> \<in> r & z = <x, H(x, restrict(f, r-``{x}))>))";
   16.62  apply (simp add: is_recfun_def lam_def)
   16.63  apply (safe intro!: equalityI) 
   16.64 @@ -155,7 +155,7 @@
   16.65  lemma (in M_basic) is_recfun_restrict:
   16.66       "[| wellfounded(M,r); trans(r); is_recfun(r,x,H,f); \<langle>y,x\<rangle> \<in> r; 
   16.67         M(r); M(f); 
   16.68 -       \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g)) |]
   16.69 +       \<forall>x[M]. \<forall>g[M]. function(g) \<longrightarrow> M(H(x,g)) |]
   16.70         ==> is_recfun(r, y, H, restrict(f, r -`` {y}))"
   16.71  apply (frule pair_components_in_M, assumption, clarify) 
   16.72  apply (simp (no_asm_simp) add: is_recfun_relativize restrict_iff
   16.73 @@ -171,14 +171,14 @@
   16.74   
   16.75  lemma (in M_basic) restrict_Y_lemma:
   16.76     "[| wellfounded(M,r); trans(r); M(r);
   16.77 -       \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g));  M(Y);
   16.78 +       \<forall>x[M]. \<forall>g[M]. function(g) \<longrightarrow> M(H(x,g));  M(Y);
   16.79         \<forall>b[M]. 
   16.80 -           b \<in> Y <->
   16.81 +           b \<in> Y \<longleftrightarrow>
   16.82             (\<exists>x[M]. <x,a1> \<in> r &
   16.83              (\<exists>y[M]. b = \<langle>x,y\<rangle> & (\<exists>g[M]. is_recfun(r,x,H,g) \<and> y = H(x,g))));
   16.84            \<langle>x,a1\<rangle> \<in> r; is_recfun(r,x,H,f); M(f) |]
   16.85         ==> restrict(Y, r -`` {x}) = f"
   16.86 -apply (subgoal_tac "\<forall>y \<in> r-``{x}. \<forall>z. <y,z>:Y <-> <y,z>:f") 
   16.87 +apply (subgoal_tac "\<forall>y \<in> r-``{x}. \<forall>z. <y,z>:Y \<longleftrightarrow> <y,z>:f") 
   16.88   apply (simp (no_asm_simp) add: restrict_def) 
   16.89   apply (thin_tac "rall(M,?P)")+  --{*essential for efficiency*}
   16.90   apply (frule is_recfun_type [THEN fun_is_rel], blast)
   16.91 @@ -210,11 +210,11 @@
   16.92  text{*Proof of the inductive step for @{text exists_is_recfun}, since
   16.93        we must prove two versions.*}
   16.94  lemma (in M_basic) exists_is_recfun_indstep:
   16.95 -    "[|\<forall>y. \<langle>y, a1\<rangle> \<in> r --> (\<exists>f[M]. is_recfun(r, y, H, f)); 
   16.96 +    "[|\<forall>y. \<langle>y, a1\<rangle> \<in> r \<longrightarrow> (\<exists>f[M]. is_recfun(r, y, H, f)); 
   16.97         wellfounded(M,r); trans(r); M(r); M(a1);
   16.98         strong_replacement(M, \<lambda>x z. 
   16.99                \<exists>y[M]. \<exists>g[M]. pair(M,x,y,z) & is_recfun(r,x,H,g) & y = H(x,g)); 
  16.100 -       \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g))|]   
  16.101 +       \<forall>x[M]. \<forall>g[M]. function(g) \<longrightarrow> M(H(x,g))|]   
  16.102        ==> \<exists>f[M]. is_recfun(r,a1,H,f)"
  16.103  apply (drule_tac A="r-``{a1}" in strong_replacementD)
  16.104    apply blast 
  16.105 @@ -248,7 +248,7 @@
  16.106         strong_replacement(M, \<lambda>x z. 
  16.107            \<exists>y[M]. \<exists>g[M]. pair(M,x,y,z) & is_recfun(r,x,H,g) & y = H(x,g)); 
  16.108         M(r);  M(a);  
  16.109 -       \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g)) |]   
  16.110 +       \<forall>x[M]. \<forall>g[M]. function(g) \<longrightarrow> M(H(x,g)) |]   
  16.111        ==> \<exists>f[M]. is_recfun(r,a,H,f)"
  16.112  apply (rule wellfounded_induct, assumption+, clarify)
  16.113  apply (rule exists_is_recfun_indstep, assumption+)
  16.114 @@ -258,8 +258,8 @@
  16.115      "[|wf(r);  trans(r);  M(r);  
  16.116         strong_replacement(M, \<lambda>x z. 
  16.117           \<exists>y[M]. \<exists>g[M]. pair(M,x,y,z) & is_recfun(r,x,H,g) & y = H(x,g)); 
  16.118 -       \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g)) |]   
  16.119 -      ==> M(a) --> (\<exists>f[M]. is_recfun(r,a,H,f))"
  16.120 +       \<forall>x[M]. \<forall>g[M]. function(g) \<longrightarrow> M(H(x,g)) |]   
  16.121 +      ==> M(a) \<longrightarrow> (\<exists>f[M]. is_recfun(r,a,H,f))"
  16.122  apply (rule wf_induct, assumption+)
  16.123  apply (frule wf_imp_relativized)
  16.124  apply (intro impI)
  16.125 @@ -273,7 +273,7 @@
  16.126  definition
  16.127    M_is_recfun :: "[i=>o, [i,i,i]=>o, i, i, i] => o" where
  16.128     "M_is_recfun(M,MH,r,a,f) == 
  16.129 -     \<forall>z[M]. z \<in> f <-> 
  16.130 +     \<forall>z[M]. z \<in> f \<longleftrightarrow> 
  16.131              (\<exists>x[M]. \<exists>y[M]. \<exists>xa[M]. \<exists>sx[M]. \<exists>r_sx[M]. \<exists>f_r_sx[M]. 
  16.132                 pair(M,x,y,z) & pair(M,x,a,xa) & upair(M,x,x,sx) &
  16.133                 pre_image(M,r,sx,r_sx) & restriction(M,f,r_sx,f_r_sx) &
  16.134 @@ -291,9 +291,9 @@
  16.135               \<lambda>x z. \<exists>y[M]. pair(M,x,y,z) & is_wfrec(M,MH,r,x,y))"
  16.136  
  16.137  lemma (in M_basic) is_recfun_abs:
  16.138 -     "[| \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g));  M(r); M(a); M(f); 
  16.139 +     "[| \<forall>x[M]. \<forall>g[M]. function(g) \<longrightarrow> M(H(x,g));  M(r); M(a); M(f); 
  16.140           relation2(M,MH,H) |] 
  16.141 -      ==> M_is_recfun(M,MH,r,a,f) <-> is_recfun(r,a,H,f)"
  16.142 +      ==> M_is_recfun(M,MH,r,a,f) \<longleftrightarrow> is_recfun(r,a,H,f)"
  16.143  apply (simp add: M_is_recfun_def relation2_def is_recfun_relativize)
  16.144  apply (rule rall_cong)
  16.145  apply (blast dest: transM)
  16.146 @@ -301,30 +301,30 @@
  16.147  
  16.148  lemma M_is_recfun_cong [cong]:
  16.149       "[| r = r'; a = a'; f = f'; 
  16.150 -       !!x g y. [| M(x); M(g); M(y) |] ==> MH(x,g,y) <-> MH'(x,g,y) |]
  16.151 -      ==> M_is_recfun(M,MH,r,a,f) <-> M_is_recfun(M,MH',r',a',f')"
  16.152 +       !!x g y. [| M(x); M(g); M(y) |] ==> MH(x,g,y) \<longleftrightarrow> MH'(x,g,y) |]
  16.153 +      ==> M_is_recfun(M,MH,r,a,f) \<longleftrightarrow> M_is_recfun(M,MH',r',a',f')"
  16.154  by (simp add: M_is_recfun_def) 
  16.155  
  16.156  lemma (in M_basic) is_wfrec_abs:
  16.157 -     "[| \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g)); 
  16.158 +     "[| \<forall>x[M]. \<forall>g[M]. function(g) \<longrightarrow> M(H(x,g)); 
  16.159           relation2(M,MH,H);  M(r); M(a); M(z) |]
  16.160 -      ==> is_wfrec(M,MH,r,a,z) <-> 
  16.161 +      ==> is_wfrec(M,MH,r,a,z) \<longleftrightarrow> 
  16.162            (\<exists>g[M]. is_recfun(r,a,H,g) & z = H(a,g))"
  16.163  by (simp add: is_wfrec_def relation2_def is_recfun_abs)
  16.164  
  16.165  text{*Relating @{term wfrec_replacement} to native constructs*}
  16.166  lemma (in M_basic) wfrec_replacement':
  16.167    "[|wfrec_replacement(M,MH,r);
  16.168 -     \<forall>x[M]. \<forall>g[M]. function(g) --> M(H(x,g)); 
  16.169 +     \<forall>x[M]. \<forall>g[M]. function(g) \<longrightarrow> M(H(x,g)); 
  16.170       relation2(M,MH,H);  M(r)|] 
  16.171     ==> strong_replacement(M, \<lambda>x z. \<exists>y[M]. 
  16.172                  pair(M,x,y,z) & (\<exists>g[M]. is_recfun(r,x,H,g) & y = H(x,g)))"
  16.173  by (simp add: wfrec_replacement_def is_wfrec_abs) 
  16.174  
  16.175  lemma wfrec_replacement_cong [cong]:
  16.176 -     "[| !!x y z. [| M(x); M(y); M(z) |] ==> MH(x,y,z) <-> MH'(x,y,z);
  16.177 +     "[| !!x y z. [| M(x); M(y); M(z) |] ==> MH(x,y,z) \<longleftrightarrow> MH'(x,y,z);
  16.178           r=r' |] 
  16.179 -      ==> wfrec_replacement(M, %x y. MH(x,y), r) <-> 
  16.180 +      ==> wfrec_replacement(M, %x y. MH(x,y), r) \<longleftrightarrow> 
  16.181            wfrec_replacement(M, %x y. MH'(x,y), r')" 
  16.182  by (simp add: is_wfrec_def wfrec_replacement_def) 
  16.183  
    17.1 --- a/src/ZF/Constructible/Wellorderings.thy	Tue Mar 06 16:46:27 2012 +0000
    17.2 +++ b/src/ZF/Constructible/Wellorderings.thy	Tue Mar 06 17:01:37 2012 +0000
    17.3 @@ -17,29 +17,29 @@
    17.4  
    17.5  definition
    17.6    irreflexive :: "[i=>o,i,i]=>o" where
    17.7 -    "irreflexive(M,A,r) == \<forall>x[M]. x\<in>A --> <x,x> \<notin> r"
    17.8 +    "irreflexive(M,A,r) == \<forall>x[M]. x\<in>A \<longrightarrow> <x,x> \<notin> r"
    17.9    
   17.10  definition
   17.11    transitive_rel :: "[i=>o,i,i]=>o" where
   17.12      "transitive_rel(M,A,r) == 
   17.13 -        \<forall>x[M]. x\<in>A --> (\<forall>y[M]. y\<in>A --> (\<forall>z[M]. z\<in>A --> 
   17.14 -                          <x,y>\<in>r --> <y,z>\<in>r --> <x,z>\<in>r))"
   17.15 +        \<forall>x[M]. x\<in>A \<longrightarrow> (\<forall>y[M]. y\<in>A \<longrightarrow> (\<forall>z[M]. z\<in>A \<longrightarrow> 
   17.16 +                          <x,y>\<in>r \<longrightarrow> <y,z>\<in>r \<longrightarrow> <x,z>\<in>r))"
   17.17  
   17.18  definition
   17.19    linear_rel :: "[i=>o,i,i]=>o" where
   17.20      "linear_rel(M,A,r) == 
   17.21 -        \<forall>x[M]. x\<in>A --> (\<forall>y[M]. y\<in>A --> <x,y>\<in>r | x=y | <y,x>\<in>r)"
   17.22 +        \<forall>x[M]. x\<in>A \<longrightarrow> (\<forall>y[M]. y\<in>A \<longrightarrow> <x,y>\<in>r | x=y | <y,x>\<in>r)"
   17.23  
   17.24  definition
   17.25    wellfounded :: "[i=>o,i]=>o" where
   17.26      --{*EVERY non-empty set has an @{text r}-minimal element*}
   17.27      "wellfounded(M,r) == 
   17.28 -        \<forall>x[M]. x\<noteq>0 --> (\<exists>y[M]. y\<in>x & ~(\<exists>z[M]. z\<in>x & <z,y> \<in> r))"
   17.29 +        \<forall>x[M]. x\<noteq>0 \<longrightarrow> (\<exists>y[M]. y\<in>x & ~(\<exists>z[M]. z\<in>x & <z,y> \<in> r))"
   17.30  definition
   17.31    wellfounded_on :: "[i=>o,i,i]=>o" where
   17.32      --{*every non-empty SUBSET OF @{text A} has an @{text r}-minimal element*}
   17.33      "wellfounded_on(M,A,r) == 
   17.34 -        \<forall>x[M]. x\<noteq>0 --> x\<subseteq>A --> (\<exists>y[M]. y\<in>x & ~(\<exists>z[M]. z\<in>x & <z,y> \<in> r))"
   17.35 +        \<forall>x[M]. x\<noteq>0 \<longrightarrow> x\<subseteq>A \<longrightarrow> (\<exists>y[M]. y\<in>x & ~(\<exists>z[M]. z\<in>x & <z,y> \<in> r))"
   17.36  
   17.37  definition
   17.38    wellordered :: "[i=>o,i,i]=>o" where
   17.39 @@ -51,15 +51,15 @@
   17.40  subsubsection {*Trivial absoluteness proofs*}
   17.41  
   17.42  lemma (in M_basic) irreflexive_abs [simp]: 
   17.43 -     "M(A) ==> irreflexive(M,A,r) <-> irrefl(A,r)"
   17.44 +     "M(A) ==> irreflexive(M,A,r) \<longleftrightarrow> irrefl(A,r)"
   17.45  by (simp add: irreflexive_def irrefl_def)
   17.46  
   17.47  lemma (in M_basic) transitive_rel_abs [simp]: 
   17.48 -     "M(A) ==> transitive_rel(M,A,r) <-> trans[A](r)"
   17.49 +     "M(A) ==> transitive_rel(M,A,r) \<longleftrightarrow> trans[A](r)"
   17.50  by (simp add: transitive_rel_def trans_on_def)
   17.51  
   17.52  lemma (in M_basic) linear_rel_abs [simp]: 
   17.53 -     "M(A) ==> linear_rel(M,A,r) <-> linear(A,r)"
   17.54 +     "M(A) ==> linear_rel(M,A,r) \<longleftrightarrow> linear(A,r)"
   17.55  by (simp add: linear_rel_def linear_def)
   17.56  
   17.57  lemma (in M_basic) wellordered_is_trans_on: 
   17.58 @@ -86,7 +86,7 @@
   17.59  subsubsection {*Well-founded relations*}
   17.60  
   17.61  lemma  (in M_basic) wellfounded_on_iff_wellfounded:
   17.62 -     "wellfounded_on(M,A,r) <-> wellfounded(M, r \<inter> A*A)"
   17.63 +     "wellfounded_on(M,A,r) \<longleftrightarrow> wellfounded(M, r \<inter> A*A)"
   17.64  apply (simp add: wellfounded_on_def wellfounded_def, safe)
   17.65   apply force
   17.66  apply (drule_tac x=x in rspec, assumption, blast) 
   17.67 @@ -101,14 +101,14 @@
   17.68  by (simp add: wellfounded_def wellfounded_on_iff_wellfounded, fast)
   17.69  
   17.70  lemma (in M_basic) wellfounded_iff_wellfounded_on_field:
   17.71 -     "M(r) ==> wellfounded(M,r) <-> wellfounded_on(M, field(r), r)"
   17.72 +     "M(r) ==> wellfounded(M,r) \<longleftrightarrow> wellfounded_on(M, field(r), r)"
   17.73  by (blast intro: wellfounded_imp_wellfounded_on
   17.74                   wellfounded_on_field_imp_wellfounded)
   17.75  
   17.76  (*Consider the least z in domain(r) such that P(z) does not hold...*)
   17.77  lemma (in M_basic) wellfounded_induct: 
   17.78       "[| wellfounded(M,r); M(a); M(r); separation(M, \<lambda>x. ~P(x));  
   17.79 -         \<forall>x. M(x) & (\<forall>y. <y,x> \<in> r --> P(y)) --> P(x) |]
   17.80 +         \<forall>x. M(x) & (\<forall>y. <y,x> \<in> r \<longrightarrow> P(y)) \<longrightarrow> P(x) |]
   17.81        ==> P(a)";
   17.82  apply (simp (no_asm_use) add: wellfounded_def)
   17.83  apply (drule_tac x="{z \<in> domain(r). ~P(z)}" in rspec)
   17.84 @@ -117,11 +117,11 @@
   17.85  
   17.86  lemma (in M_basic) wellfounded_on_induct: 
   17.87       "[| a\<in>A;  wellfounded_on(M,A,r);  M(A);  
   17.88 -       separation(M, \<lambda>x. x\<in>A --> ~P(x));  
   17.89 -       \<forall>x\<in>A. M(x) & (\<forall>y\<in>A. <y,x> \<in> r --> P(y)) --> P(x) |]
   17.90 +       separation(M, \<lambda>x. x\<in>A \<longrightarrow> ~P(x));  
   17.91 +       \<forall>x\<in>A. M(x) & (\<forall>y\<in>A. <y,x> \<in> r \<longrightarrow> P(y)) \<longrightarrow> P(x) |]
   17.92        ==> P(a)";
   17.93  apply (simp (no_asm_use) add: wellfounded_on_def)
   17.94 -apply (drule_tac x="{z\<in>A. z\<in>A --> ~P(z)}" in rspec)
   17.95 +apply (drule_tac x="{z\<in>A. z\<in>A \<longrightarrow> ~P(z)}" in rspec)
   17.96  apply (blast intro: transM)+
   17.97  done
   17.98  
   17.99 @@ -158,11 +158,11 @@
  17.100  
  17.101  lemma (in M_basic) order_isomorphism_abs [simp]: 
  17.102       "[| M(A); M(B); M(f) |] 
  17.103 -      ==> order_isomorphism(M,A,r,B,s,f) <-> f \<in> ord_iso(A,r,B,s)"
  17.104 +      ==> order_isomorphism(M,A,r,B,s,f) \<longleftrightarrow> f \<in> ord_iso(A,r,B,s)"
  17.105  by (simp add: apply_closed order_isomorphism_def ord_iso_def)
  17.106  
  17.107  lemma (in M_basic) pred_set_abs [simp]: 
  17.108 -     "[| M(r); M(B) |] ==> pred_set(M,A,x,r,B) <-> B = Order.pred(A,x,r)"
  17.109 +     "[| M(r); M(B) |] ==> pred_set(M,A,x,r,B) \<longleftrightarrow> B = Order.pred(A,x,r)"
  17.110  apply (simp add: pred_set_def Order.pred_def)
  17.111  apply (blast dest: transM) 
  17.112  done
  17.113 @@ -174,7 +174,7 @@
  17.114  done
  17.115  
  17.116  lemma (in M_basic) membership_abs [simp]: 
  17.117 -     "[| M(r); M(A) |] ==> membership(M,A,r) <-> r = Memrel(A)"
  17.118 +     "[| M(r); M(A) |] ==> membership(M,A,r) \<longleftrightarrow> r = Memrel(A)"
  17.119  apply (simp add: membership_def Memrel_def, safe)
  17.120    apply (rule equalityI) 
  17.121     apply clarify 
    18.1 --- a/src/ZF/Resid/Confluence.thy	Tue Mar 06 16:46:27 2012 +0000
    18.2 +++ b/src/ZF/Resid/Confluence.thy	Tue Mar 06 17:01:37 2012 +0000
    18.3 @@ -8,12 +8,12 @@
    18.4  definition
    18.5    confluence    :: "i=>o"  where
    18.6      "confluence(R) ==   
    18.7 -       \<forall>x y. <x,y> \<in> R --> (\<forall>z.<x,z> \<in> R --> (\<exists>u.<y,u> \<in> R & <z,u> \<in> R))"
    18.8 +       \<forall>x y. <x,y> \<in> R \<longrightarrow> (\<forall>z.<x,z> \<in> R \<longrightarrow> (\<exists>u.<y,u> \<in> R & <z,u> \<in> R))"
    18.9  
   18.10  definition
   18.11    strip         :: "o"  where
   18.12 -    "strip == \<forall>x y. (x ===> y) --> 
   18.13 -                    (\<forall>z.(x =1=> z) --> (\<exists>u.(y =1=> u) & (z===>u)))" 
   18.14 +    "strip == \<forall>x y. (x ===> y) \<longrightarrow> 
   18.15 +                    (\<forall>z.(x =1=> z) \<longrightarrow> (\<exists>u.(y =1=> u) & (z===>u)))" 
   18.16  
   18.17  
   18.18  (* ------------------------------------------------------------------------- *)
   18.19 @@ -72,11 +72,11 @@
   18.20    "a<-1->b == <a,b> \<in> Sconv1"
   18.21  
   18.22  abbreviation
   18.23 -  Sconv_rel (infixl "<--->" 50) where
   18.24 -  "a<--->b == <a,b> \<in> Sconv"
   18.25 +  Sconv_rel (infixl "<-\<longrightarrow>" 50) where
   18.26 +  "a<-\<longrightarrow>b == <a,b> \<in> Sconv"
   18.27    
   18.28  inductive
   18.29 -  domains       "Sconv1" <= "lambda*lambda"
   18.30 +  domains       "Sconv1" \<subseteq> "lambda*lambda"
   18.31    intros
   18.32      red1:        "m -1-> n ==> m<-1->n"
   18.33      expl:        "n -1-> m ==> m<-1->n"
   18.34 @@ -85,16 +85,16 @@
   18.35  declare Sconv1.intros [intro]
   18.36  
   18.37  inductive
   18.38 -  domains       "Sconv" <= "lambda*lambda"
   18.39 +  domains       "Sconv" \<subseteq> "lambda*lambda"
   18.40    intros
   18.41 -    one_step:    "m<-1->n  ==> m<--->n"
   18.42 -    refl:        "m \<in> lambda ==> m<--->m"
   18.43 -    trans:       "[|m<--->n; n<--->p|] ==> m<--->p"
   18.44 +    one_step:    "m<-1->n  ==> m<-\<longrightarrow>n"
   18.45 +    refl:        "m \<in> lambda ==> m<-\<longrightarrow>m"
   18.46 +    trans:       "[|m<-\<longrightarrow>n; n<-\<longrightarrow>p|] ==> m<-\<longrightarrow>p"
   18.47    type_intros    Sconv1.dom_subset [THEN subsetD] lambda.intros bool_typechecks
   18.48  
   18.49  declare Sconv.intros [intro]
   18.50  
   18.51 -lemma conv_sym: "m<--->n ==> n<--->m"
   18.52 +lemma conv_sym: "m<-\<longrightarrow>n ==> n<-\<longrightarrow>m"
   18.53  apply (erule Sconv.induct)
   18.54  apply (erule Sconv1.induct, blast+)
   18.55  done
   18.56 @@ -103,7 +103,7 @@
   18.57  (*      Church_Rosser Theorem                                                *)
   18.58  (* ------------------------------------------------------------------------- *)
   18.59  
   18.60 -lemma Church_Rosser: "m<--->n ==> \<exists>p.(m --->p) & (n ---> p)"
   18.61 +lemma Church_Rosser: "m<-\<longrightarrow>n ==> \<exists>p.(m -\<longrightarrow>p) & (n -\<longrightarrow> p)"
   18.62  apply (erule Sconv.induct)
   18.63  apply (erule Sconv1.induct)
   18.64  apply (blast intro: red1D1 redD2)
    19.1 --- a/src/ZF/Resid/Redex.thy	Tue Mar 06 16:46:27 2012 +0000
    19.2 +++ b/src/ZF/Resid/Redex.thy	Tue Mar 06 17:01:37 2012 +0000
    19.3 @@ -53,7 +53,7 @@
    19.4  
    19.5  
    19.6  inductive
    19.7 -  domains       "Ssub" <= "redexes*redexes"
    19.8 +  domains       "Ssub" \<subseteq> "redexes*redexes"
    19.9    intros
   19.10      Sub_Var:     "n \<in> nat ==> Var(n)<== Var(n)"
   19.11      Sub_Fun:     "[|u<== v|]==> Fun(u)<== Fun(v)"
   19.12 @@ -63,7 +63,7 @@
   19.13    type_intros    redexes.intros bool_typechecks
   19.14  
   19.15  inductive
   19.16 -  domains       "Scomp" <= "redexes*redexes"
   19.17 +  domains       "Scomp" \<subseteq> "redexes*redexes"
   19.18    intros
   19.19      Comp_Var:    "n \<in> nat ==> Var(n) ~ Var(n)"
   19.20      Comp_Fun:    "[|u ~ v|]==> Fun(u) ~ Fun(v)"
   19.21 @@ -72,7 +72,7 @@
   19.22    type_intros    redexes.intros bool_typechecks
   19.23  
   19.24  inductive
   19.25 -  domains       "Sreg" <= redexes
   19.26 +  domains       "Sreg" \<subseteq> redexes
   19.27    intros
   19.28      Reg_Var:     "n \<in> nat ==> regular(Var(n))"
   19.29      Reg_Fun:     "[|regular(u)|]==> regular(Fun(u))"
   19.30 @@ -146,10 +146,10 @@
   19.31  lemma comp_sym: "u ~ v ==> v ~ u"
   19.32  by (erule Scomp.induct, blast+)
   19.33  
   19.34 -lemma comp_sym_iff: "u ~ v <-> v ~ u"
   19.35 +lemma comp_sym_iff: "u ~ v \<longleftrightarrow> v ~ u"
   19.36  by (blast intro: comp_sym)
   19.37  
   19.38 -lemma comp_trans [rule_format]: "u ~ v ==> \<forall>w. v ~ w-->u ~ w"
   19.39 +lemma comp_trans [rule_format]: "u ~ v ==> \<forall>w. v ~ w\<longrightarrow>u ~ w"
   19.40  by (erule Scomp.induct, blast+)
   19.41  
   19.42  (* ------------------------------------------------------------------------- *)
   19.43 @@ -174,7 +174,7 @@
   19.44  (* ------------------------------------------------------------------------- *)
   19.45  
   19.46  lemma union_preserve_regular [rule_format]:
   19.47 -     "u ~ v ==> regular(u)-->regular(v)-->regular(u un v)"
   19.48 +     "u ~ v ==> regular(u)\<longrightarrow>regular(v)\<longrightarrow>regular(u un v)"
   19.49    by (erule Scomp.induct, auto)
   19.50  
   19.51  end
    20.1 --- a/src/ZF/Resid/Reduction.thy	Tue Mar 06 16:46:27 2012 +0000
    20.2 +++ b/src/ZF/Resid/Reduction.thy	Tue Mar 06 17:01:37 2012 +0000
    20.3 @@ -16,7 +16,7 @@
    20.4    "Apl(n,m) == App(0,n,m)"
    20.5    
    20.6  inductive
    20.7 -  domains       "lambda" <= redexes
    20.8 +  domains       "lambda" \<subseteq> redexes
    20.9    intros
   20.10      Lambda_Var:  "               n \<in> nat ==>     Var(n) \<in> lambda"
   20.11      Lambda_Fun:  "            u \<in> lambda ==>     Fun(u) \<in> lambda"
   20.12 @@ -78,8 +78,8 @@
   20.13    "a -1-> b == <a,b> \<in> Sred1"
   20.14  
   20.15  abbreviation
   20.16 -  Sred_rel (infixl "--->" 50) where
   20.17 -  "a ---> b == <a,b> \<in> Sred"
   20.18 +  Sred_rel (infixl "-\<longrightarrow>" 50) where
   20.19 +  "a -\<longrightarrow> b == <a,b> \<in> Sred"
   20.20  
   20.21  abbreviation
   20.22    Spar_red1_rel (infixl "=1=>" 50) where
   20.23 @@ -91,7 +91,7 @@
   20.24    
   20.25    
   20.26  inductive
   20.27 -  domains       "Sred1" <= "lambda*lambda"
   20.28 +  domains       "Sred1" \<subseteq> "lambda*lambda"
   20.29    intros
   20.30      beta:       "[|m \<in> lambda; n \<in> lambda|] ==> Apl(Fun(m),n) -1-> n/m"
   20.31      rfun:       "[|m -1-> n|] ==> Fun(m) -1-> Fun(n)"
   20.32 @@ -102,18 +102,18 @@
   20.33  declare Sred1.intros [intro, simp]
   20.34  
   20.35  inductive
   20.36 -  domains       "Sred" <= "lambda*lambda"
   20.37 +  domains       "Sred" \<subseteq> "lambda*lambda"
   20.38    intros
   20.39 -    one_step:   "m-1->n ==> m--->n"
   20.40 -    refl:       "m \<in> lambda==>m --->m"
   20.41 -    trans:      "[|m--->n; n--->p|] ==>m--->p"
   20.42 +    one_step:   "m-1->n ==> m-\<longrightarrow>n"
   20.43 +    refl:       "m \<in> lambda==>m -\<longrightarrow>m"
   20.44 +    trans:      "[|m-\<longrightarrow>n; n-\<longrightarrow>p|] ==>m-\<longrightarrow>p"
   20.45    type_intros    Sred1.dom_subset [THEN subsetD] red_typechecks
   20.46  
   20.47  declare Sred.one_step [intro, simp]
   20.48  declare Sred.refl     [intro, simp]
   20.49  
   20.50  inductive
   20.51 -  domains       "Spar_red1" <= "lambda*lambda"
   20.52 +  domains       "Spar_red1" \<subseteq> "lambda*lambda"
   20.53    intros
   20.54      beta:       "[|m =1=> m'; n =1=> n'|] ==> Apl(Fun(m),n) =1=> n'/m'"
   20.55      rvar:       "n \<in> nat ==> Var(n) =1=> Var(n)"
   20.56 @@ -124,7 +124,7 @@
   20.57  declare Spar_red1.intros [intro, simp]
   20.58  
   20.59  inductive
   20.60 -  domains "Spar_red" <= "lambda*lambda"
   20.61 +  domains "Spar_red" \<subseteq> "lambda*lambda"
   20.62    intros
   20.63      one_step:   "m =1=> n ==> m ===> n"
   20.64      trans:      "[|m===>n; n===>p|] ==> m===>p"
   20.65 @@ -158,28 +158,28 @@
   20.66  (*     Lemmas for reduction                                                  *)
   20.67  (* ------------------------------------------------------------------------- *)
   20.68  
   20.69 -lemma red_Fun: "m--->n ==> Fun(m) ---> Fun(n)"
   20.70 +lemma red_Fun: "m-\<longrightarrow>n ==> Fun(m) -\<longrightarrow> Fun(n)"
   20.71  apply (erule Sred.induct)
   20.72  apply (rule_tac [3] Sred.trans, simp_all)
   20.73  done
   20.74  
   20.75 -lemma red_Apll: "[|n \<in> lambda; m ---> m'|] ==> Apl(m,n)--->Apl(m',n)"
   20.76 +lemma red_Apll: "[|n \<in> lambda; m -\<longrightarrow> m'|] ==> Apl(m,n)-\<longrightarrow>Apl(m',n)"
   20.77  apply (erule Sred.induct)
   20.78  apply (rule_tac [3] Sred.trans, simp_all)
   20.79  done
   20.80  
   20.81 -lemma red_Aplr: "[|n \<in> lambda; m ---> m'|] ==> Apl(n,m)--->Apl(n,m')"
   20.82 +lemma red_Aplr: "[|n \<in> lambda; m -\<longrightarrow> m'|] ==> Apl(n,m)-\<longrightarrow>Apl(n,m')"
   20.83  apply (erule Sred.induct)
   20.84  apply (rule_tac [3] Sred.trans, simp_all)
   20.85  done
   20.86  
   20.87 -lemma red_Apl: "[|m ---> m'; n--->n'|] ==> Apl(m,n)--->Apl(m',n')"
   20.88 +lemma red_Apl: "[|m -\<longrightarrow> m'; n-\<longrightarrow>n'|] ==> Apl(m,n)-\<longrightarrow>Apl(m',n')"
   20.89  apply (rule_tac n = "Apl (m',n) " in Sred.trans)
   20.90  apply (simp_all add: red_Apll red_Aplr)
   20.91  done
   20.92  
   20.93 -lemma red_beta: "[|m \<in> lambda; m':lambda; n \<in> lambda; n':lambda; m ---> m'; n--->n'|] ==>  
   20.94 -               Apl(Fun(m),n)---> n'/m'"
   20.95 +lemma red_beta: "[|m \<in> lambda; m':lambda; n \<in> lambda; n':lambda; m -\<longrightarrow> m'; n-\<longrightarrow>n'|] ==>  
   20.96 +               Apl(Fun(m),n)-\<longrightarrow> n'/m'"
   20.97  apply (rule_tac n = "Apl (Fun (m'),n') " in Sred.trans)
   20.98  apply (simp_all add: red_Apl red_Fun)
   20.99  done
  20.100 @@ -196,13 +196,13 @@
  20.101  lemma red1_par_red1: "m-1->n ==> m=1=>n"
  20.102  by (erule Sred1.induct, simp_all add: refl_par_red1)
  20.103  
  20.104 -lemma red_par_red: "m--->n ==> m===>n"
  20.105 +lemma red_par_red: "m-\<longrightarrow>n ==> m===>n"
  20.106  apply (erule Sred.induct)
  20.107  apply (rule_tac [3] Spar_red.trans)
  20.108  apply (simp_all add: refl_par_red1 red1_par_red1)
  20.109  done
  20.110  
  20.111 -lemma par_red_red: "m===>n ==> m--->n"
  20.112 +lemma par_red_red: "m===>n ==> m-\<longrightarrow>n"
  20.113  apply (erule Spar_red.induct)
  20.114  apply (erule Spar_red1.induct)
  20.115  apply (rule_tac [5] Sred.trans)
  20.116 @@ -237,7 +237,7 @@
  20.117  (* ------------------------------------------------------------------------- *)
  20.118  
  20.119  lemma completeness_l [rule_format]:
  20.120 -     "u~v ==> regular(v) --> unmark(u) =1=> unmark(u|>v)"
  20.121 +     "u~v ==> regular(v) \<longrightarrow> unmark(u) =1=> unmark(u|>v)"
  20.122  apply (erule Scomp.induct)
  20.123  apply (auto simp add: unmmark_subst_rec)
  20.124  done
    21.1 --- a/src/ZF/Resid/Residuals.thy	Tue Mar 06 16:46:27 2012 +0000
    21.2 +++ b/src/ZF/Resid/Residuals.thy	Tue Mar 06 17:01:37 2012 +0000
    21.3 @@ -12,7 +12,7 @@
    21.4    "residuals(u,v,w) == <u,v,w> \<in> Sres"
    21.5  
    21.6  inductive
    21.7 -  domains       "Sres" <= "redexes*redexes*redexes"
    21.8 +  domains       "Sres" \<subseteq> "redexes*redexes*redexes"
    21.9    intros
   21.10      Res_Var:    "n \<in> nat ==> residuals(Var(n),Var(n),Var(n))"
   21.11      Res_Fun:    "[|residuals(u,v,w)|]==>   
   21.12 @@ -64,11 +64,11 @@
   21.13  subsection{*residuals is a  partial function*}
   21.14  
   21.15  lemma residuals_function [rule_format]:
   21.16 -     "residuals(u,v,w) ==> \<forall>w1. residuals(u,v,w1) --> w1 = w"
   21.17 +     "residuals(u,v,w) ==> \<forall>w1. residuals(u,v,w1) \<longrightarrow> w1 = w"
   21.18  by (erule Sres.induct, force+)
   21.19  
   21.20  lemma residuals_intro [rule_format]:
   21.21 -     "u~v ==> regular(v) --> (\<exists>w. residuals(u,v,w))"
   21.22 +     "u~v ==> regular(v) \<longrightarrow> (\<exists>w. residuals(u,v,w))"
   21.23  by (erule Scomp.induct, force+)
   21.24  
   21.25  lemma comp_resfuncD:
   21.26 @@ -105,7 +105,7 @@
   21.27  done
   21.28  
   21.29  lemma resfunc_type [simp]:
   21.30 -     "[|s~t; regular(t)|]==> regular(t) --> s |> t \<in> redexes"
   21.31 +     "[|s~t; regular(t)|]==> regular(t) \<longrightarrow> s |> t \<in> redexes"
   21.32    by (erule Scomp.induct, auto)
   21.33  
   21.34  subsection{*Commutation theorem*}
   21.35 @@ -114,17 +114,17 @@
   21.36  by (erule Ssub.induct, simp_all)
   21.37  
   21.38  lemma sub_preserve_reg [rule_format, simp]:
   21.39 -     "u<==v  ==> regular(v) --> regular(u)"
   21.40 +     "u<==v  ==> regular(v) \<longrightarrow> regular(u)"
   21.41  by (erule Ssub.induct, auto)
   21.42  
   21.43 -lemma residuals_lift_rec: "[|u~v; k \<in> nat|]==> regular(v)--> (\<forall>n \<in> nat.   
   21.44 +lemma residuals_lift_rec: "[|u~v; k \<in> nat|]==> regular(v)\<longrightarrow> (\<forall>n \<in> nat.   
   21.45           lift_rec(u,n) |> lift_rec(v,n) = lift_rec(u |> v,n))"
   21.46  apply (erule Scomp.induct, safe)
   21.47  apply (simp_all add: lift_rec_Var subst_Var lift_subst)
   21.48  done
   21.49  
   21.50  lemma residuals_subst_rec:
   21.51 -     "u1~u2 ==>  \<forall>v1 v2. v1~v2 --> regular(v2) --> regular(u2) --> 
   21.52 +     "u1~u2 ==>  \<forall>v1 v2. v1~v2 \<longrightarrow> regular(v2) \<longrightarrow> regular(u2) \<longrightarrow> 
   21.53                    (\<forall>n \<in> nat. subst_rec(v1,u1,n) |> subst_rec(v2,u2,n) =  
   21.54                      subst_rec(v1 |> v2, u1 |> u2,n))"
   21.55  apply (erule Scomp.induct, safe)
   21.56 @@ -143,11 +143,11 @@
   21.57  subsection{*Residuals are comp and regular*}
   21.58  
   21.59  lemma residuals_preserve_comp [rule_format, simp]:
   21.60 -     "u~v ==> \<forall>w. u~w --> v~w --> regular(w) --> (u|>w) ~ (v|>w)"
   21.61 +     "u~v ==> \<forall>w. u~w \<longrightarrow> v~w \<longrightarrow> regular(w) \<longrightarrow> (u|>w) ~ (v|>w)"
   21.62  by (erule Scomp.induct, force+)
   21.63  
   21.64  lemma residuals_preserve_reg [rule_format, simp]:
   21.65 -     "u~v ==> regular(u) --> regular(v) --> regular(u|>v)"
   21.66 +     "u~v ==> regular(u) \<longrightarrow> regular(v) \<longrightarrow> regular(u|>v)"
   21.67  apply (erule Scomp.induct, auto)
   21.68  done
   21.69  
   21.70 @@ -157,7 +157,7 @@
   21.71  by (erule Scomp.induct, simp_all)
   21.72  
   21.73  lemma preservation [rule_format]:
   21.74 -     "u ~ v ==> regular(v) --> u|>v = (u un v)|>v"
   21.75 +     "u ~ v ==> regular(v) \<longrightarrow> u|>v = (u un v)|>v"
   21.76  apply (erule Scomp.induct, safe)
   21.77  apply (drule_tac [3] psi = "Fun (?u) |> ?v = ?w" in asm_rl)
   21.78  apply (auto simp add: union_preserve_comp comp_sym_iff)
   21.79 @@ -171,7 +171,7 @@
   21.80  (* Having more assumptions than needed -- removed below  *)
   21.81  lemma prism_l [rule_format]:
   21.82       "v<==u ==>  
   21.83 -       regular(u) --> (\<forall>w. w~v --> w~u -->   
   21.84 +       regular(u) \<longrightarrow> (\<forall>w. w~v \<longrightarrow> w~u \<longrightarrow>   
   21.85                              w |> u = (w|>v) |> (u|>v))"
   21.86  by (erule Ssub.induct, force+)
   21.87  
    22.1 --- a/src/ZF/Resid/Substitution.thy	Tue Mar 06 16:46:27 2012 +0000
    22.2 +++ b/src/ZF/Resid/Substitution.thy	Tue Mar 06 17:01:37 2012 +0000
    22.3 @@ -54,7 +54,7 @@
    22.4  lemma gt_not_eq: "p < n ==> n\<noteq>p"
    22.5  by blast
    22.6  
    22.7 -lemma succ_pred [rule_format, simp]: "j \<in> nat ==> i < j --> succ(j #- 1) = j"
    22.8 +lemma succ_pred [rule_format, simp]: "j \<in> nat ==> i < j \<longrightarrow> succ(j #- 1) = j"
    22.9  by (induct_tac "j", auto)
   22.10  
   22.11  lemma lt_pred: "[|succ(x)<n; n \<in> nat|] ==> x < n #- 1 "
   22.12 @@ -148,7 +148,7 @@
   22.13  (*The i\<in>nat is redundant*)
   22.14  lemma lift_lift_rec [rule_format]:
   22.15       "u \<in> redexes
   22.16 -      ==> \<forall>n \<in> nat. \<forall>i \<in> nat. i\<le>n -->
   22.17 +      ==> \<forall>n \<in> nat. \<forall>i \<in> nat. i\<le>n \<longrightarrow>
   22.18             (lift_rec(lift_rec(u,i),succ(n)) = lift_rec(lift_rec(u,n),i))"
   22.19  apply (erule redexes.induct, auto)
   22.20  apply (case_tac "n < i")
   22.21 @@ -166,7 +166,7 @@
   22.22  
   22.23  lemma lift_rec_subst_rec [rule_format]:
   22.24       "v \<in> redexes ==>
   22.25 -       \<forall>n \<in> nat. \<forall>m \<in> nat. \<forall>u \<in> redexes. n\<le>m-->
   22.26 +       \<forall>n \<in> nat. \<forall>m \<in> nat. \<forall>u \<in> redexes. n\<le>m\<longrightarrow>
   22.27            lift_rec(subst_rec(u,v,n),m) =
   22.28                 subst_rec(lift_rec(u,m),lift_rec(v,succ(m)),n)"
   22.29  apply (erule redexes.induct, simp_all (no_asm_simp) add: lift_lift)
   22.30 @@ -188,7 +188,7 @@
   22.31  
   22.32  lemma lift_rec_subst_rec_lt [rule_format]:
   22.33       "v \<in> redexes ==>
   22.34 -       \<forall>n \<in> nat. \<forall>m \<in> nat. \<forall>u \<in> redexes. m\<le>n-->
   22.35 +       \<forall>n \<in> nat. \<forall>m \<in> nat. \<forall>u \<in> redexes. m\<le>n\<longrightarrow>
   22.36            lift_rec(subst_rec(u,v,n),m) =
   22.37                 subst_rec(lift_rec(u,m),lift_rec(v,m),succ(n))"
   22.38  apply (erule redexes.induct, simp_all (no_asm_simp) add: lift_lift)
   22.39 @@ -212,7 +212,7 @@
   22.40  
   22.41  lemma subst_rec_subst_rec [rule_format]:
   22.42       "v \<in> redexes ==>
   22.43 -        \<forall>m \<in> nat. \<forall>n \<in> nat. \<forall>u \<in> redexes. \<forall>w \<in> redexes. m\<le>n -->
   22.44 +        \<forall>m \<in> nat. \<forall>n \<in> nat. \<forall>u \<in> redexes. \<forall>w \<in> redexes. m\<le>n \<longrightarrow>
   22.45            subst_rec(subst_rec(w,u,n),subst_rec(lift_rec(w,m),v,succ(n)),m) =
   22.46            subst_rec(w,subst_rec(u,v,m),n)"
   22.47  apply (erule redexes.induct)
   22.48 @@ -254,7 +254,7 @@
   22.49  
   22.50  lemma subst_rec_preserve_comp [rule_format, simp]:
   22.51       "u2 ~ v2 ==> \<forall>m \<in> nat. \<forall>u1 \<in> redexes. \<forall>v1 \<in> redexes.
   22.52 -                  u1 ~ v1--> subst_rec(u1,u2,m) ~ subst_rec(v1,v2,m)"
   22.53 +                  u1 ~ v1\<longrightarrow> subst_rec(u1,u2,m) ~ subst_rec(v1,v2,m)"
   22.54  by (erule Scomp.induct,
   22.55      simp_all add: subst_Var lift_rec_preserve_comp comp_refl)
   22.56  
   22.57 @@ -264,7 +264,7 @@
   22.58  
   22.59  lemma subst_rec_preserve_reg [simp]:
   22.60       "regular(v) ==>
   22.61 -        \<forall>m \<in> nat. \<forall>u \<in> redexes. regular(u)-->regular(subst_rec(u,v,m))"
   22.62 +        \<forall>m \<in> nat. \<forall>u \<in> redexes. regular(u)\<longrightarrow>regular(subst_rec(u,v,m))"
   22.63  by (erule Sreg.induct, simp_all add: subst_Var lift_rec_preserve_reg)
   22.64  
   22.65  end
    23.1 --- a/src/ZF/UNITY/AllocBase.thy	Tue Mar 06 16:46:27 2012 +0000
    23.2 +++ b/src/ZF/UNITY/AllocBase.thy	Tue Mar 06 17:01:37 2012 +0000
    23.3 @@ -86,18 +86,18 @@
    23.4  by (cut_tac Nclients_pos NbT_pos, auto)
    23.5  
    23.6  lemma INT_Nclient_iff [iff]:
    23.7 -     "b\<in>Inter(RepFun(Nclients, B)) <-> (\<forall>x\<in>Nclients. b\<in>B(x))"
    23.8 +     "b\<in>\<Inter>(RepFun(Nclients, B)) \<longleftrightarrow> (\<forall>x\<in>Nclients. b\<in>B(x))"
    23.9  by (force simp add: INT_iff)
   23.10  
   23.11  lemma setsum_fun_mono [rule_format]:
   23.12       "n\<in>nat ==>  
   23.13 -      (\<forall>i\<in>nat. i<n --> f(i) $<= g(i)) -->  
   23.14 +      (\<forall>i\<in>nat. i<n \<longrightarrow> f(i) $<= g(i)) \<longrightarrow>  
   23.15        setsum(f, n) $<= setsum(g,n)"
   23.16  apply (induct_tac "n", simp_all)
   23.17  apply (subgoal_tac "Finite(x) & x\<notin>x")
   23.18   prefer 2 apply (simp add: nat_into_Finite mem_not_refl, clarify)
   23.19  apply (simp (no_asm_simp) add: succ_def)
   23.20 -apply (subgoal_tac "\<forall>i\<in>nat. i<x--> f(i) $<= g(i) ")
   23.21 +apply (subgoal_tac "\<forall>i\<in>nat. i<x\<longrightarrow> f(i) $<= g(i) ")
   23.22   prefer 2 apply (force dest: leI) 
   23.23  apply (rule zadd_zle_mono, simp_all)
   23.24  done
   23.25 @@ -107,7 +107,7 @@
   23.26  
   23.27  lemma tokens_mono_aux [rule_format]:
   23.28       "xs\<in>list(A) ==> \<forall>ys\<in>list(A). <xs, ys>\<in>prefix(A)  
   23.29 -   --> tokens(xs) \<le> tokens(ys)"
   23.30 +   \<longrightarrow> tokens(xs) \<le> tokens(ys)"
   23.31  apply (induct_tac "xs")
   23.32  apply (auto dest: gen_prefix.dom_subset [THEN subsetD] simp add: prefix_def)
   23.33  done
   23.34 @@ -148,7 +148,7 @@
   23.35  
   23.36  lemma bag_of_mono_aux [rule_format]:
   23.37       "xs\<in>list(A) ==> \<forall>ys\<in>list(A). <xs, ys>\<in>prefix(A)  
   23.38 -      --> <bag_of(xs), bag_of(ys)>\<in>MultLe(A, r)"
   23.39 +      \<longrightarrow> <bag_of(xs), bag_of(ys)>\<in>MultLe(A, r)"
   23.40  apply (induct_tac "xs", simp_all, clarify) 
   23.41  apply (frule_tac l = ys in bag_of_multiset)
   23.42  apply (auto intro: empty_le_MultLe simp add: prefix_def)
   23.43 @@ -172,7 +172,7 @@
   23.44  
   23.45  lemmas nat_into_Fin = eqpoll_refl [THEN [2] Fin_lemma]
   23.46  
   23.47 -lemma list_Int_length_Fin: "l \<in> list(A) ==> C Int length(l) \<in> Fin(length(l))"
   23.48 +lemma list_Int_length_Fin: "l \<in> list(A) ==> C \<inter> length(l) \<in> Fin(length(l))"
   23.49  apply (drule length_type)
   23.50  apply (rule Fin_subset)
   23.51  apply (rule Int_lower2)
   23.52 @@ -186,7 +186,7 @@
   23.53  by (simp add: ltI)
   23.54  
   23.55  lemma Int_succ_right:
   23.56 -     "A Int succ(k) = (if k : A then cons(k, A Int k) else A Int k)"
   23.57 +     "A \<inter> succ(k) = (if k \<in> A then cons(k, A \<inter> k) else A \<inter> k)"
   23.58  by auto
   23.59  
   23.60  
   23.61 @@ -210,9 +210,9 @@
   23.62  
   23.63  lemma bag_of_sublist_lemma2:
   23.64       "l\<in>list(A) ==>  
   23.65 -  C <= nat ==>  
   23.66 +  C \<subseteq> nat ==>  
   23.67    bag_of(sublist(l, C)) =  
   23.68 -      msetsum(%i. {#nth(i, l)#}, C Int length(l), A)"
   23.69 +      msetsum(%i. {#nth(i, l)#}, C \<inter> length(l), A)"
   23.70  apply (erule list_append_induct)
   23.71  apply (simp (no_asm))
   23.72  apply (simp (no_asm_simp) add: sublist_append nth_append bag_of_sublist_lemma munion_commute bag_of_sublist_lemma msetsum_multiset munion_0)
   23.73 @@ -227,17 +227,17 @@
   23.74  (*eliminating the assumption C<=nat*)
   23.75  lemma bag_of_sublist:
   23.76       "l\<in>list(A) ==>  
   23.77 -  bag_of(sublist(l, C)) = msetsum(%i. {#nth(i, l)#}, C Int length(l), A)"
   23.78 -apply (subgoal_tac " bag_of (sublist (l, C Int nat)) = msetsum (%i. {#nth (i, l) #}, C Int length (l), A) ")
   23.79 +  bag_of(sublist(l, C)) = msetsum(%i. {#nth(i, l)#}, C \<inter> length(l), A)"
   23.80 +apply (subgoal_tac " bag_of (sublist (l, C \<inter> nat)) = msetsum (%i. {#nth (i, l) #}, C \<inter> length (l), A) ")
   23.81  apply (simp add: sublist_Int_eq)
   23.82  apply (simp add: bag_of_sublist_lemma2 Int_lower2 Int_assoc nat_Int_length_eq)
   23.83  done
   23.84  
   23.85  lemma bag_of_sublist_Un_Int: 
   23.86  "l\<in>list(A) ==>  
   23.87 -  bag_of(sublist(l, B Un C)) +# bag_of(sublist(l, B Int C)) =  
   23.88 +  bag_of(sublist(l, B \<union> C)) +# bag_of(sublist(l, B \<inter> C)) =  
   23.89        bag_of(sublist(l, B)) +# bag_of(sublist(l, C))"
   23.90 -apply (subgoal_tac "B Int C Int length (l) = (B Int length (l)) Int (C Int length (l))")
   23.91 +apply (subgoal_tac "B \<inter> C \<inter> length (l) = (B \<inter> length (l)) \<inter> (C \<inter> length (l))")
   23.92  prefer 2 apply blast
   23.93  apply (simp (no_asm_simp) add: bag_of_sublist Int_Un_distrib2 msetsum_Un_Int)
   23.94  apply (rule msetsum_Un_Int)
   23.95 @@ -247,14 +247,14 @@
   23.96  
   23.97  
   23.98  lemma bag_of_sublist_Un_disjoint:
   23.99 -     "[| l\<in>list(A); B Int C = 0  |] 
  23.100 -      ==> bag_of(sublist(l, B Un C)) =  
  23.101 +     "[| l\<in>list(A); B \<inter> C = 0  |] 
  23.102 +      ==> bag_of(sublist(l, B \<union> C)) =  
  23.103            bag_of(sublist(l, B)) +# bag_of(sublist(l, C))"
  23.104  by (simp add: bag_of_sublist_Un_Int [symmetric] bag_of_multiset)
  23.105  
  23.106  
  23.107  lemma bag_of_sublist_UN_disjoint [rule_format]:
  23.108 -     "[|Finite(I); \<forall>i\<in>I. \<forall>j\<in>I. i\<noteq>j --> A(i) \<inter> A(j) = 0;  
  23.109 +     "[|Finite(I); \<forall>i\<in>I. \<forall>j\<in>I. i\<noteq>j \<longrightarrow> A(i) \<inter> A(j) = 0;  
  23.110          l\<in>list(B) |]  
  23.111        ==> bag_of(sublist(l, \<Union>i\<in>I. A(i))) =   
  23.112            (msetsum(%i. bag_of(sublist(l, A(i))), I, B)) "
  23.113 @@ -278,8 +278,8 @@
  23.114  by (unfold all_distinct_def, auto)
  23.115  
  23.116  lemma all_distinct_Cons [simp]: 
  23.117 -    "all_distinct(Cons(a,l)) <->  
  23.118 -      (a\<in>set_of_list(l) --> False) & (a \<notin> set_of_list(l) --> all_distinct(l))"
  23.119 +    "all_distinct(Cons(a,l)) \<longleftrightarrow>  
  23.120 +      (a\<in>set_of_list(l) \<longrightarrow> False) & (a \<notin> set_of_list(l) \<longrightarrow> all_distinct(l))"
  23.121  apply (unfold all_distinct_def)
  23.122  apply (auto elim: list.cases)
  23.123  done
  23.124 @@ -359,7 +359,7 @@
  23.125  done
  23.126  
  23.127  lemma Inter_Diff_var_iff:
  23.128 -     "Finite(A) ==> b\<in>(Inter(RepFun(var-A, B))) <-> (\<forall>x\<in>var-A. b\<in>B(x))"
  23.129 +     "Finite(A) ==> b\<in>(\<Inter>(RepFun(var-A, B))) \<longleftrightarrow> (\<forall>x\<in>var-A. b\<in>B(x))"
  23.130  apply (subgoal_tac "\<exists>x. x\<in>var-A", auto)
  23.131  apply (subgoal_tac "~Finite (var-A) ")
  23.132  apply (drule not_Finite_imp_exist, auto)
  23.133 @@ -369,16 +369,16 @@
  23.134  done
  23.135  
  23.136  lemma Inter_var_DiffD:
  23.137 -     "[| b\<in>Inter(RepFun(var-A, B)); Finite(A); x\<in>var-A |] ==> b\<in>B(x)"
  23.138 +     "[| b\<in>\<Inter>(RepFun(var-A, B)); Finite(A); x\<in>var-A |] ==> b\<in>B(x)"
  23.139  by (simp add: Inter_Diff_var_iff)
  23.140  
  23.141 -(* [| Finite(A); (\<forall>x\<in>var-A. b\<in>B(x)) |] ==> b\<in>Inter(RepFun(var-A, B)) *)
  23.142 +(* [| Finite(A); (\<forall>x\<in>var-A. b\<in>B(x)) |] ==> b\<in>\<Inter>(RepFun(var-A, B)) *)
  23.143  lemmas Inter_var_DiffI = Inter_Diff_var_iff [THEN iffD2]
  23.144  
  23.145  declare Inter_var_DiffI [intro!]
  23.146  
  23.147  lemma Acts_subset_Int_Pow_simp [simp]:
  23.148 -     "Acts(F)<= A \<inter> Pow(state*state)  <-> Acts(F)<=A"
  23.149 +     "Acts(F)<= A \<inter> Pow(state*state)  \<longleftrightarrow> Acts(F)<=A"
  23.150  by (insert Acts_type [of F], auto)
  23.151  
  23.152  lemma setsum_nsetsum_eq: 
    24.1 --- a/src/ZF/UNITY/AllocImpl.thy	Tue Mar 06 16:46:27 2012 +0000
    24.2 +++ b/src/ZF/UNITY/AllocImpl.thy	Tue Mar 06 17:01:37 2012 +0000
    24.3 @@ -29,7 +29,7 @@
    24.4          \<exists>k. k = length(s`giv) &
    24.5              t = s(giv := s`giv @ [nth(k, s`ask)],
    24.6                    available_tok := s`available_tok #- nth(k, s`ask)) &
    24.7 -            k < length(s`ask) & nth(k, s`ask) le s`available_tok}"
    24.8 +            k < length(s`ask) & nth(k, s`ask) \<le> s`available_tok}"
    24.9  
   24.10  definition
   24.11    "alloc_rel_act ==
   24.12 @@ -73,7 +73,7 @@
   24.13  
   24.14  
   24.15  lemma alloc_prog_ok_iff:
   24.16 -"\<forall>G \<in> program. (alloc_prog ok G) <->
   24.17 +"\<forall>G \<in> program. (alloc_prog ok G) \<longleftrightarrow>
   24.18       (G \<in> preserves(lift(giv)) & G \<in> preserves(lift(available_tok)) &
   24.19         G \<in> preserves(lift(NbR)) &  alloc_prog \<in> Allowed(G))"
   24.20  by (auto simp add: ok_iff_Allowed alloc_prog_def [THEN def_prg_Allowed])
   24.21 @@ -167,7 +167,7 @@
   24.22  apply (drule_tac f = "lift (rel) " in preserves_imp_eq)
   24.23  apply assumption+
   24.24  apply (force dest: ActsD)
   24.25 -apply (erule_tac V = "\<forall>x \<in> Acts (alloc_prog) Un Acts (G). ?P(x)" in thin_rl)
   24.26 +apply (erule_tac V = "\<forall>x \<in> Acts (alloc_prog) \<union> Acts (G). ?P(x)" in thin_rl)
   24.27  apply (erule_tac V = "alloc_prog \<in> stable (?u)" in thin_rl)
   24.28  apply (drule_tac a = "xc`rel" and f = "lift (rel)" in Increasing_imp_Stable)
   24.29  apply (auto simp add: Stable_def Constrains_def constrains_def)
   24.30 @@ -327,7 +327,7 @@
   24.31    alloc_prog \<squnion> G \<in>
   24.32    {s\<in>state. nth(length(s`giv), s`ask) \<le> s`available_tok} \<inter>
   24.33    {s\<in>state.  k < length(s`ask)} \<inter> {s\<in>state. length(s`giv)=k}
   24.34 -  Ensures {s\<in>state. ~ k <length(s`ask)} Un {s\<in>state. length(s`giv) \<noteq> k}"
   24.35 +  Ensures {s\<in>state. ~ k <length(s`ask)} \<union> {s\<in>state. length(s`giv) \<noteq> k}"
   24.36  apply (rule EnsuresI, auto)
   24.37  apply (erule_tac [2] V = "G\<notin>?u" in thin_rl)
   24.38  apply (rule_tac [2] act = alloc_giv_act in transientI)
   24.39 @@ -339,7 +339,7 @@
   24.40  apply (rule_tac [2] ReplaceI)
   24.41  apply (rule_tac [2] x = "x (giv := x ` giv @ [nth (length(x`giv), x ` ask) ], available_tok := x ` available_tok #- nth (length(x`giv), x ` ask))" in exI)
   24.42  apply (auto intro!: state_update_type simp add: app_type)
   24.43 -apply (rule_tac A = "{s\<in>state . nth (length(s ` giv), s ` ask) \<le> s ` available_tok} \<inter> {s\<in>state . k < length(s ` ask) } \<inter> {s\<in>state. length(s`giv) =k}" and A' = "{s\<in>state . nth (length(s ` giv), s ` ask) \<le> s ` available_tok} Un {s\<in>state. ~ k < length(s`ask) } Un {s\<in>state . length(s ` giv) \<noteq> k}" in Constrains_weaken)
   24.44 +apply (rule_tac A = "{s\<in>state . nth (length(s ` giv), s ` ask) \<le> s ` available_tok} \<inter> {s\<in>state . k < length(s ` ask) } \<inter> {s\<in>state. length(s`giv) =k}" and A' = "{s\<in>state . nth (length(s ` giv), s ` ask) \<le> s ` available_tok} \<union> {s\<in>state. ~ k < length(s`ask) } \<union> {s\<in>state . length(s ` giv) \<noteq> k}" in Constrains_weaken)
   24.45  apply (auto dest: ActsD simp add: Constrains_def constrains_def alloc_prog_def [THEN def_prg_Acts] alloc_prog_ok_iff)
   24.46  apply (subgoal_tac "length(xa ` giv @ [nth (length(xa ` giv), xa ` ask) ]) = length(xa ` giv) #+ 1")
   24.47  apply (rule_tac [2] trans)
   24.48 @@ -377,7 +377,7 @@
   24.49          {s\<in>state.  k < length(s`ask)} \<inter>
   24.50          {s\<in>state. length(s`giv) = k}
   24.51          LeadsTo {s\<in>state. k < length(s`giv)}"
   24.52 -apply (subgoal_tac "alloc_prog \<squnion> G \<in> {s\<in>state. nth (length(s`giv), s`ask) \<le> s`available_tok} \<inter> {s\<in>state. k < length(s`ask) } \<inter> {s\<in>state. length(s`giv) = k} LeadsTo {s\<in>state. ~ k <length(s`ask) } Un {s\<in>state. length(s`giv) \<noteq> k}")
   24.53 +apply (subgoal_tac "alloc_prog \<squnion> G \<in> {s\<in>state. nth (length(s`giv), s`ask) \<le> s`available_tok} \<inter> {s\<in>state. k < length(s`ask) } \<inter> {s\<in>state. length(s`giv) = k} LeadsTo {s\<in>state. ~ k <length(s`ask) } \<union> {s\<in>state. length(s`giv) \<noteq> k}")
   24.54  prefer 2 apply (blast intro: alloc_prog_giv_Ensures_lemma [THEN LeadsTo_Basis])
   24.55  apply (subgoal_tac "alloc_prog \<squnion> G \<in> Stable ({s\<in>state. k < length(s`ask) }) ")
   24.56  apply (drule PSP_Stable, assumption)
   24.57 @@ -401,7 +401,7 @@
   24.58      alloc_prog \<squnion> G \<in> Incr(lift(ask));
   24.59      alloc_prog \<squnion> G \<in> Incr(lift(rel)) |]
   24.60    ==> alloc_prog \<squnion> G \<in>
   24.61 -        Always({s\<in>state. tokens(s`giv) \<le> tokens(take(s`NbR, s`rel)) -->
   24.62 +        Always({s\<in>state. tokens(s`giv) \<le> tokens(take(s`NbR, s`rel)) \<longrightarrow>
   24.63                  NbT \<le> s`available_tok})"
   24.64  apply (subgoal_tac
   24.65         "alloc_prog \<squnion> G
   24.66 @@ -429,8 +429,8 @@
   24.67  
   24.68  lemma PSP_StableI:
   24.69  "[| F \<in> Stable(C); F \<in> A - C LeadsTo B;
   24.70 -   F \<in> A \<inter> C LeadsTo B Un (state - C) |] ==> F \<in> A LeadsTo  B"
   24.71 -apply (rule_tac A = " (A-C) Un (A \<inter> C)" in LeadsTo_weaken_L)
   24.72 +   F \<in> A \<inter> C LeadsTo B \<union> (state - C) |] ==> F \<in> A LeadsTo  B"
   24.73 +apply (rule_tac A = " (A-C) \<union> (A \<inter> C)" in LeadsTo_weaken_L)
   24.74   prefer 2 apply blast
   24.75  apply (rule LeadsTo_Un, assumption)
   24.76  apply (blast intro: LeadsTo_weaken dest: PSP_Stable)
    25.1 --- a/src/ZF/UNITY/ClientImpl.thy	Tue Mar 06 16:46:27 2012 +0000
    25.2 +++ b/src/ZF/UNITY/ClientImpl.thy	Tue Mar 06 17:01:37 2012 +0000
    25.3 @@ -91,7 +91,7 @@
    25.4  declare  client_ask_act_def [THEN def_act_simp, simp]
    25.5  
    25.6  lemma client_prog_ok_iff:
    25.7 -  "\<forall>G \<in> program. (client_prog ok G) <->  
    25.8 +  "\<forall>G \<in> program. (client_prog ok G) \<longleftrightarrow>  
    25.9     (G \<in> preserves(lift(rel)) & G \<in> preserves(lift(ask)) &  
   25.10      G \<in> preserves(lift(tok)) &  client_prog \<in> Allowed(G))"
   25.11  by (auto simp add: ok_iff_Allowed client_prog_def [THEN def_prg_Allowed])
   25.12 @@ -117,7 +117,7 @@
   25.13  
   25.14  (*Safety property 1: ask, rel are increasing: (24) *)
   25.15  lemma client_prog_Increasing_ask_rel: 
   25.16 -"client_prog: program guarantees Incr(lift(ask)) Int Incr(lift(rel))"
   25.17 +"client_prog: program guarantees Incr(lift(ask)) \<inter> Incr(lift(rel))"
   25.18  apply (unfold guar_def)
   25.19  apply (auto intro!: increasing_imp_Increasing 
   25.20              simp add: client_prog_ok_iff Increasing.increasing_def preserves_imp_prefix)
   25.21 @@ -137,7 +137,7 @@
   25.22  lemma ask_Bounded_lemma: 
   25.23  "[| client_prog ok G; G \<in> program |] 
   25.24        ==> client_prog \<squnion> G \<in>    
   25.25 -              Always({s \<in> state. s`tok \<le> NbT}  Int   
   25.26 +              Always({s \<in> state. s`tok \<le> NbT}  \<inter>   
   25.27                        {s \<in> state. \<forall>elt \<in> set_of_list(s`ask). elt \<le> NbT})"
   25.28  apply (rotate_tac -1)
   25.29  apply (auto simp add: client_prog_ok_iff)
   25.30 @@ -209,7 +209,7 @@
   25.31  done
   25.32  
   25.33  lemma strict_prefix_is_prefix: 
   25.34 -    "<xs, ys> \<in> strict_prefix(A) <->  <xs, ys> \<in> prefix(A) & xs\<noteq>ys"
   25.35 +    "<xs, ys> \<in> strict_prefix(A) \<longleftrightarrow>  <xs, ys> \<in> prefix(A) & xs\<noteq>ys"
   25.36  apply (unfold strict_prefix_def id_def lam_def)
   25.37  apply (auto dest: prefix_type [THEN subsetD])
   25.38  done
   25.39 @@ -298,7 +298,7 @@
   25.40  
   25.41  lemma client_prog_Allowed:
   25.42       "Allowed(client_prog) =  
   25.43 -      preserves(lift(rel)) Int preserves(lift(ask)) Int preserves(lift(tok))"
   25.44 +      preserves(lift(rel)) \<inter> preserves(lift(ask)) \<inter> preserves(lift(tok))"
   25.45  apply (cut_tac v = "lift (ask)" in preserves_type)
   25.46  apply (auto simp add: Allowed_def client_prog_def [THEN def_prg_Allowed] 
   25.47                        cons_Int_distrib safety_prop_Acts_iff)
    26.1 --- a/src/ZF/UNITY/Comp.thy	Tue Mar 06 16:46:27 2012 +0000
    26.2 +++ b/src/ZF/UNITY/Comp.thy	Tue Mar 06 17:01:37 2012 +0000
    26.3 @@ -19,25 +19,25 @@
    26.4  
    26.5  definition
    26.6    component :: "[i,i]=>o"  (infixl "component" 65)  where
    26.7 -  "F component H == (EX G. F Join G = H)"
    26.8 +  "F component H == (\<exists>G. F Join G = H)"
    26.9  
   26.10  definition
   26.11    strict_component :: "[i,i]=>o" (infixl "strict'_component" 65)  where
   26.12 -  "F strict_component H == F component H & F~=H"
   26.13 +  "F strict_component H == F component H & F\<noteq>H"
   26.14  
   26.15  definition
   26.16    (* A stronger form of the component relation *)
   26.17    component_of :: "[i,i]=>o"   (infixl "component'_of" 65)  where
   26.18 -  "F component_of H  == (EX G. F ok G & F Join G = H)"
   26.19 +  "F component_of H  == (\<exists>G. F ok G & F Join G = H)"
   26.20    
   26.21  definition
   26.22    strict_component_of :: "[i,i]=>o" (infixl "strict'_component'_of" 65)  where
   26.23 -  "F strict_component_of H  == F component_of H  & F~=H"
   26.24 +  "F strict_component_of H  == F component_of H  & F\<noteq>H"
   26.25  
   26.26  definition
   26.27    (* Preserves a state function f, in particular a variable *)
   26.28    preserves :: "(i=>i)=>i"  where
   26.29 -  "preserves(f) == {F:program. ALL z. F: stable({s:state. f(s) = z})}"
   26.30 +  "preserves(f) == {F:program. \<forall>z. F: stable({s:state. f(s) = z})}"
   26.31  
   26.32  definition
   26.33    fun_pair :: "[i=>i, i =>i] =>(i=>i)"  where
   26.34 @@ -46,7 +46,7 @@
   26.35  definition
   26.36    localize  :: "[i=>i, i] => i"  where
   26.37    "localize(f,F) == mk_program(Init(F), Acts(F),
   26.38 -                       AllowedActs(F) Int (UN G:preserves(f). Acts(G)))"
   26.39 +                       AllowedActs(F) \<inter> (\<Union>G\<in>preserves(f). Acts(G)))"
   26.40  
   26.41    
   26.42  (*** component and strict_component relations ***)
   26.43 @@ -60,8 +60,8 @@
   26.44  done
   26.45  
   26.46  lemma component_eq_subset: 
   26.47 -     "G \<in> program ==> (F component G) <->  
   26.48 -   (Init(G) <= Init(F) & Acts(F) <= Acts(G) & AllowedActs(G) <= AllowedActs(F))"
   26.49 +     "G \<in> program ==> (F component G) \<longleftrightarrow>  
   26.50 +   (Init(G) \<subseteq> Init(F) & Acts(F) \<subseteq> Acts(G) & AllowedActs(G) \<subseteq> AllowedActs(F))"
   26.51  apply (unfold component_def, auto)
   26.52  apply (rule exI)
   26.53  apply (rule program_equalityI, auto)
   26.54 @@ -100,7 +100,7 @@
   26.55  by (auto simp add: Join_ac component_def)
   26.56  
   26.57  lemma JN_component_iff:
   26.58 -     "H \<in> program==>(JOIN(I,F) component H) <-> (\<forall>i \<in> I. F(i) component H)"
   26.59 +     "H \<in> program==>(JOIN(I,F) component H) \<longleftrightarrow> (\<forall>i \<in> I. F(i) component H)"
   26.60  apply (case_tac "I=0", force)
   26.61  apply (simp (no_asm_simp) add: component_eq_subset)
   26.62  apply auto
   26.63 @@ -121,7 +121,7 @@
   26.64  done
   26.65  
   26.66  lemma component_antisym:
   26.67 -     "[| F \<in> program; G \<in> program |] ==>(F component G & G  component F) --> F = G"
   26.68 +     "[| F \<in> program; G \<in> program |] ==>(F component G & G  component F) \<longrightarrow> F = G"
   26.69  apply (simp (no_asm_simp) add: component_eq_subset)
   26.70  apply clarify
   26.71  apply (rule program_equalityI, auto)
   26.72 @@ -129,7 +129,7 @@
   26.73  
   26.74  lemma Join_component_iff:
   26.75       "H \<in> program ==> 
   26.76 -      ((F Join G) component H) <-> (F component H & G component H)"
   26.77 +      ((F Join G) component H) \<longleftrightarrow> (F component H & G component H)"
   26.78  apply (simp (no_asm_simp) add: component_eq_subset)
   26.79  apply blast
   26.80  done
   26.81 @@ -163,12 +163,12 @@
   26.82  done
   26.83  
   26.84  lemma Join_preserves [iff]: 
   26.85 -"(F Join G \<in> preserves(v)) <->   
   26.86 +"(F Join G \<in> preserves(v)) \<longleftrightarrow>   
   26.87        (programify(F) \<in> preserves(v) & programify(G) \<in> preserves(v))"
   26.88  by (auto simp add: preserves_def INT_iff)
   26.89   
   26.90  lemma JN_preserves [iff]:
   26.91 -     "(JOIN(I,F): preserves(v)) <-> (\<forall>i \<in> I. programify(F(i)):preserves(v))"
   26.92 +     "(JOIN(I,F): preserves(v)) \<longleftrightarrow> (\<forall>i \<in> I. programify(F(i)):preserves(v))"
   26.93  by (auto simp add: JN_stable preserves_def INT_iff)
   26.94  
   26.95  lemma SKIP_preserves [iff]: "SKIP \<in> preserves(v)"
   26.96 @@ -180,13 +180,13 @@
   26.97  done
   26.98  
   26.99  lemma preserves_fun_pair:
  26.100 -     "preserves(fun_pair(v,w)) = preserves(v) Int preserves(w)"
  26.101 +     "preserves(fun_pair(v,w)) = preserves(v) \<inter> preserves(w)"
  26.102  apply (rule equalityI)
  26.103  apply (auto simp add: preserves_def stable_def constrains_def, blast+)
  26.104  done
  26.105  
  26.106  lemma preserves_fun_pair_iff [iff]:
  26.107 -     "F \<in> preserves(fun_pair(v, w))  <-> F \<in> preserves(v) Int preserves(w)"
  26.108 +     "F \<in> preserves(fun_pair(v, w))  \<longleftrightarrow> F \<in> preserves(v) \<inter> preserves(w)"
  26.109  by (simp add: preserves_fun_pair)
  26.110  
  26.111  lemma fun_pair_comp_distrib:
  26.112 @@ -202,7 +202,7 @@
  26.113  lemma preserves_into_program [TC]: "F \<in> preserves(f) ==> F \<in> program"
  26.114  by (blast intro: preserves_type [THEN subsetD])
  26.115  
  26.116 -lemma subset_preserves_comp: "preserves(f) <= preserves(g comp f)"
  26.117 +lemma subset_preserves_comp: "preserves(f) \<subseteq> preserves(g comp f)"
  26.118  apply (auto simp add: preserves_def stable_def constrains_def)
  26.119  apply (drule_tac x = "f (xb)" in spec)
  26.120  apply (drule_tac x = act in bspec, auto)
  26.121 @@ -211,7 +211,7 @@
  26.122  lemma imp_preserves_comp: "F \<in> preserves(f) ==> F \<in> preserves(g comp f)"
  26.123  by (blast intro: subset_preserves_comp [THEN subsetD])
  26.124  
  26.125 -lemma preserves_subset_stable: "preserves(f) <= stable({s \<in> state. P(f(s))})"
  26.126 +lemma preserves_subset_stable: "preserves(f) \<subseteq> stable({s \<in> state. P(f(s))})"
  26.127  apply (auto simp add: preserves_def stable_def constrains_def)
  26.128  apply (rename_tac s' s)
  26.129  apply (subgoal_tac "f (s) = f (s') ")
  26.130 @@ -230,7 +230,7 @@
  26.131  done
  26.132  
  26.133  lemma preserves_id_subset_stable: 
  26.134 - "st_set(A) ==> preserves(%x. x) <= stable(A)"
  26.135 + "st_set(A) ==> preserves(%x. x) \<subseteq> stable(A)"
  26.136  apply (unfold preserves_def stable_def constrains_def, auto)
  26.137  apply (drule_tac x = xb in spec)
  26.138  apply (drule_tac x = act in bspec)
  26.139 @@ -275,7 +275,7 @@
  26.140  by (unfold localize_def, simp)
  26.141  
  26.142  lemma localize_AllowedActs_eq [simp]: 
  26.143 - "AllowedActs(localize(v,F)) = AllowedActs(F) Int (\<Union>G \<in> preserves(v). Acts(G))"
  26.144 + "AllowedActs(localize(v,F)) = AllowedActs(F) \<inter> (\<Union>G \<in> preserves(v). Acts(G))"
  26.145  apply (unfold localize_def)
  26.146  apply (rule equalityI)
  26.147  apply (auto dest: Acts_type [THEN subsetD])
  26.148 @@ -325,10 +325,10 @@
  26.149       G \<in> preserves(f); \<forall>s \<in> state. f(s):A|]
  26.150    ==> F Join G \<in> Stable({s \<in> state. P(f(s), g(s))})"
  26.151  apply (unfold stable_def Stable_def preserves_def)
  26.152 -apply (rule_tac A = "(\<Union>k \<in> A. {s \<in> state. f(s)=k} Int {s \<in> state. P (f (s), g (s))})" in Constrains_weaken_L)
  26.153 +apply (rule_tac A = "(\<Union>k \<in> A. {s \<in> state. f(s)=k} \<inter> {s \<in> state. P (f (s), g (s))})" in Constrains_weaken_L)
  26.154  prefer 2 apply blast
  26.155  apply (rule Constrains_UN_left, auto)
  26.156 -apply (rule_tac A = "{s \<in> state. f(s)=k} Int {s \<in> state. P (f (s), g (s))} Int {s \<in> state. P (k, g (s))}" and A' = "({s \<in> state. f(s)=k} Un {s \<in> state. P (f (s), g (s))}) Int {s \<in> state. P (k, g (s))}" in Constrains_weaken)
  26.157 +apply (rule_tac A = "{s \<in> state. f(s)=k} \<inter> {s \<in> state. P (f (s), g (s))} \<inter> {s \<in> state. P (k, g (s))}" and A' = "({s \<in> state. f(s)=k} \<union> {s \<in> state. P (f (s), g (s))}) \<inter> {s \<in> state. P (k, g (s))}" in Constrains_weaken)
  26.158   prefer 2 apply blast 
  26.159   prefer 2 apply blast 
  26.160  apply (rule Constrains_Int)
    27.1 --- a/src/ZF/UNITY/Constrains.thy	Tue Mar 06 16:46:27 2012 +0000
    27.2 +++ b/src/ZF/UNITY/Constrains.thy	Tue Mar 06 17:01:37 2012 +0000
    27.3 @@ -15,13 +15,13 @@
    27.4  inductive 
    27.5    domains 
    27.6       "traces(init, acts)" <=
    27.7 -         "(init Un (UN act:acts. field(act)))*list(UN act:acts. field(act))"
    27.8 +         "(init \<union> (\<Union>act\<in>acts. field(act)))*list(\<Union>act\<in>acts. field(act))"
    27.9    intros 
   27.10           (*Initial trace is empty*)
   27.11 -    Init: "s: init ==> <s,[]> : traces(init,acts)"
   27.12 +    Init: "s: init ==> <s,[]> \<in> traces(init,acts)"
   27.13  
   27.14 -    Acts: "[| act:acts;  <s,evs> : traces(init,acts);  <s,s'>: act |]
   27.15 -           ==> <s', Cons(s,evs)> : traces(init, acts)"
   27.16 +    Acts: "[| act:acts;  <s,evs> \<in> traces(init,acts);  <s,s'>: act |]
   27.17 +           ==> <s', Cons(s,evs)> \<in> traces(init, acts)"
   27.18    
   27.19    type_intros list.intros UnI1 UnI2 UN_I fieldI2 fieldI1
   27.20  
   27.21 @@ -29,7 +29,7 @@
   27.22  consts reachable :: "i=>i"
   27.23  inductive
   27.24    domains
   27.25 -  "reachable(F)" <= "Init(F) Un (UN act:Acts(F). field(act))"
   27.26 +  "reachable(F)" \<subseteq> "Init(F) \<union> (\<Union>act\<in>Acts(F). field(act))"
   27.27    intros 
   27.28      Init: "s:Init(F) ==> s:reachable(F)"
   27.29  
   27.30 @@ -41,11 +41,11 @@
   27.31    
   27.32  definition
   27.33    Constrains :: "[i,i] => i"  (infixl "Co" 60)  where
   27.34 -  "A Co B == {F:program. F:(reachable(F) Int A) co B}"
   27.35 +  "A Co B == {F:program. F:(reachable(F) \<inter> A) co B}"
   27.36  
   27.37  definition
   27.38    op_Unless  :: "[i, i] => i"  (infixl "Unless" 60)  where
   27.39 -  "A Unless B == (A-B) Co (A Un B)"
   27.40 +  "A Unless B == (A-B) Co (A \<union> B)"
   27.41  
   27.42  definition
   27.43    Stable     :: "i => i"  where
   27.44 @@ -54,12 +54,12 @@
   27.45  definition
   27.46    (*Always is the weak form of "invariant"*)
   27.47    Always :: "i => i"  where
   27.48 -  "Always(A) == initially(A) Int Stable(A)"
   27.49 +  "Always(A) == initially(A) \<inter> Stable(A)"
   27.50  
   27.51  
   27.52  (*** traces and reachable ***)
   27.53  
   27.54 -lemma reachable_type: "reachable(F) <= state"
   27.55 +lemma reachable_type: "reachable(F) \<subseteq> state"
   27.56  apply (cut_tac F = F in Init_type)
   27.57  apply (cut_tac F = F in Acts_type)
   27.58  apply (cut_tac F = F in reachable.dom_subset, blast)
   27.59 @@ -71,11 +71,11 @@
   27.60  done
   27.61  declare st_set_reachable [iff]
   27.62  
   27.63 -lemma reachable_Int_state: "reachable(F) Int state = reachable(F)"
   27.64 +lemma reachable_Int_state: "reachable(F) \<inter> state = reachable(F)"
   27.65  by (cut_tac reachable_type, auto)
   27.66  declare reachable_Int_state [iff]
   27.67  
   27.68 -lemma state_Int_reachable: "state Int reachable(F) = reachable(F)"
   27.69 +lemma state_Int_reachable: "state \<inter> reachable(F) = reachable(F)"
   27.70  by (cut_tac reachable_type, auto)
   27.71  declare state_Int_reachable [iff]
   27.72  
   27.73 @@ -88,11 +88,11 @@
   27.74  apply (blast intro: reachable.intros traces.intros)+
   27.75  done
   27.76  
   27.77 -lemma Init_into_reachable: "Init(F) <= reachable(F)"
   27.78 +lemma Init_into_reachable: "Init(F) \<subseteq> reachable(F)"
   27.79  by (blast intro: reachable.intros)
   27.80  
   27.81  lemma stable_reachable: "[| F \<in> program; G \<in> program;  
   27.82 -    Acts(G) <= Acts(F)  |] ==> G \<in> stable(reachable(F))"
   27.83 +    Acts(G) \<subseteq> Acts(F)  |] ==> G \<in> stable(reachable(F))"
   27.84  apply (blast intro: stableI constrainsI st_setI
   27.85               reachable_type [THEN subsetD] reachable.intros)
   27.86  done
   27.87 @@ -108,7 +108,7 @@
   27.88  done
   27.89  
   27.90  (*...in fact the strongest invariant!*)
   27.91 -lemma invariant_includes_reachable: "F \<in> invariant(A) ==> reachable(F) <= A"
   27.92 +lemma invariant_includes_reachable: "F \<in> invariant(A) ==> reachable(F) \<subseteq> A"
   27.93  apply (cut_tac F = F in Acts_type)
   27.94  apply (cut_tac F = F in Init_type)
   27.95  apply (cut_tac F = F in reachable_type)
   27.96 @@ -120,7 +120,7 @@
   27.97  
   27.98  (*** Co ***)
   27.99  
  27.100 -lemma constrains_reachable_Int: "F \<in> B co B'==>F:(reachable(F) Int B) co (reachable(F) Int B')"
  27.101 +lemma constrains_reachable_Int: "F \<in> B co B'==>F:(reachable(F) \<inter> B) co (reachable(F) \<inter> B')"
  27.102  apply (frule constrains_type [THEN subsetD])
  27.103  apply (frule stable_reachable [OF _ _ subset_refl])
  27.104  apply (simp_all add: stable_def constrains_Int)
  27.105 @@ -128,7 +128,7 @@
  27.106  
  27.107  (*Resembles the previous definition of Constrains*)
  27.108  lemma Constrains_eq_constrains: 
  27.109 -"A Co B = {F \<in> program. F:(reachable(F) Int A) co (reachable(F)  Int  B)}"
  27.110 +"A Co B = {F \<in> program. F:(reachable(F) \<inter> A) co (reachable(F)  \<inter>  B)}"
  27.111  apply (unfold Constrains_def)
  27.112  apply (blast dest: constrains_reachable_Int constrains_type [THEN subsetD]
  27.113               intro: constrains_weaken)
  27.114 @@ -150,16 +150,16 @@
  27.115  done
  27.116  
  27.117  lemma Constrains_type: 
  27.118 - "A Co B <= program"
  27.119 + "A Co B \<subseteq> program"
  27.120  apply (unfold Constrains_def, blast)
  27.121  done
  27.122  
  27.123 -lemma Constrains_empty: "F \<in> 0 Co B <-> F \<in> program"
  27.124 +lemma Constrains_empty: "F \<in> 0 Co B \<longleftrightarrow> F \<in> program"
  27.125  by (auto dest: Constrains_type [THEN subsetD]
  27.126              intro: constrains_imp_Constrains)
  27.127  declare Constrains_empty [iff]
  27.128  
  27.129 -lemma Constrains_state: "F \<in> A Co state <-> F \<in> program"
  27.130 +lemma Constrains_state: "F \<in> A Co state \<longleftrightarrow> F \<in> program"
  27.131  apply (unfold Constrains_def)
  27.132  apply (auto dest: Constrains_type [THEN subsetD] intro: constrains_imp_Constrains)
  27.133  done
  27.134 @@ -185,7 +185,7 @@
  27.135  
  27.136  (** Union **)
  27.137  lemma Constrains_Un: 
  27.138 -    "[| F \<in> A Co A'; F \<in> B Co B' |] ==> F \<in> (A Un B) Co (A' Un B')"
  27.139 +    "[| F \<in> A Co A'; F \<in> B Co B' |] ==> F \<in> (A \<union> B) Co (A' \<union> B')"
  27.140  apply (unfold Constrains_def2, auto)
  27.141  apply (simp add: Int_Un_distrib)
  27.142  apply (blast intro: constrains_Un)
  27.143 @@ -201,9 +201,9 @@
  27.144  (** Intersection **)
  27.145  
  27.146  lemma Constrains_Int: 
  27.147 -    "[| F \<in> A Co A'; F \<in> B Co B'|]==> F:(A Int B) Co (A' Int B')"
  27.148 +    "[| F \<in> A Co A'; F \<in> B Co B'|]==> F:(A \<inter> B) Co (A' \<inter> B')"
  27.149  apply (unfold Constrains_def)
  27.150 -apply (subgoal_tac "reachable (F) Int (A Int B) = (reachable (F) Int A) Int (reachable (F) Int B) ")
  27.151 +apply (subgoal_tac "reachable (F) \<inter> (A \<inter> B) = (reachable (F) \<inter> A) \<inter> (reachable (F) \<inter> B) ")
  27.152  apply (auto intro: constrains_Int)
  27.153  done
  27.154  
  27.155 @@ -215,7 +215,7 @@
  27.156  apply (auto simp add: Constrains_def)
  27.157  done
  27.158  
  27.159 -lemma Constrains_imp_subset: "F \<in> A Co A' ==> reachable(F) Int A <= A'"
  27.160 +lemma Constrains_imp_subset: "F \<in> A Co A' ==> reachable(F) \<inter> A \<subseteq> A'"
  27.161  apply (unfold Constrains_def)
  27.162  apply (blast dest: constrains_imp_subset)
  27.163  done
  27.164 @@ -227,7 +227,7 @@
  27.165  done
  27.166  
  27.167  lemma Constrains_cancel: 
  27.168 -"[| F \<in> A Co (A' Un B); F \<in> B Co B' |] ==> F \<in> A Co (A' Un B')"
  27.169 +"[| F \<in> A Co (A' \<union> B); F \<in> B Co B' |] ==> F \<in> A Co (A' \<union> B')"
  27.170  apply (unfold Constrains_def2)
  27.171  apply (simp (no_asm_use) add: Int_Un_distrib)
  27.172  apply (blast intro: constrains_cancel)
  27.173 @@ -247,7 +247,7 @@
  27.174  by blast
  27.175  
  27.176  lemma Stable_eq_stable: 
  27.177 -"F \<in> Stable(A) <->  (F \<in> stable(reachable(F) Int A))"
  27.178 +"F \<in> Stable(A) \<longleftrightarrow>  (F \<in> stable(reachable(F) \<inter> A))"
  27.179  apply (auto dest: constrainsD2 simp add: Stable_def stable_def Constrains_def2)
  27.180  done
  27.181  
  27.182 @@ -258,27 +258,27 @@
  27.183  by (unfold Stable_def, assumption)
  27.184  
  27.185  lemma Stable_Un: 
  27.186 -    "[| F \<in> Stable(A); F \<in> Stable(A') |] ==> F \<in> Stable(A Un A')"
  27.187 +    "[| F \<in> Stable(A); F \<in> Stable(A') |] ==> F \<in> Stable(A \<union> A')"
  27.188  apply (unfold Stable_def)
  27.189  apply (blast intro: Constrains_Un)
  27.190  done
  27.191  
  27.192  lemma Stable_Int: 
  27.193 -    "[| F \<in> Stable(A); F \<in> Stable(A') |] ==> F \<in> Stable (A Int A')"
  27.194 +    "[| F \<in> Stable(A); F \<in> Stable(A') |] ==> F \<in> Stable (A \<inter> A')"
  27.195  apply (unfold Stable_def)
  27.196  apply (blast intro: Constrains_Int)
  27.197  done
  27.198  
  27.199  lemma Stable_Constrains_Un: 
  27.200 -    "[| F \<in> Stable(C); F \<in> A Co (C Un A') |]    
  27.201 -     ==> F \<in> (C Un A) Co (C Un A')"
  27.202 +    "[| F \<in> Stable(C); F \<in> A Co (C \<union> A') |]    
  27.203 +     ==> F \<in> (C \<union> A) Co (C \<union> A')"
  27.204  apply (unfold Stable_def)
  27.205  apply (blast intro: Constrains_Un [THEN Constrains_weaken_R])
  27.206  done
  27.207  
  27.208  lemma Stable_Constrains_Int: 
  27.209 -    "[| F \<in> Stable(C); F \<in> (C Int A) Co A' |]    
  27.210 -     ==> F \<in> (C Int A) Co (C Int A')"
  27.211 +    "[| F \<in> Stable(C); F \<in> (C \<inter> A) Co A' |]    
  27.212 +     ==> F \<in> (C \<inter> A) Co (C \<inter> A')"
  27.213  apply (unfold Stable_def)
  27.214  apply (blast intro: Constrains_Int [THEN Constrains_weaken])
  27.215  done
  27.216 @@ -301,7 +301,7 @@
  27.217  apply (simp (no_asm_simp) add: Stable_eq_stable Int_absorb)
  27.218  done
  27.219  
  27.220 -lemma Stable_type: "Stable(A) <= program"
  27.221 +lemma Stable_type: "Stable(A) \<subseteq> program"
  27.222  apply (unfold Stable_def)
  27.223  apply (rule Constrains_type)
  27.224  done
  27.225 @@ -314,7 +314,7 @@
  27.226      "[| \<forall>m \<in> M. F \<in> ({s \<in> A. x(s) = m}) Co (B(m)); F \<in> program |]  
  27.227       ==> F \<in> ({s \<in> A. x(s):M}) Co (\<Union>m \<in> M. B(m))"
  27.228  apply (unfold Constrains_def, auto)
  27.229 -apply (rule_tac A1 = "reachable (F) Int A" 
  27.230 +apply (rule_tac A1 = "reachable (F) \<inter> A" 
  27.231          in UNITY.elimination [THEN constrains_weaken_L])
  27.232  apply (auto intro: constrains_weaken_L)
  27.233  done
  27.234 @@ -351,7 +351,7 @@
  27.235  lemmas Always_imp_Stable = AlwaysD [THEN conjunct2]
  27.236  
  27.237  (*The set of all reachable states is Always*)
  27.238 -lemma Always_includes_reachable: "F \<in> Always(A) ==> reachable(F) <= A"
  27.239 +lemma Always_includes_reachable: "F \<in> Always(A) ==> reachable(F) \<subseteq> A"
  27.240  apply (simp (no_asm_use) add: Stable_def Constrains_def constrains_def Always_def initially_def)
  27.241  apply (rule subsetI)
  27.242  apply (erule reachable.induct)
  27.243 @@ -366,20 +366,20 @@
  27.244  
  27.245  lemmas Always_reachable = invariant_reachable [THEN invariant_imp_Always]
  27.246  
  27.247 -lemma Always_eq_invariant_reachable: "Always(A) = {F \<in> program. F \<in> invariant(reachable(F) Int A)}"
  27.248 +lemma Always_eq_invariant_reachable: "Always(A) = {F \<in> program. F \<in> invariant(reachable(F) \<inter> A)}"
  27.249  apply (simp (no_asm) add: Always_def invariant_def Stable_def Constrains_def2 stable_def initially_def)
  27.250  apply (rule equalityI, auto) 
  27.251  apply (blast intro: reachable.intros reachable_type)
  27.252  done
  27.253  
  27.254  (*the RHS is the traditional definition of the "always" operator*)
  27.255 -lemma Always_eq_includes_reachable: "Always(A) = {F \<in> program. reachable(F) <= A}"
  27.256 +lemma Always_eq_includes_reachable: "Always(A) = {F \<in> program. reachable(F) \<subseteq> A}"
  27.257  apply (rule equalityI, safe)
  27.258  apply (auto dest: invariant_includes_reachable 
  27.259     simp add: subset_Int_iff invariant_reachable Always_eq_invariant_reachable)
  27.260  done
  27.261  
  27.262 -lemma Always_type: "Always(A) <= program"
  27.263 +lemma Always_type: "Always(A) \<subseteq> program"
  27.264  by (unfold Always_def initially_def, auto)
  27.265  
  27.266  lemma Always_state_eq: "Always(state) = program"
  27.267 @@ -401,37 +401,37 @@
  27.268               dest: invariant_type [THEN subsetD])+
  27.269  done
  27.270  
  27.271 -lemma Always_weaken: "[| F \<in> Always(A); A <= B |] ==> F \<in> Always(B)"
  27.272 +lemma Always_weaken: "[| F \<in> Always(A); A \<subseteq> B |] ==> F \<in> Always(B)"
  27.273  by (auto simp add: Always_eq_includes_reachable)
  27.274  
  27.275  
  27.276  (*** "Co" rules involving Always ***)
  27.277  lemmas Int_absorb2 = subset_Int_iff [unfolded iff_def, THEN conjunct1, THEN mp]
  27.278  
  27.279 -lemma Always_Constrains_pre: "F \<in> Always(I) ==> (F:(I Int A) Co A') <-> (F \<in> A Co A')"
  27.280 +lemma Always_Constrains_pre: "F \<in> Always(I) ==> (F:(I \<inter> A) Co A') \<longleftrightarrow> (F \<in> A Co A')"
  27.281  apply (simp (no_asm_simp) add: Always_includes_reachable [THEN Int_absorb2] Constrains_def Int_assoc [symmetric])
  27.282  done
  27.283  
  27.284 -lemma Always_Constrains_post: "F \<in> Always(I) ==> (F \<in> A Co (I Int A')) <->(F \<in> A Co A')"
  27.285 +lemma Always_Constrains_post: "F \<in> Always(I) ==> (F \<in> A Co (I \<inter> A')) \<longleftrightarrow>(F \<in> A Co A')"
  27.286  apply (simp (no_asm_simp) add: Always_includes_reachable [THEN Int_absorb2] Constrains_eq_constrains Int_assoc [symmetric])
  27.287  done
  27.288  
  27.289 -lemma Always_ConstrainsI: "[| F \<in> Always(I);  F \<in> (I Int A) Co A' |] ==> F \<in> A Co A'"
  27.290 +lemma Always_ConstrainsI: "[| F \<in> Always(I);  F \<in> (I \<inter> A) Co A' |] ==> F \<in> A Co A'"
  27.291  by (blast intro: Always_Constrains_pre [THEN iffD1])
  27.292  
  27.293 -(* [| F \<in> Always(I);  F \<in> A Co A' |] ==> F \<in> A Co (I Int A') *)
  27.294 +(* [| F \<in> Always(I);  F \<in> A Co A' |] ==> F \<in> A Co (I \<inter> A') *)
  27.295  lemmas Always_ConstrainsD = Always_Constrains_post [THEN iffD2]
  27.296  
  27.297  (*The analogous proof of Always_LeadsTo_weaken doesn't terminate*)
  27.298  lemma Always_Constrains_weaken: 
  27.299 -"[|F \<in> Always(C); F \<in> A Co A'; C Int B<=A; C Int A'<=B'|]==>F \<in> B Co B'"
  27.300 +"[|F \<in> Always(C); F \<in> A Co A'; C \<inter> B<=A; C \<inter> A'<=B'|]==>F \<in> B Co B'"
  27.301  apply (rule Always_ConstrainsI)
  27.302  apply (drule_tac [2] Always_ConstrainsD, simp_all) 
  27.303  apply (blast intro: Constrains_weaken)
  27.304  done
  27.305  
  27.306  (** Conjoining Always properties **)
  27.307 -lemma Always_Int_distrib: "Always(A Int B) = Always(A) Int Always(B)"
  27.308 +lemma Always_Int_distrib: "Always(A \<inter> B) = Always(A) \<inter> Always(B)"
  27.309  by (auto simp add: Always_eq_includes_reachable)
  27.310  
  27.311  (* the premise i \<in> I is need since \<Inter>is formally not defined for I=0 *)
  27.312 @@ -441,12 +441,12 @@
  27.313  done
  27.314  
  27.315  
  27.316 -lemma Always_Int_I: "[| F \<in> Always(A);  F \<in> Always(B) |] ==> F \<in> Always(A Int B)"
  27.317 +lemma Always_Int_I: "[| F \<in> Always(A);  F \<in> Always(B) |] ==> F \<in> Always(A \<inter> B)"
  27.318  apply (simp (no_asm_simp) add: Always_Int_distrib)
  27.319  done
  27.320  
  27.321  (*Allows a kind of "implication introduction"*)
  27.322 -lemma Always_Diff_Un_eq: "[| F \<in> Always(A) |] ==> (F \<in> Always(C-A Un B)) <-> (F \<in> Always(B))"
  27.323 +lemma Always_Diff_Un_eq: "[| F \<in> Always(A) |] ==> (F \<in> Always(C-A \<union> B)) \<longleftrightarrow> (F \<in> Always(B))"
  27.324  by (auto simp add: Always_eq_includes_reachable)
  27.325  
  27.326  (*Delete the nearest invariance assumption (which will be the second one
    28.1 --- a/src/ZF/UNITY/Distributor.thy	Tue Mar 06 16:46:27 2012 +0000
    28.2 +++ b/src/ZF/UNITY/Distributor.thy	Tue Mar 06 17:01:37 2012 +0000
    28.3 @@ -79,7 +79,7 @@
    28.4  
    28.5  lemma (in distr) D_ok_iff:
    28.6       "G \<in> program ==>
    28.7 -        D ok G <-> ((\<forall>n \<in> nat. G \<in> preserves(lift(Out(n)))) & D \<in> Allowed(G))"
    28.8 +        D ok G \<longleftrightarrow> ((\<forall>n \<in> nat. G \<in> preserves(lift(Out(n)))) & D \<in> Allowed(G))"
    28.9  apply (cut_tac distr_spec)
   28.10  apply (auto simp add: INT_iff distr_spec_def distr_allowed_acts_def
   28.11                        Allowed_def ok_iff_Allowed)
   28.12 @@ -131,7 +131,7 @@
   28.13  apply (subgoal_tac "length (s ` iIn) \<in> nat")
   28.14  apply typecheck
   28.15  apply (subgoal_tac "m \<in> nat")
   28.16 -apply (drule_tac x = "nth(m, s`iIn) " and P = "%elt. ?X (elt) --> elt<Nclients" in bspec)
   28.17 +apply (drule_tac x = "nth(m, s`iIn) " and P = "%elt. ?X (elt) \<longrightarrow> elt<Nclients" in bspec)
   28.18  apply (simp add: ltI)
   28.19  apply (simp_all add: Ord_mem_iff_lt)
   28.20  apply (blast dest: ltD)
    29.1 --- a/src/ZF/UNITY/FP.thy	Tue Mar 06 16:46:27 2012 +0000
    29.2 +++ b/src/ZF/UNITY/FP.thy	Tue Mar 06 17:01:37 2012 +0000
    29.3 @@ -13,7 +13,7 @@
    29.4  
    29.5  definition   
    29.6    FP_Orig :: "i=>i"  where
    29.7 -    "FP_Orig(F) == Union({A \<in> Pow(state). \<forall>B. F \<in> stable(A Int B)})"
    29.8 +    "FP_Orig(F) == \<Union>({A \<in> Pow(state). \<forall>B. F \<in> stable(A \<inter> B)})"
    29.9  
   29.10  definition
   29.11    FP :: "i=>i"  where
   29.12 @@ -36,19 +36,19 @@
   29.13  apply (rule FP_type)
   29.14  done
   29.15  
   29.16 -lemma stable_FP_Orig_Int: "F \<in> program ==> F \<in> stable(FP_Orig(F) Int B)"
   29.17 +lemma stable_FP_Orig_Int: "F \<in> program ==> F \<in> stable(FP_Orig(F) \<inter> B)"
   29.18  apply (simp only: FP_Orig_def stable_def Int_Union2)
   29.19  apply (blast intro: constrains_UN)
   29.20  done
   29.21  
   29.22  lemma FP_Orig_weakest2: 
   29.23 -    "[| \<forall>B. F \<in> stable (A Int B); st_set(A) |]  ==> A \<subseteq> FP_Orig(F)"
   29.24 +    "[| \<forall>B. F \<in> stable (A \<inter> B); st_set(A) |]  ==> A \<subseteq> FP_Orig(F)"
   29.25  by (unfold FP_Orig_def stable_def st_set_def, blast)
   29.26  
   29.27  lemmas FP_Orig_weakest = allI [THEN FP_Orig_weakest2]
   29.28  
   29.29 -lemma stable_FP_Int: "F \<in> program ==> F \<in> stable (FP(F) Int B)"
   29.30 -apply (subgoal_tac "FP (F) Int B = (\<Union>x\<in>B. FP (F) Int {x}) ")
   29.31 +lemma stable_FP_Int: "F \<in> program ==> F \<in> stable (FP(F) \<inter> B)"
   29.32 +apply (subgoal_tac "FP (F) \<inter> B = (\<Union>x\<in>B. FP (F) \<inter> {x}) ")
   29.33   prefer 2 apply blast
   29.34  apply (simp (no_asm_simp) add: Int_cons_right)
   29.35  apply (unfold FP_def stable_def)
   29.36 @@ -71,7 +71,7 @@
   29.37  by (blast intro!: FP_Orig_subset_FP FP_subset_FP_Orig)
   29.38  
   29.39  lemma FP_weakest [rule_format]:
   29.40 -     "[| \<forall>B. F \<in> stable(A Int B); F \<in> program; st_set(A) |] ==> A \<subseteq> FP(F)"
   29.41 +     "[| \<forall>B. F \<in> stable(A \<inter> B); F \<in> program; st_set(A) |] ==> A \<subseteq> FP(F)"
   29.42  by (simp add: FP_equivalence FP_Orig_weakest)
   29.43  
   29.44  
    30.1 --- a/src/ZF/UNITY/Follows.thy	Tue Mar 06 16:46:27 2012 +0000
    30.2 +++ b/src/ZF/UNITY/Follows.thy	Tue Mar 06 17:01:37 2012 +0000
    30.3 @@ -121,7 +121,7 @@
    30.4  apply (force simp add: part_order_def refl_def)
    30.5  apply (force simp add: part_order_def refl_def)
    30.6  apply (drule_tac x = "f1 (x) " and x1 = "f (sa) " and P2 = "%x y. \<forall>u\<in>B. ?P (x,y,u) " in bspec [THEN bspec])
    30.7 -apply (drule_tac [3] x = "g (x) " and x1 = "g (sa) " and P2 = "%x y. ?P (x,y) --> ?d (x,y) \<in> t" in bspec [THEN bspec])
    30.8 +apply (drule_tac [3] x = "g (x) " and x1 = "g (sa) " and P2 = "%x y. ?P (x,y) \<longrightarrow> ?d (x,y) \<in> t" in bspec [THEN bspec])
    30.9  apply auto
   30.10  apply (rule_tac b = "h (f (sa), g (sa))" and A = C in trans_onD)
   30.11  apply (auto simp add: part_order_def)
   30.12 @@ -144,7 +144,7 @@
   30.13  apply (force simp add: part_order_def refl_def)
   30.14  apply (force simp add: part_order_def refl_def)
   30.15  apply (drule_tac x = "f (x) " and x1 = "f (sa) " in bspec [THEN bspec])
   30.16 -apply (drule_tac [3] x = "g1 (x) " and x1 = "g (sa) " and P2 = "%x y. ?P (x,y) --> ?d (x,y) \<in> t" in bspec [THEN bspec])
   30.17 +apply (drule_tac [3] x = "g1 (x) " and x1 = "g (sa) " and P2 = "%x y. ?P (x,y) \<longrightarrow> ?d (x,y) \<in> t" in bspec [THEN bspec])
   30.18  apply auto
   30.19  apply (rule_tac b = "h (f (sa), g (sa))" and A = C in trans_onD)
   30.20  apply (auto simp add: part_order_def)
   30.21 @@ -152,7 +152,7 @@
   30.22  
   30.23  (**  This general result is used to prove Follows Un, munion, etc. **)
   30.24  lemma imp_LeadsTo_comp2:
   30.25 -"[| F \<in> Increasing(A, r, f1) Int  Increasing(B, s, g);
   30.26 +"[| F \<in> Increasing(A, r, f1) \<inter>  Increasing(B, s, g);
   30.27    \<forall>j \<in> A. F: {s \<in> state. <j, f(s)> \<in> r} LeadsTo {s \<in> state. <j,f1(s)> \<in> r};
   30.28    \<forall>j \<in> B. F: {x \<in> state. <j, g(x)> \<in> s} LeadsTo {x \<in> state. <j,g1(x)> \<in> s};
   30.29    mono2(A, r, B, s, C, t, h); refl(A,r); refl(B, s); trans[C](t);
   30.30 @@ -187,7 +187,7 @@
   30.31  
   30.32  lemma subset_Follows_comp:
   30.33  "[| mono1(A, r, B, s, h); refl(A, r); trans[B](s) |]
   30.34 -   ==> Follows(A, r, f, g) <= Follows(B, s,  h comp f, h comp g)"
   30.35 +   ==> Follows(A, r, f, g) \<subseteq> Follows(B, s,  h comp f, h comp g)"
   30.36  apply (unfold Follows_def, clarify)
   30.37  apply (frule_tac f = g in IncreasingD)
   30.38  apply (frule_tac f = f in IncreasingD)
   30.39 @@ -324,25 +324,25 @@
   30.40  lemma increasing_Un:
   30.41       "[| F \<in> Increasing.increasing(Pow(A), SetLe(A), f);
   30.42           F \<in> Increasing.increasing(Pow(A), SetLe(A), g) |]
   30.43 -     ==> F \<in> Increasing.increasing(Pow(A), SetLe(A), %x. f(x) Un g(x))"
   30.44 +     ==> F \<in> Increasing.increasing(Pow(A), SetLe(A), %x. f(x) \<union> g(x))"
   30.45  by (rule_tac h = "op Un" in imp_increasing_comp2, auto)
   30.46  
   30.47  lemma Increasing_Un:
   30.48       "[| F \<in> Increasing(Pow(A), SetLe(A), f);
   30.49           F \<in> Increasing(Pow(A), SetLe(A), g) |]
   30.50 -     ==> F \<in> Increasing(Pow(A), SetLe(A), %x. f(x) Un g(x))"
   30.51 +     ==> F \<in> Increasing(Pow(A), SetLe(A), %x. f(x) \<union> g(x))"
   30.52  by (rule_tac h = "op Un" in imp_Increasing_comp2, auto)
   30.53  
   30.54  lemma Always_Un:
   30.55 -     "[| F \<in> Always({s \<in> state. f1(s) <= f(s)});
   30.56 -     F \<in> Always({s \<in> state. g1(s) <= g(s)}) |]
   30.57 -      ==> F \<in> Always({s \<in> state. f1(s) Un g1(s) <= f(s) Un g(s)})"
   30.58 +     "[| F \<in> Always({s \<in> state. f1(s) \<subseteq> f(s)});
   30.59 +     F \<in> Always({s \<in> state. g1(s) \<subseteq> g(s)}) |]
   30.60 +      ==> F \<in> Always({s \<in> state. f1(s) \<union> g1(s) \<subseteq> f(s) \<union> g(s)})"
   30.61  by (simp add: Always_eq_includes_reachable, blast)
   30.62  
   30.63  lemma Follows_Un:
   30.64  "[| F \<in> Follows(Pow(A), SetLe(A), f1, f);
   30.65       F \<in> Follows(Pow(A), SetLe(A), g1, g) |]
   30.66 -     ==> F \<in> Follows(Pow(A), SetLe(A), %s. f1(s) Un g1(s), %s. f(s) Un g(s))"
   30.67 +     ==> F \<in> Follows(Pow(A), SetLe(A), %s. f1(s) \<union> g1(s), %s. f(s) \<union> g(s))"
   30.68  by (rule_tac h = "op Un" in imp_Follows_comp2, auto)
   30.69  
   30.70  (** Multiset union properties (with the MultLe ordering) **)
    31.1 --- a/src/ZF/UNITY/GenPrefix.thy	Tue Mar 06 16:46:27 2012 +0000
    31.2 +++ b/src/ZF/UNITY/GenPrefix.thy	Tue Mar 06 17:01:37 2012 +0000
    31.3 @@ -25,7 +25,7 @@
    31.4  inductive
    31.5    (* Parameter A is the domain of zs's elements *)
    31.6  
    31.7 -  domains "gen_prefix(A, r)" <= "list(A)*list(A)"
    31.8 +  domains "gen_prefix(A, r)" \<subseteq> "list(A)*list(A)"
    31.9  
   31.10    intros
   31.11      Nil:     "<[],[]>:gen_prefix(A, r)"
   31.12 @@ -79,7 +79,7 @@
   31.13  
   31.14  lemma Cons_gen_prefix_aux:
   31.15    "[| <xs', ys'> \<in> gen_prefix(A, r) |]
   31.16 -   ==> (\<forall>x xs. x \<in> A --> xs'= Cons(x,xs) -->
   31.17 +   ==> (\<forall>x xs. x \<in> A \<longrightarrow> xs'= Cons(x,xs) \<longrightarrow>
   31.18         (\<exists>y ys. y \<in> A & ys' = Cons(y,ys) &
   31.19         <x,y>:r & <xs, ys> \<in> gen_prefix(A, r)))"
   31.20  apply (erule gen_prefix.induct)
   31.21 @@ -97,14 +97,14 @@
   31.22  
   31.23  lemma Cons_gen_prefix_Cons:
   31.24  "(<Cons(x,xs),Cons(y,ys)> \<in> gen_prefix(A, r))
   31.25 -  <-> (x \<in> A & y \<in> A & <x,y>:r & <xs,ys> \<in> gen_prefix(A, r))"
   31.26 +  \<longleftrightarrow> (x \<in> A & y \<in> A & <x,y>:r & <xs,ys> \<in> gen_prefix(A, r))"
   31.27  apply (auto intro: gen_prefix.prepend)
   31.28  done
   31.29  declare Cons_gen_prefix_Cons [iff]
   31.30  
   31.31  (** Monotonicity of gen_prefix **)
   31.32  
   31.33 -lemma gen_prefix_mono2: "r<=s ==> gen_prefix(A, r) <= gen_prefix(A, s)"
   31.34 +lemma gen_prefix_mono2: "r<=s ==> gen_prefix(A, r) \<subseteq> gen_prefix(A, s)"
   31.35  apply clarify
   31.36  apply (frule gen_prefix.dom_subset [THEN subsetD], clarify)
   31.37  apply (erule rev_mp)
   31.38 @@ -112,7 +112,7 @@
   31.39  apply (auto intro: gen_prefix.append)
   31.40  done
   31.41  
   31.42 -lemma gen_prefix_mono1: "A<=B ==>gen_prefix(A, r) <= gen_prefix(B, r)"
   31.43 +lemma gen_prefix_mono1: "A<=B ==>gen_prefix(A, r) \<subseteq> gen_prefix(B, r)"
   31.44  apply clarify
   31.45  apply (frule gen_prefix.dom_subset [THEN subsetD], clarify)
   31.46  apply (erule rev_mp)
   31.47 @@ -126,7 +126,7 @@
   31.48              intro: gen_prefix.append list_mono [THEN subsetD])
   31.49  done
   31.50  
   31.51 -lemma gen_prefix_mono: "[| A <= B; r <= s |] ==> gen_prefix(A, r) <= gen_prefix(B, s)"
   31.52 +lemma gen_prefix_mono: "[| A \<subseteq> B; r \<subseteq> s |] ==> gen_prefix(A, r) \<subseteq> gen_prefix(B, s)"
   31.53  apply (rule subset_trans)
   31.54  apply (rule gen_prefix_mono1)
   31.55  apply (rule_tac [2] gen_prefix_mono2, auto)
   31.56 @@ -145,7 +145,7 @@
   31.57  (* A lemma for proving gen_prefix_trans_comp *)
   31.58  
   31.59  lemma append_gen_prefix [rule_format (no_asm)]: "xs \<in> list(A) ==>
   31.60 -   \<forall>zs. <xs @ ys, zs> \<in> gen_prefix(A, r) --> <xs, zs>: gen_prefix(A, r)"
   31.61 +   \<forall>zs. <xs @ ys, zs> \<in> gen_prefix(A, r) \<longrightarrow> <xs, zs>: gen_prefix(A, r)"
   31.62  apply (erule list.induct)
   31.63  apply (auto dest: gen_prefix.dom_subset [THEN subsetD])
   31.64  done
   31.65 @@ -154,7 +154,7 @@
   31.66  
   31.67  lemma gen_prefix_trans_comp [rule_format (no_asm)]:
   31.68       "<x, y>: gen_prefix(A, r) ==>
   31.69 -   (\<forall>z \<in> list(A). <y,z> \<in> gen_prefix(A, s)--><x, z> \<in> gen_prefix(A, s O r))"
   31.70 +   (\<forall>z \<in> list(A). <y,z> \<in> gen_prefix(A, s)\<longrightarrow><x, z> \<in> gen_prefix(A, s O r))"
   31.71  apply (erule gen_prefix.induct)
   31.72  apply (auto elim: ConsE simp add: Nil_gen_prefix)
   31.73  apply (subgoal_tac "ys \<in> list (A) ")
   31.74 @@ -162,7 +162,7 @@