Added HOL proof importer.
authorskalberg
Fri Apr 02 17:37:45 2004 +0200 (2004-04-02)
changeset 14516a183dec876ab
parent 14515 86f2daf48a3c
child 14517 7ae3b247c6e9
Added HOL proof importer.
src/HOL/Import/Generate-HOL/GenHOL4Base.thy
src/HOL/Import/Generate-HOL/GenHOL4Prob.thy
src/HOL/Import/Generate-HOL/GenHOL4Real.thy
src/HOL/Import/Generate-HOL/GenHOL4Vec.thy
src/HOL/Import/Generate-HOL/GenHOL4Word32.thy
src/HOL/Import/Generate-HOL/ROOT.ML
src/HOL/Import/HOL/HOL4.thy
src/HOL/Import/HOL/HOL4Base.thy
src/HOL/Import/HOL/HOL4Prob.thy
src/HOL/Import/HOL/HOL4Real.thy
src/HOL/Import/HOL/HOL4Vec.thy
src/HOL/Import/HOL/HOL4Word32.thy
src/HOL/Import/HOL/README
src/HOL/Import/HOL/ROOT.ML
src/HOL/Import/HOL/arithmetic.imp
src/HOL/Import/HOL/bits.imp
src/HOL/Import/HOL/bool.imp
src/HOL/Import/HOL/boolean_sequence.imp
src/HOL/Import/HOL/bword_arith.imp
src/HOL/Import/HOL/bword_bitop.imp
src/HOL/Import/HOL/bword_num.imp
src/HOL/Import/HOL/combin.imp
src/HOL/Import/HOL/divides.imp
src/HOL/Import/HOL/hrat.imp
src/HOL/Import/HOL/hreal.imp
src/HOL/Import/HOL/ind_type.imp
src/HOL/Import/HOL/lim.imp
src/HOL/Import/HOL/list.imp
src/HOL/Import/HOL/marker.imp
src/HOL/Import/HOL/nets.imp
src/HOL/Import/HOL/num.imp
src/HOL/Import/HOL/numeral.imp
src/HOL/Import/HOL/one.imp
src/HOL/Import/HOL/operator.imp
src/HOL/Import/HOL/option.imp
src/HOL/Import/HOL/pair.imp
src/HOL/Import/HOL/poly.imp
src/HOL/Import/HOL/powser.imp
src/HOL/Import/HOL/pred_set.imp
src/HOL/Import/HOL/prim_rec.imp
src/HOL/Import/HOL/prime.imp
src/HOL/Import/HOL/prob.imp
src/HOL/Import/HOL/prob_algebra.imp
src/HOL/Import/HOL/prob_canon.imp
src/HOL/Import/HOL/prob_extra.imp
src/HOL/Import/HOL/prob_indep.imp
src/HOL/Import/HOL/prob_pseudo.imp
src/HOL/Import/HOL/prob_uniform.imp
src/HOL/Import/HOL/real.imp
src/HOL/Import/HOL/realax.imp
src/HOL/Import/HOL/relation.imp
src/HOL/Import/HOL/res_quan.imp
src/HOL/Import/HOL/rich_list.imp
src/HOL/Import/HOL/seq.imp
src/HOL/Import/HOL/state_transformer.imp
src/HOL/Import/HOL/sum.imp
src/HOL/Import/HOL/topology.imp
src/HOL/Import/HOL/transc.imp
src/HOL/Import/HOL/word32.imp
src/HOL/Import/HOL/word_base.imp
src/HOL/Import/HOL/word_bitop.imp
src/HOL/Import/HOL/word_num.imp
src/HOL/Import/HOL4Compat.thy
src/HOL/Import/HOL4Setup.thy
src/HOL/Import/HOL4Syntax.thy
src/HOL/Import/MakeEqual.thy
src/HOL/Import/ROOT.ML
src/HOL/Import/hol4rews.ML
src/HOL/Import/import_package.ML
src/HOL/Import/import_syntax.ML
src/HOL/Import/proof_kernel.ML
src/HOL/Import/replay.ML
src/HOL/Import/shuffler.ML
src/HOL/IsaMakefile
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/src/HOL/Import/Generate-HOL/GenHOL4Base.thy	Fri Apr 02 17:37:45 2004 +0200
     1.3 @@ -0,0 +1,273 @@
     1.4 +theory GenHOL4Base = HOL4Compat + HOL4Syntax:;
     1.5 +
     1.6 +import_segment "hol4";
     1.7 +
     1.8 +setup_dump "../HOL" "HOL4Base";
     1.9 +
    1.10 +append_dump "theory HOL4Base = HOL4Compat + HOL4Syntax:";
    1.11 +
    1.12 +import_theory bool;
    1.13 +
    1.14 +const_maps
    1.15 +  T               > True
    1.16 +  F               > False
    1.17 +  "!"             > All
    1.18 +  "/\\"           > "op &"
    1.19 +  "\\/"           > "op |"
    1.20 +  "?"             > Ex
    1.21 +  "?!"            > Ex1
    1.22 +  "~"             > Not
    1.23 +  COND            > If
    1.24 +  bool_case       > Datatype.bool.bool_case
    1.25 +  ONE_ONE         > HOL4Setup.ONE_ONE
    1.26 +  ONTO            > HOL4Setup.ONTO
    1.27 +  TYPE_DEFINITION > HOL4Setup.TYPE_DEFINITION
    1.28 +  LET             > HOL4Compat.LET;
    1.29 +
    1.30 +ignore_thms
    1.31 +  BOUNDED_DEF
    1.32 +  BOUNDED_THM
    1.33 +  UNBOUNDED_DEF
    1.34 +  UNBOUNDED_THM;
    1.35 +
    1.36 +end_import;
    1.37 +
    1.38 +import_theory combin;
    1.39 +
    1.40 +const_maps
    1.41 +  o > Fun.comp;
    1.42 +
    1.43 +end_import;
    1.44 +
    1.45 +import_theory sum;
    1.46 +
    1.47 +type_maps
    1.48 +  sum > "+";
    1.49 +
    1.50 +const_maps
    1.51 +  INL      > Inl
    1.52 +  INR      > Inr
    1.53 +  ISL      > HOL4Compat.ISL
    1.54 +  ISR      > HOL4Compat.ISR
    1.55 +  OUTL     > HOL4Compat.OUTL
    1.56 +  OUTR     > HOL4Compat.OUTR
    1.57 +  sum_case > Datatype.sum.sum_case;
    1.58 +
    1.59 +ignore_thms
    1.60 +  sum_TY_DEF
    1.61 +  sum_ISO_DEF
    1.62 +  IS_SUM_REP
    1.63 +  INL_DEF
    1.64 +  INR_DEF
    1.65 +  sum_axiom
    1.66 +  sum_Axiom;
    1.67 +
    1.68 +end_import;
    1.69 +
    1.70 +import_theory one;
    1.71 +
    1.72 +type_maps
    1.73 +  one > Product_Type.unit;
    1.74 +
    1.75 +const_maps
    1.76 +  one > Product_Type.Unity;
    1.77 +
    1.78 +ignore_thms
    1.79 +    one_TY_DEF
    1.80 +    one_axiom
    1.81 +    one_Axiom
    1.82 +    one_DEF;
    1.83 +
    1.84 +end_import;
    1.85 +
    1.86 +import_theory option;
    1.87 +
    1.88 +type_maps
    1.89 +    option > Datatype.option;
    1.90 +
    1.91 +const_maps
    1.92 +    NONE        > Datatype.option.None
    1.93 +    SOME        > Datatype.option.Some
    1.94 +    option_case > Datatype.option.option_case
    1.95 +    OPTION_MAP  > Datatype.option_map
    1.96 +    THE         > Datatype.the
    1.97 +    IS_SOME     > HOL4Compat.IS_SOME
    1.98 +    IS_NONE     > HOL4Compat.IS_NONE
    1.99 +    OPTION_JOIN > HOL4Compat.OPTION_JOIN;
   1.100 +
   1.101 +ignore_thms
   1.102 +    option_axiom
   1.103 +    option_Axiom
   1.104 +    option_TY_DEF
   1.105 +    option_REP_ABS_DEF
   1.106 +    SOME_DEF
   1.107 +    NONE_DEF;
   1.108 +
   1.109 +end_import;
   1.110 +
   1.111 +import_theory marker;
   1.112 +end_import;
   1.113 +
   1.114 +import_theory relation;
   1.115 +
   1.116 +const_renames
   1.117 +  reflexive > pred_reflexive;
   1.118 +
   1.119 +end_import;
   1.120 +
   1.121 +import_theory pair;
   1.122 +
   1.123 +type_maps
   1.124 +    prod > "*";
   1.125 +
   1.126 +const_maps
   1.127 +    ","       > Pair
   1.128 +    FST       > fst
   1.129 +    SND       > snd
   1.130 +    CURRY     > curry
   1.131 +    UNCURRY   > split
   1.132 +    "##"      > prod_fun
   1.133 +    pair_case > split;
   1.134 +
   1.135 +ignore_thms
   1.136 +    prod_TY_DEF
   1.137 +    MK_PAIR_DEF
   1.138 +    IS_PAIR_DEF
   1.139 +    ABS_REP_prod
   1.140 +    COMMA_DEF;
   1.141 +
   1.142 +end_import;
   1.143 +
   1.144 +import_theory num;
   1.145 +
   1.146 +type_maps
   1.147 +  num > nat;
   1.148 +
   1.149 +const_maps
   1.150 +  SUC > Suc
   1.151 +  0   > 0 :: nat;
   1.152 +
   1.153 +ignore_thms
   1.154 +    num_TY_DEF
   1.155 +    num_ISO_DEF
   1.156 +    IS_NUM_REP
   1.157 +    ZERO_REP_DEF
   1.158 +    SUC_REP_DEF
   1.159 +    ZERO_DEF
   1.160 +    SUC_DEF;
   1.161 +
   1.162 +end_import;
   1.163 +
   1.164 +import_theory prim_rec;
   1.165 +
   1.166 +const_maps
   1.167 +    "<" > "op <" :: "[nat,nat]\<Rightarrow>bool";
   1.168 +
   1.169 +end_import;
   1.170 +
   1.171 +import_theory arithmetic;
   1.172 +
   1.173 +const_maps
   1.174 +  ALT_ZERO     > HOL4Compat.ALT_ZERO
   1.175 +  NUMERAL_BIT1 > HOL4Compat.NUMERAL_BIT1
   1.176 +  NUMERAL_BIT2 > HOL4Compat.NUMERAL_BIT2
   1.177 +  NUMERAL      > HOL4Compat.NUMERAL
   1.178 +  num_case     > Nat.nat.nat_case
   1.179 +  ">"          > HOL4Compat.nat_gt
   1.180 +  ">="         > HOL4Compat.nat_ge
   1.181 +  FUNPOW       > HOL4Compat.FUNPOW
   1.182 +  "<="         > "op <="          :: "[nat,nat]\<Rightarrow>bool"
   1.183 +  "+"          > "op +"           :: "[nat,nat]\<Rightarrow>nat"
   1.184 +  "*"          > "op *"           :: "[nat,nat]\<Rightarrow>nat"
   1.185 +  "-"          > "op -"           :: "[nat,nat]\<Rightarrow>nat"
   1.186 +  MIN          > HOL.min          :: "[nat,nat]\<Rightarrow>nat"
   1.187 +  MAX          > HOL.max          :: "[nat,nat]\<Rightarrow>nat"
   1.188 +  DIV          > "Divides.op div" :: "[nat,nat]\<Rightarrow>nat"
   1.189 +  MOD          > "Divides.op mod" :: "[nat,nat]\<Rightarrow>nat"
   1.190 +  EXP          > Nat.power        :: "[nat,nat]\<Rightarrow>nat";
   1.191 +
   1.192 +end_import;
   1.193 +
   1.194 +import_theory hrat;
   1.195 +end_import;
   1.196 +
   1.197 +import_theory hreal;
   1.198 +end_import;
   1.199 +
   1.200 +import_theory numeral;
   1.201 +end_import;
   1.202 +
   1.203 +import_theory ind_type;
   1.204 +end_import;
   1.205 +
   1.206 +import_theory divides;
   1.207 +
   1.208 +const_maps
   1.209 +    divides > "Divides.op dvd" :: "[nat,nat]\<Rightarrow>bool";
   1.210 +
   1.211 +end_import;
   1.212 +
   1.213 +import_theory prime;
   1.214 +end_import;
   1.215 +
   1.216 +import_theory list;
   1.217 +
   1.218 +type_maps
   1.219 +    list > List.list;
   1.220 +
   1.221 +const_maps
   1.222 +  CONS      > List.list.Cons
   1.223 +  NIL       > List.list.Nil
   1.224 +  list_case > List.list.list_case
   1.225 +  NULL      > List.null
   1.226 +  HD        > List.hd
   1.227 +  TL        > List.tl
   1.228 +  MAP       > List.map
   1.229 +  MEM       > "List.op mem"
   1.230 +  FILTER    > List.filter
   1.231 +  FOLDL     > List.foldl
   1.232 +  EVERY     > List.list_all
   1.233 +  REVERSE   > List.rev
   1.234 +  LAST      > List.last
   1.235 +  FRONT     > List.butlast
   1.236 +  APPEND    > "List.op @"
   1.237 +  FLAT      > List.concat
   1.238 +  LENGTH    > Nat.size
   1.239 +  REPLICATE > List.replicate
   1.240 +  list_size > HOL4Compat.list_size
   1.241 +  SUM       > HOL4Compat.sum
   1.242 +  FOLDR     > HOL4Compat.FOLDR
   1.243 +  EXISTS    > HOL4Compat.list_exists
   1.244 +  MAP2      > HOL4Compat.map2
   1.245 +  ZIP       > HOL4Compat.ZIP
   1.246 +  UNZIP     > HOL4Compat.unzip;
   1.247 +
   1.248 +ignore_thms
   1.249 +  list_TY_DEF
   1.250 +  list_repfns
   1.251 +  list0_def
   1.252 +  list1_def
   1.253 +  NIL
   1.254 +  CONS_def;
   1.255 +
   1.256 +end_import;
   1.257 +
   1.258 +import_theory pred_set;
   1.259 +end_import;
   1.260 +
   1.261 +import_theory operator;
   1.262 +end_import;
   1.263 +
   1.264 +import_theory rich_list;
   1.265 +end_import;
   1.266 +
   1.267 +import_theory state_transformer;
   1.268 +end_import;
   1.269 +
   1.270 +append_dump "end";
   1.271 +
   1.272 +flush_dump;
   1.273 +
   1.274 +import_segment "";
   1.275 +
   1.276 +end
     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/src/HOL/Import/Generate-HOL/GenHOL4Prob.thy	Fri Apr 02 17:37:45 2004 +0200
     2.3 @@ -0,0 +1,43 @@
     2.4 +theory GenHOL4Prob = GenHOL4Real:
     2.5 +
     2.6 +import_segment "hol4";
     2.7 +
     2.8 +setup_dump "../HOL" "HOL4Prob";
     2.9 +
    2.10 +append_dump "theory HOL4Prob = HOL4Real:";
    2.11 +
    2.12 +import_theory prob_extra;
    2.13 +
    2.14 +const_moves
    2.15 +  COMPL > GenHOL4Base.pred_set.COMPL;
    2.16 +
    2.17 +end_import;
    2.18 +
    2.19 +import_theory prob_canon;
    2.20 +end_import;
    2.21 +
    2.22 +import_theory boolean_sequence;
    2.23 +end_import;
    2.24 +
    2.25 +import_theory prob_algebra;
    2.26 +end_import;
    2.27 +
    2.28 +import_theory prob;
    2.29 +end_import;
    2.30 +
    2.31 +import_theory prob_pseudo;
    2.32 +end_import;
    2.33 +
    2.34 +import_theory prob_indep;
    2.35 +end_import;
    2.36 +
    2.37 +import_theory prob_uniform;
    2.38 +end_import;
    2.39 +
    2.40 +append_dump "end";
    2.41 +
    2.42 +flush_dump;
    2.43 +
    2.44 +import_segment "";
    2.45 +
    2.46 +end
     3.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.2 +++ b/src/HOL/Import/Generate-HOL/GenHOL4Real.thy	Fri Apr 02 17:37:45 2004 +0200
     3.3 @@ -0,0 +1,85 @@
     3.4 +theory GenHOL4Real = GenHOL4Base:
     3.5 +
     3.6 +import_segment "hol4";
     3.7 +
     3.8 +setup_dump "../HOL" "HOL4Real";
     3.9 +
    3.10 +append_dump "theory HOL4Real = HOL4Base:";
    3.11 +
    3.12 +import_theory realax;
    3.13 +
    3.14 +type_maps
    3.15 +  real > RealDef.real;
    3.16 +
    3.17 +const_maps
    3.18 +  real_0   > 0           :: real
    3.19 +  real_1   > 1           :: real
    3.20 +  real_neg > uminus      :: "real \<Rightarrow> real"
    3.21 +  inv      > HOL.inverse :: "real \<Rightarrow> real"
    3.22 +  real_add > "op +"      :: "[real,real] \<Rightarrow> real"
    3.23 +  real_mul > "op *"      :: "[real,real] \<Rightarrow> real"
    3.24 +  real_lt  > "op <"      :: "[real,real] \<Rightarrow> bool";
    3.25 +
    3.26 +ignore_thms
    3.27 +    real_TY_DEF
    3.28 +    real_tybij
    3.29 +    real_0
    3.30 +    real_1
    3.31 +    real_neg
    3.32 +    real_inv
    3.33 +    real_add
    3.34 +    real_mul
    3.35 +    real_lt
    3.36 +    real_of_hreal
    3.37 +    hreal_of_real
    3.38 +    REAL_ISO_EQ
    3.39 +    REAL_POS
    3.40 +    SUP_ALLPOS_LEMMA1
    3.41 +    SUP_ALLPOS_LEMMA2
    3.42 +    SUP_ALLPOS_LEMMA3
    3.43 +    SUP_ALLPOS_LEMMA4;
    3.44 +
    3.45 +end_import;
    3.46 +
    3.47 +import_theory real;
    3.48 +
    3.49 +const_maps
    3.50 +  real_gt     > HOL4Compat.real_gt
    3.51 +  real_ge     > HOL4Compat.real_ge
    3.52 +  real_lte    > "op <="      :: "[real,real] \<Rightarrow> bool"
    3.53 +  real_sub    > "op -"       :: "[real,real] \<Rightarrow> real"
    3.54 +  "/"         > HOL.divide   :: "[real,real] \<Rightarrow> real"
    3.55 +  pow         > Nat.power    :: "[real,nat] \<Rightarrow> real"
    3.56 +  abs         > HOL.abs      :: "real \<Rightarrow> real"
    3.57 +  real_of_num > RealDef.real :: "nat \<Rightarrow> real";
    3.58 +
    3.59 +end_import;
    3.60 +
    3.61 +import_theory topology;
    3.62 +end_import;
    3.63 +
    3.64 +import_theory nets;
    3.65 +end_import;
    3.66 +
    3.67 +import_theory seq;
    3.68 +end_import;
    3.69 +
    3.70 +import_theory lim;
    3.71 +end_import;
    3.72 +
    3.73 +import_theory powser;
    3.74 +end_import;
    3.75 +
    3.76 +import_theory transc;
    3.77 +end_import;
    3.78 +
    3.79 +import_theory poly;
    3.80 +end_import;
    3.81 +
    3.82 +append_dump "end";
    3.83 +
    3.84 +flush_dump;
    3.85 +
    3.86 +import_segment "";
    3.87 +
    3.88 +end
     4.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     4.2 +++ b/src/HOL/Import/Generate-HOL/GenHOL4Vec.thy	Fri Apr 02 17:37:45 2004 +0200
     4.3 @@ -0,0 +1,40 @@
     4.4 +theory GenHOL4Vec = GenHOL4Base:
     4.5 +
     4.6 +import_segment "hol4";
     4.7 +
     4.8 +setup_dump "../HOL" "HOL4Vec";
     4.9 +
    4.10 +append_dump "theory HOL4Vec = HOL4Base:";
    4.11 +
    4.12 +import_theory res_quan;
    4.13 +end_import;
    4.14 +
    4.15 +import_theory word_base;
    4.16 +
    4.17 +const_renames
    4.18 +  BIT > bit;
    4.19 +
    4.20 +end_import;
    4.21 +
    4.22 +import_theory word_num;
    4.23 +end_import;
    4.24 +
    4.25 +import_theory word_bitop;
    4.26 +end_import;
    4.27 +
    4.28 +import_theory bword_num;
    4.29 +end_import;
    4.30 +
    4.31 +import_theory bword_arith;
    4.32 +end_import;
    4.33 +
    4.34 +import_theory bword_bitop;
    4.35 +end_import;
    4.36 +
    4.37 +append_dump "end";
    4.38 +
    4.39 +flush_dump;
    4.40 +
    4.41 +import_segment "";
    4.42 +
    4.43 +end
     5.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     5.2 +++ b/src/HOL/Import/Generate-HOL/GenHOL4Word32.thy	Fri Apr 02 17:37:45 2004 +0200
     5.3 @@ -0,0 +1,29 @@
     5.4 +theory GenHOL4Word32 = GenHOL4Base:;
     5.5 +
     5.6 +import_segment "hol4";
     5.7 +
     5.8 +setup_dump "../HOL" "HOL4Word32";
     5.9 +
    5.10 +append_dump "theory HOL4Word32 = HOL4Base:";
    5.11 +
    5.12 +import_theory bits;
    5.13 +
    5.14 +const_renames
    5.15 +  BIT > bit
    5.16 +
    5.17 +end_import;
    5.18 +
    5.19 +import_theory word32;
    5.20 +
    5.21 +const_renames
    5.22 +  "==" > EQUIV;
    5.23 +
    5.24 +end_import;
    5.25 +
    5.26 +append_dump "end";
    5.27 +
    5.28 +flush_dump;
    5.29 +
    5.30 +import_segment "";
    5.31 +
    5.32 +end
     6.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     6.2 +++ b/src/HOL/Import/Generate-HOL/ROOT.ML	Fri Apr 02 17:37:45 2004 +0200
     6.3 @@ -0,0 +1,5 @@
     6.4 +with_path ".." use_thy "HOL4Compat";
     6.5 +with_path ".." use_thy "HOL4Syntax";
     6.6 +use_thy "GenHOL4Prob";
     6.7 +use_thy "GenHOL4Vec";
     6.8 +use_thy "GenHOL4Word32";
     7.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     7.2 +++ b/src/HOL/Import/HOL/HOL4.thy	Fri Apr 02 17:37:45 2004 +0200
     7.3 @@ -0,0 +1,3 @@
     7.4 +theory HOL4 = HOL4Vec + HOL4Word32 + HOL4Real:
     7.5 +
     7.6 +end
     8.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     8.2 +++ b/src/HOL/Import/HOL/HOL4Base.thy	Fri Apr 02 17:37:45 2004 +0200
     8.3 @@ -0,0 +1,4754 @@
     8.4 +theory HOL4Base = HOL4Compat + HOL4Syntax:
     8.5 +
     8.6 +;setup_theory bool
     8.7 +
     8.8 +constdefs
     8.9 +  ARB :: "'a" 
    8.10 +  "ARB == SOME x. True"
    8.11 +
    8.12 +lemma ARB_DEF: "ARB = (SOME x. True)"
    8.13 +  by (import bool ARB_DEF)
    8.14 +
    8.15 +constdefs
    8.16 +  IN :: "'a => ('a => bool) => bool" 
    8.17 +  "IN == %x f. f x"
    8.18 +
    8.19 +lemma IN_DEF: "IN = (%x f. f x)"
    8.20 +  by (import bool IN_DEF)
    8.21 +
    8.22 +constdefs
    8.23 +  RES_FORALL :: "('a => bool) => ('a => bool) => bool" 
    8.24 +  "RES_FORALL == %p m. ALL x. IN x p --> m x"
    8.25 +
    8.26 +lemma RES_FORALL_DEF: "RES_FORALL = (%p m. ALL x. IN x p --> m x)"
    8.27 +  by (import bool RES_FORALL_DEF)
    8.28 +
    8.29 +constdefs
    8.30 +  RES_EXISTS :: "('a => bool) => ('a => bool) => bool" 
    8.31 +  "RES_EXISTS == %p m. EX x. IN x p & m x"
    8.32 +
    8.33 +lemma RES_EXISTS_DEF: "RES_EXISTS = (%p m. EX x. IN x p & m x)"
    8.34 +  by (import bool RES_EXISTS_DEF)
    8.35 +
    8.36 +constdefs
    8.37 +  RES_EXISTS_UNIQUE :: "('a => bool) => ('a => bool) => bool" 
    8.38 +  "RES_EXISTS_UNIQUE ==
    8.39 +%p m. RES_EXISTS p m &
    8.40 +      RES_FORALL p (%x. RES_FORALL p (%y. m x & m y --> x = y))"
    8.41 +
    8.42 +lemma RES_EXISTS_UNIQUE_DEF: "RES_EXISTS_UNIQUE =
    8.43 +(%p m. RES_EXISTS p m &
    8.44 +       RES_FORALL p (%x. RES_FORALL p (%y. m x & m y --> x = y)))"
    8.45 +  by (import bool RES_EXISTS_UNIQUE_DEF)
    8.46 +
    8.47 +constdefs
    8.48 +  RES_SELECT :: "('a => bool) => ('a => bool) => 'a" 
    8.49 +  "RES_SELECT == %p m. SOME x. IN x p & m x"
    8.50 +
    8.51 +lemma RES_SELECT_DEF: "RES_SELECT = (%p m. SOME x. IN x p & m x)"
    8.52 +  by (import bool RES_SELECT_DEF)
    8.53 +
    8.54 +lemma EXCLUDED_MIDDLE: "ALL t. t | ~ t"
    8.55 +  by (import bool EXCLUDED_MIDDLE)
    8.56 +
    8.57 +lemma FORALL_THM: "All f = All f"
    8.58 +  by (import bool FORALL_THM)
    8.59 +
    8.60 +lemma EXISTS_THM: "Ex f = Ex f"
    8.61 +  by (import bool EXISTS_THM)
    8.62 +
    8.63 +lemma F_IMP: "ALL t. ~ t --> t --> False"
    8.64 +  by (import bool F_IMP)
    8.65 +
    8.66 +lemma NOT_AND: "~ (t & ~ t)"
    8.67 +  by (import bool NOT_AND)
    8.68 +
    8.69 +lemma AND_CLAUSES: "ALL t.
    8.70 +   (True & t) = t &
    8.71 +   (t & True) = t & (False & t) = False & (t & False) = False & (t & t) = t"
    8.72 +  by (import bool AND_CLAUSES)
    8.73 +
    8.74 +lemma OR_CLAUSES: "ALL t.
    8.75 +   (True | t) = True &
    8.76 +   (t | True) = True & (False | t) = t & (t | False) = t & (t | t) = t"
    8.77 +  by (import bool OR_CLAUSES)
    8.78 +
    8.79 +lemma IMP_CLAUSES: "ALL t.
    8.80 +   (True --> t) = t &
    8.81 +   (t --> True) = True &
    8.82 +   (False --> t) = True & (t --> t) = True & (t --> False) = (~ t)"
    8.83 +  by (import bool IMP_CLAUSES)
    8.84 +
    8.85 +lemma NOT_CLAUSES: "(ALL t. (~ ~ t) = t) & (~ True) = False & (~ False) = True"
    8.86 +  by (import bool NOT_CLAUSES)
    8.87 +
    8.88 +lemma BOOL_EQ_DISTINCT: "True ~= False & False ~= True"
    8.89 +  by (import bool BOOL_EQ_DISTINCT)
    8.90 +
    8.91 +lemma EQ_CLAUSES: "ALL t.
    8.92 +   (True = t) = t &
    8.93 +   (t = True) = t & (False = t) = (~ t) & (t = False) = (~ t)"
    8.94 +  by (import bool EQ_CLAUSES)
    8.95 +
    8.96 +lemma COND_CLAUSES: "ALL t1 t2. (if True then t1 else t2) = t1 & (if False then t1 else t2) = t2"
    8.97 +  by (import bool COND_CLAUSES)
    8.98 +
    8.99 +lemma SELECT_UNIQUE: "ALL P x. (ALL y. P y = (y = x)) --> Eps P = x"
   8.100 +  by (import bool SELECT_UNIQUE)
   8.101 +
   8.102 +lemma BOTH_EXISTS_AND_THM: "ALL (P::bool) Q::bool. (EX x::'a. P & Q) = ((EX x::'a. P) & (EX x::'a. Q))"
   8.103 +  by (import bool BOTH_EXISTS_AND_THM)
   8.104 +
   8.105 +lemma BOTH_FORALL_OR_THM: "ALL (P::bool) Q::bool.
   8.106 +   (ALL x::'a. P | Q) = ((ALL x::'a. P) | (ALL x::'a. Q))"
   8.107 +  by (import bool BOTH_FORALL_OR_THM)
   8.108 +
   8.109 +lemma BOTH_FORALL_IMP_THM: "ALL (P::bool) Q::bool.
   8.110 +   (ALL x::'a. P --> Q) = ((EX x::'a. P) --> (ALL x::'a. Q))"
   8.111 +  by (import bool BOTH_FORALL_IMP_THM)
   8.112 +
   8.113 +lemma BOTH_EXISTS_IMP_THM: "ALL (P::bool) Q::bool.
   8.114 +   (EX x::'a. P --> Q) = ((ALL x::'a. P) --> (EX x::'a. Q))"
   8.115 +  by (import bool BOTH_EXISTS_IMP_THM)
   8.116 +
   8.117 +lemma OR_IMP_THM: "ALL A B. (A = (B | A)) = (B --> A)"
   8.118 +  by (import bool OR_IMP_THM)
   8.119 +
   8.120 +lemma DE_MORGAN_THM: "ALL A B. (~ (A & B)) = (~ A | ~ B) & (~ (A | B)) = (~ A & ~ B)"
   8.121 +  by (import bool DE_MORGAN_THM)
   8.122 +
   8.123 +lemma IMP_F_EQ_F: "ALL t. (t --> False) = (t = False)"
   8.124 +  by (import bool IMP_F_EQ_F)
   8.125 +
   8.126 +lemma EQ_EXPAND: "ALL t1 t2. (t1 = t2) = (t1 & t2 | ~ t1 & ~ t2)"
   8.127 +  by (import bool EQ_EXPAND)
   8.128 +
   8.129 +lemma COND_RATOR: "ALL b f g x. (if b then f else g) x = (if b then f x else g x)"
   8.130 +  by (import bool COND_RATOR)
   8.131 +
   8.132 +lemma COND_ABS: "ALL b f g. (%x. if b then f x else g x) = (if b then f else g)"
   8.133 +  by (import bool COND_ABS)
   8.134 +
   8.135 +lemma COND_EXPAND: "ALL b t1 t2. (if b then t1 else t2) = ((~ b | t1) & (b | t2))"
   8.136 +  by (import bool COND_EXPAND)
   8.137 +
   8.138 +lemma ONE_ONE_THM: "ALL f. inj f = (ALL x1 x2. f x1 = f x2 --> x1 = x2)"
   8.139 +  by (import bool ONE_ONE_THM)
   8.140 +
   8.141 +lemma ABS_REP_THM: "(All::(('a => bool) => bool) => bool)
   8.142 + (%P::'a => bool.
   8.143 +     (op -->::bool => bool => bool)
   8.144 +      ((Ex::(('b => 'a) => bool) => bool)
   8.145 +        ((TYPE_DEFINITION::('a => bool) => ('b => 'a) => bool) P))
   8.146 +      ((Ex::(('b => 'a) => bool) => bool)
   8.147 +        (%x::'b => 'a.
   8.148 +            (Ex::(('a => 'b) => bool) => bool)
   8.149 +             (%abs::'a => 'b.
   8.150 +                 (op &::bool => bool => bool)
   8.151 +                  ((All::('b => bool) => bool)
   8.152 +                    (%a::'b. (op =::'b => 'b => bool) (abs (x a)) a))
   8.153 +                  ((All::('a => bool) => bool)
   8.154 +                    (%r::'a.
   8.155 +                        (op =::bool => bool => bool) (P r)
   8.156 +                         ((op =::'a => 'a => bool) (x (abs r)) r)))))))"
   8.157 +  by (import bool ABS_REP_THM)
   8.158 +
   8.159 +lemma LET_RAND: "(P::'b => bool) (Let (M::'a) (N::'a => 'b)) = (let x::'a = M in P (N x))"
   8.160 +  by (import bool LET_RAND)
   8.161 +
   8.162 +lemma LET_RATOR: "Let (M::'a) (N::'a => 'b => 'c) (b::'b) = (let x::'a = M in N x b)"
   8.163 +  by (import bool LET_RATOR)
   8.164 +
   8.165 +lemma SWAP_FORALL_THM: "ALL P. (ALL x. All (P x)) = (ALL y x. P x y)"
   8.166 +  by (import bool SWAP_FORALL_THM)
   8.167 +
   8.168 +lemma SWAP_EXISTS_THM: "ALL P. (EX x. Ex (P x)) = (EX y x. P x y)"
   8.169 +  by (import bool SWAP_EXISTS_THM)
   8.170 +
   8.171 +lemma AND_CONG: "ALL P P' Q Q'. (Q --> P = P') & (P' --> Q = Q') --> (P & Q) = (P' & Q')"
   8.172 +  by (import bool AND_CONG)
   8.173 +
   8.174 +lemma OR_CONG: "ALL P P' Q Q'. (~ Q --> P = P') & (~ P' --> Q = Q') --> (P | Q) = (P' | Q')"
   8.175 +  by (import bool OR_CONG)
   8.176 +
   8.177 +lemma COND_CONG: "ALL P Q x x' y y'.
   8.178 +   P = Q & (Q --> x = x') & (~ Q --> y = y') -->
   8.179 +   (if P then x else y) = (if Q then x' else y')"
   8.180 +  by (import bool COND_CONG)
   8.181 +
   8.182 +lemma MONO_COND: "(x --> y) --> (z --> w) --> (if b then x else z) --> (if b then y else w)"
   8.183 +  by (import bool MONO_COND)
   8.184 +
   8.185 +lemma SKOLEM_THM: "ALL P. (ALL x. Ex (P x)) = (EX f. ALL x. P x (f x))"
   8.186 +  by (import bool SKOLEM_THM)
   8.187 +
   8.188 +lemma bool_case_thm: "(ALL (e0::'a) e1::'a. (case True of True => e0 | False => e1) = e0) &
   8.189 +(ALL (e0::'a) e1::'a. (case False of True => e0 | False => e1) = e1)"
   8.190 +  by (import bool bool_case_thm)
   8.191 +
   8.192 +lemma bool_case_ID: "ALL x b. (case b of True => x | False => x) = x"
   8.193 +  by (import bool bool_case_ID)
   8.194 +
   8.195 +lemma boolAxiom: "ALL e0 e1. EX x. x True = e0 & x False = e1"
   8.196 +  by (import bool boolAxiom)
   8.197 +
   8.198 +lemma UEXISTS_OR_THM: "ALL P Q. (EX! x. P x | Q x) --> Ex1 P | Ex1 Q"
   8.199 +  by (import bool UEXISTS_OR_THM)
   8.200 +
   8.201 +lemma UEXISTS_SIMP: "(EX! x::'a. (t::bool)) = (t & (ALL x::'a. All (op = x)))"
   8.202 +  by (import bool UEXISTS_SIMP)
   8.203 +
   8.204 +consts
   8.205 +  RES_ABSTRACT :: "('a => bool) => ('a => 'b) => 'a => 'b" 
   8.206 +
   8.207 +specification (RES_ABSTRACT) RES_ABSTRACT_DEF: "(ALL (p::'a => bool) (m::'a => 'b) x::'a.
   8.208 +    IN x p --> RES_ABSTRACT p m x = m x) &
   8.209 +(ALL (p::'a => bool) (m1::'a => 'b) m2::'a => 'b.
   8.210 +    (ALL x::'a. IN x p --> m1 x = m2 x) -->
   8.211 +    RES_ABSTRACT p m1 = RES_ABSTRACT p m2)"
   8.212 +  by (import bool RES_ABSTRACT_DEF)
   8.213 +
   8.214 +lemma BOOL_FUN_CASES_THM: "ALL f. f = (%b. True) | f = (%b. False) | f = (%b. b) | f = Not"
   8.215 +  by (import bool BOOL_FUN_CASES_THM)
   8.216 +
   8.217 +lemma BOOL_FUN_INDUCT: "ALL P. P (%b. True) & P (%b. False) & P (%b. b) & P Not --> All P"
   8.218 +  by (import bool BOOL_FUN_INDUCT)
   8.219 +
   8.220 +;end_setup
   8.221 +
   8.222 +;setup_theory combin
   8.223 +
   8.224 +constdefs
   8.225 +  K :: "'a => 'b => 'a" 
   8.226 +  "K == %x y. x"
   8.227 +
   8.228 +lemma K_DEF: "K = (%x y. x)"
   8.229 +  by (import combin K_DEF)
   8.230 +
   8.231 +constdefs
   8.232 +  S :: "('a => 'b => 'c) => ('a => 'b) => 'a => 'c" 
   8.233 +  "S == %f g x. f x (g x)"
   8.234 +
   8.235 +lemma S_DEF: "S = (%f g x. f x (g x))"
   8.236 +  by (import combin S_DEF)
   8.237 +
   8.238 +constdefs
   8.239 +  I :: "'a => 'a" 
   8.240 +  "(op ==::('a => 'a) => ('a => 'a) => prop) (I::'a => 'a)
   8.241 + ((S::('a => ('a => 'a) => 'a) => ('a => 'a => 'a) => 'a => 'a)
   8.242 +   (K::'a => ('a => 'a) => 'a) (K::'a => 'a => 'a))"
   8.243 +
   8.244 +lemma I_DEF: "(op =::('a => 'a) => ('a => 'a) => bool) (I::'a => 'a)
   8.245 + ((S::('a => ('a => 'a) => 'a) => ('a => 'a => 'a) => 'a => 'a)
   8.246 +   (K::'a => ('a => 'a) => 'a) (K::'a => 'a => 'a))"
   8.247 +  by (import combin I_DEF)
   8.248 +
   8.249 +constdefs
   8.250 +  C :: "('a => 'b => 'c) => 'b => 'a => 'c" 
   8.251 +  "C == %f x y. f y x"
   8.252 +
   8.253 +lemma C_DEF: "C = (%f x y. f y x)"
   8.254 +  by (import combin C_DEF)
   8.255 +
   8.256 +constdefs
   8.257 +  W :: "('a => 'a => 'b) => 'a => 'b" 
   8.258 +  "W == %f x. f x x"
   8.259 +
   8.260 +lemma W_DEF: "W = (%f x. f x x)"
   8.261 +  by (import combin W_DEF)
   8.262 +
   8.263 +lemma I_THM: "ALL x. I x = x"
   8.264 +  by (import combin I_THM)
   8.265 +
   8.266 +lemma I_o_ID: "ALL f. I o f = f & f o I = f"
   8.267 +  by (import combin I_o_ID)
   8.268 +
   8.269 +;end_setup
   8.270 +
   8.271 +;setup_theory sum
   8.272 +
   8.273 +lemma ISL_OR_ISR: "ALL x. ISL x | ISR x"
   8.274 +  by (import sum ISL_OR_ISR)
   8.275 +
   8.276 +lemma INL: "ALL x. ISL x --> Inl (OUTL x) = x"
   8.277 +  by (import sum INL)
   8.278 +
   8.279 +lemma INR: "ALL x. ISR x --> Inr (OUTR x) = x"
   8.280 +  by (import sum INR)
   8.281 +
   8.282 +lemma sum_case_cong: "ALL (M::'b + 'c) (M'::'b + 'c) (f::'b => 'a) g::'c => 'a.
   8.283 +   M = M' &
   8.284 +   (ALL x::'b. M' = Inl x --> f x = (f'::'b => 'a) x) &
   8.285 +   (ALL y::'c. M' = Inr y --> g y = (g'::'c => 'a) y) -->
   8.286 +   sum_case f g M = sum_case f' g' M'"
   8.287 +  by (import sum sum_case_cong)
   8.288 +
   8.289 +;end_setup
   8.290 +
   8.291 +;setup_theory one
   8.292 +
   8.293 +;end_setup
   8.294 +
   8.295 +;setup_theory option
   8.296 +
   8.297 +lemma option_CLAUSES: "(op &::bool => bool => bool)
   8.298 + ((All::('a => bool) => bool)
   8.299 +   (%x::'a.
   8.300 +       (All::('a => bool) => bool)
   8.301 +        (%y::'a.
   8.302 +            (op =::bool => bool => bool)
   8.303 +             ((op =::'a option => 'a option => bool) ((Some::'a ~=> 'a) x)
   8.304 +               ((Some::'a ~=> 'a) y))
   8.305 +             ((op =::'a => 'a => bool) x y))))
   8.306 + ((op &::bool => bool => bool)
   8.307 +   ((All::('a => bool) => bool)
   8.308 +     (%x::'a.
   8.309 +         (op =::'a => 'a => bool)
   8.310 +          ((the::'a option => 'a) ((Some::'a ~=> 'a) x)) x))
   8.311 +   ((op &::bool => bool => bool)
   8.312 +     ((All::('a => bool) => bool)
   8.313 +       (%x::'a.
   8.314 +           (Not::bool => bool)
   8.315 +            ((op =::'a option => 'a option => bool) (None::'a option)
   8.316 +              ((Some::'a ~=> 'a) x))))
   8.317 +     ((op &::bool => bool => bool)
   8.318 +       ((All::('a => bool) => bool)
   8.319 +         (%x::'a.
   8.320 +             (Not::bool => bool)
   8.321 +              ((op =::'a option => 'a option => bool) ((Some::'a ~=> 'a) x)
   8.322 +                (None::'a option))))
   8.323 +       ((op &::bool => bool => bool)
   8.324 +         ((All::('a => bool) => bool)
   8.325 +           (%x::'a.
   8.326 +               (op =::bool => bool => bool)
   8.327 +                ((IS_SOME::'a option => bool) ((Some::'a ~=> 'a) x))
   8.328 +                (True::bool)))
   8.329 +         ((op &::bool => bool => bool)
   8.330 +           ((op =::bool => bool => bool)
   8.331 +             ((IS_SOME::'a option => bool) (None::'a option)) (False::bool))
   8.332 +           ((op &::bool => bool => bool)
   8.333 +             ((All::('a option => bool) => bool)
   8.334 +               (%x::'a option.
   8.335 +                   (op =::bool => bool => bool)
   8.336 +                    ((IS_NONE::'a option => bool) x)
   8.337 +                    ((op =::'a option => 'a option => bool) x
   8.338 +                      (None::'a option))))
   8.339 +             ((op &::bool => bool => bool)
   8.340 +               ((All::('a option => bool) => bool)
   8.341 +                 (%x::'a option.
   8.342 +                     (op =::bool => bool => bool)
   8.343 +                      ((Not::bool => bool) ((IS_SOME::'a option => bool) x))
   8.344 +                      ((op =::'a option => 'a option => bool) x
   8.345 +                        (None::'a option))))
   8.346 +               ((op &::bool => bool => bool)
   8.347 +                 ((All::('a option => bool) => bool)
   8.348 +                   (%x::'a option.
   8.349 +                       (op -->::bool => bool => bool)
   8.350 +                        ((IS_SOME::'a option => bool) x)
   8.351 +                        ((op =::'a option => 'a option => bool)
   8.352 +                          ((Some::'a ~=> 'a) ((the::'a option => 'a) x))
   8.353 +                          x)))
   8.354 +                 ((op &::bool => bool => bool)
   8.355 +                   ((All::('a option => bool) => bool)
   8.356 +                     (%x::'a option.
   8.357 +                         (op =::'a option => 'a option => bool)
   8.358 +                          ((option_case::'a option
   8.359 +   => ('a ~=> 'a) => 'a option ~=> 'a)
   8.360 +                            (None::'a option) (Some::'a ~=> 'a) x)
   8.361 +                          x))
   8.362 +                   ((op &::bool => bool => bool)
   8.363 +                     ((All::('a option => bool) => bool)
   8.364 +                       (%x::'a option.
   8.365 +                           (op =::'a option => 'a option => bool)
   8.366 +                            ((option_case::'a option
   8.367 +     => ('a ~=> 'a) => 'a option ~=> 'a)
   8.368 +                              x (Some::'a ~=> 'a) x)
   8.369 +                            x))
   8.370 +                     ((op &::bool => bool => bool)
   8.371 +                       ((All::('a option => bool) => bool)
   8.372 +                         (%x::'a option.
   8.373 +                             (op -->::bool => bool => bool)
   8.374 +                              ((IS_NONE::'a option => bool) x)
   8.375 +                              ((op =::'b => 'b => bool)
   8.376 +                                ((option_case::'b
   8.377 +         => ('a => 'b) => 'a option => 'b)
   8.378 +                                  (e::'b) (f::'a => 'b) x)
   8.379 +                                e)))
   8.380 +                       ((op &::bool => bool => bool)
   8.381 +                         ((All::('a option => bool) => bool)
   8.382 +                           (%x::'a option.
   8.383 +                               (op -->::bool => bool => bool)
   8.384 +                                ((IS_SOME::'a option => bool) x)
   8.385 +                                ((op =::'b => 'b => bool)
   8.386 +                                  ((option_case::'b
   8.387 +           => ('a => 'b) => 'a option => 'b)
   8.388 +                                    e f x)
   8.389 +                                  (f ((the::'a option => 'a) x)))))
   8.390 +                         ((op &::bool => bool => bool)
   8.391 +                           ((All::('a option => bool) => bool)
   8.392 +                             (%x::'a option.
   8.393 +                                 (op -->::bool => bool => bool)
   8.394 +                                  ((IS_SOME::'a option => bool) x)
   8.395 +                                  ((op =::'a option => 'a option => bool)
   8.396 +                                    ((option_case::'a option
   8.397 +             => ('a ~=> 'a) => 'a option ~=> 'a)
   8.398 +(ea::'a option) (Some::'a ~=> 'a) x)
   8.399 +                                    x)))
   8.400 +                           ((op &::bool => bool => bool)
   8.401 +                             ((All::('b => bool) => bool)
   8.402 +                               (%u::'b.
   8.403 +                                   (All::(('a => 'b) => bool) => bool)
   8.404 +                                    (%f::'a => 'b.
   8.405 +  (op =::'b => 'b => bool)
   8.406 +   ((option_case::'b => ('a => 'b) => 'a option => 'b) u f
   8.407 +     (None::'a option))
   8.408 +   u)))
   8.409 +                             ((op &::bool => bool => bool)
   8.410 +                               ((All::('b => bool) => bool)
   8.411 +                                 (%u::'b.
   8.412 +                                     (All::(('a => 'b) => bool) => bool)
   8.413 +(%f::'a => 'b.
   8.414 +    (All::('a => bool) => bool)
   8.415 +     (%x::'a.
   8.416 +         (op =::'b => 'b => bool)
   8.417 +          ((option_case::'b => ('a => 'b) => 'a option => 'b) u f
   8.418 +            ((Some::'a ~=> 'a) x))
   8.419 +          (f x)))))
   8.420 +                               ((op &::bool => bool => bool)
   8.421 +                                 ((All::(('a => 'b) => bool) => bool)
   8.422 +                                   (%f::'a => 'b.
   8.423 + (All::('a => bool) => bool)
   8.424 +  (%x::'a.
   8.425 +      (op =::'b option => 'b option => bool)
   8.426 +       ((option_map::('a => 'b) => 'a option ~=> 'b) f
   8.427 +         ((Some::'a ~=> 'a) x))
   8.428 +       ((Some::'b ~=> 'b) (f x)))))
   8.429 +                                 ((op &::bool => bool => bool)
   8.430 +                                   ((All::(('a => 'b) => bool) => bool)
   8.431 +                                     (%f::'a => 'b.
   8.432 +   (op =::'b option => 'b option => bool)
   8.433 +    ((option_map::('a => 'b) => 'a option ~=> 'b) f (None::'a option))
   8.434 +    (None::'b option)))
   8.435 +                                   ((op &::bool => bool => bool)
   8.436 +                                     ((op =::'a option => 'a option => bool)
   8.437 + ((OPTION_JOIN::'a option option ~=> 'a) (None::'a option option))
   8.438 + (None::'a option))
   8.439 +                                     ((All::('a option => bool) => bool)
   8.440 + (%x::'a option.
   8.441 +     (op =::'a option => 'a option => bool)
   8.442 +      ((OPTION_JOIN::'a option option ~=> 'a)
   8.443 +        ((Some::'a option ~=> 'a option) x))
   8.444 +      x))))))))))))))))))))"
   8.445 +  by (import option option_CLAUSES)
   8.446 +
   8.447 +lemma option_case_compute: "option_case (e::'b) (f::'a => 'b) (x::'a option) =
   8.448 +(if IS_SOME x then f (the x) else e)"
   8.449 +  by (import option option_case_compute)
   8.450 +
   8.451 +lemma OPTION_MAP_EQ_SOME: "ALL f x y. (option_map f x = Some y) = (EX z. x = Some z & y = f z)"
   8.452 +  by (import option OPTION_MAP_EQ_SOME)
   8.453 +
   8.454 +lemma OPTION_JOIN_EQ_SOME: "ALL x xa. (OPTION_JOIN x = Some xa) = (x = Some (Some xa))"
   8.455 +  by (import option OPTION_JOIN_EQ_SOME)
   8.456 +
   8.457 +lemma option_case_cong: "ALL M M' u f.
   8.458 +   M = M' & (M' = None --> u = u') & (ALL x. M' = Some x --> f x = f' x) -->
   8.459 +   option_case u f M = option_case u' f' M'"
   8.460 +  by (import option option_case_cong)
   8.461 +
   8.462 +;end_setup
   8.463 +
   8.464 +;setup_theory marker
   8.465 +
   8.466 +consts
   8.467 +  stmarker :: "'a => 'a" 
   8.468 +
   8.469 +defs
   8.470 +  stmarker_primdef: "stmarker == %x. x"
   8.471 +
   8.472 +lemma stmarker_def: "ALL x. stmarker x = x"
   8.473 +  by (import marker stmarker_def)
   8.474 +
   8.475 +lemma move_left_conj: "ALL x xa xb.
   8.476 +   (x & stmarker xb) = (stmarker xb & x) &
   8.477 +   ((stmarker xb & x) & xa) = (stmarker xb & x & xa) &
   8.478 +   (x & stmarker xb & xa) = (stmarker xb & x & xa)"
   8.479 +  by (import marker move_left_conj)
   8.480 +
   8.481 +lemma move_right_conj: "ALL x xa xb.
   8.482 +   (stmarker xb & x) = (x & stmarker xb) &
   8.483 +   (x & xa & stmarker xb) = ((x & xa) & stmarker xb) &
   8.484 +   ((x & stmarker xb) & xa) = ((x & xa) & stmarker xb)"
   8.485 +  by (import marker move_right_conj)
   8.486 +
   8.487 +lemma move_left_disj: "ALL x xa xb.
   8.488 +   (x | stmarker xb) = (stmarker xb | x) &
   8.489 +   ((stmarker xb | x) | xa) = (stmarker xb | x | xa) &
   8.490 +   (x | stmarker xb | xa) = (stmarker xb | x | xa)"
   8.491 +  by (import marker move_left_disj)
   8.492 +
   8.493 +lemma move_right_disj: "ALL x xa xb.
   8.494 +   (stmarker xb | x) = (x | stmarker xb) &
   8.495 +   (x | xa | stmarker xb) = ((x | xa) | stmarker xb) &
   8.496 +   ((x | stmarker xb) | xa) = ((x | xa) | stmarker xb)"
   8.497 +  by (import marker move_right_disj)
   8.498 +
   8.499 +;end_setup
   8.500 +
   8.501 +;setup_theory relation
   8.502 +
   8.503 +constdefs
   8.504 +  TC :: "('a => 'a => bool) => 'a => 'a => bool" 
   8.505 +  "TC ==
   8.506 +%R a b.
   8.507 +   ALL P.
   8.508 +      (ALL x y. R x y --> P x y) & (ALL x y z. P x y & P y z --> P x z) -->
   8.509 +      P a b"
   8.510 +
   8.511 +lemma TC_DEF: "ALL R a b.
   8.512 +   TC R a b =
   8.513 +   (ALL P.
   8.514 +       (ALL x y. R x y --> P x y) & (ALL x y z. P x y & P y z --> P x z) -->
   8.515 +       P a b)"
   8.516 +  by (import relation TC_DEF)
   8.517 +
   8.518 +constdefs
   8.519 +  RTC :: "('a => 'a => bool) => 'a => 'a => bool" 
   8.520 +  "RTC ==
   8.521 +%R a b.
   8.522 +   ALL P. (ALL x. P x x) & (ALL x y z. R x y & P y z --> P x z) --> P a b"
   8.523 +
   8.524 +lemma RTC_DEF: "ALL R a b.
   8.525 +   RTC R a b =
   8.526 +   (ALL P. (ALL x. P x x) & (ALL x y z. R x y & P y z --> P x z) --> P a b)"
   8.527 +  by (import relation RTC_DEF)
   8.528 +
   8.529 +consts
   8.530 +  RC :: "('a => 'a => bool) => 'a => 'a => bool" 
   8.531 +
   8.532 +defs
   8.533 +  RC_primdef: "RC == %R x y. x = y | R x y"
   8.534 +
   8.535 +lemma RC_def: "ALL R x y. RC R x y = (x = y | R x y)"
   8.536 +  by (import relation RC_def)
   8.537 +
   8.538 +consts
   8.539 +  transitive :: "('a => 'a => bool) => bool" 
   8.540 +
   8.541 +defs
   8.542 +  transitive_primdef: "transitive == %R. ALL x y z. R x y & R y z --> R x z"
   8.543 +
   8.544 +lemma transitive_def: "ALL R. transitive R = (ALL x y z. R x y & R y z --> R x z)"
   8.545 +  by (import relation transitive_def)
   8.546 +
   8.547 +constdefs
   8.548 +  pred_reflexive :: "('a => 'a => bool) => bool" 
   8.549 +  "pred_reflexive == %R. ALL x. R x x"
   8.550 +
   8.551 +lemma reflexive_def: "ALL R. pred_reflexive R = (ALL x. R x x)"
   8.552 +  by (import relation reflexive_def)
   8.553 +
   8.554 +lemma TC_TRANSITIVE: "ALL x. transitive (TC x)"
   8.555 +  by (import relation TC_TRANSITIVE)
   8.556 +
   8.557 +lemma RTC_INDUCT: "ALL x xa.
   8.558 +   (ALL x. xa x x) & (ALL xb y z. x xb y & xa y z --> xa xb z) -->
   8.559 +   (ALL xb xc. RTC x xb xc --> xa xb xc)"
   8.560 +  by (import relation RTC_INDUCT)
   8.561 +
   8.562 +lemma TC_RULES: "ALL x.
   8.563 +   (ALL xa xb. x xa xb --> TC x xa xb) &
   8.564 +   (ALL xa xb xc. TC x xa xb & TC x xb xc --> TC x xa xc)"
   8.565 +  by (import relation TC_RULES)
   8.566 +
   8.567 +lemma RTC_RULES: "ALL x.
   8.568 +   (ALL xa. RTC x xa xa) &
   8.569 +   (ALL xa xb xc. x xa xb & RTC x xb xc --> RTC x xa xc)"
   8.570 +  by (import relation RTC_RULES)
   8.571 +
   8.572 +lemma RTC_STRONG_INDUCT: "ALL R P.
   8.573 +   (ALL x. P x x) & (ALL x y z. R x y & RTC R y z & P y z --> P x z) -->
   8.574 +   (ALL x y. RTC R x y --> P x y)"
   8.575 +  by (import relation RTC_STRONG_INDUCT)
   8.576 +
   8.577 +lemma RTC_RTC: "ALL R x y. RTC R x y --> (ALL z. RTC R y z --> RTC R x z)"
   8.578 +  by (import relation RTC_RTC)
   8.579 +
   8.580 +lemma RTC_TRANSITIVE: "ALL x. transitive (RTC x)"
   8.581 +  by (import relation RTC_TRANSITIVE)
   8.582 +
   8.583 +lemma RTC_REFLEXIVE: "ALL R. pred_reflexive (RTC R)"
   8.584 +  by (import relation RTC_REFLEXIVE)
   8.585 +
   8.586 +lemma RC_REFLEXIVE: "ALL R. pred_reflexive (RC R)"
   8.587 +  by (import relation RC_REFLEXIVE)
   8.588 +
   8.589 +lemma TC_SUBSET: "ALL x xa xb. x xa xb --> TC x xa xb"
   8.590 +  by (import relation TC_SUBSET)
   8.591 +
   8.592 +lemma RTC_SUBSET: "ALL R x y. R x y --> RTC R x y"
   8.593 +  by (import relation RTC_SUBSET)
   8.594 +
   8.595 +lemma RC_SUBSET: "ALL R x y. R x y --> RC R x y"
   8.596 +  by (import relation RC_SUBSET)
   8.597 +
   8.598 +lemma RC_RTC: "ALL R x y. RC R x y --> RTC R x y"
   8.599 +  by (import relation RC_RTC)
   8.600 +
   8.601 +lemma TC_INDUCT: "ALL x xa.
   8.602 +   (ALL xb y. x xb y --> xa xb y) &
   8.603 +   (ALL x y z. xa x y & xa y z --> xa x z) -->
   8.604 +   (ALL xb xc. TC x xb xc --> xa xb xc)"
   8.605 +  by (import relation TC_INDUCT)
   8.606 +
   8.607 +lemma TC_INDUCT_LEFT1: "ALL x xa.
   8.608 +   (ALL xb y. x xb y --> xa xb y) &
   8.609 +   (ALL xb y z. x xb y & xa y z --> xa xb z) -->
   8.610 +   (ALL xb xc. TC x xb xc --> xa xb xc)"
   8.611 +  by (import relation TC_INDUCT_LEFT1)
   8.612 +
   8.613 +lemma TC_STRONG_INDUCT: "ALL R P.
   8.614 +   (ALL x y. R x y --> P x y) &
   8.615 +   (ALL x y z. P x y & P y z & TC R x y & TC R y z --> P x z) -->
   8.616 +   (ALL u v. TC R u v --> P u v)"
   8.617 +  by (import relation TC_STRONG_INDUCT)
   8.618 +
   8.619 +lemma TC_STRONG_INDUCT_LEFT1: "ALL R P.
   8.620 +   (ALL x y. R x y --> P x y) &
   8.621 +   (ALL x y z. R x y & P y z & TC R y z --> P x z) -->
   8.622 +   (ALL u v. TC R u v --> P u v)"
   8.623 +  by (import relation TC_STRONG_INDUCT_LEFT1)
   8.624 +
   8.625 +lemma TC_RTC: "ALL R x y. TC R x y --> RTC R x y"
   8.626 +  by (import relation TC_RTC)
   8.627 +
   8.628 +lemma RTC_TC_RC: "ALL R x y. RTC R x y --> RC R x y | TC R x y"
   8.629 +  by (import relation RTC_TC_RC)
   8.630 +
   8.631 +lemma TC_RC_EQNS: "ALL R. RC (TC R) = RTC R & TC (RC R) = RTC R"
   8.632 +  by (import relation TC_RC_EQNS)
   8.633 +
   8.634 +lemma RC_IDEM: "ALL R. RC (RC R) = RC R"
   8.635 +  by (import relation RC_IDEM)
   8.636 +
   8.637 +lemma TC_IDEM: "ALL R. TC (TC R) = TC R"
   8.638 +  by (import relation TC_IDEM)
   8.639 +
   8.640 +lemma RTC_IDEM: "ALL R. RTC (RTC R) = RTC R"
   8.641 +  by (import relation RTC_IDEM)
   8.642 +
   8.643 +lemma RTC_CASES1: "ALL x xa xb. RTC x xa xb = (xa = xb | (EX u. x xa u & RTC x u xb))"
   8.644 +  by (import relation RTC_CASES1)
   8.645 +
   8.646 +lemma RTC_CASES2: "ALL x xa xb. RTC x xa xb = (xa = xb | (EX u. RTC x xa u & x u xb))"
   8.647 +  by (import relation RTC_CASES2)
   8.648 +
   8.649 +lemma RTC_CASES_RTC_TWICE: "ALL x xa xb. RTC x xa xb = (EX u. RTC x xa u & RTC x u xb)"
   8.650 +  by (import relation RTC_CASES_RTC_TWICE)
   8.651 +
   8.652 +lemma TC_CASES1: "ALL R x z. TC R x z --> R x z | (EX y. R x y & TC R y z)"
   8.653 +  by (import relation TC_CASES1)
   8.654 +
   8.655 +lemma TC_CASES2: "ALL R x z. TC R x z --> R x z | (EX y. TC R x y & R y z)"
   8.656 +  by (import relation TC_CASES2)
   8.657 +
   8.658 +lemma TC_MONOTONE: "ALL R Q. (ALL x y. R x y --> Q x y) --> (ALL x y. TC R x y --> TC Q x y)"
   8.659 +  by (import relation TC_MONOTONE)
   8.660 +
   8.661 +lemma RTC_MONOTONE: "ALL R Q. (ALL x y. R x y --> Q x y) --> (ALL x y. RTC R x y --> RTC Q x y)"
   8.662 +  by (import relation RTC_MONOTONE)
   8.663 +
   8.664 +constdefs
   8.665 +  WF :: "('a => 'a => bool) => bool" 
   8.666 +  "WF == %R. ALL B. Ex B --> (EX min. B min & (ALL b. R b min --> ~ B b))"
   8.667 +
   8.668 +lemma WF_DEF: "ALL R. WF R = (ALL B. Ex B --> (EX min. B min & (ALL b. R b min --> ~ B b)))"
   8.669 +  by (import relation WF_DEF)
   8.670 +
   8.671 +lemma WF_INDUCTION_THM: "ALL R. WF R --> (ALL P. (ALL x. (ALL y. R y x --> P y) --> P x) --> All P)"
   8.672 +  by (import relation WF_INDUCTION_THM)
   8.673 +
   8.674 +lemma WF_NOT_REFL: "ALL x xa xb. WF x --> x xa xb --> xa ~= xb"
   8.675 +  by (import relation WF_NOT_REFL)
   8.676 +
   8.677 +constdefs
   8.678 +  EMPTY_REL :: "'a => 'a => bool" 
   8.679 +  "EMPTY_REL == %x y. False"
   8.680 +
   8.681 +lemma EMPTY_REL_DEF: "ALL x y. EMPTY_REL x y = False"
   8.682 +  by (import relation EMPTY_REL_DEF)
   8.683 +
   8.684 +lemma WF_EMPTY_REL: "WF EMPTY_REL"
   8.685 +  by (import relation WF_EMPTY_REL)
   8.686 +
   8.687 +lemma WF_SUBSET: "ALL x xa. WF x & (ALL xb y. xa xb y --> x xb y) --> WF xa"
   8.688 +  by (import relation WF_SUBSET)
   8.689 +
   8.690 +lemma WF_TC: "ALL R. WF R --> WF (TC R)"
   8.691 +  by (import relation WF_TC)
   8.692 +
   8.693 +consts
   8.694 +  inv_image :: "('b => 'b => bool) => ('a => 'b) => 'a => 'a => bool" 
   8.695 +
   8.696 +defs
   8.697 +  inv_image_primdef: "relation.inv_image ==
   8.698 +%(R::'b => 'b => bool) (f::'a => 'b) (x::'a) y::'a. R (f x) (f y)"
   8.699 +
   8.700 +lemma inv_image_def: "ALL (R::'b => 'b => bool) f::'a => 'b.
   8.701 +   relation.inv_image R f = (%(x::'a) y::'a. R (f x) (f y))"
   8.702 +  by (import relation inv_image_def)
   8.703 +
   8.704 +lemma WF_inv_image: "ALL (R::'b => 'b => bool) f::'a => 'b. WF R --> WF (relation.inv_image R f)"
   8.705 +  by (import relation WF_inv_image)
   8.706 +
   8.707 +constdefs
   8.708 +  RESTRICT :: "('a => 'b) => ('a => 'a => bool) => 'a => 'a => 'b" 
   8.709 +  "RESTRICT == %f R x y. if R y x then f y else ARB"
   8.710 +
   8.711 +lemma RESTRICT_DEF: "ALL f R x. RESTRICT f R x = (%y. if R y x then f y else ARB)"
   8.712 +  by (import relation RESTRICT_DEF)
   8.713 +
   8.714 +lemma RESTRICT_LEMMA: "ALL x xa xb xc. xa xb xc --> RESTRICT x xa xc xb = x xb"
   8.715 +  by (import relation RESTRICT_LEMMA)
   8.716 +
   8.717 +consts
   8.718 +  approx :: "('a => 'a => bool) => (('a => 'b) => 'a => 'b) => 'a => ('a => 'b) => bool" 
   8.719 +
   8.720 +defs
   8.721 +  approx_primdef: "approx == %R M x f. f = RESTRICT (%y. M (RESTRICT f R y) y) R x"
   8.722 +
   8.723 +lemma approx_def: "ALL R M x f. approx R M x f = (f = RESTRICT (%y. M (RESTRICT f R y) y) R x)"
   8.724 +  by (import relation approx_def)
   8.725 +
   8.726 +consts
   8.727 +  the_fun :: "('a => 'a => bool) => (('a => 'b) => 'a => 'b) => 'a => 'a => 'b" 
   8.728 +
   8.729 +defs
   8.730 +  the_fun_primdef: "the_fun == %R M x. Eps (approx R M x)"
   8.731 +
   8.732 +lemma the_fun_def: "ALL R M x. the_fun R M x = Eps (approx R M x)"
   8.733 +  by (import relation the_fun_def)
   8.734 +
   8.735 +constdefs
   8.736 +  WFREC :: "('a => 'a => bool) => (('a => 'b) => 'a => 'b) => 'a => 'b" 
   8.737 +  "WFREC ==
   8.738 +%R M x. M (RESTRICT (the_fun (TC R) (%f v. M (RESTRICT f R v) v) x) R x) x"
   8.739 +
   8.740 +lemma WFREC_DEF: "ALL R M.
   8.741 +   WFREC R M =
   8.742 +   (%x. M (RESTRICT (the_fun (TC R) (%f v. M (RESTRICT f R v) v) x) R x) x)"
   8.743 +  by (import relation WFREC_DEF)
   8.744 +
   8.745 +lemma WFREC_THM: "ALL R M. WF R --> (ALL x. WFREC R M x = M (RESTRICT (WFREC R M) R x) x)"
   8.746 +  by (import relation WFREC_THM)
   8.747 +
   8.748 +lemma WFREC_COROLLARY: "ALL M R f. f = WFREC R M --> WF R --> (ALL x. f x = M (RESTRICT f R x) x)"
   8.749 +  by (import relation WFREC_COROLLARY)
   8.750 +
   8.751 +lemma WF_RECURSION_THM: "ALL R. WF R --> (ALL M. EX! f. ALL x. f x = M (RESTRICT f R x) x)"
   8.752 +  by (import relation WF_RECURSION_THM)
   8.753 +
   8.754 +;end_setup
   8.755 +
   8.756 +;setup_theory pair
   8.757 +
   8.758 +lemma CURRY_ONE_ONE_THM: "(curry f = curry g) = (f = g)"
   8.759 +  by (import pair CURRY_ONE_ONE_THM)
   8.760 +
   8.761 +lemma UNCURRY_ONE_ONE_THM: "(split f = split g) = (f = g)"
   8.762 +  by (import pair UNCURRY_ONE_ONE_THM)
   8.763 +
   8.764 +lemma pair_Axiom: "ALL f. EX x. ALL xa y. x (xa, y) = f xa y"
   8.765 +  by (import pair pair_Axiom)
   8.766 +
   8.767 +lemma UNCURRY_CONG: "ALL M M' f.
   8.768 +   M = M' & (ALL x y. M' = (x, y) --> f x y = f' x y) -->
   8.769 +   split f M = split f' M'"
   8.770 +  by (import pair UNCURRY_CONG)
   8.771 +
   8.772 +lemma ELIM_PEXISTS: "(EX p. P (fst p) (snd p)) = (EX p1. Ex (P p1))"
   8.773 +  by (import pair ELIM_PEXISTS)
   8.774 +
   8.775 +lemma ELIM_PFORALL: "(ALL p. P (fst p) (snd p)) = (ALL p1. All (P p1))"
   8.776 +  by (import pair ELIM_PFORALL)
   8.777 +
   8.778 +lemma PFORALL_THM: "ALL x. (ALL xa. All (x xa)) = All (split x)"
   8.779 +  by (import pair PFORALL_THM)
   8.780 +
   8.781 +lemma PEXISTS_THM: "ALL x. (EX xa. Ex (x xa)) = Ex (split x)"
   8.782 +  by (import pair PEXISTS_THM)
   8.783 +
   8.784 +lemma LET2_RAND: "ALL (x::'c => 'd) (xa::'a * 'b) xb::'a => 'b => 'c.
   8.785 +   x (Let xa (split xb)) = (let (xa::'a, y::'b) = xa in x (xb xa y))"
   8.786 +  by (import pair LET2_RAND)
   8.787 +
   8.788 +lemma LET2_RATOR: "ALL (x::'a1 * 'a2) (xa::'a1 => 'a2 => 'b => 'c) xb::'b.
   8.789 +   Let x (split xa) xb = (let (x::'a1, y::'a2) = x in xa x y xb)"
   8.790 +  by (import pair LET2_RATOR)
   8.791 +
   8.792 +lemma pair_case_cong: "ALL x xa xb.
   8.793 +   x = xa & (ALL x y. xa = (x, y) --> xb x y = f' x y) -->
   8.794 +   split xb x = split f' xa"
   8.795 +  by (import pair pair_case_cong)
   8.796 +
   8.797 +constdefs
   8.798 +  LEX :: "('a => 'a => bool) => ('b => 'b => bool) => 'a * 'b => 'a * 'b => bool" 
   8.799 +  "LEX == %R1 R2 (s, t) (u, v). R1 s u | s = u & R2 t v"
   8.800 +
   8.801 +lemma LEX_DEF: "ALL R1 R2. LEX R1 R2 = (%(s, t) (u, v). R1 s u | s = u & R2 t v)"
   8.802 +  by (import pair LEX_DEF)
   8.803 +
   8.804 +lemma WF_LEX: "ALL x xa. WF x & WF xa --> WF (LEX x xa)"
   8.805 +  by (import pair WF_LEX)
   8.806 +
   8.807 +constdefs
   8.808 +  RPROD :: "('a => 'a => bool) => ('b => 'b => bool) => 'a * 'b => 'a * 'b => bool" 
   8.809 +  "RPROD == %R1 R2 (s, t) (u, v). R1 s u & R2 t v"
   8.810 +
   8.811 +lemma RPROD_DEF: "ALL R1 R2. RPROD R1 R2 = (%(s, t) (u, v). R1 s u & R2 t v)"
   8.812 +  by (import pair RPROD_DEF)
   8.813 +
   8.814 +lemma WF_RPROD: "ALL R Q. WF R & WF Q --> WF (RPROD R Q)"
   8.815 +  by (import pair WF_RPROD)
   8.816 +
   8.817 +;end_setup
   8.818 +
   8.819 +;setup_theory num
   8.820 +
   8.821 +;end_setup
   8.822 +
   8.823 +;setup_theory prim_rec
   8.824 +
   8.825 +lemma LESS_0_0: "0 < Suc 0"
   8.826 +  by (import prim_rec LESS_0_0)
   8.827 +
   8.828 +lemma LESS_LEMMA1: "ALL x xa. x < Suc xa --> x = xa | x < xa"
   8.829 +  by (import prim_rec LESS_LEMMA1)
   8.830 +
   8.831 +lemma LESS_LEMMA2: "ALL m n. m = n | m < n --> m < Suc n"
   8.832 +  by (import prim_rec LESS_LEMMA2)
   8.833 +
   8.834 +lemma LESS_THM: "ALL m n. (m < Suc n) = (m = n | m < n)"
   8.835 +  by (import prim_rec LESS_THM)
   8.836 +
   8.837 +lemma LESS_SUC_IMP: "ALL x xa. x < Suc xa --> x ~= xa --> x < xa"
   8.838 +  by (import prim_rec LESS_SUC_IMP)
   8.839 +
   8.840 +lemma EQ_LESS: "ALL n. Suc m = n --> m < n"
   8.841 +  by (import prim_rec EQ_LESS)
   8.842 +
   8.843 +lemma NOT_LESS_EQ: "ALL (m::nat) n::nat. m = n --> ~ m < n"
   8.844 +  by (import prim_rec NOT_LESS_EQ)
   8.845 +
   8.846 +constdefs
   8.847 +  SIMP_REC_REL :: "(nat => 'a) => 'a => ('a => 'a) => nat => bool" 
   8.848 +  "SIMP_REC_REL == %fun x f n. fun 0 = x & (ALL m<n. fun (Suc m) = f (fun m))"
   8.849 +
   8.850 +lemma SIMP_REC_REL: "ALL fun x f n.
   8.851 +   SIMP_REC_REL fun x f n = (fun 0 = x & (ALL m<n. fun (Suc m) = f (fun m)))"
   8.852 +  by (import prim_rec SIMP_REC_REL)
   8.853 +
   8.854 +lemma SIMP_REC_EXISTS: "ALL x f n. EX fun. SIMP_REC_REL fun x f n"
   8.855 +  by (import prim_rec SIMP_REC_EXISTS)
   8.856 +
   8.857 +lemma SIMP_REC_REL_UNIQUE: "ALL x xa xb xc xd xe.
   8.858 +   SIMP_REC_REL xb x xa xd & SIMP_REC_REL xc x xa xe -->
   8.859 +   (ALL n. n < xd & n < xe --> xb n = xc n)"
   8.860 +  by (import prim_rec SIMP_REC_REL_UNIQUE)
   8.861 +
   8.862 +lemma SIMP_REC_REL_UNIQUE_RESULT: "ALL x f n. EX! y. EX g. SIMP_REC_REL g x f (Suc n) & y = g n"
   8.863 +  by (import prim_rec SIMP_REC_REL_UNIQUE_RESULT)
   8.864 +
   8.865 +consts
   8.866 +  SIMP_REC :: "'a => ('a => 'a) => nat => 'a" 
   8.867 +
   8.868 +specification (SIMP_REC) SIMP_REC: "ALL x f' n. EX g. SIMP_REC_REL g x f' (Suc n) & SIMP_REC x f' n = g n"
   8.869 +  by (import prim_rec SIMP_REC)
   8.870 +
   8.871 +lemma LESS_SUC_SUC: "ALL m. m < Suc m & m < Suc (Suc m)"
   8.872 +  by (import prim_rec LESS_SUC_SUC)
   8.873 +
   8.874 +lemma SIMP_REC_THM: "ALL x f.
   8.875 +   SIMP_REC x f 0 = x & (ALL m. SIMP_REC x f (Suc m) = f (SIMP_REC x f m))"
   8.876 +  by (import prim_rec SIMP_REC_THM)
   8.877 +
   8.878 +constdefs
   8.879 +  PRE :: "nat => nat" 
   8.880 +  "PRE == %m. if m = 0 then 0 else SOME n. m = Suc n"
   8.881 +
   8.882 +lemma PRE_DEF: "ALL m. PRE m = (if m = 0 then 0 else SOME n. m = Suc n)"
   8.883 +  by (import prim_rec PRE_DEF)
   8.884 +
   8.885 +lemma PRE: "PRE 0 = 0 & (ALL m. PRE (Suc m) = m)"
   8.886 +  by (import prim_rec PRE)
   8.887 +
   8.888 +constdefs
   8.889 +  PRIM_REC_FUN :: "'a => ('a => nat => 'a) => nat => nat => 'a" 
   8.890 +  "PRIM_REC_FUN == %x f. SIMP_REC (%n. x) (%fun n. f (fun (PRE n)) n)"
   8.891 +
   8.892 +lemma PRIM_REC_FUN: "ALL x f. PRIM_REC_FUN x f = SIMP_REC (%n. x) (%fun n. f (fun (PRE n)) n)"
   8.893 +  by (import prim_rec PRIM_REC_FUN)
   8.894 +
   8.895 +lemma PRIM_REC_EQN: "ALL x f.
   8.896 +   (ALL n. PRIM_REC_FUN x f 0 n = x) &
   8.897 +   (ALL m n. PRIM_REC_FUN x f (Suc m) n = f (PRIM_REC_FUN x f m (PRE n)) n)"
   8.898 +  by (import prim_rec PRIM_REC_EQN)
   8.899 +
   8.900 +constdefs
   8.901 +  PRIM_REC :: "'a => ('a => nat => 'a) => nat => 'a" 
   8.902 +  "PRIM_REC == %x f m. PRIM_REC_FUN x f m (PRE m)"
   8.903 +
   8.904 +lemma PRIM_REC: "ALL x f m. PRIM_REC x f m = PRIM_REC_FUN x f m (PRE m)"
   8.905 +  by (import prim_rec PRIM_REC)
   8.906 +
   8.907 +lemma PRIM_REC_THM: "ALL x f.
   8.908 +   PRIM_REC x f 0 = x & (ALL m. PRIM_REC x f (Suc m) = f (PRIM_REC x f m) m)"
   8.909 +  by (import prim_rec PRIM_REC_THM)
   8.910 +
   8.911 +lemma DC: "ALL P R a.
   8.912 +   P a & (ALL x. P x --> (EX y. P y & R x y)) -->
   8.913 +   (EX x. x 0 = a & (ALL n. P (x n) & R (x n) (x (Suc n))))"
   8.914 +  by (import prim_rec DC)
   8.915 +
   8.916 +lemma num_Axiom_old: "ALL e f. EX! fn1. fn1 0 = e & (ALL n. fn1 (Suc n) = f (fn1 n) n)"
   8.917 +  by (import prim_rec num_Axiom_old)
   8.918 +
   8.919 +lemma num_Axiom: "ALL e f. EX x. x 0 = e & (ALL n. x (Suc n) = f n (x n))"
   8.920 +  by (import prim_rec num_Axiom)
   8.921 +
   8.922 +consts
   8.923 +  wellfounded :: "('a => 'a => bool) => bool" 
   8.924 +
   8.925 +defs
   8.926 +  wellfounded_primdef: "wellfounded == %R. ~ (EX f. ALL n. R (f (Suc n)) (f n))"
   8.927 +
   8.928 +lemma wellfounded_def: "ALL R. wellfounded R = (~ (EX f. ALL n. R (f (Suc n)) (f n)))"
   8.929 +  by (import prim_rec wellfounded_def)
   8.930 +
   8.931 +lemma WF_IFF_WELLFOUNDED: "ALL R. WF R = wellfounded R"
   8.932 +  by (import prim_rec WF_IFF_WELLFOUNDED)
   8.933 +
   8.934 +lemma WF_PRED: "WF (%x y. y = Suc x)"
   8.935 +  by (import prim_rec WF_PRED)
   8.936 +
   8.937 +lemma WF_LESS: "(WF::(nat => nat => bool) => bool) (op <::nat => nat => bool)"
   8.938 +  by (import prim_rec WF_LESS)
   8.939 +
   8.940 +consts
   8.941 +  measure :: "('a => nat) => 'a => 'a => bool" 
   8.942 +
   8.943 +defs
   8.944 +  measure_primdef: "prim_rec.measure == relation.inv_image op <"
   8.945 +
   8.946 +lemma measure_def: "prim_rec.measure = relation.inv_image op <"
   8.947 +  by (import prim_rec measure_def)
   8.948 +
   8.949 +lemma WF_measure: "ALL x. WF (prim_rec.measure x)"
   8.950 +  by (import prim_rec WF_measure)
   8.951 +
   8.952 +lemma measure_thm: "ALL x xa xb. prim_rec.measure x xa xb = (x xa < x xb)"
   8.953 +  by (import prim_rec measure_thm)
   8.954 +
   8.955 +;end_setup
   8.956 +
   8.957 +;setup_theory arithmetic
   8.958 +
   8.959 +constdefs
   8.960 +  nat_elim__magic :: "nat => nat" 
   8.961 +  "nat_elim__magic == %n. n"
   8.962 +
   8.963 +lemma nat_elim__magic: "ALL n. nat_elim__magic n = n"
   8.964 +  by (import arithmetic nat_elim__magic)
   8.965 +
   8.966 +consts
   8.967 +  EVEN :: "nat => bool" 
   8.968 +
   8.969 +specification (EVEN) EVEN: "EVEN 0 = True & (ALL n. EVEN (Suc n) = (~ EVEN n))"
   8.970 +  by (import arithmetic EVEN)
   8.971 +
   8.972 +consts
   8.973 +  ODD :: "nat => bool" 
   8.974 +
   8.975 +specification (ODD) ODD: "ODD 0 = False & (ALL n. ODD (Suc n) = (~ ODD n))"
   8.976 +  by (import arithmetic ODD)
   8.977 +
   8.978 +lemma TWO: "2 = Suc 1"
   8.979 +  by (import arithmetic TWO)
   8.980 +
   8.981 +lemma NORM_0: "(0::nat) = (0::nat)"
   8.982 +  by (import arithmetic NORM_0)
   8.983 +
   8.984 +lemma num_case_compute: "ALL n. nat_case f g n = (if n = 0 then f else g (PRE n))"
   8.985 +  by (import arithmetic num_case_compute)
   8.986 +
   8.987 +lemma ADD_CLAUSES: "0 + m = m & m + 0 = m & Suc m + n = Suc (m + n) & m + Suc n = Suc (m + n)"
   8.988 +  by (import arithmetic ADD_CLAUSES)
   8.989 +
   8.990 +lemma LESS_ADD: "ALL (m::nat) n::nat. n < m --> (EX p::nat. p + n = m)"
   8.991 +  by (import arithmetic LESS_ADD)
   8.992 +
   8.993 +lemma LESS_ANTISYM: "ALL (m::nat) n::nat. ~ (m < n & n < m)"
   8.994 +  by (import arithmetic LESS_ANTISYM)
   8.995 +
   8.996 +lemma LESS_LESS_SUC: "ALL x xa. ~ (x < xa & xa < Suc x)"
   8.997 +  by (import arithmetic LESS_LESS_SUC)
   8.998 +
   8.999 +lemma FUN_EQ_LEMMA: "ALL f x1 x2. f x1 & ~ f x2 --> x1 ~= x2"
  8.1000 +  by (import arithmetic FUN_EQ_LEMMA)
  8.1001 +
  8.1002 +lemma LESS_NOT_SUC: "ALL m n. m < n & n ~= Suc m --> Suc m < n"
  8.1003 +  by (import arithmetic LESS_NOT_SUC)
  8.1004 +
  8.1005 +lemma LESS_0_CASES: "ALL m::nat. (0::nat) = m | (0::nat) < m"
  8.1006 +  by (import arithmetic LESS_0_CASES)
  8.1007 +
  8.1008 +lemma LESS_CASES_IMP: "ALL (m::nat) n::nat. ~ m < n & m ~= n --> n < m"
  8.1009 +  by (import arithmetic LESS_CASES_IMP)
  8.1010 +
  8.1011 +lemma LESS_CASES: "ALL (m::nat) n::nat. m < n | n <= m"
  8.1012 +  by (import arithmetic LESS_CASES)
  8.1013 +
  8.1014 +lemma LESS_EQ_SUC_REFL: "ALL m. m <= Suc m"
  8.1015 +  by (import arithmetic LESS_EQ_SUC_REFL)
  8.1016 +
  8.1017 +lemma LESS_ADD_NONZERO: "ALL (m::nat) n::nat. n ~= (0::nat) --> m < m + n"
  8.1018 +  by (import arithmetic LESS_ADD_NONZERO)
  8.1019 +
  8.1020 +lemma LESS_EQ_ANTISYM: "ALL (x::nat) xa::nat. ~ (x < xa & xa <= x)"
  8.1021 +  by (import arithmetic LESS_EQ_ANTISYM)
  8.1022 +
  8.1023 +lemma SUB_0: "ALL m::nat. (0::nat) - m = (0::nat) & m - (0::nat) = m"
  8.1024 +  by (import arithmetic SUB_0)
  8.1025 +
  8.1026 +lemma SUC_SUB1: "ALL m. Suc m - 1 = m"
  8.1027 +  by (import arithmetic SUC_SUB1)
  8.1028 +
  8.1029 +lemma PRE_SUB1: "ALL m. PRE m = m - 1"
  8.1030 +  by (import arithmetic PRE_SUB1)
  8.1031 +
  8.1032 +lemma MULT_CLAUSES: "ALL x xa.
  8.1033 +   0 * x = 0 &
  8.1034 +   x * 0 = 0 &
  8.1035 +   1 * x = x &
  8.1036 +   x * 1 = x & Suc x * xa = x * xa + xa & x * Suc xa = x + x * xa"
  8.1037 +  by (import arithmetic MULT_CLAUSES)
  8.1038 +
  8.1039 +lemma PRE_SUB: "ALL m n. PRE (m - n) = PRE m - n"
  8.1040 +  by (import arithmetic PRE_SUB)
  8.1041 +
  8.1042 +lemma ADD_EQ_1: "ALL (m::nat) n::nat.
  8.1043 +   (m + n = (1::nat)) =
  8.1044 +   (m = (1::nat) & n = (0::nat) | m = (0::nat) & n = (1::nat))"
  8.1045 +  by (import arithmetic ADD_EQ_1)
  8.1046 +
  8.1047 +lemma ADD_INV_0_EQ: "ALL (m::nat) n::nat. (m + n = m) = (n = (0::nat))"
  8.1048 +  by (import arithmetic ADD_INV_0_EQ)
  8.1049 +
  8.1050 +lemma PRE_SUC_EQ: "ALL m n. 0 < n --> (m = PRE n) = (Suc m = n)"
  8.1051 +  by (import arithmetic PRE_SUC_EQ)
  8.1052 +
  8.1053 +lemma INV_PRE_EQ: "ALL m n. 0 < m & 0 < n --> (PRE m = PRE n) = (m = n)"
  8.1054 +  by (import arithmetic INV_PRE_EQ)
  8.1055 +
  8.1056 +lemma LESS_SUC_NOT: "ALL m n. m < n --> ~ n < Suc m"
  8.1057 +  by (import arithmetic LESS_SUC_NOT)
  8.1058 +
  8.1059 +lemma ADD_EQ_SUB: "ALL (m::nat) (n::nat) p::nat. n <= p --> (m + n = p) = (m = p - n)"
  8.1060 +  by (import arithmetic ADD_EQ_SUB)
  8.1061 +
  8.1062 +lemma LESS_ADD_1: "ALL (x::nat) xa::nat. xa < x --> (EX xb::nat. x = xa + (xb + (1::nat)))"
  8.1063 +  by (import arithmetic LESS_ADD_1)
  8.1064 +
  8.1065 +lemma NOT_ODD_EQ_EVEN: "ALL n m. Suc (n + n) ~= m + m"
  8.1066 +  by (import arithmetic NOT_ODD_EQ_EVEN)
  8.1067 +
  8.1068 +lemma MULT_SUC_EQ: "ALL p m n. (n * Suc p = m * Suc p) = (n = m)"
  8.1069 +  by (import arithmetic MULT_SUC_EQ)
  8.1070 +
  8.1071 +lemma MULT_EXP_MONO: "ALL p q n m. (n * Suc q ^ p = m * Suc q ^ p) = (n = m)"
  8.1072 +  by (import arithmetic MULT_EXP_MONO)
  8.1073 +
  8.1074 +lemma LESS_ADD_SUC: "ALL m n. m < m + Suc n"
  8.1075 +  by (import arithmetic LESS_ADD_SUC)
  8.1076 +
  8.1077 +lemma LESS_OR_EQ_ADD: "ALL (n::nat) m::nat. n < m | (EX p::nat. n = p + m)"
  8.1078 +  by (import arithmetic LESS_OR_EQ_ADD)
  8.1079 +
  8.1080 +lemma WOP: "ALL P::nat => bool. Ex P --> (EX n::nat. P n & (ALL m<n. ~ P m))"
  8.1081 +  by (import arithmetic WOP)
  8.1082 +
  8.1083 +lemma INV_PRE_LESS: "ALL m. 0 < m --> (ALL n. (PRE m < PRE n) = (m < n))"
  8.1084 +  by (import arithmetic INV_PRE_LESS)
  8.1085 +
  8.1086 +lemma INV_PRE_LESS_EQ: "ALL n. 0 < n --> (ALL m. (PRE m <= PRE n) = (m <= n))"
  8.1087 +  by (import arithmetic INV_PRE_LESS_EQ)
  8.1088 +
  8.1089 +lemma SUB_EQ_EQ_0: "ALL (m::nat) n::nat. (m - n = m) = (m = (0::nat) | n = (0::nat))"
  8.1090 +  by (import arithmetic SUB_EQ_EQ_0)
  8.1091 +
  8.1092 +lemma SUB_LESS_OR: "ALL (m::nat) n::nat. n < m --> n <= m - (1::nat)"
  8.1093 +  by (import arithmetic SUB_LESS_OR)
  8.1094 +
  8.1095 +lemma LESS_SUB_ADD_LESS: "ALL (n::nat) (m::nat) i::nat. i < n - m --> i + m < n"
  8.1096 +  by (import arithmetic LESS_SUB_ADD_LESS)
  8.1097 +
  8.1098 +lemma LESS_EQ_SUB_LESS: "ALL (x::nat) xa::nat. xa <= x --> (ALL c::nat. (x - xa < c) = (x < xa + c))"
  8.1099 +  by (import arithmetic LESS_EQ_SUB_LESS)
  8.1100 +
  8.1101 +lemma NOT_SUC_LESS_EQ: "ALL x xa. (~ Suc x <= xa) = (xa <= x)"
  8.1102 +  by (import arithmetic NOT_SUC_LESS_EQ)
  8.1103 +
  8.1104 +lemma SUB_LESS_EQ_ADD: "ALL (m::nat) p::nat. m <= p --> (ALL n::nat. (p - m <= n) = (p <= m + n))"
  8.1105 +  by (import arithmetic SUB_LESS_EQ_ADD)
  8.1106 +
  8.1107 +lemma SUB_CANCEL: "ALL (x::nat) (xa::nat) xb::nat.
  8.1108 +   xa <= x & xb <= x --> (x - xa = x - xb) = (xa = xb)"
  8.1109 +  by (import arithmetic SUB_CANCEL)
  8.1110 +
  8.1111 +lemma NOT_EXP_0: "ALL m n. Suc n ^ m ~= 0"
  8.1112 +  by (import arithmetic NOT_EXP_0)
  8.1113 +
  8.1114 +lemma ZERO_LESS_EXP: "ALL m n. 0 < Suc n ^ m"
  8.1115 +  by (import arithmetic ZERO_LESS_EXP)
  8.1116 +
  8.1117 +lemma ODD_OR_EVEN: "ALL x. EX xa. x = Suc (Suc 0) * xa | x = Suc (Suc 0) * xa + 1"
  8.1118 +  by (import arithmetic ODD_OR_EVEN)
  8.1119 +
  8.1120 +lemma LESS_EXP_SUC_MONO: "ALL n m. Suc (Suc m) ^ n < Suc (Suc m) ^ Suc n"
  8.1121 +  by (import arithmetic LESS_EXP_SUC_MONO)
  8.1122 +
  8.1123 +lemma LESS_LESS_CASES: "ALL (m::nat) n::nat. m = n | m < n | n < m"
  8.1124 +  by (import arithmetic LESS_LESS_CASES)
  8.1125 +
  8.1126 +lemma LESS_EQUAL_ADD: "ALL (m::nat) n::nat. m <= n --> (EX p::nat. n = m + p)"
  8.1127 +  by (import arithmetic LESS_EQUAL_ADD)
  8.1128 +
  8.1129 +lemma LESS_EQ_EXISTS: "ALL (m::nat) n::nat. (m <= n) = (EX p::nat. n = m + p)"
  8.1130 +  by (import arithmetic LESS_EQ_EXISTS)
  8.1131 +
  8.1132 +lemma MULT_EQ_1: "ALL (x::nat) y::nat. (x * y = (1::nat)) = (x = (1::nat) & y = (1::nat))"
  8.1133 +  by (import arithmetic MULT_EQ_1)
  8.1134 +
  8.1135 +consts
  8.1136 +  FACT :: "nat => nat" 
  8.1137 +
  8.1138 +specification (FACT) FACT: "FACT 0 = 1 & (ALL n. FACT (Suc n) = Suc n * FACT n)"
  8.1139 +  by (import arithmetic FACT)
  8.1140 +
  8.1141 +lemma FACT_LESS: "ALL n. 0 < FACT n"
  8.1142 +  by (import arithmetic FACT_LESS)
  8.1143 +
  8.1144 +lemma EVEN_ODD: "ALL n. EVEN n = (~ ODD n)"
  8.1145 +  by (import arithmetic EVEN_ODD)
  8.1146 +
  8.1147 +lemma ODD_EVEN: "ALL x. ODD x = (~ EVEN x)"
  8.1148 +  by (import arithmetic ODD_EVEN)
  8.1149 +
  8.1150 +lemma EVEN_OR_ODD: "ALL x. EVEN x | ODD x"
  8.1151 +  by (import arithmetic EVEN_OR_ODD)
  8.1152 +
  8.1153 +lemma EVEN_AND_ODD: "ALL x. ~ (EVEN x & ODD x)"
  8.1154 +  by (import arithmetic EVEN_AND_ODD)
  8.1155 +
  8.1156 +lemma EVEN_ADD: "ALL m n. EVEN (m + n) = (EVEN m = EVEN n)"
  8.1157 +  by (import arithmetic EVEN_ADD)
  8.1158 +
  8.1159 +lemma EVEN_MULT: "ALL m n. EVEN (m * n) = (EVEN m | EVEN n)"
  8.1160 +  by (import arithmetic EVEN_MULT)
  8.1161 +
  8.1162 +lemma ODD_ADD: "ALL m n. ODD (m + n) = (ODD m ~= ODD n)"
  8.1163 +  by (import arithmetic ODD_ADD)
  8.1164 +
  8.1165 +lemma ODD_MULT: "ALL m n. ODD (m * n) = (ODD m & ODD n)"
  8.1166 +  by (import arithmetic ODD_MULT)
  8.1167 +
  8.1168 +lemma EVEN_DOUBLE: "ALL n. EVEN (2 * n)"
  8.1169 +  by (import arithmetic EVEN_DOUBLE)
  8.1170 +
  8.1171 +lemma ODD_DOUBLE: "ALL x. ODD (Suc (2 * x))"
  8.1172 +  by (import arithmetic ODD_DOUBLE)
  8.1173 +
  8.1174 +lemma EVEN_ODD_EXISTS: "ALL x. (EVEN x --> (EX m. x = 2 * m)) & (ODD x --> (EX m. x = Suc (2 * m)))"
  8.1175 +  by (import arithmetic EVEN_ODD_EXISTS)
  8.1176 +
  8.1177 +lemma EVEN_EXISTS: "ALL n. EVEN n = (EX m. n = 2 * m)"
  8.1178 +  by (import arithmetic EVEN_EXISTS)
  8.1179 +
  8.1180 +lemma ODD_EXISTS: "ALL n. ODD n = (EX m. n = Suc (2 * m))"
  8.1181 +  by (import arithmetic ODD_EXISTS)
  8.1182 +
  8.1183 +lemma NOT_SUC_LESS_EQ_0: "ALL x. ~ Suc x <= 0"
  8.1184 +  by (import arithmetic NOT_SUC_LESS_EQ_0)
  8.1185 +
  8.1186 +lemma NOT_LEQ: "ALL x xa. (~ x <= xa) = (Suc xa <= x)"
  8.1187 +  by (import arithmetic NOT_LEQ)
  8.1188 +
  8.1189 +lemma NOT_NUM_EQ: "ALL x xa. (x ~= xa) = (Suc x <= xa | Suc xa <= x)"
  8.1190 +  by (import arithmetic NOT_NUM_EQ)
  8.1191 +
  8.1192 +lemma NOT_GREATER_EQ: "ALL x xa. (~ xa <= x) = (Suc x <= xa)"
  8.1193 +  by (import arithmetic NOT_GREATER_EQ)
  8.1194 +
  8.1195 +lemma SUC_ADD_SYM: "ALL m n. Suc (m + n) = Suc n + m"
  8.1196 +  by (import arithmetic SUC_ADD_SYM)
  8.1197 +
  8.1198 +lemma NOT_SUC_ADD_LESS_EQ: "ALL m n. ~ Suc (m + n) <= m"
  8.1199 +  by (import arithmetic NOT_SUC_ADD_LESS_EQ)
  8.1200 +
  8.1201 +lemma SUB_LEFT_ADD: "ALL (m::nat) (n::nat) p::nat.
  8.1202 +   m + (n - p) = (if n <= p then m else m + n - p)"
  8.1203 +  by (import arithmetic SUB_LEFT_ADD)
  8.1204 +
  8.1205 +lemma SUB_RIGHT_ADD: "ALL (m::nat) (n::nat) p::nat. m - n + p = (if m <= n then p else m + p - n)"
  8.1206 +  by (import arithmetic SUB_RIGHT_ADD)
  8.1207 +
  8.1208 +lemma SUB_LEFT_SUB: "ALL (m::nat) (n::nat) p::nat.
  8.1209 +   m - (n - p) = (if n <= p then m else m + p - n)"
  8.1210 +  by (import arithmetic SUB_LEFT_SUB)
  8.1211 +
  8.1212 +lemma SUB_LEFT_SUC: "ALL m n. Suc (m - n) = (if m <= n then Suc 0 else Suc m - n)"
  8.1213 +  by (import arithmetic SUB_LEFT_SUC)
  8.1214 +
  8.1215 +lemma SUB_LEFT_LESS_EQ: "ALL (m::nat) (n::nat) p::nat. (m <= n - p) = (m + p <= n | m <= (0::nat))"
  8.1216 +  by (import arithmetic SUB_LEFT_LESS_EQ)
  8.1217 +
  8.1218 +lemma SUB_RIGHT_LESS_EQ: "ALL (m::nat) (n::nat) p::nat. (m - n <= p) = (m <= n + p)"
  8.1219 +  by (import arithmetic SUB_RIGHT_LESS_EQ)
  8.1220 +
  8.1221 +lemma SUB_RIGHT_LESS: "ALL (m::nat) (n::nat) p::nat. (m - n < p) = (m < n + p & (0::nat) < p)"
  8.1222 +  by (import arithmetic SUB_RIGHT_LESS)
  8.1223 +
  8.1224 +lemma SUB_RIGHT_GREATER_EQ: "ALL (m::nat) (n::nat) p::nat. (p <= m - n) = (n + p <= m | p <= (0::nat))"
  8.1225 +  by (import arithmetic SUB_RIGHT_GREATER_EQ)
  8.1226 +
  8.1227 +lemma SUB_LEFT_GREATER: "ALL (m::nat) (n::nat) p::nat. (n - p < m) = (n < m + p & (0::nat) < m)"
  8.1228 +  by (import arithmetic SUB_LEFT_GREATER)
  8.1229 +
  8.1230 +lemma SUB_RIGHT_GREATER: "ALL (m::nat) (n::nat) p::nat. (p < m - n) = (n + p < m)"
  8.1231 +  by (import arithmetic SUB_RIGHT_GREATER)
  8.1232 +
  8.1233 +lemma SUB_LEFT_EQ: "ALL (m::nat) (n::nat) p::nat.
  8.1234 +   (m = n - p) = (m + p = n | m <= (0::nat) & n <= p)"
  8.1235 +  by (import arithmetic SUB_LEFT_EQ)
  8.1236 +
  8.1237 +lemma SUB_RIGHT_EQ: "ALL (m::nat) (n::nat) p::nat.
  8.1238 +   (m - n = p) = (m = n + p | m <= n & p <= (0::nat))"
  8.1239 +  by (import arithmetic SUB_RIGHT_EQ)
  8.1240 +
  8.1241 +lemma LE: "(ALL n::nat. (n <= (0::nat)) = (n = (0::nat))) &
  8.1242 +(ALL (m::nat) n::nat. (m <= Suc n) = (m = Suc n | m <= n))"
  8.1243 +  by (import arithmetic LE)
  8.1244 +
  8.1245 +lemma DA: "ALL (k::nat) n::nat.
  8.1246 +   (0::nat) < n --> (EX (x::nat) q::nat. k = q * n + x & x < n)"
  8.1247 +  by (import arithmetic DA)
  8.1248 +
  8.1249 +lemma DIV_LESS_EQ: "ALL n::nat. (0::nat) < n --> (ALL k::nat. k div n <= k)"
  8.1250 +  by (import arithmetic DIV_LESS_EQ)
  8.1251 +
  8.1252 +lemma DIV_UNIQUE: "ALL (n::nat) (k::nat) q::nat.
  8.1253 +   (EX r::nat. k = q * n + r & r < n) --> k div n = q"
  8.1254 +  by (import arithmetic DIV_UNIQUE)
  8.1255 +
  8.1256 +lemma MOD_UNIQUE: "ALL (n::nat) (k::nat) r::nat.
  8.1257 +   (EX q::nat. k = q * n + r & r < n) --> k mod n = r"
  8.1258 +  by (import arithmetic MOD_UNIQUE)
  8.1259 +
  8.1260 +lemma DIV_MULT: "ALL (n::nat) r::nat. r < n --> (ALL q::nat. (q * n + r) div n = q)"
  8.1261 +  by (import arithmetic DIV_MULT)
  8.1262 +
  8.1263 +lemma MOD_EQ_0: "ALL n::nat. (0::nat) < n --> (ALL k::nat. k * n mod n = (0::nat))"
  8.1264 +  by (import arithmetic MOD_EQ_0)
  8.1265 +
  8.1266 +lemma ZERO_MOD: "ALL n::nat. (0::nat) < n --> (0::nat) mod n = (0::nat)"
  8.1267 +  by (import arithmetic ZERO_MOD)
  8.1268 +
  8.1269 +lemma ZERO_DIV: "ALL n::nat. (0::nat) < n --> (0::nat) div n = (0::nat)"
  8.1270 +  by (import arithmetic ZERO_DIV)
  8.1271 +
  8.1272 +lemma MOD_MULT: "ALL (n::nat) r::nat. r < n --> (ALL q::nat. (q * n + r) mod n = r)"
  8.1273 +  by (import arithmetic MOD_MULT)
  8.1274 +
  8.1275 +lemma MOD_TIMES: "ALL n::nat.
  8.1276 +   (0::nat) < n --> (ALL (q::nat) r::nat. (q * n + r) mod n = r mod n)"
  8.1277 +  by (import arithmetic MOD_TIMES)
  8.1278 +
  8.1279 +lemma MOD_PLUS: "ALL n::nat.
  8.1280 +   (0::nat) < n -->
  8.1281 +   (ALL (j::nat) k::nat. (j mod n + k mod n) mod n = (j + k) mod n)"
  8.1282 +  by (import arithmetic MOD_PLUS)
  8.1283 +
  8.1284 +lemma MOD_MOD: "ALL n::nat. (0::nat) < n --> (ALL k::nat. k mod n mod n = k mod n)"
  8.1285 +  by (import arithmetic MOD_MOD)
  8.1286 +
  8.1287 +lemma ADD_DIV_ADD_DIV: "ALL x::nat.
  8.1288 +   (0::nat) < x -->
  8.1289 +   (ALL (xa::nat) r::nat. (xa * x + r) div x = xa + r div x)"
  8.1290 +  by (import arithmetic ADD_DIV_ADD_DIV)
  8.1291 +
  8.1292 +lemma MOD_MULT_MOD: "ALL (m::nat) n::nat.
  8.1293 +   (0::nat) < n & (0::nat) < m -->
  8.1294 +   (ALL x::nat. x mod (n * m) mod n = x mod n)"
  8.1295 +  by (import arithmetic MOD_MULT_MOD)
  8.1296 +
  8.1297 +lemma DIVMOD_ID: "ALL n::nat. (0::nat) < n --> n div n = (1::nat) & n mod n = (0::nat)"
  8.1298 +  by (import arithmetic DIVMOD_ID)
  8.1299 +
  8.1300 +lemma DIV_DIV_DIV_MULT: "ALL (x::nat) xa::nat.
  8.1301 +   (0::nat) < x & (0::nat) < xa -->
  8.1302 +   (ALL xb::nat. xb div x div xa = xb div (x * xa))"
  8.1303 +  by (import arithmetic DIV_DIV_DIV_MULT)
  8.1304 +
  8.1305 +lemma DIV_P: "ALL (P::nat => bool) (p::nat) q::nat.
  8.1306 +   (0::nat) < q -->
  8.1307 +   P (p div q) = (EX (k::nat) r::nat. p = k * q + r & r < q & P k)"
  8.1308 +  by (import arithmetic DIV_P)
  8.1309 +
  8.1310 +lemma MOD_P: "ALL (P::nat => bool) (p::nat) q::nat.
  8.1311 +   (0::nat) < q -->
  8.1312 +   P (p mod q) = (EX (k::nat) r::nat. p = k * q + r & r < q & P r)"
  8.1313 +  by (import arithmetic MOD_P)
  8.1314 +
  8.1315 +lemma MOD_TIMES2: "ALL n::nat.
  8.1316 +   (0::nat) < n -->
  8.1317 +   (ALL (j::nat) k::nat. j mod n * (k mod n) mod n = j * k mod n)"
  8.1318 +  by (import arithmetic MOD_TIMES2)
  8.1319 +
  8.1320 +lemma MOD_COMMON_FACTOR: "ALL (n::nat) (p::nat) q::nat.
  8.1321 +   (0::nat) < n & (0::nat) < q --> n * (p mod q) = n * p mod (n * q)"
  8.1322 +  by (import arithmetic MOD_COMMON_FACTOR)
  8.1323 +
  8.1324 +lemma num_case_cong: "ALL M M' b f.
  8.1325 +   M = M' & (M' = 0 --> b = b') & (ALL n. M' = Suc n --> f n = f' n) -->
  8.1326 +   nat_case b f M = nat_case b' f' M'"
  8.1327 +  by (import arithmetic num_case_cong)
  8.1328 +
  8.1329 +lemma SUC_ELIM_THM: "ALL P. (ALL n. P (Suc n) n) = (ALL n. 0 < n --> P n (n - 1))"
  8.1330 +  by (import arithmetic SUC_ELIM_THM)
  8.1331 +
  8.1332 +lemma SUB_ELIM_THM: "(P::nat => bool) ((a::nat) - (b::nat)) =
  8.1333 +(ALL x::nat. (b = a + x --> P (0::nat)) & (a = b + x --> P x))"
  8.1334 +  by (import arithmetic SUB_ELIM_THM)
  8.1335 +
  8.1336 +lemma PRE_ELIM_THM: "P (PRE n) = (ALL m. (n = 0 --> P 0) & (n = Suc m --> P m))"
  8.1337 +  by (import arithmetic PRE_ELIM_THM)
  8.1338 +
  8.1339 +lemma MULT_INCREASES: "ALL m n. 1 < m & 0 < n --> Suc n <= m * n"
  8.1340 +  by (import arithmetic MULT_INCREASES)
  8.1341 +
  8.1342 +lemma EXP_ALWAYS_BIG_ENOUGH: "ALL b::nat. (1::nat) < b --> (ALL n::nat. EX m::nat. n <= b ^ m)"
  8.1343 +  by (import arithmetic EXP_ALWAYS_BIG_ENOUGH)
  8.1344 +
  8.1345 +lemma EXP_EQ_0: "ALL (n::nat) m::nat. (n ^ m = (0::nat)) = (n = (0::nat) & (0::nat) < m)"
  8.1346 +  by (import arithmetic EXP_EQ_0)
  8.1347 +
  8.1348 +lemma EXP_1: "ALL x::nat. (1::nat) ^ x = (1::nat) & x ^ (1::nat) = x"
  8.1349 +  by (import arithmetic EXP_1)
  8.1350 +
  8.1351 +lemma EXP_EQ_1: "ALL (n::nat) m::nat. (n ^ m = (1::nat)) = (n = (1::nat) | m = (0::nat))"
  8.1352 +  by (import arithmetic EXP_EQ_1)
  8.1353 +
  8.1354 +lemma MIN_MAX_EQ: "ALL (x::nat) xa::nat. (min x xa = max x xa) = (x = xa)"
  8.1355 +  by (import arithmetic MIN_MAX_EQ)
  8.1356 +
  8.1357 +lemma MIN_MAX_LT: "ALL (x::nat) xa::nat. (min x xa < max x xa) = (x ~= xa)"
  8.1358 +  by (import arithmetic MIN_MAX_LT)
  8.1359 +
  8.1360 +lemma MIN_MAX_PRED: "ALL (P::nat => bool) (m::nat) n::nat.
  8.1361 +   P m & P n --> P (min m n) & P (max m n)"
  8.1362 +  by (import arithmetic MIN_MAX_PRED)
  8.1363 +
  8.1364 +lemma MIN_LT: "ALL (x::nat) xa::nat.
  8.1365 +   (min xa x < xa) = (xa ~= x & min xa x = x) &
  8.1366 +   (min xa x < x) = (xa ~= x & min xa x = xa) &
  8.1367 +   (xa < min xa x) = False & (x < min xa x) = False"
  8.1368 +  by (import arithmetic MIN_LT)
  8.1369 +
  8.1370 +lemma MAX_LT: "ALL (x::nat) xa::nat.
  8.1371 +   (xa < max xa x) = (xa ~= x & max xa x = x) &
  8.1372 +   (x < max xa x) = (xa ~= x & max xa x = xa) &
  8.1373 +   (max xa x < xa) = False & (max xa x < x) = False"
  8.1374 +  by (import arithmetic MAX_LT)
  8.1375 +
  8.1376 +lemma MIN_LE: "ALL (x::nat) xa::nat. min xa x <= xa & min xa x <= x"
  8.1377 +  by (import arithmetic MIN_LE)
  8.1378 +
  8.1379 +lemma MAX_LE: "ALL (x::nat) xa::nat. xa <= max xa x & x <= max xa x"
  8.1380 +  by (import arithmetic MAX_LE)
  8.1381 +
  8.1382 +lemma MIN_0: "ALL x::nat. min x (0::nat) = (0::nat) & min (0::nat) x = (0::nat)"
  8.1383 +  by (import arithmetic MIN_0)
  8.1384 +
  8.1385 +lemma MAX_0: "ALL x::nat. max x (0::nat) = x & max (0::nat) x = x"
  8.1386 +  by (import arithmetic MAX_0)
  8.1387 +
  8.1388 +lemma EXISTS_GREATEST: "ALL P::nat => bool.
  8.1389 +   (Ex P & (EX x::nat. ALL y::nat. x < y --> ~ P y)) =
  8.1390 +   (EX x::nat. P x & (ALL y::nat. x < y --> ~ P y))"
  8.1391 +  by (import arithmetic EXISTS_GREATEST)
  8.1392 +
  8.1393 +;end_setup
  8.1394 +
  8.1395 +;setup_theory hrat
  8.1396 +
  8.1397 +constdefs
  8.1398 +  trat_1 :: "nat * nat" 
  8.1399 +  "trat_1 == (0, 0)"
  8.1400 +
  8.1401 +lemma trat_1: "trat_1 = (0, 0)"
  8.1402 +  by (import hrat trat_1)
  8.1403 +
  8.1404 +constdefs
  8.1405 +  trat_inv :: "nat * nat => nat * nat" 
  8.1406 +  "trat_inv == %(x, y). (y, x)"
  8.1407 +
  8.1408 +lemma trat_inv: "ALL x y. trat_inv (x, y) = (y, x)"
  8.1409 +  by (import hrat trat_inv)
  8.1410 +
  8.1411 +constdefs
  8.1412 +  trat_add :: "nat * nat => nat * nat => nat * nat" 
  8.1413 +  "trat_add ==
  8.1414 +%(x, y) (x', y').
  8.1415 +   (PRE (Suc x * Suc y' + Suc x' * Suc y), PRE (Suc y * Suc y'))"
  8.1416 +
  8.1417 +lemma trat_add: "ALL x y x' y'.
  8.1418 +   trat_add (x, y) (x', y') =
  8.1419 +   (PRE (Suc x * Suc y' + Suc x' * Suc y), PRE (Suc y * Suc y'))"
  8.1420 +  by (import hrat trat_add)
  8.1421 +
  8.1422 +constdefs
  8.1423 +  trat_mul :: "nat * nat => nat * nat => nat * nat" 
  8.1424 +  "trat_mul == %(x, y) (x', y'). (PRE (Suc x * Suc x'), PRE (Suc y * Suc y'))"
  8.1425 +
  8.1426 +lemma trat_mul: "ALL x y x' y'.
  8.1427 +   trat_mul (x, y) (x', y') = (PRE (Suc x * Suc x'), PRE (Suc y * Suc y'))"
  8.1428 +  by (import hrat trat_mul)
  8.1429 +
  8.1430 +consts
  8.1431 +  trat_sucint :: "nat => nat * nat" 
  8.1432 +
  8.1433 +specification (trat_sucint) trat_sucint: "trat_sucint 0 = trat_1 &
  8.1434 +(ALL n. trat_sucint (Suc n) = trat_add (trat_sucint n) trat_1)"
  8.1435 +  by (import hrat trat_sucint)
  8.1436 +
  8.1437 +constdefs
  8.1438 +  trat_eq :: "nat * nat => nat * nat => bool" 
  8.1439 +  "trat_eq == %(x, y) (x', y'). Suc x * Suc y' = Suc x' * Suc y"
  8.1440 +
  8.1441 +lemma trat_eq: "ALL x y x' y'. trat_eq (x, y) (x', y') = (Suc x * Suc y' = Suc x' * Suc y)"
  8.1442 +  by (import hrat trat_eq)
  8.1443 +
  8.1444 +lemma TRAT_EQ_REFL: "ALL p. trat_eq p p"
  8.1445 +  by (import hrat TRAT_EQ_REFL)
  8.1446 +
  8.1447 +lemma TRAT_EQ_SYM: "ALL p q. trat_eq p q = trat_eq q p"
  8.1448 +  by (import hrat TRAT_EQ_SYM)
  8.1449 +
  8.1450 +lemma TRAT_EQ_TRANS: "ALL p q r. trat_eq p q & trat_eq q r --> trat_eq p r"
  8.1451 +  by (import hrat TRAT_EQ_TRANS)
  8.1452 +
  8.1453 +lemma TRAT_EQ_AP: "ALL p q. p = q --> trat_eq p q"
  8.1454 +  by (import hrat TRAT_EQ_AP)
  8.1455 +
  8.1456 +lemma TRAT_ADD_SYM_EQ: "ALL h i. trat_add h i = trat_add i h"
  8.1457 +  by (import hrat TRAT_ADD_SYM_EQ)
  8.1458 +
  8.1459 +lemma TRAT_MUL_SYM_EQ: "ALL h i. trat_mul h i = trat_mul i h"
  8.1460 +  by (import hrat TRAT_MUL_SYM_EQ)
  8.1461 +
  8.1462 +lemma TRAT_INV_WELLDEFINED: "ALL p q. trat_eq p q --> trat_eq (trat_inv p) (trat_inv q)"
  8.1463 +  by (import hrat TRAT_INV_WELLDEFINED)
  8.1464 +
  8.1465 +lemma TRAT_ADD_WELLDEFINED: "ALL p q r. trat_eq p q --> trat_eq (trat_add p r) (trat_add q r)"
  8.1466 +  by (import hrat TRAT_ADD_WELLDEFINED)
  8.1467 +
  8.1468 +lemma TRAT_ADD_WELLDEFINED2: "ALL p1 p2 q1 q2.
  8.1469 +   trat_eq p1 p2 & trat_eq q1 q2 -->
  8.1470 +   trat_eq (trat_add p1 q1) (trat_add p2 q2)"
  8.1471 +  by (import hrat TRAT_ADD_WELLDEFINED2)
  8.1472 +
  8.1473 +lemma TRAT_MUL_WELLDEFINED: "ALL p q r. trat_eq p q --> trat_eq (trat_mul p r) (trat_mul q r)"
  8.1474 +  by (import hrat TRAT_MUL_WELLDEFINED)
  8.1475 +
  8.1476 +lemma TRAT_MUL_WELLDEFINED2: "ALL p1 p2 q1 q2.
  8.1477 +   trat_eq p1 p2 & trat_eq q1 q2 -->
  8.1478 +   trat_eq (trat_mul p1 q1) (trat_mul p2 q2)"
  8.1479 +  by (import hrat TRAT_MUL_WELLDEFINED2)
  8.1480 +
  8.1481 +lemma TRAT_ADD_SYM: "ALL h i. trat_eq (trat_add h i) (trat_add i h)"
  8.1482 +  by (import hrat TRAT_ADD_SYM)
  8.1483 +
  8.1484 +lemma TRAT_ADD_ASSOC: "ALL h i j. trat_eq (trat_add h (trat_add i j)) (trat_add (trat_add h i) j)"
  8.1485 +  by (import hrat TRAT_ADD_ASSOC)
  8.1486 +
  8.1487 +lemma TRAT_MUL_SYM: "ALL h i. trat_eq (trat_mul h i) (trat_mul i h)"
  8.1488 +  by (import hrat TRAT_MUL_SYM)
  8.1489 +
  8.1490 +lemma TRAT_MUL_ASSOC: "ALL h i j. trat_eq (trat_mul h (trat_mul i j)) (trat_mul (trat_mul h i) j)"
  8.1491 +  by (import hrat TRAT_MUL_ASSOC)
  8.1492 +
  8.1493 +lemma TRAT_LDISTRIB: "ALL h i j.
  8.1494 +   trat_eq (trat_mul h (trat_add i j))
  8.1495 +    (trat_add (trat_mul h i) (trat_mul h j))"
  8.1496 +  by (import hrat TRAT_LDISTRIB)
  8.1497 +
  8.1498 +lemma TRAT_MUL_LID: "ALL h. trat_eq (trat_mul trat_1 h) h"
  8.1499 +  by (import hrat TRAT_MUL_LID)
  8.1500 +
  8.1501 +lemma TRAT_MUL_LINV: "ALL h. trat_eq (trat_mul (trat_inv h) h) trat_1"
  8.1502 +  by (import hrat TRAT_MUL_LINV)
  8.1503 +
  8.1504 +lemma TRAT_NOZERO: "ALL h i. ~ trat_eq (trat_add h i) h"
  8.1505 +  by (import hrat TRAT_NOZERO)
  8.1506 +
  8.1507 +lemma TRAT_ADD_TOTAL: "ALL h i.
  8.1508 +   trat_eq h i |
  8.1509 +   (EX d. trat_eq h (trat_add i d)) | (EX d. trat_eq i (trat_add h d))"
  8.1510 +  by (import hrat TRAT_ADD_TOTAL)
  8.1511 +
  8.1512 +lemma TRAT_SUCINT_0: "ALL n. trat_eq (trat_sucint n) (n, 0)"
  8.1513 +  by (import hrat TRAT_SUCINT_0)
  8.1514 +
  8.1515 +lemma TRAT_ARCH: "ALL h. EX n d. trat_eq (trat_sucint n) (trat_add h d)"
  8.1516 +  by (import hrat TRAT_ARCH)
  8.1517 +
  8.1518 +lemma TRAT_SUCINT: "trat_eq (trat_sucint 0) trat_1 &
  8.1519 +(ALL n. trat_eq (trat_sucint (Suc n)) (trat_add (trat_sucint n) trat_1))"
  8.1520 +  by (import hrat TRAT_SUCINT)
  8.1521 +
  8.1522 +lemma TRAT_EQ_EQUIV: "ALL p q. trat_eq p q = (trat_eq p = trat_eq q)"
  8.1523 +  by (import hrat TRAT_EQ_EQUIV)
  8.1524 +
  8.1525 +typedef (open) hrat = "{x. EX xa. x = trat_eq xa}" 
  8.1526 +  by (rule typedef_helper,import hrat hrat_TY_DEF)
  8.1527 +
  8.1528 +lemmas hrat_TY_DEF = typedef_hol2hol4 [OF type_definition_hrat]
  8.1529 +
  8.1530 +consts
  8.1531 +  mk_hrat :: "(nat * nat => bool) => hrat" 
  8.1532 +  dest_hrat :: "hrat => nat * nat => bool" 
  8.1533 +
  8.1534 +specification (dest_hrat mk_hrat) hrat_tybij: "(ALL a. mk_hrat (dest_hrat a) = a) &
  8.1535 +(ALL r. (EX x. r = trat_eq x) = (dest_hrat (mk_hrat r) = r))"
  8.1536 +  by (import hrat hrat_tybij)
  8.1537 +
  8.1538 +constdefs
  8.1539 +  hrat_1 :: "hrat" 
  8.1540 +  "hrat_1 == mk_hrat (trat_eq trat_1)"
  8.1541 +
  8.1542 +lemma hrat_1: "hrat_1 = mk_hrat (trat_eq trat_1)"
  8.1543 +  by (import hrat hrat_1)
  8.1544 +
  8.1545 +constdefs
  8.1546 +  hrat_inv :: "hrat => hrat" 
  8.1547 +  "hrat_inv == %T1. mk_hrat (trat_eq (trat_inv (Eps (dest_hrat T1))))"
  8.1548 +
  8.1549 +lemma hrat_inv: "ALL T1. hrat_inv T1 = mk_hrat (trat_eq (trat_inv (Eps (dest_hrat T1))))"
  8.1550 +  by (import hrat hrat_inv)
  8.1551 +
  8.1552 +constdefs
  8.1553 +  hrat_add :: "hrat => hrat => hrat" 
  8.1554 +  "hrat_add ==
  8.1555 +%T1 T2.
  8.1556 +   mk_hrat (trat_eq (trat_add (Eps (dest_hrat T1)) (Eps (dest_hrat T2))))"
  8.1557 +
  8.1558 +lemma hrat_add: "ALL T1 T2.
  8.1559 +   hrat_add T1 T2 =
  8.1560 +   mk_hrat (trat_eq (trat_add (Eps (dest_hrat T1)) (Eps (dest_hrat T2))))"
  8.1561 +  by (import hrat hrat_add)
  8.1562 +
  8.1563 +constdefs
  8.1564 +  hrat_mul :: "hrat => hrat => hrat" 
  8.1565 +  "hrat_mul ==
  8.1566 +%T1 T2.
  8.1567 +   mk_hrat (trat_eq (trat_mul (Eps (dest_hrat T1)) (Eps (dest_hrat T2))))"
  8.1568 +
  8.1569 +lemma hrat_mul: "ALL T1 T2.
  8.1570 +   hrat_mul T1 T2 =
  8.1571 +   mk_hrat (trat_eq (trat_mul (Eps (dest_hrat T1)) (Eps (dest_hrat T2))))"
  8.1572 +  by (import hrat hrat_mul)
  8.1573 +
  8.1574 +constdefs
  8.1575 +  hrat_sucint :: "nat => hrat" 
  8.1576 +  "hrat_sucint == %T1. mk_hrat (trat_eq (trat_sucint T1))"
  8.1577 +
  8.1578 +lemma hrat_sucint: "ALL T1. hrat_sucint T1 = mk_hrat (trat_eq (trat_sucint T1))"
  8.1579 +  by (import hrat hrat_sucint)
  8.1580 +
  8.1581 +lemma HRAT_ADD_SYM: "ALL h i. hrat_add h i = hrat_add i h"
  8.1582 +  by (import hrat HRAT_ADD_SYM)
  8.1583 +
  8.1584 +lemma HRAT_ADD_ASSOC: "ALL h i j. hrat_add h (hrat_add i j) = hrat_add (hrat_add h i) j"
  8.1585 +  by (import hrat HRAT_ADD_ASSOC)
  8.1586 +
  8.1587 +lemma HRAT_MUL_SYM: "ALL h i. hrat_mul h i = hrat_mul i h"
  8.1588 +  by (import hrat HRAT_MUL_SYM)
  8.1589 +
  8.1590 +lemma HRAT_MUL_ASSOC: "ALL h i j. hrat_mul h (hrat_mul i j) = hrat_mul (hrat_mul h i) j"
  8.1591 +  by (import hrat HRAT_MUL_ASSOC)
  8.1592 +
  8.1593 +lemma HRAT_LDISTRIB: "ALL h i j.
  8.1594 +   hrat_mul h (hrat_add i j) = hrat_add (hrat_mul h i) (hrat_mul h j)"
  8.1595 +  by (import hrat HRAT_LDISTRIB)
  8.1596 +
  8.1597 +lemma HRAT_MUL_LID: "ALL h. hrat_mul hrat_1 h = h"
  8.1598 +  by (import hrat HRAT_MUL_LID)
  8.1599 +
  8.1600 +lemma HRAT_MUL_LINV: "ALL h. hrat_mul (hrat_inv h) h = hrat_1"
  8.1601 +  by (import hrat HRAT_MUL_LINV)
  8.1602 +
  8.1603 +lemma HRAT_NOZERO: "ALL h i. hrat_add h i ~= h"
  8.1604 +  by (import hrat HRAT_NOZERO)
  8.1605 +
  8.1606 +lemma HRAT_ADD_TOTAL: "ALL h i. h = i | (EX x. h = hrat_add i x) | (EX x. i = hrat_add h x)"
  8.1607 +  by (import hrat HRAT_ADD_TOTAL)
  8.1608 +
  8.1609 +lemma HRAT_ARCH: "ALL h. EX x xa. hrat_sucint x = hrat_add h xa"
  8.1610 +  by (import hrat HRAT_ARCH)
  8.1611 +
  8.1612 +lemma HRAT_SUCINT: "hrat_sucint 0 = hrat_1 &
  8.1613 +(ALL x. hrat_sucint (Suc x) = hrat_add (hrat_sucint x) hrat_1)"
  8.1614 +  by (import hrat HRAT_SUCINT)
  8.1615 +
  8.1616 +;end_setup
  8.1617 +
  8.1618 +;setup_theory hreal
  8.1619 +
  8.1620 +constdefs
  8.1621 +  hrat_lt :: "hrat => hrat => bool" 
  8.1622 +  "hrat_lt == %x y. EX d. y = hrat_add x d"
  8.1623 +
  8.1624 +lemma hrat_lt: "ALL x y. hrat_lt x y = (EX d. y = hrat_add x d)"
  8.1625 +  by (import hreal hrat_lt)
  8.1626 +
  8.1627 +lemma HRAT_LT_REFL: "ALL x. ~ hrat_lt x x"
  8.1628 +  by (import hreal HRAT_LT_REFL)
  8.1629 +
  8.1630 +lemma HRAT_LT_TRANS: "ALL x y z. hrat_lt x y & hrat_lt y z --> hrat_lt x z"
  8.1631 +  by (import hreal HRAT_LT_TRANS)
  8.1632 +
  8.1633 +lemma HRAT_LT_ANTISYM: "ALL x y. ~ (hrat_lt x y & hrat_lt y x)"
  8.1634 +  by (import hreal HRAT_LT_ANTISYM)
  8.1635 +
  8.1636 +lemma HRAT_LT_TOTAL: "ALL x y. x = y | hrat_lt x y | hrat_lt y x"
  8.1637 +  by (import hreal HRAT_LT_TOTAL)
  8.1638 +
  8.1639 +lemma HRAT_MUL_RID: "ALL x. hrat_mul x hrat_1 = x"
  8.1640 +  by (import hreal HRAT_MUL_RID)
  8.1641 +
  8.1642 +lemma HRAT_MUL_RINV: "ALL x. hrat_mul x (hrat_inv x) = hrat_1"
  8.1643 +  by (import hreal HRAT_MUL_RINV)
  8.1644 +
  8.1645 +lemma HRAT_RDISTRIB: "ALL x y z.
  8.1646 +   hrat_mul (hrat_add x y) z = hrat_add (hrat_mul x z) (hrat_mul y z)"
  8.1647 +  by (import hreal HRAT_RDISTRIB)
  8.1648 +
  8.1649 +lemma HRAT_LT_ADDL: "ALL x y. hrat_lt x (hrat_add x y)"
  8.1650 +  by (import hreal HRAT_LT_ADDL)
  8.1651 +
  8.1652 +lemma HRAT_LT_ADDR: "ALL x xa. hrat_lt xa (hrat_add x xa)"
  8.1653 +  by (import hreal HRAT_LT_ADDR)
  8.1654 +
  8.1655 +lemma HRAT_LT_GT: "ALL x y. hrat_lt x y --> ~ hrat_lt y x"
  8.1656 +  by (import hreal HRAT_LT_GT)
  8.1657 +
  8.1658 +lemma HRAT_LT_NE: "ALL x y. hrat_lt x y --> x ~= y"
  8.1659 +  by (import hreal HRAT_LT_NE)
  8.1660 +
  8.1661 +lemma HRAT_EQ_LADD: "ALL x y z. (hrat_add x y = hrat_add x z) = (y = z)"
  8.1662 +  by (import hreal HRAT_EQ_LADD)
  8.1663 +
  8.1664 +lemma HRAT_EQ_LMUL: "ALL x y z. (hrat_mul x y = hrat_mul x z) = (y = z)"
  8.1665 +  by (import hreal HRAT_EQ_LMUL)
  8.1666 +
  8.1667 +lemma HRAT_LT_ADD2: "ALL u v x y.
  8.1668 +   hrat_lt u x & hrat_lt v y --> hrat_lt (hrat_add u v) (hrat_add x y)"
  8.1669 +  by (import hreal HRAT_LT_ADD2)
  8.1670 +
  8.1671 +lemma HRAT_LT_LADD: "ALL x y z. hrat_lt (hrat_add z x) (hrat_add z y) = hrat_lt x y"
  8.1672 +  by (import hreal HRAT_LT_LADD)
  8.1673 +
  8.1674 +lemma HRAT_LT_RADD: "ALL x y z. hrat_lt (hrat_add x z) (hrat_add y z) = hrat_lt x y"
  8.1675 +  by (import hreal HRAT_LT_RADD)
  8.1676 +
  8.1677 +lemma HRAT_LT_MUL2: "ALL u v x y.
  8.1678 +   hrat_lt u x & hrat_lt v y --> hrat_lt (hrat_mul u v) (hrat_mul x y)"
  8.1679 +  by (import hreal HRAT_LT_MUL2)
  8.1680 +
  8.1681 +lemma HRAT_LT_LMUL: "ALL x y z. hrat_lt (hrat_mul z x) (hrat_mul z y) = hrat_lt x y"
  8.1682 +  by (import hreal HRAT_LT_LMUL)
  8.1683 +
  8.1684 +lemma HRAT_LT_RMUL: "ALL x y z. hrat_lt (hrat_mul x z) (hrat_mul y z) = hrat_lt x y"
  8.1685 +  by (import hreal HRAT_LT_RMUL)
  8.1686 +
  8.1687 +lemma HRAT_LT_LMUL1: "ALL x y. hrat_lt (hrat_mul x y) y = hrat_lt x hrat_1"
  8.1688 +  by (import hreal HRAT_LT_LMUL1)
  8.1689 +
  8.1690 +lemma HRAT_LT_RMUL1: "ALL x y. hrat_lt (hrat_mul x y) x = hrat_lt y hrat_1"
  8.1691 +  by (import hreal HRAT_LT_RMUL1)
  8.1692 +
  8.1693 +lemma HRAT_GT_LMUL1: "ALL x y. hrat_lt y (hrat_mul x y) = hrat_lt hrat_1 x"
  8.1694 +  by (import hreal HRAT_GT_LMUL1)
  8.1695 +
  8.1696 +lemma HRAT_LT_L1: "ALL x y. hrat_lt (hrat_mul (hrat_inv x) y) hrat_1 = hrat_lt y x"
  8.1697 +  by (import hreal HRAT_LT_L1)
  8.1698 +
  8.1699 +lemma HRAT_LT_R1: "ALL x y. hrat_lt (hrat_mul x (hrat_inv y)) hrat_1 = hrat_lt x y"
  8.1700 +  by (import hreal HRAT_LT_R1)
  8.1701 +
  8.1702 +lemma HRAT_GT_L1: "ALL x y. hrat_lt hrat_1 (hrat_mul (hrat_inv x) y) = hrat_lt x y"
  8.1703 +  by (import hreal HRAT_GT_L1)
  8.1704 +
  8.1705 +lemma HRAT_INV_MUL: "ALL x y. hrat_inv (hrat_mul x y) = hrat_mul (hrat_inv x) (hrat_inv y)"
  8.1706 +  by (import hreal HRAT_INV_MUL)
  8.1707 +
  8.1708 +lemma HRAT_UP: "ALL x. Ex (hrat_lt x)"
  8.1709 +  by (import hreal HRAT_UP)
  8.1710 +
  8.1711 +lemma HRAT_DOWN: "ALL x. EX xa. hrat_lt xa x"
  8.1712 +  by (import hreal HRAT_DOWN)
  8.1713 +
  8.1714 +lemma HRAT_DOWN2: "ALL x y. EX xa. hrat_lt xa x & hrat_lt xa y"
  8.1715 +  by (import hreal HRAT_DOWN2)
  8.1716 +
  8.1717 +lemma HRAT_MEAN: "ALL x y. hrat_lt x y --> (EX xa. hrat_lt x xa & hrat_lt xa y)"
  8.1718 +  by (import hreal HRAT_MEAN)
  8.1719 +
  8.1720 +constdefs
  8.1721 +  isacut :: "(hrat => bool) => bool" 
  8.1722 +  "isacut ==
  8.1723 +%C. Ex C &
  8.1724 +    (EX x. ~ C x) &
  8.1725 +    (ALL x y. C x & hrat_lt y x --> C y) &
  8.1726 +    (ALL x. C x --> (EX y. C y & hrat_lt x y))"
  8.1727 +
  8.1728 +lemma isacut: "ALL C.
  8.1729 +   isacut C =
  8.1730 +   (Ex C &
  8.1731 +    (EX x. ~ C x) &
  8.1732 +    (ALL x y. C x & hrat_lt y x --> C y) &
  8.1733 +    (ALL x. C x --> (EX y. C y & hrat_lt x y)))"
  8.1734 +  by (import hreal isacut)
  8.1735 +
  8.1736 +constdefs
  8.1737 +  cut_of_hrat :: "hrat => hrat => bool" 
  8.1738 +  "cut_of_hrat == %x y. hrat_lt y x"
  8.1739 +
  8.1740 +lemma cut_of_hrat: "ALL x. cut_of_hrat x = (%y. hrat_lt y x)"
  8.1741 +  by (import hreal cut_of_hrat)
  8.1742 +
  8.1743 +lemma ISACUT_HRAT: "ALL h. isacut (cut_of_hrat h)"
  8.1744 +  by (import hreal ISACUT_HRAT)
  8.1745 +
  8.1746 +typedef (open) hreal = "Collect isacut" 
  8.1747 +  by (rule typedef_helper,import hreal hreal_TY_DEF)
  8.1748 +
  8.1749 +lemmas hreal_TY_DEF = typedef_hol2hol4 [OF type_definition_hreal]
  8.1750 +
  8.1751 +consts
  8.1752 +  hreal :: "(hrat => bool) => hreal" 
  8.1753 +  cut :: "hreal => hrat => bool" 
  8.1754 +
  8.1755 +specification (cut hreal) hreal_tybij: "(ALL a. hreal (hreal.cut a) = a) &
  8.1756 +(ALL r. isacut r = (hreal.cut (hreal r) = r))"
  8.1757 +  by (import hreal hreal_tybij)
  8.1758 +
  8.1759 +lemma EQUAL_CUTS: "ALL X Y. hreal.cut X = hreal.cut Y --> X = Y"
  8.1760 +  by (import hreal EQUAL_CUTS)
  8.1761 +
  8.1762 +lemma CUT_ISACUT: "ALL x. isacut (hreal.cut x)"
  8.1763 +  by (import hreal CUT_ISACUT)
  8.1764 +
  8.1765 +lemma CUT_NONEMPTY: "ALL x. Ex (hreal.cut x)"
  8.1766 +  by (import hreal CUT_NONEMPTY)
  8.1767 +
  8.1768 +lemma CUT_BOUNDED: "ALL x. EX xa. ~ hreal.cut x xa"
  8.1769 +  by (import hreal CUT_BOUNDED)
  8.1770 +
  8.1771 +lemma CUT_DOWN: "ALL x xa xb. hreal.cut x xa & hrat_lt xb xa --> hreal.cut x xb"
  8.1772 +  by (import hreal CUT_DOWN)
  8.1773 +
  8.1774 +lemma CUT_UP: "ALL x xa. hreal.cut x xa --> (EX y. hreal.cut x y & hrat_lt xa y)"
  8.1775 +  by (import hreal CUT_UP)
  8.1776 +
  8.1777 +lemma CUT_UBOUND: "ALL x xa xb. ~ hreal.cut x xa & hrat_lt xa xb --> ~ hreal.cut x xb"
  8.1778 +  by (import hreal CUT_UBOUND)
  8.1779 +
  8.1780 +lemma CUT_STRADDLE: "ALL X x y. hreal.cut X x & ~ hreal.cut X y --> hrat_lt x y"
  8.1781 +  by (import hreal CUT_STRADDLE)
  8.1782 +
  8.1783 +lemma CUT_NEARTOP_ADD: "ALL X e. EX x. hreal.cut X x & ~ hreal.cut X (hrat_add x e)"
  8.1784 +  by (import hreal CUT_NEARTOP_ADD)
  8.1785 +
  8.1786 +lemma CUT_NEARTOP_MUL: "ALL X u.
  8.1787 +   hrat_lt hrat_1 u --> (EX x. hreal.cut X x & ~ hreal.cut X (hrat_mul u x))"
  8.1788 +  by (import hreal CUT_NEARTOP_MUL)
  8.1789 +
  8.1790 +constdefs
  8.1791 +  hreal_1 :: "hreal" 
  8.1792 +  "hreal_1 == hreal (cut_of_hrat hrat_1)"
  8.1793 +
  8.1794 +lemma hreal_1: "hreal_1 = hreal (cut_of_hrat hrat_1)"
  8.1795 +  by (import hreal hreal_1)
  8.1796 +
  8.1797 +constdefs
  8.1798 +  hreal_add :: "hreal => hreal => hreal" 
  8.1799 +  "hreal_add ==
  8.1800 +%X Y. hreal (%w. EX x y. w = hrat_add x y & hreal.cut X x & hreal.cut Y y)"
  8.1801 +
  8.1802 +lemma hreal_add: "ALL X Y.
  8.1803 +   hreal_add X Y =
  8.1804 +   hreal (%w. EX x y. w = hrat_add x y & hreal.cut X x & hreal.cut Y y)"
  8.1805 +  by (import hreal hreal_add)
  8.1806 +
  8.1807 +constdefs
  8.1808 +  hreal_mul :: "hreal => hreal => hreal" 
  8.1809 +  "hreal_mul ==
  8.1810 +%X Y. hreal (%w. EX x y. w = hrat_mul x y & hreal.cut X x & hreal.cut Y y)"
  8.1811 +
  8.1812 +lemma hreal_mul: "ALL X Y.
  8.1813 +   hreal_mul X Y =
  8.1814 +   hreal (%w. EX x y. w = hrat_mul x y & hreal.cut X x & hreal.cut Y y)"
  8.1815 +  by (import hreal hreal_mul)
  8.1816 +
  8.1817 +constdefs
  8.1818 +  hreal_inv :: "hreal => hreal" 
  8.1819 +  "hreal_inv ==
  8.1820 +%X. hreal
  8.1821 +     (%w. EX d. hrat_lt d hrat_1 &
  8.1822 +                (ALL x. hreal.cut X x --> hrat_lt (hrat_mul w x) d))"
  8.1823 +
  8.1824 +lemma hreal_inv: "ALL X.
  8.1825 +   hreal_inv X =
  8.1826 +   hreal
  8.1827 +    (%w. EX d. hrat_lt d hrat_1 &
  8.1828 +               (ALL x. hreal.cut X x --> hrat_lt (hrat_mul w x) d))"
  8.1829 +  by (import hreal hreal_inv)
  8.1830 +
  8.1831 +constdefs
  8.1832 +  hreal_sup :: "(hreal => bool) => hreal" 
  8.1833 +  "hreal_sup == %P. hreal (%w. EX X. P X & hreal.cut X w)"
  8.1834 +
  8.1835 +lemma hreal_sup: "ALL P. hreal_sup P = hreal (%w. EX X. P X & hreal.cut X w)"
  8.1836 +  by (import hreal hreal_sup)
  8.1837 +
  8.1838 +constdefs
  8.1839 +  hreal_lt :: "hreal => hreal => bool" 
  8.1840 +  "hreal_lt == %X Y. X ~= Y & (ALL x. hreal.cut X x --> hreal.cut Y x)"
  8.1841 +
  8.1842 +lemma hreal_lt: "ALL X Y. hreal_lt X Y = (X ~= Y & (ALL x. hreal.cut X x --> hreal.cut Y x))"
  8.1843 +  by (import hreal hreal_lt)
  8.1844 +
  8.1845 +lemma HREAL_INV_ISACUT: "ALL X.
  8.1846 +   isacut
  8.1847 +    (%w. EX d. hrat_lt d hrat_1 &
  8.1848 +               (ALL x. hreal.cut X x --> hrat_lt (hrat_mul w x) d))"
  8.1849 +  by (import hreal HREAL_INV_ISACUT)
  8.1850 +
  8.1851 +lemma HREAL_ADD_ISACUT: "ALL X Y.
  8.1852 +   isacut (%w. EX x y. w = hrat_add x y & hreal.cut X x & hreal.cut Y y)"
  8.1853 +  by (import hreal HREAL_ADD_ISACUT)
  8.1854 +
  8.1855 +lemma HREAL_MUL_ISACUT: "ALL X Y.
  8.1856 +   isacut (%w. EX x y. w = hrat_mul x y & hreal.cut X x & hreal.cut Y y)"
  8.1857 +  by (import hreal HREAL_MUL_ISACUT)
  8.1858 +
  8.1859 +lemma HREAL_ADD_SYM: "ALL X Y. hreal_add X Y = hreal_add Y X"
  8.1860 +  by (import hreal HREAL_ADD_SYM)
  8.1861 +
  8.1862 +lemma HREAL_MUL_SYM: "ALL X Y. hreal_mul X Y = hreal_mul Y X"
  8.1863 +  by (import hreal HREAL_MUL_SYM)
  8.1864 +
  8.1865 +lemma HREAL_ADD_ASSOC: "ALL X Y Z. hreal_add X (hreal_add Y Z) = hreal_add (hreal_add X Y) Z"
  8.1866 +  by (import hreal HREAL_ADD_ASSOC)
  8.1867 +
  8.1868 +lemma HREAL_MUL_ASSOC: "ALL X Y Z. hreal_mul X (hreal_mul Y Z) = hreal_mul (hreal_mul X Y) Z"
  8.1869 +  by (import hreal HREAL_MUL_ASSOC)
  8.1870 +
  8.1871 +lemma HREAL_LDISTRIB: "ALL X Y Z.
  8.1872 +   hreal_mul X (hreal_add Y Z) = hreal_add (hreal_mul X Y) (hreal_mul X Z)"
  8.1873 +  by (import hreal HREAL_LDISTRIB)
  8.1874 +
  8.1875 +lemma HREAL_MUL_LID: "ALL X. hreal_mul hreal_1 X = X"
  8.1876 +  by (import hreal HREAL_MUL_LID)
  8.1877 +
  8.1878 +lemma HREAL_MUL_LINV: "ALL X. hreal_mul (hreal_inv X) X = hreal_1"
  8.1879 +  by (import hreal HREAL_MUL_LINV)
  8.1880 +
  8.1881 +lemma HREAL_NOZERO: "ALL X Y. hreal_add X Y ~= X"
  8.1882 +  by (import hreal HREAL_NOZERO)
  8.1883 +
  8.1884 +constdefs
  8.1885 +  hreal_sub :: "hreal => hreal => hreal" 
  8.1886 +  "hreal_sub ==
  8.1887 +%Y X. hreal (%w. EX x. ~ hreal.cut X x & hreal.cut Y (hrat_add x w))"
  8.1888 +
  8.1889 +lemma hreal_sub: "ALL Y X.
  8.1890 +   hreal_sub Y X =
  8.1891 +   hreal (%w. EX x. ~ hreal.cut X x & hreal.cut Y (hrat_add x w))"
  8.1892 +  by (import hreal hreal_sub)
  8.1893 +
  8.1894 +lemma HREAL_LT_LEMMA: "ALL X Y. hreal_lt X Y --> (EX x. ~ hreal.cut X x & hreal.cut Y x)"
  8.1895 +  by (import hreal HREAL_LT_LEMMA)
  8.1896 +
  8.1897 +lemma HREAL_SUB_ISACUT: "ALL X Y.
  8.1898 +   hreal_lt X Y -->
  8.1899 +   isacut (%w. EX x. ~ hreal.cut X x & hreal.cut Y (hrat_add x w))"
  8.1900 +  by (import hreal HREAL_SUB_ISACUT)
  8.1901 +
  8.1902 +lemma HREAL_SUB_ADD: "ALL X Y. hreal_lt X Y --> hreal_add (hreal_sub Y X) X = Y"
  8.1903 +  by (import hreal HREAL_SUB_ADD)
  8.1904 +
  8.1905 +lemma HREAL_LT_TOTAL: "ALL X Y. X = Y | hreal_lt X Y | hreal_lt Y X"
  8.1906 +  by (import hreal HREAL_LT_TOTAL)
  8.1907 +
  8.1908 +lemma HREAL_LT: "ALL X Y. hreal_lt X Y = (EX D. Y = hreal_add X D)"
  8.1909 +  by (import hreal HREAL_LT)
  8.1910 +
  8.1911 +lemma HREAL_ADD_TOTAL: "ALL X Y. X = Y | (EX D. Y = hreal_add X D) | (EX D. X = hreal_add Y D)"
  8.1912 +  by (import hreal HREAL_ADD_TOTAL)
  8.1913 +
  8.1914 +lemma HREAL_SUP_ISACUT: "ALL P.
  8.1915 +   Ex P & (EX Y. ALL X. P X --> hreal_lt X Y) -->
  8.1916 +   isacut (%w. EX X. P X & hreal.cut X w)"
  8.1917 +  by (import hreal HREAL_SUP_ISACUT)
  8.1918 +
  8.1919 +lemma HREAL_SUP: "ALL P.
  8.1920 +   Ex P & (EX Y. ALL X. P X --> hreal_lt X Y) -->
  8.1921 +   (ALL Y. (EX X. P X & hreal_lt Y X) = hreal_lt Y (hreal_sup P))"
  8.1922 +  by (import hreal HREAL_SUP)
  8.1923 +
  8.1924 +;end_setup
  8.1925 +
  8.1926 +;setup_theory numeral
  8.1927 +
  8.1928 +lemma numeral_suc: "Suc ALT_ZERO = NUMERAL_BIT1 ALT_ZERO &
  8.1929 +(ALL x. Suc (NUMERAL_BIT1 x) = NUMERAL_BIT2 x) &
  8.1930 +(ALL x. Suc (NUMERAL_BIT2 x) = NUMERAL_BIT1 (Suc x))"
  8.1931 +  by (import numeral numeral_suc)
  8.1932 +
  8.1933 +constdefs
  8.1934 +  iZ :: "nat => nat" 
  8.1935 +  "iZ == %x. x"
  8.1936 +
  8.1937 +lemma iZ: "ALL x. iZ x = x"
  8.1938 +  by (import numeral iZ)
  8.1939 +
  8.1940 +constdefs
  8.1941 +  iiSUC :: "nat => nat" 
  8.1942 +  "iiSUC == %n. Suc (Suc n)"
  8.1943 +
  8.1944 +lemma iiSUC: "ALL n. iiSUC n = Suc (Suc n)"
  8.1945 +  by (import numeral iiSUC)
  8.1946 +
  8.1947 +lemma numeral_distrib: "(ALL x::nat. (0::nat) + x = x) &
  8.1948 +(ALL x::nat. x + (0::nat) = x) &
  8.1949 +(ALL (x::nat) xa::nat. NUMERAL x + NUMERAL xa = NUMERAL (iZ (x + xa))) &
  8.1950 +(ALL x::nat. (0::nat) * x = (0::nat)) &
  8.1951 +(ALL x::nat. x * (0::nat) = (0::nat)) &
  8.1952 +(ALL (x::nat) xa::nat. NUMERAL x * NUMERAL xa = NUMERAL (x * xa)) &
  8.1953 +(ALL x::nat. (0::nat) - x = (0::nat)) &
  8.1954 +(ALL x::nat. x - (0::nat) = x) &
  8.1955 +(ALL (x::nat) xa::nat. NUMERAL x - NUMERAL xa = NUMERAL (x - xa)) &
  8.1956 +(ALL x::nat. (0::nat) ^ NUMERAL (NUMERAL_BIT1 x) = (0::nat)) &
  8.1957 +(ALL x::nat. (0::nat) ^ NUMERAL (NUMERAL_BIT2 x) = (0::nat)) &
  8.1958 +(ALL x::nat. x ^ (0::nat) = (1::nat)) &
  8.1959 +(ALL (x::nat) xa::nat. NUMERAL x ^ NUMERAL xa = NUMERAL (x ^ xa)) &
  8.1960 +Suc (0::nat) = (1::nat) &
  8.1961 +(ALL x::nat. Suc (NUMERAL x) = NUMERAL (Suc x)) &
  8.1962 +PRE (0::nat) = (0::nat) &
  8.1963 +(ALL x::nat. PRE (NUMERAL x) = NUMERAL (PRE x)) &
  8.1964 +(ALL x::nat. (NUMERAL x = (0::nat)) = (x = ALT_ZERO)) &
  8.1965 +(ALL x::nat. ((0::nat) = NUMERAL x) = (x = ALT_ZERO)) &
  8.1966 +(ALL (x::nat) xa::nat. (NUMERAL x = NUMERAL xa) = (x = xa)) &
  8.1967 +(ALL x::nat. (x < (0::nat)) = False) &
  8.1968 +(ALL x::nat. ((0::nat) < NUMERAL x) = (ALT_ZERO < x)) &
  8.1969 +(ALL (x::nat) xa::nat. (NUMERAL x < NUMERAL xa) = (x < xa)) &
  8.1970 +(ALL x::nat. (x < (0::nat)) = False) &
  8.1971 +(ALL x::nat. ((0::nat) < NUMERAL x) = (ALT_ZERO < x)) &
  8.1972 +(ALL (x::nat) xa::nat. (NUMERAL xa < NUMERAL x) = (xa < x)) &
  8.1973 +(ALL x::nat. ((0::nat) <= x) = True) &
  8.1974 +(ALL x::nat. (NUMERAL x <= (0::nat)) = (x <= ALT_ZERO)) &
  8.1975 +(ALL (x::nat) xa::nat. (NUMERAL x <= NUMERAL xa) = (x <= xa)) &
  8.1976 +(ALL x::nat. ((0::nat) <= x) = True) &
  8.1977 +(ALL x::nat. (x <= (0::nat)) = (x = (0::nat))) &
  8.1978 +(ALL (x::nat) xa::nat. (NUMERAL xa <= NUMERAL x) = (xa <= x)) &
  8.1979 +(ALL x::nat. ODD (NUMERAL x) = ODD x) &
  8.1980 +(ALL x::nat. EVEN (NUMERAL x) = EVEN x) & ~ ODD (0::nat) & EVEN (0::nat)"
  8.1981 +  by (import numeral numeral_distrib)
  8.1982 +
  8.1983 +lemma numeral_iisuc: "iiSUC ALT_ZERO = NUMERAL_BIT2 ALT_ZERO &
  8.1984 +iiSUC (NUMERAL_BIT1 n) = NUMERAL_BIT1 (Suc n) &
  8.1985 +iiSUC (NUMERAL_BIT2 n) = NUMERAL_BIT2 (Suc n)"
  8.1986 +  by (import numeral numeral_iisuc)
  8.1987 +
  8.1988 +lemma numeral_add: "ALL x xa.
  8.1989 +   iZ (ALT_ZERO + x) = x &
  8.1990 +   iZ (x + ALT_ZERO) = x &
  8.1991 +   iZ (NUMERAL_BIT1 x + NUMERAL_BIT1 xa) = NUMERAL_BIT2 (iZ (x + xa)) &
  8.1992 +   iZ (NUMERAL_BIT1 x + NUMERAL_BIT2 xa) = NUMERAL_BIT1 (Suc (x + xa)) &
  8.1993 +   iZ (NUMERAL_BIT2 x + NUMERAL_BIT1 xa) = NUMERAL_BIT1 (Suc (x + xa)) &
  8.1994 +   iZ (NUMERAL_BIT2 x + NUMERAL_BIT2 xa) = NUMERAL_BIT2 (Suc (x + xa)) &
  8.1995 +   Suc (ALT_ZERO + x) = Suc x &
  8.1996 +   Suc (x + ALT_ZERO) = Suc x &
  8.1997 +   Suc (NUMERAL_BIT1 x + NUMERAL_BIT1 xa) = NUMERAL_BIT1 (Suc (x + xa)) &
  8.1998 +   Suc (NUMERAL_BIT1 x + NUMERAL_BIT2 xa) = NUMERAL_BIT2 (Suc (x + xa)) &
  8.1999 +   Suc (NUMERAL_BIT2 x + NUMERAL_BIT1 xa) = NUMERAL_BIT2 (Suc (x + xa)) &
  8.2000 +   Suc (NUMERAL_BIT2 x + NUMERAL_BIT2 xa) = NUMERAL_BIT1 (iiSUC (x + xa)) &
  8.2001 +   iiSUC (ALT_ZERO + x) = iiSUC x &
  8.2002 +   iiSUC (x + ALT_ZERO) = iiSUC x &
  8.2003 +   iiSUC (NUMERAL_BIT1 x + NUMERAL_BIT1 xa) = NUMERAL_BIT2 (Suc (x + xa)) &
  8.2004 +   iiSUC (NUMERAL_BIT1 x + NUMERAL_BIT2 xa) =
  8.2005 +   NUMERAL_BIT1 (iiSUC (x + xa)) &
  8.2006 +   iiSUC (NUMERAL_BIT2 x + NUMERAL_BIT1 xa) =
  8.2007 +   NUMERAL_BIT1 (iiSUC (x + xa)) &
  8.2008 +   iiSUC (NUMERAL_BIT2 x + NUMERAL_BIT2 xa) = NUMERAL_BIT2 (iiSUC (x + xa))"
  8.2009 +  by (import numeral numeral_add)
  8.2010 +
  8.2011 +lemma numeral_eq: "ALL x xa.
  8.2012 +   (ALT_ZERO = NUMERAL_BIT1 x) = False &
  8.2013 +   (NUMERAL_BIT1 x = ALT_ZERO) = False &
  8.2014 +   (ALT_ZERO = NUMERAL_BIT2 x) = False &
  8.2015 +   (NUMERAL_BIT2 x = ALT_ZERO) = False &
  8.2016 +   (NUMERAL_BIT1 x = NUMERAL_BIT2 xa) = False &
  8.2017 +   (NUMERAL_BIT2 x = NUMERAL_BIT1 xa) = False &
  8.2018 +   (NUMERAL_BIT1 x = NUMERAL_BIT1 xa) = (x = xa) &
  8.2019 +   (NUMERAL_BIT2 x = NUMERAL_BIT2 xa) = (x = xa)"
  8.2020 +  by (import numeral numeral_eq)
  8.2021 +
  8.2022 +lemma numeral_lt: "ALL x xa.
  8.2023 +   (ALT_ZERO < NUMERAL_BIT1 x) = True &
  8.2024 +   (ALT_ZERO < NUMERAL_BIT2 x) = True &
  8.2025 +   (x < ALT_ZERO) = False &
  8.2026 +   (NUMERAL_BIT1 x < NUMERAL_BIT1 xa) = (x < xa) &
  8.2027 +   (NUMERAL_BIT2 x < NUMERAL_BIT2 xa) = (x < xa) &
  8.2028 +   (NUMERAL_BIT1 x < NUMERAL_BIT2 xa) = (~ xa < x) &
  8.2029 +   (NUMERAL_BIT2 x < NUMERAL_BIT1 xa) = (x < xa)"
  8.2030 +  by (import numeral numeral_lt)
  8.2031 +
  8.2032 +lemma numeral_lte: "ALL x xa.
  8.2033 +   (ALT_ZERO <= x) = True &
  8.2034 +   (NUMERAL_BIT1 x <= ALT_ZERO) = False &
  8.2035 +   (NUMERAL_BIT2 x <= ALT_ZERO) = False &
  8.2036 +   (NUMERAL_BIT1 x <= NUMERAL_BIT1 xa) = (x <= xa) &
  8.2037 +   (NUMERAL_BIT1 x <= NUMERAL_BIT2 xa) = (x <= xa) &
  8.2038 +   (NUMERAL_BIT2 x <= NUMERAL_BIT1 xa) = (~ xa <= x) &
  8.2039 +   (NUMERAL_BIT2 x <= NUMERAL_BIT2 xa) = (x <= xa)"
  8.2040 +  by (import numeral numeral_lte)
  8.2041 +
  8.2042 +lemma numeral_pre: "PRE ALT_ZERO = ALT_ZERO &
  8.2043 +PRE (NUMERAL_BIT1 ALT_ZERO) = ALT_ZERO &
  8.2044 +(ALL x.
  8.2045 +    PRE (NUMERAL_BIT1 (NUMERAL_BIT1 x)) =
  8.2046 +    NUMERAL_BIT2 (PRE (NUMERAL_BIT1 x))) &
  8.2047 +(ALL x.
  8.2048 +    PRE (NUMERAL_BIT1 (NUMERAL_BIT2 x)) = NUMERAL_BIT2 (NUMERAL_BIT1 x)) &
  8.2049 +(ALL x. PRE (NUMERAL_BIT2 x) = NUMERAL_BIT1 x)"
  8.2050 +  by (import numeral numeral_pre)
  8.2051 +
  8.2052 +lemma bit_initiality: "ALL zf b1f b2f.
  8.2053 +   EX x. x ALT_ZERO = zf &
  8.2054 +         (ALL n. x (NUMERAL_BIT1 n) = b1f n (x n)) &
  8.2055 +         (ALL n. x (NUMERAL_BIT2 n) = b2f n (x n))"
  8.2056 +  by (import numeral bit_initiality)
  8.2057 +
  8.2058 +consts
  8.2059 +  iBIT_cases :: "nat => 'a => (nat => 'a) => (nat => 'a) => 'a" 
  8.2060 +
  8.2061 +specification (iBIT_cases) iBIT_cases: "(ALL (zf::'a) (bf1::nat => 'a) bf2::nat => 'a.
  8.2062 +    iBIT_cases ALT_ZERO zf bf1 bf2 = zf) &
  8.2063 +(ALL (n::nat) (zf::'a) (bf1::nat => 'a) bf2::nat => 'a.
  8.2064 +    iBIT_cases (NUMERAL_BIT1 n) zf bf1 bf2 = bf1 n) &
  8.2065 +(ALL (n::nat) (zf::'a) (bf1::nat => 'a) bf2::nat => 'a.
  8.2066 +    iBIT_cases (NUMERAL_BIT2 n) zf bf1 bf2 = bf2 n)"
  8.2067 +  by (import numeral iBIT_cases)
  8.2068 +
  8.2069 +constdefs
  8.2070 +  iDUB :: "nat => nat" 
  8.2071 +  "iDUB == %x. x + x"
  8.2072 +
  8.2073 +lemma iDUB: "ALL x. iDUB x = x + x"
  8.2074 +  by (import numeral iDUB)
  8.2075 +
  8.2076 +consts
  8.2077 +  iSUB :: "bool => nat => nat => nat" 
  8.2078 +
  8.2079 +specification (iSUB) iSUB_DEF: "(ALL b x. iSUB b ALT_ZERO x = ALT_ZERO) &
  8.2080 +(ALL b n x.
  8.2081 +    iSUB b (NUMERAL_BIT1 n) x =
  8.2082 +    (if b
  8.2083 +     then iBIT_cases x (NUMERAL_BIT1 n) (%m. iDUB (iSUB True n m))
  8.2084 +           (%m. NUMERAL_BIT1 (iSUB False n m))
  8.2085 +     else iBIT_cases x (iDUB n) (%m. NUMERAL_BIT1 (iSUB False n m))
  8.2086 +           (%m. iDUB (iSUB False n m)))) &
  8.2087 +(ALL b n x.
  8.2088 +    iSUB b (NUMERAL_BIT2 n) x =
  8.2089 +    (if b
  8.2090 +     then iBIT_cases x (NUMERAL_BIT2 n) (%m. NUMERAL_BIT1 (iSUB True n m))
  8.2091 +           (%m. iDUB (iSUB True n m))
  8.2092 +     else iBIT_cases x (NUMERAL_BIT1 n) (%m. iDUB (iSUB True n m))
  8.2093 +           (%m. NUMERAL_BIT1 (iSUB False n m))))"
  8.2094 +  by (import numeral iSUB_DEF)
  8.2095 +
  8.2096 +lemma bit_induction: "ALL P.
  8.2097 +   P ALT_ZERO &
  8.2098 +   (ALL n. P n --> P (NUMERAL_BIT1 n)) &
  8.2099 +   (ALL n. P n --> P (NUMERAL_BIT2 n)) -->
  8.2100 +   All P"
  8.2101 +  by (import numeral bit_induction)
  8.2102 +
  8.2103 +lemma iSUB_THM: "ALL xa xb xc.
  8.2104 +   iSUB xa ALT_ZERO x = ALT_ZERO &
  8.2105 +   iSUB True xb ALT_ZERO = xb &
  8.2106 +   iSUB False (NUMERAL_BIT1 xb) ALT_ZERO = iDUB xb &
  8.2107 +   iSUB True (NUMERAL_BIT1 xb) (NUMERAL_BIT1 xc) = iDUB (iSUB True xb xc) &
  8.2108 +   iSUB False (NUMERAL_BIT1 xb) (NUMERAL_BIT1 xc) =
  8.2109 +   NUMERAL_BIT1 (iSUB False xb xc) &
  8.2110 +   iSUB True (NUMERAL_BIT1 xb) (NUMERAL_BIT2 xc) =
  8.2111 +   NUMERAL_BIT1 (iSUB False xb xc) &
  8.2112 +   iSUB False (NUMERAL_BIT1 xb) (NUMERAL_BIT2 xc) =
  8.2113 +   iDUB (iSUB False xb xc) &
  8.2114 +   iSUB False (NUMERAL_BIT2 xb) ALT_ZERO = NUMERAL_BIT1 xb &
  8.2115 +   iSUB True (NUMERAL_BIT2 xb) (NUMERAL_BIT1 xc) =
  8.2116 +   NUMERAL_BIT1 (iSUB True xb xc) &
  8.2117 +   iSUB False (NUMERAL_BIT2 xb) (NUMERAL_BIT1 xc) = iDUB (iSUB True xb xc) &
  8.2118 +   iSUB True (NUMERAL_BIT2 xb) (NUMERAL_BIT2 xc) = iDUB (iSUB True xb xc) &
  8.2119 +   iSUB False (NUMERAL_BIT2 xb) (NUMERAL_BIT2 xc) =
  8.2120 +   NUMERAL_BIT1 (iSUB False xb xc)"
  8.2121 +  by (import numeral iSUB_THM)
  8.2122 +
  8.2123 +lemma numeral_sub: "ALL x xa.
  8.2124 +   NUMERAL (x - xa) = (if xa < x then NUMERAL (iSUB True x xa) else 0)"
  8.2125 +  by (import numeral numeral_sub)
  8.2126 +
  8.2127 +lemma iDUB_removal: "ALL x.
  8.2128 +   iDUB (NUMERAL_BIT1 x) = NUMERAL_BIT2 (iDUB x) &
  8.2129 +   iDUB (NUMERAL_BIT2 x) = NUMERAL_BIT2 (NUMERAL_BIT1 x) &
  8.2130 +   iDUB ALT_ZERO = ALT_ZERO"
  8.2131 +  by (import numeral iDUB_removal)
  8.2132 +
  8.2133 +lemma numeral_mult: "ALL x xa.
  8.2134 +   ALT_ZERO * x = ALT_ZERO &
  8.2135 +   x * ALT_ZERO = ALT_ZERO &
  8.2136 +   NUMERAL_BIT1 x * xa = iZ (iDUB (x * xa) + xa) &
  8.2137 +   NUMERAL_BIT2 x * xa = iDUB (iZ (x * xa + xa))"
  8.2138 +  by (import numeral numeral_mult)
  8.2139 +
  8.2140 +constdefs
  8.2141 +  iSQR :: "nat => nat" 
  8.2142 +  "iSQR == %x. x * x"
  8.2143 +
  8.2144 +lemma iSQR: "ALL x. iSQR x = x * x"
  8.2145 +  by (import numeral iSQR)
  8.2146 +
  8.2147 +lemma numeral_exp: "(ALL x. x ^ ALT_ZERO = NUMERAL_BIT1 ALT_ZERO) &
  8.2148 +(ALL x xa. x ^ NUMERAL_BIT1 xa = x * iSQR (x ^ xa)) &
  8.2149 +(ALL x xa. x ^ NUMERAL_BIT2 xa = iSQR x * iSQR (x ^ xa))"
  8.2150 +  by (import numeral numeral_exp)
  8.2151 +
  8.2152 +lemma numeral_evenodd: "ALL x.
  8.2153 +   EVEN ALT_ZERO &
  8.2154 +   EVEN (NUMERAL_BIT2 x) &
  8.2155 +   ~ EVEN (NUMERAL_BIT1 x) &
  8.2156 +   ~ ODD ALT_ZERO & ~ ODD (NUMERAL_BIT2 x) & ODD (NUMERAL_BIT1 x)"
  8.2157 +  by (import numeral numeral_evenodd)
  8.2158 +
  8.2159 +lemma numeral_fact: "ALL n. FACT n = (if n = 0 then 1 else n * FACT (PRE n))"
  8.2160 +  by (import numeral numeral_fact)
  8.2161 +
  8.2162 +lemma numeral_funpow: "ALL n. (f ^ n) x = (if n = 0 then x else (f ^ (n - 1)) (f x))"
  8.2163 +  by (import numeral numeral_funpow)
  8.2164 +
  8.2165 +;end_setup
  8.2166 +
  8.2167 +;setup_theory ind_type
  8.2168 +
  8.2169 +lemma INJ_INVERSE2: "ALL P::'A => 'B => 'C.
  8.2170 +   (ALL (x1::'A) (y1::'B) (x2::'A) y2::'B.
  8.2171 +       (P x1 y1 = P x2 y2) = (x1 = x2 & y1 = y2)) -->
  8.2172 +   (EX (x::'C => 'A) Y::'C => 'B.
  8.2173 +       ALL (xa::'A) y::'B. x (P xa y) = xa & Y (P xa y) = y)"
  8.2174 +  by (import ind_type INJ_INVERSE2)
  8.2175 +
  8.2176 +constdefs
  8.2177 +  NUMPAIR :: "nat => nat => nat" 
  8.2178 +  "NUMPAIR == %x y. 2 ^ x * (2 * y + 1)"
  8.2179 +
  8.2180 +lemma NUMPAIR: "ALL x y. NUMPAIR x y = 2 ^ x * (2 * y + 1)"
  8.2181 +  by (import ind_type NUMPAIR)
  8.2182 +
  8.2183 +lemma NUMPAIR_INJ_LEMMA: "ALL x xa xb xc. NUMPAIR x xa = NUMPAIR xb xc --> x = xb"
  8.2184 +  by (import ind_type NUMPAIR_INJ_LEMMA)
  8.2185 +
  8.2186 +lemma NUMPAIR_INJ: "ALL x1 y1 x2 y2. (NUMPAIR x1 y1 = NUMPAIR x2 y2) = (x1 = x2 & y1 = y2)"
  8.2187 +  by (import ind_type NUMPAIR_INJ)
  8.2188 +
  8.2189 +consts
  8.2190 +  NUMSND :: "nat => nat" 
  8.2191 +  NUMFST :: "nat => nat" 
  8.2192 +
  8.2193 +specification (NUMFST NUMSND) NUMPAIR_DEST: "ALL x y. NUMFST (NUMPAIR x y) = x & NUMSND (NUMPAIR x y) = y"
  8.2194 +  by (import ind_type NUMPAIR_DEST)
  8.2195 +
  8.2196 +constdefs
  8.2197 +  NUMSUM :: "bool => nat => nat" 
  8.2198 +  "NUMSUM == %b x. if b then Suc (2 * x) else 2 * x"
  8.2199 +
  8.2200 +lemma NUMSUM: "ALL b x. NUMSUM b x = (if b then Suc (2 * x) else 2 * x)"
  8.2201 +  by (import ind_type NUMSUM)
  8.2202 +
  8.2203 +lemma NUMSUM_INJ: "ALL b1 x1 b2 x2. (NUMSUM b1 x1 = NUMSUM b2 x2) = (b1 = b2 & x1 = x2)"
  8.2204 +  by (import ind_type NUMSUM_INJ)
  8.2205 +
  8.2206 +consts
  8.2207 +  NUMRIGHT :: "nat => nat" 
  8.2208 +  NUMLEFT :: "nat => bool" 
  8.2209 +
  8.2210 +specification (NUMLEFT NUMRIGHT) NUMSUM_DEST: "ALL x y. NUMLEFT (NUMSUM x y) = x & NUMRIGHT (NUMSUM x y) = y"
  8.2211 +  by (import ind_type NUMSUM_DEST)
  8.2212 +
  8.2213 +constdefs
  8.2214 +  INJN :: "nat => nat => 'a => bool" 
  8.2215 +  "INJN == %m n a. n = m"
  8.2216 +
  8.2217 +lemma INJN: "ALL m. INJN m = (%n a. n = m)"
  8.2218 +  by (import ind_type INJN)
  8.2219 +
  8.2220 +lemma INJN_INJ: "ALL n1 n2. (INJN n1 = INJN n2) = (n1 = n2)"
  8.2221 +  by (import ind_type INJN_INJ)
  8.2222 +
  8.2223 +constdefs
  8.2224 +  INJA :: "'a => nat => 'a => bool" 
  8.2225 +  "INJA == %a n b. b = a"
  8.2226 +
  8.2227 +lemma INJA: "ALL a. INJA a = (%n b. b = a)"
  8.2228 +  by (import ind_type INJA)
  8.2229 +
  8.2230 +lemma INJA_INJ: "ALL a1 a2. (INJA a1 = INJA a2) = (a1 = a2)"
  8.2231 +  by (import ind_type INJA_INJ)
  8.2232 +
  8.2233 +constdefs
  8.2234 +  INJF :: "(nat => nat => 'a => bool) => nat => 'a => bool" 
  8.2235 +  "INJF == %f n. f (NUMFST n) (NUMSND n)"
  8.2236 +
  8.2237 +lemma INJF: "ALL f. INJF f = (%n. f (NUMFST n) (NUMSND n))"
  8.2238 +  by (import ind_type INJF)
  8.2239 +
  8.2240 +lemma INJF_INJ: "ALL f1 f2. (INJF f1 = INJF f2) = (f1 = f2)"
  8.2241 +  by (import ind_type INJF_INJ)
  8.2242 +
  8.2243 +constdefs
  8.2244 +  INJP :: "(nat => 'a => bool) => (nat => 'a => bool) => nat => 'a => bool" 
  8.2245 +  "INJP ==
  8.2246 +%f1 f2 n a. if NUMLEFT n then f1 (NUMRIGHT n) a else f2 (NUMRIGHT n) a"
  8.2247 +
  8.2248 +lemma INJP: "ALL f1 f2.
  8.2249 +   INJP f1 f2 =
  8.2250 +   (%n a. if NUMLEFT n then f1 (NUMRIGHT n) a else f2 (NUMRIGHT n) a)"
  8.2251 +  by (import ind_type INJP)
  8.2252 +
  8.2253 +lemma INJP_INJ: "ALL f1 f1' f2 f2'. (INJP f1 f2 = INJP f1' f2') = (f1 = f1' & f2 = f2')"
  8.2254 +  by (import ind_type INJP_INJ)
  8.2255 +
  8.2256 +constdefs
  8.2257 +  ZCONSTR :: "nat => 'a => (nat => nat => 'a => bool) => nat => 'a => bool" 
  8.2258 +  "ZCONSTR == %c i r. INJP (INJN (Suc c)) (INJP (INJA i) (INJF r))"
  8.2259 +
  8.2260 +lemma ZCONSTR: "ALL c i r. ZCONSTR c i r = INJP (INJN (Suc c)) (INJP (INJA i) (INJF r))"
  8.2261 +  by (import ind_type ZCONSTR)
  8.2262 +
  8.2263 +constdefs
  8.2264 +  ZBOT :: "nat => 'a => bool" 
  8.2265 +  "ZBOT == INJP (INJN 0) (SOME z. True)"
  8.2266 +
  8.2267 +lemma ZBOT: "ZBOT = INJP (INJN 0) (SOME z. True)"
  8.2268 +  by (import ind_type ZBOT)
  8.2269 +
  8.2270 +lemma ZCONSTR_ZBOT: "ALL x xa xb. ZCONSTR x xa xb ~= ZBOT"
  8.2271 +  by (import ind_type ZCONSTR_ZBOT)
  8.2272 +
  8.2273 +constdefs
  8.2274 +  ZRECSPACE :: "(nat => 'a => bool) => bool" 
  8.2275 +  "ZRECSPACE ==
  8.2276 +%a0. ALL ZRECSPACE'.
  8.2277 +        (ALL a0.
  8.2278 +            a0 = ZBOT |
  8.2279 +            (EX c i r. a0 = ZCONSTR c i r & (ALL n. ZRECSPACE' (r n))) -->
  8.2280 +            ZRECSPACE' a0) -->
  8.2281 +        ZRECSPACE' a0"
  8.2282 +
  8.2283 +lemma ZRECSPACE: "ZRECSPACE =
  8.2284 +(%a0. ALL ZRECSPACE'.
  8.2285 +         (ALL a0.
  8.2286 +             a0 = ZBOT |
  8.2287 +             (EX c i r. a0 = ZCONSTR c i r & (ALL n. ZRECSPACE' (r n))) -->
  8.2288 +             ZRECSPACE' a0) -->
  8.2289 +         ZRECSPACE' a0)"
  8.2290 +  by (import ind_type ZRECSPACE)
  8.2291 +
  8.2292 +lemma ZRECSPACE_rules: "(op &::bool => bool => bool)
  8.2293 + ((ZRECSPACE::(nat => 'a => bool) => bool) (ZBOT::nat => 'a => bool))
  8.2294 + ((All::(nat => bool) => bool)
  8.2295 +   (%c::nat.
  8.2296 +       (All::('a => bool) => bool)
  8.2297 +        (%i::'a.
  8.2298 +            (All::((nat => nat => 'a => bool) => bool) => bool)
  8.2299 +             (%r::nat => nat => 'a => bool.
  8.2300 +                 (op -->::bool => bool => bool)
  8.2301 +                  ((All::(nat => bool) => bool)
  8.2302 +                    (%n::nat.
  8.2303 +                        (ZRECSPACE::(nat => 'a => bool) => bool) (r n)))
  8.2304 +                  ((ZRECSPACE::(nat => 'a => bool) => bool)
  8.2305 +                    ((ZCONSTR::nat
  8.2306 +                               => 'a => (nat => nat => 'a => bool)
  8.2307 +  => nat => 'a => bool)
  8.2308 +                      c i r))))))"
  8.2309 +  by (import ind_type ZRECSPACE_rules)
  8.2310 +
  8.2311 +lemma ZRECSPACE_ind: "ALL x.
  8.2312 +   x ZBOT & (ALL c i r. (ALL n. x (r n)) --> x (ZCONSTR c i r)) -->
  8.2313 +   (ALL a0. ZRECSPACE a0 --> x a0)"
  8.2314 +  by (import ind_type ZRECSPACE_ind)
  8.2315 +
  8.2316 +lemma ZRECSPACE_cases: "ALL a0.
  8.2317 +   ZRECSPACE a0 =
  8.2318 +   (a0 = ZBOT | (EX c i r. a0 = ZCONSTR c i r & (ALL n. ZRECSPACE (r n))))"
  8.2319 +  by (import ind_type ZRECSPACE_cases)
  8.2320 +
  8.2321 +typedef (open) ('a) recspace = "(Collect::((nat => 'a => bool) => bool) => (nat => 'a => bool) set)
  8.2322 + (ZRECSPACE::(nat => 'a => bool) => bool)" 
  8.2323 +  by (rule typedef_helper,import ind_type recspace_TY_DEF)
  8.2324 +
  8.2325 +lemmas recspace_TY_DEF = typedef_hol2hol4 [OF type_definition_recspace]
  8.2326 +
  8.2327 +consts
  8.2328 +  mk_rec :: "(nat => 'a => bool) => 'a recspace" 
  8.2329 +  dest_rec :: "'a recspace => nat => 'a => bool" 
  8.2330 +
  8.2331 +specification (dest_rec mk_rec) recspace_repfns: "(ALL a::'a recspace. mk_rec (dest_rec a) = a) &
  8.2332 +(ALL r::nat => 'a => bool. ZRECSPACE r = (dest_rec (mk_rec r) = r))"
  8.2333 +  by (import ind_type recspace_repfns)
  8.2334 +
  8.2335 +constdefs
  8.2336 +  BOTTOM :: "'a recspace" 
  8.2337 +  "BOTTOM == mk_rec ZBOT"
  8.2338 +
  8.2339 +lemma BOTTOM: "BOTTOM = mk_rec ZBOT"
  8.2340 +  by (import ind_type BOTTOM)
  8.2341 +
  8.2342 +constdefs
  8.2343 +  CONSTR :: "nat => 'a => (nat => 'a recspace) => 'a recspace" 
  8.2344 +  "CONSTR == %c i r. mk_rec (ZCONSTR c i (%n. dest_rec (r n)))"
  8.2345 +
  8.2346 +lemma CONSTR: "ALL c i r. CONSTR c i r = mk_rec (ZCONSTR c i (%n. dest_rec (r n)))"
  8.2347 +  by (import ind_type CONSTR)
  8.2348 +
  8.2349 +lemma MK_REC_INJ: "ALL x y. mk_rec x = mk_rec y --> ZRECSPACE x & ZRECSPACE y --> x = y"
  8.2350 +  by (import ind_type MK_REC_INJ)
  8.2351 +
  8.2352 +lemma DEST_REC_INJ: "ALL x y. (dest_rec x = dest_rec y) = (x = y)"
  8.2353 +  by (import ind_type DEST_REC_INJ)
  8.2354 +
  8.2355 +lemma CONSTR_BOT: "ALL c i r. CONSTR c i r ~= BOTTOM"
  8.2356 +  by (import ind_type CONSTR_BOT)
  8.2357 +
  8.2358 +lemma CONSTR_INJ: "ALL c1 i1 r1 c2 i2 r2.
  8.2359 +   (CONSTR c1 i1 r1 = CONSTR c2 i2 r2) = (c1 = c2 & i1 = i2 & r1 = r2)"
  8.2360 +  by (import ind_type CONSTR_INJ)
  8.2361 +
  8.2362 +lemma CONSTR_IND: "ALL P.
  8.2363 +   P BOTTOM & (ALL c i r. (ALL n. P (r n)) --> P (CONSTR c i r)) --> All P"
  8.2364 +  by (import ind_type CONSTR_IND)
  8.2365 +
  8.2366 +lemma CONSTR_REC: "ALL Fn. EX f. ALL c i r. f (CONSTR c i r) = Fn c i r (%n. f (r n))"
  8.2367 +  by (import ind_type CONSTR_REC)
  8.2368 +
  8.2369 +consts
  8.2370 +  FCONS :: "'a => (nat => 'a) => nat => 'a" 
  8.2371 +
  8.2372 +specification (FCONS) FCONS: "(ALL (a::'a) f::nat => 'a. FCONS a f (0::nat) = a) &
  8.2373 +(ALL (a::'a) (f::nat => 'a) n::nat. FCONS a f (Suc n) = f n)"
  8.2374 +  by (import ind_type FCONS)
  8.2375 +
  8.2376 +constdefs
  8.2377 +  FNIL :: "nat => 'a" 
  8.2378 +  "FNIL == %n. SOME x. True"
  8.2379 +
  8.2380 +lemma FNIL: "ALL n. FNIL n = (SOME x. True)"
  8.2381 +  by (import ind_type FNIL)
  8.2382 +
  8.2383 +constdefs
  8.2384 +  ISO :: "('a => 'b) => ('b => 'a) => bool" 
  8.2385 +  "ISO == %f g. (ALL x. f (g x) = x) & (ALL y. g (f y) = y)"
  8.2386 +
  8.2387 +lemma ISO: "ALL f g. ISO f g = ((ALL x. f (g x) = x) & (ALL y. g (f y) = y))"
  8.2388 +  by (import ind_type ISO)
  8.2389 +
  8.2390 +lemma ISO_REFL: "ISO (%x. x) (%x. x)"
  8.2391 +  by (import ind_type ISO_REFL)
  8.2392 +
  8.2393 +lemma ISO_FUN: "ISO (f::'a => 'c) (f'::'c => 'a) & ISO (g::'b => 'd) (g'::'d => 'b) -->
  8.2394 +ISO (%(h::'a => 'b) a'::'c. g (h (f' a')))
  8.2395 + (%(h::'c => 'd) a::'a. g' (h (f a)))"
  8.2396 +  by (import ind_type ISO_FUN)
  8.2397 +
  8.2398 +lemma ISO_USAGE: "ISO f g -->
  8.2399 +(ALL P. All P = (ALL x. P (g x))) &
  8.2400 +(ALL P. Ex P = (EX x. P (g x))) & (ALL a b. (a = g b) = (f a = b))"
  8.2401 +  by (import ind_type ISO_USAGE)
  8.2402 +
  8.2403 +;end_setup
  8.2404 +
  8.2405 +;setup_theory divides
  8.2406 +
  8.2407 +lemma ONE_DIVIDES_ALL: "All (op dvd (1::nat))"
  8.2408 +  by (import divides ONE_DIVIDES_ALL)
  8.2409 +
  8.2410 +lemma DIVIDES_ADD_2: "ALL (a::nat) (b::nat) c::nat. a dvd b & a dvd b + c --> a dvd c"
  8.2411 +  by (import divides DIVIDES_ADD_2)
  8.2412 +
  8.2413 +lemma NOT_LT_DIV: "ALL (a::nat) b::nat. (0::nat) < b & b < a --> ~ a dvd b"
  8.2414 +  by (import divides NOT_LT_DIV)
  8.2415 +
  8.2416 +lemma DIVIDES_FACT: "ALL b. 0 < b --> b dvd FACT b"
  8.2417 +  by (import divides DIVIDES_FACT)
  8.2418 +
  8.2419 +lemma DIVIDES_MULT_LEFT: "ALL (x::nat) xa::nat. (x * xa dvd xa) = (xa = (0::nat) | x = (1::nat))"
  8.2420 +  by (import divides DIVIDES_MULT_LEFT)
  8.2421 +
  8.2422 +;end_setup
  8.2423 +
  8.2424 +;setup_theory prime
  8.2425 +
  8.2426 +consts
  8.2427 +  prime :: "nat => bool" 
  8.2428 +
  8.2429 +defs
  8.2430 +  prime_primdef: "prime.prime == %a. a ~= 1 & (ALL b. b dvd a --> b = a | b = 1)"
  8.2431 +
  8.2432 +lemma prime_def: "ALL a. prime.prime a = (a ~= 1 & (ALL b. b dvd a --> b = a | b = 1))"
  8.2433 +  by (import prime prime_def)
  8.2434 +
  8.2435 +lemma NOT_PRIME_0: "~ prime.prime 0"
  8.2436 +  by (import prime NOT_PRIME_0)
  8.2437 +
  8.2438 +lemma NOT_PRIME_1: "~ prime.prime 1"
  8.2439 +  by (import prime NOT_PRIME_1)
  8.2440 +
  8.2441 +;end_setup
  8.2442 +
  8.2443 +;setup_theory list
  8.2444 +
  8.2445 +consts
  8.2446 +  EL :: "nat => 'a list => 'a" 
  8.2447 +
  8.2448 +specification (EL) EL: "(ALL l::'a list. EL (0::nat) l = hd l) &
  8.2449 +(ALL (l::'a list) n::nat. EL (Suc n) l = EL n (tl l))"
  8.2450 +  by (import list EL)
  8.2451 +
  8.2452 +lemma NULL: "(op &::bool => bool => bool) ((null::'a list => bool) ([]::'a list))
  8.2453 + ((All::('a => bool) => bool)
  8.2454 +   (%x::'a.
  8.2455 +       (All::('a list => bool) => bool)
  8.2456 +        (%xa::'a list.
  8.2457 +            (Not::bool => bool)
  8.2458 +             ((null::'a list => bool)
  8.2459 +               ((op #::'a => 'a list => 'a list) x xa)))))"
  8.2460 +  by (import list NULL)
  8.2461 +
  8.2462 +lemma list_case_compute: "ALL l. list_case b f l = (if null l then b else f (hd l) (tl l))"
  8.2463 +  by (import list list_case_compute)
  8.2464 +
  8.2465 +lemma LIST_NOT_EQ: "ALL l1 l2. l1 ~= l2 --> (ALL x xa. x # l1 ~= xa # l2)"
  8.2466 +  by (import list LIST_NOT_EQ)
  8.2467 +
  8.2468 +lemma NOT_EQ_LIST: "ALL h1 h2. h1 ~= h2 --> (ALL x xa. h1 # x ~= h2 # xa)"
  8.2469 +  by (import list NOT_EQ_LIST)
  8.2470 +
  8.2471 +lemma EQ_LIST: "ALL h1 h2. h1 = h2 --> (ALL l1 l2. l1 = l2 --> h1 # l1 = h2 # l2)"
  8.2472 +  by (import list EQ_LIST)
  8.2473 +
  8.2474 +lemma CONS: "ALL l. ~ null l --> hd l # tl l = l"
  8.2475 +  by (import list CONS)
  8.2476 +
  8.2477 +lemma MAP_EQ_NIL: "ALL l f. (map f l = []) = (l = []) & ([] = map f l) = (l = [])"
  8.2478 +  by (import list MAP_EQ_NIL)
  8.2479 +
  8.2480 +lemma EVERY_EL: "ALL l P. list_all P l = (ALL n<length l. P (EL n l))"
  8.2481 +  by (import list EVERY_EL)
  8.2482 +
  8.2483 +lemma EVERY_CONJ: "ALL l. list_all (%x. P x & Q x) l = (list_all P l & list_all Q l)"
  8.2484 +  by (import list EVERY_CONJ)
  8.2485 +
  8.2486 +lemma EVERY_MEM: "ALL P l. list_all P l = (ALL e. e mem l --> P e)"
  8.2487 +  by (import list EVERY_MEM)
  8.2488 +
  8.2489 +lemma EXISTS_MEM: "ALL P l. list_exists P l = (EX e. e mem l & P e)"
  8.2490 +  by (import list EXISTS_MEM)
  8.2491 +
  8.2492 +lemma MEM_APPEND: "ALL e l1 l2. e mem l1 @ l2 = (e mem l1 | e mem l2)"
  8.2493 +  by (import list MEM_APPEND)
  8.2494 +
  8.2495 +lemma EXISTS_APPEND: "ALL P l1 l2. list_exists P (l1 @ l2) = (list_exists P l1 | list_exists P l2)"
  8.2496 +  by (import list EXISTS_APPEND)
  8.2497 +
  8.2498 +lemma NOT_EVERY: "ALL P l. (~ list_all P l) = list_exists (Not o P) l"
  8.2499 +  by (import list NOT_EVERY)
  8.2500 +
  8.2501 +lemma NOT_EXISTS: "ALL P l. (~ list_exists P l) = list_all (Not o P) l"
  8.2502 +  by (import list NOT_EXISTS)
  8.2503 +
  8.2504 +lemma MEM_MAP: "ALL l f x. x mem map f l = (EX y. x = f y & y mem l)"
  8.2505 +  by (import list MEM_MAP)
  8.2506 +
  8.2507 +lemma LENGTH_CONS: "ALL l n. (length l = Suc n) = (EX h l'. length l' = n & l = h # l')"
  8.2508 +  by (import list LENGTH_CONS)
  8.2509 +
  8.2510 +lemma LENGTH_EQ_CONS: "ALL P n.
  8.2511 +   (ALL l. length l = Suc n --> P l) =
  8.2512 +   (ALL l. length l = n --> (ALL x. P (x # l)))"
  8.2513 +  by (import list LENGTH_EQ_CONS)
  8.2514 +
  8.2515 +lemma LENGTH_EQ_NIL: "ALL P. (ALL l. length l = 0 --> P l) = P []"
  8.2516 +  by (import list LENGTH_EQ_NIL)
  8.2517 +
  8.2518 +lemma CONS_ACYCLIC: "ALL l x. l ~= x # l & x # l ~= l"
  8.2519 +  by (import list CONS_ACYCLIC)
  8.2520 +
  8.2521 +lemma APPEND_eq_NIL: "(ALL (l1::'a list) l2::'a list. ([] = l1 @ l2) = (l1 = [] & l2 = [])) &
  8.2522 +(ALL (l1::'a list) l2::'a list. (l1 @ l2 = []) = (l1 = [] & l2 = []))"
  8.2523 +  by (import list APPEND_eq_NIL)
  8.2524 +
  8.2525 +lemma APPEND_11: "(ALL (l1::'a list) (l2::'a list) l3::'a list.
  8.2526 +    (l1 @ l2 = l1 @ l3) = (l2 = l3)) &
  8.2527 +(ALL (l1::'a list) (l2::'a list) l3::'a list.
  8.2528 +    (l2 @ l1 = l3 @ l1) = (l2 = l3))"
  8.2529 +  by (import list APPEND_11)
  8.2530 +
  8.2531 +lemma EL_compute: "ALL n. EL n l = (if n = 0 then hd l else EL (PRE n) (tl l))"
  8.2532 +  by (import list EL_compute)
  8.2533 +
  8.2534 +lemma WF_LIST_PRED: "WF (%L1 L2. EX h. L2 = h # L1)"
  8.2535 +  by (import list WF_LIST_PRED)
  8.2536 +
  8.2537 +lemma list_size_cong: "ALL M N f f'.
  8.2538 +   M = N & (ALL x. x mem N --> f x = f' x) -->
  8.2539 +   list_size f M = list_size f' N"
  8.2540 +  by (import list list_size_cong)
  8.2541 +
  8.2542 +lemma FOLDR_CONG: "ALL l l' b b' f f'.
  8.2543 +   l = l' & b = b' & (ALL x a. x mem l' --> f x a = f' x a) -->
  8.2544 +   foldr f l b = foldr f' l' b'"
  8.2545 +  by (import list FOLDR_CONG)
  8.2546 +
  8.2547 +lemma FOLDL_CONG: "ALL l l' b b' f f'.
  8.2548 +   l = l' & b = b' & (ALL x a. x mem l' --> f a x = f' a x) -->
  8.2549 +   foldl f b l = foldl f' b' l'"
  8.2550 +  by (import list FOLDL_CONG)
  8.2551 +
  8.2552 +lemma MAP_CONG: "ALL l1 l2 f f'.
  8.2553 +   l1 = l2 & (ALL x. x mem l2 --> f x = f' x) --> map f l1 = map f' l2"
  8.2554 +  by (import list MAP_CONG)
  8.2555 +
  8.2556 +lemma EXISTS_CONG: "ALL l1 l2 P P'.
  8.2557 +   l1 = l2 & (ALL x. x mem l2 --> P x = P' x) -->
  8.2558 +   list_exists P l1 = list_exists P' l2"
  8.2559 +  by (import list EXISTS_CONG)
  8.2560 +
  8.2561 +lemma EVERY_CONG: "ALL l1 l2 P P'.
  8.2562 +   l1 = l2 & (ALL x. x mem l2 --> P x = P' x) -->
  8.2563 +   list_all P l1 = list_all P' l2"
  8.2564 +  by (import list EVERY_CONG)
  8.2565 +
  8.2566 +lemma EVERY_MONOTONIC: "ALL P Q. (ALL x. P x --> Q x) --> (ALL l. list_all P l --> list_all Q l)"
  8.2567 +  by (import list EVERY_MONOTONIC)
  8.2568 +
  8.2569 +lemma LENGTH_ZIP: "ALL l1 l2.
  8.2570 +   length l1 = length l2 -->
  8.2571 +   length (zip l1 l2) = length l1 & length (zip l1 l2) = length l2"
  8.2572 +  by (import list LENGTH_ZIP)
  8.2573 +
  8.2574 +lemma LENGTH_UNZIP: "ALL pl.
  8.2575 +   length (fst (unzip pl)) = length pl & length (snd (unzip pl)) = length pl"
  8.2576 +  by (import list LENGTH_UNZIP)
  8.2577 +
  8.2578 +lemma ZIP_UNZIP: "ALL l. ZIP (unzip l) = l"
  8.2579 +  by (import list ZIP_UNZIP)
  8.2580 +
  8.2581 +lemma UNZIP_ZIP: "ALL l1 l2. length l1 = length l2 --> unzip (zip l1 l2) = (l1, l2)"
  8.2582 +  by (import list UNZIP_ZIP)
  8.2583 +
  8.2584 +lemma ZIP_MAP: "ALL l1 l2 f1 f2.
  8.2585 +   length l1 = length l2 -->
  8.2586 +   zip (map f1 l1) l2 = map (%p. (f1 (fst p), snd p)) (zip l1 l2) &
  8.2587 +   zip l1 (map f2 l2) = map (%p. (fst p, f2 (snd p))) (zip l1 l2)"
  8.2588 +  by (import list ZIP_MAP)
  8.2589 +
  8.2590 +lemma MEM_ZIP: "ALL l1 l2 p.
  8.2591 +   length l1 = length l2 -->
  8.2592 +   p mem zip l1 l2 = (EX n<length l1. p = (EL n l1, EL n l2))"
  8.2593 +  by (import list MEM_ZIP)
  8.2594 +
  8.2595 +lemma EL_ZIP: "ALL l1 l2 n.
  8.2596 +   length l1 = length l2 & n < length l1 -->
  8.2597 +   EL n (zip l1 l2) = (EL n l1, EL n l2)"
  8.2598 +  by (import list EL_ZIP)
  8.2599 +
  8.2600 +lemma MAP2_ZIP: "ALL l1 l2.
  8.2601 +   length l1 = length l2 -->
  8.2602 +   (ALL f. map2 f l1 l2 = map (split f) (zip l1 l2))"
  8.2603 +  by (import list MAP2_ZIP)
  8.2604 +
  8.2605 +lemma MEM_EL: "ALL l x. x mem l = (EX n<length l. x = EL n l)"
  8.2606 +  by (import list MEM_EL)
  8.2607 +
  8.2608 +lemma LAST_CONS: "(ALL x::'a. last [x] = x) &
  8.2609 +(ALL (x::'a) (xa::'a) xb::'a list. last (x # xa # xb) = last (xa # xb))"
  8.2610 +  by (import list LAST_CONS)
  8.2611 +
  8.2612 +lemma FRONT_CONS: "(ALL x::'a. butlast [x] = []) &
  8.2613 +(ALL (x::'a) (xa::'a) xb::'a list.
  8.2614 +    butlast (x # xa # xb) = x # butlast (xa # xb))"
  8.2615 +  by (import list FRONT_CONS)
  8.2616 +
  8.2617 +;end_setup
  8.2618 +
  8.2619 +;setup_theory pred_set
  8.2620 +
  8.2621 +lemma EXTENSION: "ALL s t. (s = t) = (ALL x. IN x s = IN x t)"
  8.2622 +  by (import pred_set EXTENSION)
  8.2623 +
  8.2624 +lemma NOT_EQUAL_SETS: "ALL x xa. (x ~= xa) = (EX xb. IN xb xa = (~ IN xb x))"
  8.2625 +  by (import pred_set NOT_EQUAL_SETS)
  8.2626 +
  8.2627 +lemma NUM_SET_WOP: "ALL s::nat => bool.
  8.2628 +   (EX n::nat. IN n s) =
  8.2629 +   (EX n::nat. IN n s & (ALL m::nat. IN m s --> n <= m))"
  8.2630 +  by (import pred_set NUM_SET_WOP)
  8.2631 +
  8.2632 +consts
  8.2633 +  GSPEC :: "('b => 'a * bool) => 'a => bool" 
  8.2634 +
  8.2635 +specification (GSPEC) GSPECIFICATION: "ALL (f::'b => 'a * bool) v::'a. IN v (GSPEC f) = (EX x::'b. (v, True) = f x)"
  8.2636 +  by (import pred_set GSPECIFICATION)
  8.2637 +
  8.2638 +lemma SET_MINIMUM: "ALL (s::'a => bool) M::'a => nat.
  8.2639 +   (EX x::'a. IN x s) =
  8.2640 +   (EX x::'a. IN x s & (ALL y::'a. IN y s --> M x <= M y))"
  8.2641 +  by (import pred_set SET_MINIMUM)
  8.2642 +
  8.2643 +constdefs
  8.2644 +  EMPTY :: "'a => bool" 
  8.2645 +  "EMPTY == %x. False"
  8.2646 +
  8.2647 +lemma EMPTY_DEF: "EMPTY = (%x. False)"
  8.2648 +  by (import pred_set EMPTY_DEF)
  8.2649 +
  8.2650 +lemma NOT_IN_EMPTY: "ALL x. ~ IN x EMPTY"
  8.2651 +  by (import pred_set NOT_IN_EMPTY)
  8.2652 +
  8.2653 +lemma MEMBER_NOT_EMPTY: "ALL x. (EX xa. IN xa x) = (x ~= EMPTY)"
  8.2654 +  by (import pred_set MEMBER_NOT_EMPTY)
  8.2655 +
  8.2656 +constdefs
  8.2657 +  UNIV :: "'a => bool" 
  8.2658 +  "pred_set.UNIV == %x. True"
  8.2659 +
  8.2660 +lemma UNIV_DEF: "pred_set.UNIV = (%x. True)"
  8.2661 +  by (import pred_set UNIV_DEF)
  8.2662 +
  8.2663 +lemma IN_UNIV: "ALL x. IN x pred_set.UNIV"
  8.2664 +  by (import pred_set IN_UNIV)
  8.2665 +
  8.2666 +lemma UNIV_NOT_EMPTY: "pred_set.UNIV ~= EMPTY"
  8.2667 +  by (import pred_set UNIV_NOT_EMPTY)
  8.2668 +
  8.2669 +lemma EMPTY_NOT_UNIV: "EMPTY ~= pred_set.UNIV"
  8.2670 +  by (import pred_set EMPTY_NOT_UNIV)
  8.2671 +
  8.2672 +lemma EQ_UNIV: "(ALL x. IN x s) = (s = pred_set.UNIV)"
  8.2673 +  by (import pred_set EQ_UNIV)
  8.2674 +
  8.2675 +constdefs
  8.2676 +  SUBSET :: "('a => bool) => ('a => bool) => bool" 
  8.2677 +  "SUBSET == %s t. ALL x. IN x s --> IN x t"
  8.2678 +
  8.2679 +lemma SUBSET_DEF: "ALL s t. SUBSET s t = (ALL x. IN x s --> IN x t)"
  8.2680 +  by (import pred_set SUBSET_DEF)
  8.2681 +
  8.2682 +lemma SUBSET_TRANS: "ALL x xa xb. SUBSET x xa & SUBSET xa xb --> SUBSET x xb"
  8.2683 +  by (import pred_set SUBSET_TRANS)
  8.2684 +
  8.2685 +lemma SUBSET_REFL: "ALL x. SUBSET x x"
  8.2686 +  by (import pred_set SUBSET_REFL)
  8.2687 +
  8.2688 +lemma SUBSET_ANTISYM: "ALL x xa. SUBSET x xa & SUBSET xa x --> x = xa"
  8.2689 +  by (import pred_set SUBSET_ANTISYM)
  8.2690 +
  8.2691 +lemma EMPTY_SUBSET: "All (SUBSET EMPTY)"
  8.2692 +  by (import pred_set EMPTY_SUBSET)
  8.2693 +
  8.2694 +lemma SUBSET_EMPTY: "ALL x. SUBSET x EMPTY = (x = EMPTY)"
  8.2695 +  by (import pred_set SUBSET_EMPTY)
  8.2696 +
  8.2697 +lemma SUBSET_UNIV: "ALL x. SUBSET x pred_set.UNIV"
  8.2698 +  by (import pred_set SUBSET_UNIV)
  8.2699 +
  8.2700 +lemma UNIV_SUBSET: "ALL x. SUBSET pred_set.UNIV x = (x = pred_set.UNIV)"
  8.2701 +  by (import pred_set UNIV_SUBSET)
  8.2702 +
  8.2703 +constdefs
  8.2704 +  PSUBSET :: "('a => bool) => ('a => bool) => bool" 
  8.2705 +  "PSUBSET == %s t. SUBSET s t & s ~= t"
  8.2706 +
  8.2707 +lemma PSUBSET_DEF: "ALL s t. PSUBSET s t = (SUBSET s t & s ~= t)"
  8.2708 +  by (import pred_set PSUBSET_DEF)
  8.2709 +
  8.2710 +lemma PSUBSET_TRANS: "ALL x xa xb. PSUBSET x xa & PSUBSET xa xb --> PSUBSET x xb"
  8.2711 +  by (import pred_set PSUBSET_TRANS)
  8.2712 +
  8.2713 +lemma PSUBSET_IRREFL: "ALL x. ~ PSUBSET x x"
  8.2714 +  by (import pred_set PSUBSET_IRREFL)
  8.2715 +
  8.2716 +lemma NOT_PSUBSET_EMPTY: "ALL x. ~ PSUBSET x EMPTY"
  8.2717 +  by (import pred_set NOT_PSUBSET_EMPTY)
  8.2718 +
  8.2719 +lemma NOT_UNIV_PSUBSET: "ALL x. ~ PSUBSET pred_set.UNIV x"
  8.2720 +  by (import pred_set NOT_UNIV_PSUBSET)
  8.2721 +
  8.2722 +lemma PSUBSET_UNIV: "ALL x. PSUBSET x pred_set.UNIV = (EX xa. ~ IN xa x)"
  8.2723 +  by (import pred_set PSUBSET_UNIV)
  8.2724 +
  8.2725 +constdefs
  8.2726 +  UNION :: "('a => bool) => ('a => bool) => 'a => bool" 
  8.2727 +  "pred_set.UNION == %s t. GSPEC (%x. (x, IN x s | IN x t))"
  8.2728 +
  8.2729 +lemma UNION_DEF: "ALL s t. pred_set.UNION s t = GSPEC (%x. (x, IN x s | IN x t))"
  8.2730 +  by (import pred_set UNION_DEF)
  8.2731 +
  8.2732 +lemma IN_UNION: "ALL x xa xb. IN xb (pred_set.UNION x xa) = (IN xb x | IN xb xa)"
  8.2733 +  by (import pred_set IN_UNION)
  8.2734 +
  8.2735 +lemma UNION_ASSOC: "ALL x xa xb.
  8.2736 +   pred_set.UNION x (pred_set.UNION xa xb) =
  8.2737 +   pred_set.UNION (pred_set.UNION x xa) xb"
  8.2738 +  by (import pred_set UNION_ASSOC)
  8.2739 +
  8.2740 +lemma UNION_IDEMPOT: "ALL x. pred_set.UNION x x = x"
  8.2741 +  by (import pred_set UNION_IDEMPOT)
  8.2742 +
  8.2743 +lemma UNION_COMM: "ALL x xa. pred_set.UNION x xa = pred_set.UNION xa x"
  8.2744 +  by (import pred_set UNION_COMM)
  8.2745 +
  8.2746 +lemma SUBSET_UNION: "(ALL (x::'a => bool) xa::'a => bool. SUBSET x (pred_set.UNION x xa)) &
  8.2747 +(ALL (x::'a => bool) xa::'a => bool. SUBSET x (pred_set.UNION xa x))"
  8.2748 +  by (import pred_set SUBSET_UNION)
  8.2749 +
  8.2750 +lemma UNION_SUBSET: "ALL s t u. SUBSET (pred_set.UNION s t) u = (SUBSET s u & SUBSET t u)"
  8.2751 +  by (import pred_set UNION_SUBSET)
  8.2752 +
  8.2753 +lemma SUBSET_UNION_ABSORPTION: "ALL x xa. SUBSET x xa = (pred_set.UNION x xa = xa)"
  8.2754 +  by (import pred_set SUBSET_UNION_ABSORPTION)
  8.2755 +
  8.2756 +lemma UNION_EMPTY: "(ALL x::'a => bool. pred_set.UNION EMPTY x = x) &
  8.2757 +(ALL x::'a => bool. pred_set.UNION x EMPTY = x)"
  8.2758 +  by (import pred_set UNION_EMPTY)
  8.2759 +
  8.2760 +lemma UNION_UNIV: "(ALL x::'a => bool. pred_set.UNION pred_set.UNIV x = pred_set.UNIV) &
  8.2761 +(ALL x::'a => bool. pred_set.UNION x pred_set.UNIV = pred_set.UNIV)"
  8.2762 +  by (import pred_set UNION_UNIV)
  8.2763 +
  8.2764 +lemma EMPTY_UNION: "ALL x xa. (pred_set.UNION x xa = EMPTY) = (x = EMPTY & xa = EMPTY)"
  8.2765 +  by (import pred_set EMPTY_UNION)
  8.2766 +
  8.2767 +constdefs
  8.2768 +  INTER :: "('a => bool) => ('a => bool) => 'a => bool" 
  8.2769 +  "pred_set.INTER == %s t. GSPEC (%x. (x, IN x s & IN x t))"
  8.2770 +
  8.2771 +lemma INTER_DEF: "ALL s t. pred_set.INTER s t = GSPEC (%x. (x, IN x s & IN x t))"
  8.2772 +  by (import pred_set INTER_DEF)
  8.2773 +
  8.2774 +lemma IN_INTER: "ALL x xa xb. IN xb (pred_set.INTER x xa) = (IN xb x & IN xb xa)"
  8.2775 +  by (import pred_set IN_INTER)
  8.2776 +
  8.2777 +lemma INTER_ASSOC: "ALL x xa xb.
  8.2778 +   pred_set.INTER x (pred_set.INTER xa xb) =
  8.2779 +   pred_set.INTER (pred_set.INTER x xa) xb"
  8.2780 +  by (import pred_set INTER_ASSOC)
  8.2781 +
  8.2782 +lemma INTER_IDEMPOT: "ALL x. pred_set.INTER x x = x"
  8.2783 +  by (import pred_set INTER_IDEMPOT)
  8.2784 +
  8.2785 +lemma INTER_COMM: "ALL x xa. pred_set.INTER x xa = pred_set.INTER xa x"
  8.2786 +  by (import pred_set INTER_COMM)
  8.2787 +
  8.2788 +lemma INTER_SUBSET: "(ALL (x::'a => bool) xa::'a => bool. SUBSET (pred_set.INTER x xa) x) &
  8.2789 +(ALL (x::'a => bool) xa::'a => bool. SUBSET (pred_set.INTER xa x) x)"
  8.2790 +  by (import pred_set INTER_SUBSET)
  8.2791 +
  8.2792 +lemma SUBSET_INTER: "ALL s t u. SUBSET s (pred_set.INTER t u) = (SUBSET s t & SUBSET s u)"
  8.2793 +  by (import pred_set SUBSET_INTER)
  8.2794 +
  8.2795 +lemma SUBSET_INTER_ABSORPTION: "ALL x xa. SUBSET x xa = (pred_set.INTER x xa = x)"
  8.2796 +  by (import pred_set SUBSET_INTER_ABSORPTION)
  8.2797 +
  8.2798 +lemma INTER_EMPTY: "(ALL x::'a => bool. pred_set.INTER EMPTY x = EMPTY) &
  8.2799 +(ALL x::'a => bool. pred_set.INTER x EMPTY = EMPTY)"
  8.2800 +  by (import pred_set INTER_EMPTY)
  8.2801 +
  8.2802 +lemma INTER_UNIV: "(ALL x::'a => bool. pred_set.INTER pred_set.UNIV x = x) &
  8.2803 +(ALL x::'a => bool. pred_set.INTER x pred_set.UNIV = x)"
  8.2804 +  by (import pred_set INTER_UNIV)
  8.2805 +
  8.2806 +lemma UNION_OVER_INTER: "ALL x xa xb.
  8.2807 +   pred_set.INTER x (pred_set.UNION xa xb) =
  8.2808 +   pred_set.UNION (pred_set.INTER x xa) (pred_set.INTER x xb)"
  8.2809 +  by (import pred_set UNION_OVER_INTER)
  8.2810 +
  8.2811 +lemma INTER_OVER_UNION: "ALL x xa xb.
  8.2812 +   pred_set.UNION x (pred_set.INTER xa xb) =
  8.2813 +   pred_set.INTER (pred_set.UNION x xa) (pred_set.UNION x xb)"
  8.2814 +  by (import pred_set INTER_OVER_UNION)
  8.2815 +
  8.2816 +constdefs
  8.2817 +  DISJOINT :: "('a => bool) => ('a => bool) => bool" 
  8.2818 +  "DISJOINT == %s t. pred_set.INTER s t = EMPTY"
  8.2819 +
  8.2820 +lemma DISJOINT_DEF: "ALL s t. DISJOINT s t = (pred_set.INTER s t = EMPTY)"
  8.2821 +  by (import pred_set DISJOINT_DEF)
  8.2822 +
  8.2823 +lemma IN_DISJOINT: "ALL x xa. DISJOINT x xa = (~ (EX xb. IN xb x & IN xb xa))"
  8.2824 +  by (import pred_set IN_DISJOINT)
  8.2825 +
  8.2826 +lemma DISJOINT_SYM: "ALL x xa. DISJOINT x xa = DISJOINT xa x"
  8.2827 +  by (import pred_set DISJOINT_SYM)
  8.2828 +
  8.2829 +lemma DISJOINT_EMPTY: "ALL x. DISJOINT EMPTY x & DISJOINT x EMPTY"
  8.2830 +  by (import pred_set DISJOINT_EMPTY)
  8.2831 +
  8.2832 +lemma DISJOINT_EMPTY_REFL: "ALL x. (x = EMPTY) = DISJOINT x x"
  8.2833 +  by (import pred_set DISJOINT_EMPTY_REFL)
  8.2834 +
  8.2835 +lemma DISJOINT_UNION: "ALL x xa xb.
  8.2836 +   DISJOINT (pred_set.UNION x xa) xb = (DISJOINT x xb & DISJOINT xa xb)"
  8.2837 +  by (import pred_set DISJOINT_UNION)
  8.2838 +
  8.2839 +lemma DISJOINT_UNION_BOTH: "ALL s t u.
  8.2840 +   DISJOINT (pred_set.UNION s t) u = (DISJOINT s u & DISJOINT t u) &
  8.2841 +   DISJOINT u (pred_set.UNION s t) = (DISJOINT s u & DISJOINT t u)"
  8.2842 +  by (import pred_set DISJOINT_UNION_BOTH)
  8.2843 +
  8.2844 +constdefs
  8.2845 +  DIFF :: "('a => bool) => ('a => bool) => 'a => bool" 
  8.2846 +  "DIFF == %s t. GSPEC (%x. (x, IN x s & ~ IN x t))"
  8.2847 +
  8.2848 +lemma DIFF_DEF: "ALL s t. DIFF s t = GSPEC (%x. (x, IN x s & ~ IN x t))"
  8.2849 +  by (import pred_set DIFF_DEF)
  8.2850 +
  8.2851 +lemma IN_DIFF: "ALL s t x. IN x (DIFF s t) = (IN x s & ~ IN x t)"
  8.2852 +  by (import pred_set IN_DIFF)
  8.2853 +
  8.2854 +lemma DIFF_EMPTY: "ALL s. DIFF s EMPTY = s"
  8.2855 +  by (import pred_set DIFF_EMPTY)
  8.2856 +
  8.2857 +lemma EMPTY_DIFF: "ALL s. DIFF EMPTY s = EMPTY"
  8.2858 +  by (import pred_set EMPTY_DIFF)
  8.2859 +
  8.2860 +lemma DIFF_UNIV: "ALL s. DIFF s pred_set.UNIV = EMPTY"
  8.2861 +  by (import pred_set DIFF_UNIV)
  8.2862 +
  8.2863 +lemma DIFF_DIFF: "ALL x xa. DIFF (DIFF x xa) xa = DIFF x xa"
  8.2864 +  by (import pred_set DIFF_DIFF)
  8.2865 +
  8.2866 +lemma DIFF_EQ_EMPTY: "ALL x. DIFF x x = EMPTY"
  8.2867 +  by (import pred_set DIFF_EQ_EMPTY)
  8.2868 +
  8.2869 +constdefs
  8.2870 +  INSERT :: "'a => ('a => bool) => 'a => bool" 
  8.2871 +  "INSERT == %x s. GSPEC (%y. (y, y = x | IN y s))"
  8.2872 +
  8.2873 +lemma INSERT_DEF: "ALL x s. INSERT x s = GSPEC (%y. (y, y = x | IN y s))"
  8.2874 +  by (import pred_set INSERT_DEF)
  8.2875 +
  8.2876 +lemma IN_INSERT: "ALL x xa xb. IN x (INSERT xa xb) = (x = xa | IN x xb)"
  8.2877 +  by (import pred_set IN_INSERT)
  8.2878 +
  8.2879 +lemma COMPONENT: "ALL x xa. IN x (INSERT x xa)"
  8.2880 +  by (import pred_set COMPONENT)
  8.2881 +
  8.2882 +lemma SET_CASES: "ALL x. x = EMPTY | (EX xa xb. x = INSERT xa xb & ~ IN xa xb)"
  8.2883 +  by (import pred_set SET_CASES)
  8.2884 +
  8.2885 +lemma DECOMPOSITION: "ALL s x. IN x s = (EX t. s = INSERT x t & ~ IN x t)"
  8.2886 +  by (import pred_set DECOMPOSITION)
  8.2887 +
  8.2888 +lemma ABSORPTION: "ALL x xa. IN x xa = (INSERT x xa = xa)"
  8.2889 +  by (import pred_set ABSORPTION)
  8.2890 +
  8.2891 +lemma INSERT_INSERT: "ALL x xa. INSERT x (INSERT x xa) = INSERT x xa"
  8.2892 +  by (import pred_set INSERT_INSERT)
  8.2893 +
  8.2894 +lemma INSERT_COMM: "ALL x xa xb. INSERT x (INSERT xa xb) = INSERT xa (INSERT x xb)"
  8.2895 +  by (import pred_set INSERT_COMM)
  8.2896 +
  8.2897 +lemma INSERT_UNIV: "ALL x. INSERT x pred_set.UNIV = pred_set.UNIV"
  8.2898 +  by (import pred_set INSERT_UNIV)
  8.2899 +
  8.2900 +lemma NOT_INSERT_EMPTY: "ALL x xa. INSERT x xa ~= EMPTY"
  8.2901 +  by (import pred_set NOT_INSERT_EMPTY)
  8.2902 +
  8.2903 +lemma NOT_EMPTY_INSERT: "ALL x xa. EMPTY ~= INSERT x xa"
  8.2904 +  by (import pred_set NOT_EMPTY_INSERT)
  8.2905 +
  8.2906 +lemma INSERT_UNION: "ALL x s t.
  8.2907 +   pred_set.UNION (INSERT x s) t =
  8.2908 +   (if IN x t then pred_set.UNION s t else INSERT x (pred_set.UNION s t))"
  8.2909 +  by (import pred_set INSERT_UNION)
  8.2910 +
  8.2911 +lemma INSERT_UNION_EQ: "ALL x s t. pred_set.UNION (INSERT x s) t = INSERT x (pred_set.UNION s t)"
  8.2912 +  by (import pred_set INSERT_UNION_EQ)
  8.2913 +
  8.2914 +lemma INSERT_INTER: "ALL x s t.
  8.2915 +   pred_set.INTER (INSERT x s) t =
  8.2916 +   (if IN x t then INSERT x (pred_set.INTER s t) else pred_set.INTER s t)"
  8.2917 +  by (import pred_set INSERT_INTER)
  8.2918 +
  8.2919 +lemma DISJOINT_INSERT: "ALL x xa xb. DISJOINT (INSERT x xa) xb = (DISJOINT xa xb & ~ IN x xb)"
  8.2920 +  by (import pred_set DISJOINT_INSERT)
  8.2921 +
  8.2922 +lemma INSERT_SUBSET: "ALL x xa xb. SUBSET (INSERT x xa) xb = (IN x xb & SUBSET xa xb)"
  8.2923 +  by (import pred_set INSERT_SUBSET)
  8.2924 +
  8.2925 +lemma SUBSET_INSERT: "ALL x xa. ~ IN x xa --> (ALL xb. SUBSET xa (INSERT x xb) = SUBSET xa xb)"
  8.2926 +  by (import pred_set SUBSET_INSERT)
  8.2927 +
  8.2928 +lemma INSERT_DIFF: "ALL s t x.
  8.2929 +   DIFF (INSERT x s) t = (if IN x t then DIFF s t else INSERT x (DIFF s t))"
  8.2930 +  by (import pred_set INSERT_DIFF)
  8.2931 +
  8.2932 +constdefs
  8.2933 +  DELETE :: "('a => bool) => 'a => 'a => bool" 
  8.2934 +  "DELETE == %s x. DIFF s (INSERT x EMPTY)"
  8.2935 +
  8.2936 +lemma DELETE_DEF: "ALL s x. DELETE s x = DIFF s (INSERT x EMPTY)"
  8.2937 +  by (import pred_set DELETE_DEF)
  8.2938 +
  8.2939 +lemma IN_DELETE: "ALL x xa xb. IN xa (DELETE x xb) = (IN xa x & xa ~= xb)"
  8.2940 +  by (import pred_set IN_DELETE)
  8.2941 +
  8.2942 +lemma DELETE_NON_ELEMENT: "ALL x xa. (~ IN x xa) = (DELETE xa x = xa)"
  8.2943 +  by (import pred_set DELETE_NON_ELEMENT)
  8.2944 +
  8.2945 +lemma IN_DELETE_EQ: "ALL s x x'. (IN x s = IN x' s) = (IN x (DELETE s x') = IN x' (DELETE s x))"
  8.2946 +  by (import pred_set IN_DELETE_EQ)
  8.2947 +
  8.2948 +lemma EMPTY_DELETE: "ALL x. DELETE EMPTY x = EMPTY"
  8.2949 +  by (import pred_set EMPTY_DELETE)
  8.2950 +
  8.2951 +lemma DELETE_DELETE: "ALL x xa. DELETE (DELETE xa x) x = DELETE xa x"
  8.2952 +  by (import pred_set DELETE_DELETE)
  8.2953 +
  8.2954 +lemma DELETE_COMM: "ALL x xa xb. DELETE (DELETE xb x) xa = DELETE (DELETE xb xa) x"
  8.2955 +  by (import pred_set DELETE_COMM)
  8.2956 +
  8.2957 +lemma DELETE_SUBSET: "ALL x xa. SUBSET (DELETE xa x) xa"
  8.2958 +  by (import pred_set DELETE_SUBSET)
  8.2959 +
  8.2960 +lemma SUBSET_DELETE: "ALL x xa xb. SUBSET xa (DELETE xb x) = (~ IN x xa & SUBSET xa xb)"
  8.2961 +  by (import pred_set SUBSET_DELETE)
  8.2962 +
  8.2963 +lemma SUBSET_INSERT_DELETE: "ALL x s t. SUBSET s (INSERT x t) = SUBSET (DELETE s x) t"
  8.2964 +  by (import pred_set SUBSET_INSERT_DELETE)
  8.2965 +
  8.2966 +lemma DIFF_INSERT: "ALL x xa xb. DIFF x (INSERT xb xa) = DIFF (DELETE x xb) xa"
  8.2967 +  by (import pred_set DIFF_INSERT)
  8.2968 +
  8.2969 +lemma PSUBSET_INSERT_SUBSET: "ALL x xa. PSUBSET x xa = (EX xb. ~ IN xb x & SUBSET (INSERT xb x) xa)"
  8.2970 +  by (import pred_set PSUBSET_INSERT_SUBSET)
  8.2971 +
  8.2972 +lemma PSUBSET_MEMBER: "ALL s t. PSUBSET s t = (SUBSET s t & (EX y. IN y t & ~ IN y s))"
  8.2973 +  by (import pred_set PSUBSET_MEMBER)
  8.2974 +
  8.2975 +lemma DELETE_INSERT: "ALL x xa xb.
  8.2976 +   DELETE (INSERT x xb) xa =
  8.2977 +   (if x = xa then DELETE xb xa else INSERT x (DELETE xb xa))"
  8.2978 +  by (import pred_set DELETE_INSERT)
  8.2979 +
  8.2980 +lemma INSERT_DELETE: "ALL x xa. IN x xa --> INSERT x (DELETE xa x) = xa"
  8.2981 +  by (import pred_set INSERT_DELETE)
  8.2982 +
  8.2983 +lemma DELETE_INTER: "ALL x xa xb.
  8.2984 +   pred_set.INTER (DELETE x xb) xa = DELETE (pred_set.INTER x xa) xb"
  8.2985 +  by (import pred_set DELETE_INTER)
  8.2986 +
  8.2987 +lemma DISJOINT_DELETE_SYM: "ALL x xa xb. DISJOINT (DELETE x xb) xa = DISJOINT (DELETE xa xb) x"
  8.2988 +  by (import pred_set DISJOINT_DELETE_SYM)
  8.2989 +
  8.2990 +consts
  8.2991 +  CHOICE :: "('a => bool) => 'a" 
  8.2992 +
  8.2993 +specification (CHOICE) CHOICE_DEF: "ALL x. x ~= EMPTY --> IN (CHOICE x) x"
  8.2994 +  by (import pred_set CHOICE_DEF)
  8.2995 +
  8.2996 +constdefs
  8.2997 +  REST :: "('a => bool) => 'a => bool" 
  8.2998 +  "REST == %s. DELETE s (CHOICE s)"
  8.2999 +
  8.3000 +lemma REST_DEF: "ALL s. REST s = DELETE s (CHOICE s)"
  8.3001 +  by (import pred_set REST_DEF)
  8.3002 +
  8.3003 +lemma CHOICE_NOT_IN_REST: "ALL x. ~ IN (CHOICE x) (REST x)"
  8.3004 +  by (import pred_set CHOICE_NOT_IN_REST)
  8.3005 +
  8.3006 +lemma CHOICE_INSERT_REST: "ALL s. s ~= EMPTY --> INSERT (CHOICE s) (REST s) = s"
  8.3007 +  by (import pred_set CHOICE_INSERT_REST)
  8.3008 +
  8.3009 +lemma REST_SUBSET: "ALL x. SUBSET (REST x) x"
  8.3010 +  by (import pred_set REST_SUBSET)
  8.3011 +
  8.3012 +lemma REST_PSUBSET: "ALL x. x ~= EMPTY --> PSUBSET (REST x) x"
  8.3013 +  by (import pred_set REST_PSUBSET)
  8.3014 +
  8.3015 +constdefs
  8.3016 +  SING :: "('a => bool) => bool" 
  8.3017 +  "SING == %s. EX x. s = INSERT x EMPTY"
  8.3018 +
  8.3019 +lemma SING_DEF: "ALL s. SING s = (EX x. s = INSERT x EMPTY)"
  8.3020 +  by (import pred_set SING_DEF)
  8.3021 +
  8.3022 +lemma SING: "ALL x. SING (INSERT x EMPTY)"
  8.3023 +  by (import pred_set SING)
  8.3024 +
  8.3025 +lemma IN_SING: "ALL x xa. IN x (INSERT xa EMPTY) = (x = xa)"
  8.3026 +  by (import pred_set IN_SING)
  8.3027 +
  8.3028 +lemma NOT_SING_EMPTY: "ALL x. INSERT x EMPTY ~= EMPTY"
  8.3029 +  by (import pred_set NOT_SING_EMPTY)
  8.3030 +
  8.3031 +lemma NOT_EMPTY_SING: "ALL x. EMPTY ~= INSERT x EMPTY"
  8.3032 +  by (import pred_set NOT_EMPTY_SING)
  8.3033 +
  8.3034 +lemma EQUAL_SING: "ALL x xa. (INSERT x EMPTY = INSERT xa EMPTY) = (x = xa)"
  8.3035 +  by (import pred_set EQUAL_SING)
  8.3036 +
  8.3037 +lemma DISJOINT_SING_EMPTY: "ALL x. DISJOINT (INSERT x EMPTY) EMPTY"
  8.3038 +  by (import pred_set DISJOINT_SING_EMPTY)
  8.3039 +
  8.3040 +lemma INSERT_SING_UNION: "ALL x xa. INSERT xa x = pred_set.UNION (INSERT xa EMPTY) x"
  8.3041 +  by (import pred_set INSERT_SING_UNION)
  8.3042 +
  8.3043 +lemma SING_DELETE: "ALL x. DELETE (INSERT x EMPTY) x = EMPTY"
  8.3044 +  by (import pred_set SING_DELETE)
  8.3045 +
  8.3046 +lemma DELETE_EQ_SING: "ALL x xa. IN xa x --> (DELETE x xa = EMPTY) = (x = INSERT xa EMPTY)"
  8.3047 +  by (import pred_set DELETE_EQ_SING)
  8.3048 +
  8.3049 +lemma CHOICE_SING: "ALL x. CHOICE (INSERT x EMPTY) = x"
  8.3050 +  by (import pred_set CHOICE_SING)
  8.3051 +
  8.3052 +lemma REST_SING: "ALL x. REST (INSERT x EMPTY) = EMPTY"
  8.3053 +  by (import pred_set REST_SING)
  8.3054 +
  8.3055 +lemma SING_IFF_EMPTY_REST: "ALL x. SING x = (x ~= EMPTY & REST x = EMPTY)"
  8.3056 +  by (import pred_set SING_IFF_EMPTY_REST)
  8.3057 +
  8.3058 +constdefs
  8.3059 +  IMAGE :: "('a => 'b) => ('a => bool) => 'b => bool" 
  8.3060 +  "IMAGE == %f s. GSPEC (%x. (f x, IN x s))"
  8.3061 +
  8.3062 +lemma IMAGE_DEF: "ALL f s. IMAGE f s = GSPEC (%x. (f x, IN x s))"
  8.3063 +  by (import pred_set IMAGE_DEF)
  8.3064 +
  8.3065 +lemma IN_IMAGE: "ALL (x::'b) (xa::'a => bool) xb::'a => 'b.
  8.3066 +   IN x (IMAGE xb xa) = (EX xc::'a. x = xb xc & IN xc xa)"
  8.3067 +  by (import pred_set IN_IMAGE)
  8.3068 +
  8.3069 +lemma IMAGE_IN: "ALL x xa. IN x xa --> (ALL xb. IN (xb x) (IMAGE xb xa))"
  8.3070 +  by (import pred_set IMAGE_IN)
  8.3071 +
  8.3072 +lemma IMAGE_EMPTY: "ALL x. IMAGE x EMPTY = EMPTY"
  8.3073 +  by (import pred_set IMAGE_EMPTY)
  8.3074 +
  8.3075 +lemma IMAGE_ID: "ALL x. IMAGE (%x. x) x = x"
  8.3076 +  by (import pred_set IMAGE_ID)
  8.3077 +
  8.3078 +lemma IMAGE_COMPOSE: "ALL (x::'b => 'c) (xa::'a => 'b) xb::'a => bool.
  8.3079 +   IMAGE (x o xa) xb = IMAGE x (IMAGE xa xb)"
  8.3080 +  by (import pred_set IMAGE_COMPOSE)
  8.3081 +
  8.3082 +lemma IMAGE_INSERT: "ALL x xa xb. IMAGE x (INSERT xa xb) = INSERT (x xa) (IMAGE x xb)"
  8.3083 +  by (import pred_set IMAGE_INSERT)
  8.3084 +
  8.3085 +lemma IMAGE_EQ_EMPTY: "ALL s x. (IMAGE x s = EMPTY) = (s = EMPTY)"
  8.3086 +  by (import pred_set IMAGE_EQ_EMPTY)
  8.3087 +
  8.3088 +lemma IMAGE_DELETE: "ALL f x s. ~ IN x s --> IMAGE f (DELETE s x) = IMAGE f s"
  8.3089 +  by (import pred_set IMAGE_DELETE)
  8.3090 +
  8.3091 +lemma IMAGE_UNION: "ALL x xa xb.
  8.3092 +   IMAGE x (pred_set.UNION xa xb) = pred_set.UNION (IMAGE x xa) (IMAGE x xb)"
  8.3093 +  by (import pred_set IMAGE_UNION)
  8.3094 +
  8.3095 +lemma IMAGE_SUBSET: "ALL x xa. SUBSET x xa --> (ALL xb. SUBSET (IMAGE xb x) (IMAGE xb xa))"
  8.3096 +  by (import pred_set IMAGE_SUBSET)
  8.3097 +
  8.3098 +lemma IMAGE_INTER: "ALL f s t.
  8.3099 +   SUBSET (IMAGE f (pred_set.INTER s t))
  8.3100 +    (pred_set.INTER (IMAGE f s) (IMAGE f t))"
  8.3101 +  by (import pred_set IMAGE_INTER)
  8.3102 +
  8.3103 +constdefs
  8.3104 +  INJ :: "('a => 'b) => ('a => bool) => ('b => bool) => bool" 
  8.3105 +  "INJ ==
  8.3106 +%f s t.
  8.3107 +   (ALL x. IN x s --> IN (f x) t) &
  8.3108 +   (ALL x y. IN x s & IN y s --> f x = f y --> x = y)"
  8.3109 +
  8.3110 +lemma INJ_DEF: "ALL f s t.
  8.3111 +   INJ f s t =
  8.3112 +   ((ALL x. IN x s --> IN (f x) t) &
  8.3113 +    (ALL x y. IN x s & IN y s --> f x = f y --> x = y))"
  8.3114 +  by (import pred_set INJ_DEF)
  8.3115 +
  8.3116 +lemma INJ_ID: "ALL x. INJ (%x. x) x x"
  8.3117 +  by (import pred_set INJ_ID)
  8.3118 +
  8.3119 +lemma INJ_COMPOSE: "ALL x xa xb xc xd. INJ x xb xc & INJ xa xc xd --> INJ (xa o x) xb xd"
  8.3120 +  by (import pred_set INJ_COMPOSE)
  8.3121 +
  8.3122 +lemma INJ_EMPTY: "ALL x. All (INJ x EMPTY) & (ALL xa. INJ x xa EMPTY = (xa = EMPTY))"
  8.3123 +  by (import pred_set INJ_EMPTY)
  8.3124 +
  8.3125 +constdefs
  8.3126 +  SURJ :: "('a => 'b) => ('a => bool) => ('b => bool) => bool" 
  8.3127 +  "SURJ ==
  8.3128 +%f s t.
  8.3129 +   (ALL x. IN x s --> IN (f x) t) &
  8.3130 +   (ALL x. IN x t --> (EX y. IN y s & f y = x))"
  8.3131 +
  8.3132 +lemma SURJ_DEF: "ALL f s t.
  8.3133 +   SURJ f s t =
  8.3134 +   ((ALL x. IN x s --> IN (f x) t) &
  8.3135 +    (ALL x. IN x t --> (EX y. IN y s & f y = x)))"
  8.3136 +  by (import pred_set SURJ_DEF)
  8.3137 +
  8.3138 +lemma SURJ_ID: "ALL x. SURJ (%x. x) x x"
  8.3139 +  by (import pred_set SURJ_ID)
  8.3140 +
  8.3141 +lemma SURJ_COMPOSE: "ALL x xa xb xc xd. SURJ x xb xc & SURJ xa xc xd --> SURJ (xa o x) xb xd"
  8.3142 +  by (import pred_set SURJ_COMPOSE)
  8.3143 +
  8.3144 +lemma SURJ_EMPTY: "ALL x.
  8.3145 +   (ALL xa. SURJ x EMPTY xa = (xa = EMPTY)) &
  8.3146 +   (ALL xa. SURJ x xa EMPTY = (xa = EMPTY))"
  8.3147 +  by (import pred_set SURJ_EMPTY)
  8.3148 +
  8.3149 +lemma IMAGE_SURJ: "ALL x xa xb. SURJ x xa xb = (IMAGE x xa = xb)"
  8.3150 +  by (import pred_set IMAGE_SURJ)
  8.3151 +
  8.3152 +constdefs
  8.3153 +  BIJ :: "('a => 'b) => ('a => bool) => ('b => bool) => bool" 
  8.3154 +  "BIJ == %f s t. INJ f s t & SURJ f s t"
  8.3155 +
  8.3156 +lemma BIJ_DEF: "ALL f s t. BIJ f s t = (INJ f s t & SURJ f s t)"
  8.3157 +  by (import pred_set BIJ_DEF)
  8.3158 +
  8.3159 +lemma BIJ_ID: "ALL x. BIJ (%x. x) x x"
  8.3160 +  by (import pred_set BIJ_ID)
  8.3161 +
  8.3162 +lemma BIJ_EMPTY: "ALL x.
  8.3163 +   (ALL xa. BIJ x EMPTY xa = (xa = EMPTY)) &
  8.3164 +   (ALL xa. BIJ x xa EMPTY = (xa = EMPTY))"
  8.3165 +  by (import pred_set BIJ_EMPTY)
  8.3166 +
  8.3167 +lemma BIJ_COMPOSE: "ALL x xa xb xc xd. BIJ x xb xc & BIJ xa xc xd --> BIJ (xa o x) xb xd"
  8.3168 +  by (import pred_set BIJ_COMPOSE)
  8.3169 +
  8.3170 +consts
  8.3171 +  LINV :: "('a => 'b) => ('a => bool) => 'b => 'a" 
  8.3172 +
  8.3173 +specification (LINV) LINV_DEF: "ALL f s t. INJ f s t --> (ALL x. IN x s --> LINV f s (f x) = x)"
  8.3174 +  by (import pred_set LINV_DEF)
  8.3175 +
  8.3176 +consts
  8.3177 +  RINV :: "('a => 'b) => ('a => bool) => 'b => 'a" 
  8.3178 +
  8.3179 +specification (RINV) RINV_DEF: "ALL f s t. SURJ f s t --> (ALL x. IN x t --> f (RINV f s x) = x)"
  8.3180 +  by (import pred_set RINV_DEF)
  8.3181 +
  8.3182 +constdefs
  8.3183 +  FINITE :: "('a => bool) => bool" 
  8.3184 +  "FINITE ==
  8.3185 +%s. ALL P. P EMPTY & (ALL s. P s --> (ALL e. P (INSERT e s))) --> P s"
  8.3186 +
  8.3187 +lemma FINITE_DEF: "ALL s.
  8.3188 +   FINITE s =
  8.3189 +   (ALL P. P EMPTY & (ALL s. P s --> (ALL e. P (INSERT e s))) --> P s)"
  8.3190 +  by (import pred_set FINITE_DEF)
  8.3191 +
  8.3192 +lemma FINITE_EMPTY: "FINITE EMPTY"
  8.3193 +  by (import pred_set FINITE_EMPTY)
  8.3194 +
  8.3195 +lemma FINITE_INDUCT: "ALL P.
  8.3196 +   P EMPTY &
  8.3197 +   (ALL s. FINITE s & P s --> (ALL e. ~ IN e s --> P (INSERT e s))) -->
  8.3198 +   (ALL s. FINITE s --> P s)"
  8.3199 +  by (import pred_set FINITE_INDUCT)
  8.3200 +
  8.3201 +lemma FINITE_INSERT: "ALL x s. FINITE (INSERT x s) = FINITE s"
  8.3202 +  by (import pred_set FINITE_INSERT)
  8.3203 +
  8.3204 +lemma FINITE_DELETE: "ALL x s. FINITE (DELETE s x) = FINITE s"
  8.3205 +  by (import pred_set FINITE_DELETE)
  8.3206 +
  8.3207 +lemma FINITE_UNION: "ALL s t. FINITE (pred_set.UNION s t) = (FINITE s & FINITE t)"
  8.3208 +  by (import pred_set FINITE_UNION)
  8.3209 +
  8.3210 +lemma INTER_FINITE: "ALL s. FINITE s --> (ALL t. FINITE (pred_set.INTER s t))"
  8.3211 +  by (import pred_set INTER_FINITE)
  8.3212 +
  8.3213 +lemma SUBSET_FINITE: "ALL s. FINITE s --> (ALL t. SUBSET t s --> FINITE t)"
  8.3214 +  by (import pred_set SUBSET_FINITE)
  8.3215 +
  8.3216 +lemma PSUBSET_FINITE: "ALL x. FINITE x --> (ALL xa. PSUBSET xa x --> FINITE xa)"
  8.3217 +  by (import pred_set PSUBSET_FINITE)
  8.3218 +
  8.3219 +lemma FINITE_DIFF: "ALL s. FINITE s --> (ALL t. FINITE (DIFF s t))"
  8.3220 +  by (import pred_set FINITE_DIFF)
  8.3221 +
  8.3222 +lemma FINITE_SING: "ALL x. FINITE (INSERT x EMPTY)"
  8.3223 +  by (import pred_set FINITE_SING)
  8.3224 +
  8.3225 +lemma SING_FINITE: "ALL x. SING x --> FINITE x"
  8.3226 +  by (import pred_set SING_FINITE)
  8.3227 +
  8.3228 +lemma IMAGE_FINITE: "ALL s. FINITE s --> (ALL f. FINITE (IMAGE f s))"
  8.3229 +  by (import pred_set IMAGE_FINITE)
  8.3230 +
  8.3231 +consts
  8.3232 +  CARD :: "('a => bool) => nat" 
  8.3233 +
  8.3234 +specification (CARD) CARD_DEF: "(op &::bool => bool => bool)
  8.3235 + ((op =::nat => nat => bool)
  8.3236 +   ((CARD::('a => bool) => nat) (EMPTY::'a => bool)) (0::nat))
  8.3237 + ((All::(('a => bool) => bool) => bool)
  8.3238 +   (%s::'a => bool.
  8.3239 +       (op -->::bool => bool => bool) ((FINITE::('a => bool) => bool) s)
  8.3240 +        ((All::('a => bool) => bool)
  8.3241 +          (%x::'a.
  8.3242 +              (op =::nat => nat => bool)
  8.3243 +               ((CARD::('a => bool) => nat)
  8.3244 +                 ((INSERT::'a => ('a => bool) => 'a => bool) x s))
  8.3245 +               ((If::bool => nat => nat => nat)
  8.3246 +                 ((IN::'a => ('a => bool) => bool) x s)
  8.3247 +                 ((CARD::('a => bool) => nat) s)
  8.3248 +                 ((Suc::nat => nat) ((CARD::('a => bool) => nat) s)))))))"
  8.3249 +  by (import pred_set CARD_DEF)
  8.3250 +
  8.3251 +lemma CARD_EMPTY: "CARD EMPTY = 0"
  8.3252 +  by (import pred_set CARD_EMPTY)
  8.3253 +
  8.3254 +lemma CARD_INSERT: "ALL s.
  8.3255 +   FINITE s -->
  8.3256 +   (ALL x. CARD (INSERT x s) = (if IN x s then CARD s else Suc (CARD s)))"
  8.3257 +  by (import pred_set CARD_INSERT)
  8.3258 +
  8.3259 +lemma CARD_EQ_0: "ALL s. FINITE s --> (CARD s = 0) = (s = EMPTY)"
  8.3260 +  by (import pred_set CARD_EQ_0)
  8.3261 +
  8.3262 +lemma CARD_DELETE: "ALL s.
  8.3263 +   FINITE s -->
  8.3264 +   (ALL x. CARD (DELETE s x) = (if IN x s then CARD s - 1 else CARD s))"
  8.3265 +  by (import pred_set CARD_DELETE)
  8.3266 +
  8.3267 +lemma CARD_INTER_LESS_EQ: "ALL s. FINITE s --> (ALL t. CARD (pred_set.INTER s t) <= CARD s)"
  8.3268 +  by (import pred_set CARD_INTER_LESS_EQ)
  8.3269 +
  8.3270 +lemma CARD_UNION: "ALL s.
  8.3271 +   FINITE s -->
  8.3272 +   (ALL t.
  8.3273 +       FINITE t -->
  8.3274 +       CARD (pred_set.UNION s t) + CARD (pred_set.INTER s t) =
  8.3275 +       CARD s + CARD t)"
  8.3276 +  by (import pred_set CARD_UNION)
  8.3277 +
  8.3278 +lemma CARD_SUBSET: "ALL s. FINITE s --> (ALL t. SUBSET t s --> CARD t <= CARD s)"
  8.3279 +  by (import pred_set CARD_SUBSET)
  8.3280 +
  8.3281 +lemma CARD_PSUBSET: "ALL s. FINITE s --> (ALL t. PSUBSET t s --> CARD t < CARD s)"
  8.3282 +  by (import pred_set CARD_PSUBSET)
  8.3283 +
  8.3284 +lemma CARD_SING: "ALL x. CARD (INSERT x EMPTY) = 1"
  8.3285 +  by (import pred_set CARD_SING)
  8.3286 +
  8.3287 +lemma SING_IFF_CARD1: "ALL x. SING x = (CARD x = 1 & FINITE x)"
  8.3288 +  by (import pred_set SING_IFF_CARD1)
  8.3289 +
  8.3290 +lemma CARD_DIFF: "ALL t.
  8.3291 +   FINITE t -->
  8.3292 +   (ALL s.
  8.3293 +       FINITE s --> CARD (DIFF s t) = CARD s - CARD (pred_set.INTER s t))"
  8.3294 +  by (import pred_set CARD_DIFF)
  8.3295 +
  8.3296 +lemma LESS_CARD_DIFF: "ALL t.
  8.3297 +   FINITE t -->
  8.3298 +   (ALL s. FINITE s --> CARD t < CARD s --> 0 < CARD (DIFF s t))"
  8.3299 +  by (import pred_set LESS_CARD_DIFF)
  8.3300 +
  8.3301 +lemma FINITE_COMPLETE_INDUCTION: "ALL P.
  8.3302 +   (ALL x. (ALL y. PSUBSET y x --> P y) --> FINITE x --> P x) -->
  8.3303 +   (ALL x. FINITE x --> P x)"
  8.3304 +  by (import pred_set FINITE_COMPLETE_INDUCTION)
  8.3305 +
  8.3306 +constdefs
  8.3307 +  INFINITE :: "('a => bool) => bool" 
  8.3308 +  "INFINITE == %s. ~ FINITE s"
  8.3309 +
  8.3310 +lemma INFINITE_DEF: "ALL s. INFINITE s = (~ FINITE s)"
  8.3311 +  by (import pred_set INFINITE_DEF)
  8.3312 +
  8.3313 +lemma NOT_IN_FINITE: "(op =::bool => bool => bool)
  8.3314 + ((INFINITE::('a => bool) => bool) (pred_set.UNIV::'a => bool))
  8.3315 + ((All::(('a => bool) => bool) => bool)
  8.3316 +   (%s::'a => bool.
  8.3317 +       (op -->::bool => bool => bool) ((FINITE::('a => bool) => bool) s)
  8.3318 +        ((Ex::('a => bool) => bool)
  8.3319 +          (%x::'a.
  8.3320 +              (Not::bool => bool) ((IN::'a => ('a => bool) => bool) x s)))))"
  8.3321 +  by (import pred_set NOT_IN_FINITE)
  8.3322 +
  8.3323 +lemma INFINITE_INHAB: "ALL x. INFINITE x --> (EX xa. IN xa x)"
  8.3324 +  by (import pred_set INFINITE_INHAB)
  8.3325 +
  8.3326 +lemma IMAGE_11_INFINITE: "ALL f.
  8.3327 +   (ALL x y. f x = f y --> x = y) -->
  8.3328 +   (ALL s. INFINITE s --> INFINITE (IMAGE f s))"
  8.3329 +  by (import pred_set IMAGE_11_INFINITE)
  8.3330 +
  8.3331 +lemma INFINITE_SUBSET: "ALL x. INFINITE x --> (ALL xa. SUBSET x xa --> INFINITE xa)"
  8.3332 +  by (import pred_set INFINITE_SUBSET)
  8.3333 +
  8.3334 +lemma IN_INFINITE_NOT_FINITE: "ALL x xa. INFINITE x & FINITE xa --> (EX xb. IN xb x & ~ IN xb xa)"
  8.3335 +  by (import pred_set IN_INFINITE_NOT_FINITE)
  8.3336 +
  8.3337 +lemma INFINITE_UNIV: "(op =::bool => bool => bool)
  8.3338 + ((INFINITE::('a => bool) => bool) (pred_set.UNIV::'a => bool))
  8.3339 + ((Ex::(('a => 'a) => bool) => bool)
  8.3340 +   (%f::'a => 'a.
  8.3341 +       (op &::bool => bool => bool)
  8.3342 +        ((All::('a => bool) => bool)
  8.3343 +          (%x::'a.
  8.3344 +              (All::('a => bool) => bool)
  8.3345 +               (%y::'a.
  8.3346 +                   (op -->::bool => bool => bool)
  8.3347 +                    ((op =::'a => 'a => bool) (f x) (f y))
  8.3348 +                    ((op =::'a => 'a => bool) x y))))
  8.3349 +        ((Ex::('a => bool) => bool)
  8.3350 +          (%y::'a.
  8.3351 +              (All::('a => bool) => bool)
  8.3352 +               (%x::'a.
  8.3353 +                   (Not::bool => bool)
  8.3354 +                    ((op =::'a => 'a => bool) (f x) y))))))"
  8.3355 +  by (import pred_set INFINITE_UNIV)
  8.3356 +
  8.3357 +lemma FINITE_PSUBSET_INFINITE: "ALL x. INFINITE x = (ALL xa. FINITE xa --> SUBSET xa x --> PSUBSET xa x)"
  8.3358 +  by (import pred_set FINITE_PSUBSET_INFINITE)
  8.3359 +
  8.3360 +lemma FINITE_PSUBSET_UNIV: "(op =::bool => bool => bool)
  8.3361 + ((INFINITE::('a => bool) => bool) (pred_set.UNIV::'a => bool))
  8.3362 + ((All::(('a => bool) => bool) => bool)
  8.3363 +   (%s::'a => bool.
  8.3364 +       (op -->::bool => bool => bool) ((FINITE::('a => bool) => bool) s)
  8.3365 +        ((PSUBSET::('a => bool) => ('a => bool) => bool) s
  8.3366 +          (pred_set.UNIV::'a => bool))))"
  8.3367 +  by (import pred_set FINITE_PSUBSET_UNIV)
  8.3368 +
  8.3369 +lemma INFINITE_DIFF_FINITE: "ALL s t. INFINITE s & FINITE t --> DIFF s t ~= EMPTY"
  8.3370 +  by (import pred_set INFINITE_DIFF_FINITE)
  8.3371 +
  8.3372 +lemma FINITE_ISO_NUM: "ALL s.
  8.3373 +   FINITE s -->
  8.3374 +   (EX f. (ALL n m. n < CARD s & m < CARD s --> f n = f m --> n = m) &
  8.3375 +          s = GSPEC (%n. (f n, n < CARD s)))"
  8.3376 +  by (import pred_set FINITE_ISO_NUM)
  8.3377 +
  8.3378 +lemma FINITE_WEAK_ENUMERATE: "ALL x::'a => bool.
  8.3379 +   FINITE x =
  8.3380 +   (EX (f::nat => 'a) b::nat. ALL e::'a. IN e x = (EX n<b. e = f n))"
  8.3381 +  by (import pred_set FINITE_WEAK_ENUMERATE)
  8.3382 +
  8.3383 +constdefs
  8.3384 +  BIGUNION :: "(('a => bool) => bool) => 'a => bool" 
  8.3385 +  "BIGUNION == %P. GSPEC (%x. (x, EX p. IN p P & IN x p))"
  8.3386 +
  8.3387 +lemma BIGUNION: "ALL P. BIGUNION P = GSPEC (%x. (x, EX p. IN p P & IN x p))"
  8.3388 +  by (import pred_set BIGUNION)
  8.3389 +
  8.3390 +lemma IN_BIGUNION: "ALL x xa. IN x (BIGUNION xa) = (EX s. IN x s & IN s xa)"
  8.3391 +  by (import pred_set IN_BIGUNION)
  8.3392 +
  8.3393 +lemma BIGUNION_EMPTY: "BIGUNION EMPTY = EMPTY"
  8.3394 +  by (import pred_set BIGUNION_EMPTY)
  8.3395 +
  8.3396 +lemma BIGUNION_SING: "ALL x. BIGUNION (INSERT x EMPTY) = x"
  8.3397 +  by (import pred_set BIGUNION_SING)
  8.3398 +
  8.3399 +lemma BIGUNION_UNION: "ALL x xa.
  8.3400 +   BIGUNION (pred_set.UNION x xa) =
  8.3401 +   pred_set.UNION (BIGUNION x) (BIGUNION xa)"
  8.3402 +  by (import pred_set BIGUNION_UNION)
  8.3403 +
  8.3404 +lemma DISJOINT_BIGUNION: "(ALL (s::('a => bool) => bool) t::'a => bool.
  8.3405 +    DISJOINT (BIGUNION s) t =
  8.3406 +    (ALL s'::'a => bool. IN s' s --> DISJOINT s' t)) &
  8.3407 +(ALL (x::('a => bool) => bool) xa::'a => bool.
  8.3408 +    DISJOINT xa (BIGUNION x) =
  8.3409 +    (ALL xb::'a => bool. IN xb x --> DISJOINT xa xb))"
  8.3410 +  by (import pred_set DISJOINT_BIGUNION)
  8.3411 +
  8.3412 +lemma BIGUNION_INSERT: "ALL x xa. BIGUNION (INSERT x xa) = pred_set.UNION x (BIGUNION xa)"
  8.3413 +  by (import pred_set BIGUNION_INSERT)
  8.3414 +
  8.3415 +lemma BIGUNION_SUBSET: "ALL X P. SUBSET (BIGUNION P) X = (ALL Y. IN Y P --> SUBSET Y X)"
  8.3416 +  by (import pred_set BIGUNION_SUBSET)
  8.3417 +
  8.3418 +lemma FINITE_BIGUNION: "ALL x. FINITE x & (ALL s. IN s x --> FINITE s) --> FINITE (BIGUNION x)"
  8.3419 +  by (import pred_set FINITE_BIGUNION)
  8.3420 +
  8.3421 +constdefs
  8.3422 +  BIGINTER :: "(('a => bool) => bool) => 'a => bool" 
  8.3423 +  "BIGINTER == %B. GSPEC (%x. (x, ALL P. IN P B --> IN x P))"
  8.3424 +
  8.3425 +lemma BIGINTER: "ALL B. BIGINTER B = GSPEC (%x. (x, ALL P. IN P B --> IN x P))"
  8.3426 +  by (import pred_set BIGINTER)
  8.3427 +
  8.3428 +lemma IN_BIGINTER: "IN x (BIGINTER B) = (ALL P. IN P B --> IN x P)"
  8.3429 +  by (import pred_set IN_BIGINTER)
  8.3430 +
  8.3431 +lemma BIGINTER_INSERT: "ALL P B. BIGINTER (INSERT P B) = pred_set.INTER P (BIGINTER B)"
  8.3432 +  by (import pred_set BIGINTER_INSERT)
  8.3433 +
  8.3434 +lemma BIGINTER_EMPTY: "BIGINTER EMPTY = pred_set.UNIV"
  8.3435 +  by (import pred_set BIGINTER_EMPTY)
  8.3436 +
  8.3437 +lemma BIGINTER_INTER: "ALL x xa. BIGINTER (INSERT x (INSERT xa EMPTY)) = pred_set.INTER x xa"
  8.3438 +  by (import pred_set BIGINTER_INTER)
  8.3439 +
  8.3440 +lemma BIGINTER_SING: "ALL x. BIGINTER (INSERT x EMPTY) = x"
  8.3441 +  by (import pred_set BIGINTER_SING)
  8.3442 +
  8.3443 +lemma SUBSET_BIGINTER: "ALL X P. SUBSET X (BIGINTER P) = (ALL x. IN x P --> SUBSET X x)"
  8.3444 +  by (import pred_set SUBSET_BIGINTER)
  8.3445 +
  8.3446 +lemma DISJOINT_BIGINTER: "ALL x xa xb.
  8.3447 +   IN xa xb & DISJOINT xa x -->
  8.3448 +   DISJOINT x (BIGINTER xb) & DISJOINT (BIGINTER xb) x"
  8.3449 +  by (import pred_set DISJOINT_BIGINTER)
  8.3450 +
  8.3451 +constdefs
  8.3452 +  CROSS :: "('a => bool) => ('b => bool) => 'a * 'b => bool" 
  8.3453 +  "CROSS == %P Q. GSPEC (%p. (p, IN (fst p) P & IN (snd p) Q))"
  8.3454 +
  8.3455 +lemma CROSS_DEF: "ALL P Q. CROSS P Q = GSPEC (%p. (p, IN (fst p) P & IN (snd p) Q))"
  8.3456 +  by (import pred_set CROSS_DEF)
  8.3457 +
  8.3458 +lemma IN_CROSS: "ALL x xa xb. IN xb (CROSS x xa) = (IN (fst xb) x & IN (snd xb) xa)"
  8.3459 +  by (import pred_set IN_CROSS)
  8.3460 +
  8.3461 +lemma CROSS_EMPTY: "ALL x. CROSS x EMPTY = EMPTY & CROSS EMPTY x = EMPTY"
  8.3462 +  by (import pred_set CROSS_EMPTY)
  8.3463 +
  8.3464 +lemma CROSS_INSERT_LEFT: "ALL x xa xb.
  8.3465 +   CROSS (INSERT xb x) xa =
  8.3466 +   pred_set.UNION (CROSS (INSERT xb EMPTY) xa) (CROSS x xa)"
  8.3467 +  by (import pred_set CROSS_INSERT_LEFT)
  8.3468 +
  8.3469 +lemma CROSS_INSERT_RIGHT: "ALL x xa xb.
  8.3470 +   CROSS x (INSERT xb xa) =
  8.3471 +   pred_set.UNION (CROSS x (INSERT xb EMPTY)) (CROSS x xa)"
  8.3472 +  by (import pred_set CROSS_INSERT_RIGHT)
  8.3473 +
  8.3474 +lemma FINITE_CROSS: "ALL x xa. FINITE x & FINITE xa --> FINITE (CROSS x xa)"
  8.3475 +  by (import pred_set FINITE_CROSS)
  8.3476 +
  8.3477 +lemma CROSS_SINGS: "ALL x xa. CROSS (INSERT x EMPTY) (INSERT xa EMPTY) = INSERT (x, xa) EMPTY"
  8.3478 +  by (import pred_set CROSS_SINGS)
  8.3479 +
  8.3480 +lemma CARD_SING_CROSS: "ALL x s. FINITE s --> CARD (CROSS (INSERT x EMPTY) s) = CARD s"
  8.3481 +  by (import pred_set CARD_SING_CROSS)
  8.3482 +
  8.3483 +lemma CARD_CROSS: "ALL x xa. FINITE x & FINITE xa --> CARD (CROSS x xa) = CARD x * CARD xa"
  8.3484 +  by (import pred_set CARD_CROSS)
  8.3485 +
  8.3486 +lemma CROSS_SUBSET: "ALL x xa xb xc.
  8.3487 +   SUBSET (CROSS xb xc) (CROSS x xa) =
  8.3488 +   (xb = EMPTY | xc = EMPTY | SUBSET xb x & SUBSET xc xa)"
  8.3489 +  by (import pred_set CROSS_SUBSET)
  8.3490 +
  8.3491 +lemma FINITE_CROSS_EQ: "ALL P Q. FINITE (CROSS P Q) = (P = EMPTY | Q = EMPTY | FINITE P & FINITE Q)"
  8.3492 +  by (import pred_set FINITE_CROSS_EQ)
  8.3493 +
  8.3494 +constdefs
  8.3495 +  COMPL :: "('a => bool) => 'a => bool" 
  8.3496 +  "COMPL == DIFF pred_set.UNIV"
  8.3497 +
  8.3498 +lemma COMPL_DEF: "ALL P. COMPL P = DIFF pred_set.UNIV P"
  8.3499 +  by (import pred_set COMPL_DEF)
  8.3500 +
  8.3501 +lemma IN_COMPL: "ALL x xa. IN x (COMPL xa) = (~ IN x xa)"
  8.3502 +  by (import pred_set IN_COMPL)
  8.3503 +
  8.3504 +lemma COMPL_COMPL: "ALL x. COMPL (COMPL x) = x"
  8.3505 +  by (import pred_set COMPL_COMPL)
  8.3506 +
  8.3507 +lemma COMPL_CLAUSES: "ALL x.
  8.3508 +   pred_set.INTER (COMPL x) x = EMPTY &
  8.3509 +   pred_set.UNION (COMPL x) x = pred_set.UNIV"
  8.3510 +  by (import pred_set COMPL_CLAUSES)
  8.3511 +
  8.3512 +lemma COMPL_SPLITS: "ALL x xa.
  8.3513 +   pred_set.UNION (pred_set.INTER x xa) (pred_set.INTER (COMPL x) xa) = xa"
  8.3514 +  by (import pred_set COMPL_SPLITS)
  8.3515 +
  8.3516 +lemma INTER_UNION_COMPL: "ALL x xa. pred_set.INTER x xa = COMPL (pred_set.UNION (COMPL x) (COMPL xa))"
  8.3517 +  by (import pred_set INTER_UNION_COMPL)
  8.3518 +
  8.3519 +lemma COMPL_EMPTY: "COMPL EMPTY = pred_set.UNIV"
  8.3520 +  by (import pred_set COMPL_EMPTY)
  8.3521 +
  8.3522 +consts
  8.3523 +  count :: "nat => nat => bool" 
  8.3524 +
  8.3525 +defs
  8.3526 +  count_primdef: "count == %n. GSPEC (%m. (m, m < n))"
  8.3527 +
  8.3528 +lemma count_def: "ALL n. count n = GSPEC (%m. (m, m < n))"
  8.3529 +  by (import pred_set count_def)
  8.3530 +
  8.3531 +lemma IN_COUNT: "ALL m n. IN m (count n) = (m < n)"
  8.3532 +  by (import pred_set IN_COUNT)
  8.3533 +
  8.3534 +lemma COUNT_ZERO: "count 0 = EMPTY"
  8.3535 +  by (import pred_set COUNT_ZERO)
  8.3536 +
  8.3537 +lemma COUNT_SUC: "ALL n. count (Suc n) = INSERT n (count n)"
  8.3538 +  by (import pred_set COUNT_SUC)
  8.3539 +
  8.3540 +lemma FINITE_COUNT: "ALL n. FINITE (count n)"
  8.3541 +  by (import pred_set FINITE_COUNT)
  8.3542 +
  8.3543 +lemma CARD_COUNT: "ALL n. CARD (count n) = n"
  8.3544 +  by (import pred_set CARD_COUNT)
  8.3545 +
  8.3546 +constdefs
  8.3547 +  ITSET_tupled :: "('a => 'b => 'b) => ('a => bool) * 'b => 'b" 
  8.3548 +  "ITSET_tupled ==
  8.3549 +%f. WFREC
  8.3550 +     (SOME R.
  8.3551 +         WF R &
  8.3552 +         (ALL b s.
  8.3553 +             FINITE s & s ~= EMPTY --> R (REST s, f (CHOICE s) b) (s, b)))
  8.3554 +     (%ITSET_tupled (v, v1).
  8.3555 +         if FINITE v
  8.3556 +         then if v = EMPTY then v1
  8.3557 +              else ITSET_tupled (REST v, f (CHOICE v) v1)
  8.3558 +         else ARB)"
  8.3559 +
  8.3560 +lemma ITSET_tupled_primitive_def: "ALL f.
  8.3561 +   ITSET_tupled f =
  8.3562 +   WFREC
  8.3563 +    (SOME R.
  8.3564 +        WF R &
  8.3565 +        (ALL b s.
  8.3566 +            FINITE s & s ~= EMPTY --> R (REST s, f (CHOICE s) b) (s, b)))
  8.3567 +    (%ITSET_tupled (v, v1).
  8.3568 +        if FINITE v
  8.3569 +        then if v = EMPTY then v1
  8.3570 +             else ITSET_tupled (REST v, f (CHOICE v) v1)
  8.3571 +        else ARB)"
  8.3572 +  by (import pred_set ITSET_tupled_primitive_def)
  8.3573 +
  8.3574 +constdefs
  8.3575 +  ITSET :: "('a => 'b => 'b) => ('a => bool) => 'b => 'b" 
  8.3576 +  "ITSET == %f x x1. ITSET_tupled f (x, x1)"
  8.3577 +
  8.3578 +lemma ITSET_curried_def: "ALL f x x1. ITSET f x x1 = ITSET_tupled f (x, x1)"
  8.3579 +  by (import pred_set ITSET_curried_def)
  8.3580 +
  8.3581 +lemma ITSET_IND: "ALL P.
  8.3582 +   (ALL s b.
  8.3583 +       (FINITE s & s ~= EMPTY --> P (REST s) (f (CHOICE s) b)) -->
  8.3584 +       P s b) -->
  8.3585 +   (ALL v. All (P v))"
  8.3586 +  by (import pred_set ITSET_IND)
  8.3587 +
  8.3588 +lemma ITSET_THM: "ALL s f b.
  8.3589 +   FINITE s -->
  8.3590 +   ITSET f s b =
  8.3591 +   (if s = EMPTY then b else ITSET f (REST s) (f (CHOICE s) b))"
  8.3592 +  by (import pred_set ITSET_THM)
  8.3593 +
  8.3594 +lemma ITSET_EMPTY: "ALL x xa. ITSET x EMPTY xa = xa"
  8.3595 +  by (import pred_set ITSET_EMPTY)
  8.3596 +
  8.3597 +;end_setup
  8.3598 +
  8.3599 +;setup_theory operator
  8.3600 +
  8.3601 +constdefs
  8.3602 +  ASSOC :: "('a => 'a => 'a) => bool" 
  8.3603 +  "ASSOC == %f. ALL x y z. f x (f y z) = f (f x y) z"
  8.3604 +
  8.3605 +lemma ASSOC_DEF: "ALL f. ASSOC f = (ALL x y z. f x (f y z) = f (f x y) z)"
  8.3606 +  by (import operator ASSOC_DEF)
  8.3607 +
  8.3608 +constdefs
  8.3609 +  COMM :: "('a => 'a => 'b) => bool" 
  8.3610 +  "COMM == %f. ALL x y. f x y = f y x"
  8.3611 +
  8.3612 +lemma COMM_DEF: "ALL f. COMM f = (ALL x y. f x y = f y x)"
  8.3613 +  by (import operator COMM_DEF)
  8.3614 +
  8.3615 +constdefs
  8.3616 +  FCOMM :: "('a => 'b => 'a) => ('c => 'a => 'a) => bool" 
  8.3617 +  "FCOMM == %f g. ALL x y z. g x (f y z) = f (g x y) z"
  8.3618 +
  8.3619 +lemma FCOMM_DEF: "ALL f g. FCOMM f g = (ALL x y z. g x (f y z) = f (g x y) z)"
  8.3620 +  by (import operator FCOMM_DEF)
  8.3621 +
  8.3622 +constdefs
  8.3623 +  RIGHT_ID :: "('a => 'b => 'a) => 'b => bool" 
  8.3624 +  "RIGHT_ID == %f e. ALL x. f x e = x"
  8.3625 +
  8.3626 +lemma RIGHT_ID_DEF: "ALL f e. RIGHT_ID f e = (ALL x. f x e = x)"
  8.3627 +  by (import operator RIGHT_ID_DEF)
  8.3628 +
  8.3629 +constdefs
  8.3630 +  LEFT_ID :: "('a => 'b => 'b) => 'a => bool" 
  8.3631 +  "LEFT_ID == %f e. ALL x. f e x = x"
  8.3632 +
  8.3633 +lemma LEFT_ID_DEF: "ALL f e. LEFT_ID f e = (ALL x. f e x = x)"
  8.3634 +  by (import operator LEFT_ID_DEF)
  8.3635 +
  8.3636 +constdefs
  8.3637 +  MONOID :: "('a => 'a => 'a) => 'a => bool" 
  8.3638 +  "MONOID == %f e. ASSOC f & RIGHT_ID f e & LEFT_ID f e"
  8.3639 +
  8.3640 +lemma MONOID_DEF: "ALL f e. MONOID f e = (ASSOC f & RIGHT_ID f e & LEFT_ID f e)"
  8.3641 +  by (import operator MONOID_DEF)
  8.3642 +
  8.3643 +lemma ASSOC_CONJ: "ASSOC op &"
  8.3644 +  by (import operator ASSOC_CONJ)
  8.3645 +
  8.3646 +lemma ASSOC_DISJ: "ASSOC op |"
  8.3647 +  by (import operator ASSOC_DISJ)
  8.3648 +
  8.3649 +lemma FCOMM_ASSOC: "ALL x. FCOMM x x = ASSOC x"
  8.3650 +  by (import operator FCOMM_ASSOC)
  8.3651 +
  8.3652 +lemma MONOID_CONJ_T: "MONOID op & True"
  8.3653 +  by (import operator MONOID_CONJ_T)
  8.3654 +
  8.3655 +lemma MONOID_DISJ_F: "MONOID op | False"
  8.3656 +  by (import operator MONOID_DISJ_F)
  8.3657 +
  8.3658 +;end_setup
  8.3659 +
  8.3660 +;setup_theory rich_list
  8.3661 +
  8.3662 +consts
  8.3663 +  SNOC :: "'a => 'a list => 'a list" 
  8.3664 +
  8.3665 +specification (SNOC) SNOC: "(ALL x::'a. SNOC x [] = [x]) &
  8.3666 +(ALL (x::'a) (x'::'a) l::'a list. SNOC x (x' # l) = x' # SNOC x l)"
  8.3667 +  by (import rich_list SNOC)
  8.3668 +
  8.3669 +consts
  8.3670 +  SCANL :: "('b => 'a => 'b) => 'b => 'a list => 'b list" 
  8.3671 +
  8.3672 +specification (SCANL) SCANL: "(ALL (f::'b => 'a => 'b) e::'b. SCANL f e [] = [e]) &
  8.3673 +(ALL (f::'b => 'a => 'b) (e::'b) (x::'a) l::'a list.
  8.3674 +    SCANL f e (x # l) = e # SCANL f (f e x) l)"
  8.3675 +  by (import rich_list SCANL)
  8.3676 +
  8.3677 +consts
  8.3678 +  SCANR :: "('a => 'b => 'b) => 'b => 'a list => 'b list" 
  8.3679 +
  8.3680 +specification (SCANR) SCANR: "(ALL (f::'a => 'b => 'b) e::'b. SCANR f e [] = [e]) &
  8.3681 +(ALL (f::'a => 'b => 'b) (e::'b) (x::'a) l::'a list.
  8.3682 +    SCANR f e (x # l) = f x (hd (SCANR f e l)) # SCANR f e l)"
  8.3683 +  by (import rich_list SCANR)
  8.3684 +
  8.3685 +lemma IS_EL_DEF: "ALL x l. x mem l = list_exists (op = x) l"
  8.3686 +  by (import rich_list IS_EL_DEF)
  8.3687 +
  8.3688 +constdefs
  8.3689 +  AND_EL :: "bool list => bool" 
  8.3690 +  "AND_EL == list_all I"
  8.3691 +
  8.3692 +lemma AND_EL_DEF: "AND_EL = list_all I"
  8.3693 +  by (import rich_list AND_EL_DEF)
  8.3694 +
  8.3695 +constdefs
  8.3696 +  OR_EL :: "bool list => bool" 
  8.3697 +  "OR_EL == list_exists I"
  8.3698 +
  8.3699 +lemma OR_EL_DEF: "OR_EL = list_exists I"
  8.3700 +  by (import rich_list OR_EL_DEF)
  8.3701 +
  8.3702 +consts
  8.3703 +  FIRSTN :: "nat => 'a list => 'a list" 
  8.3704 +
  8.3705 +specification (FIRSTN) FIRSTN: "(ALL l::'a list. FIRSTN (0::nat) l = []) &
  8.3706 +(ALL (n::nat) (x::'a) l::'a list. FIRSTN (Suc n) (x # l) = x # FIRSTN n l)"
  8.3707 +  by (import rich_list FIRSTN)
  8.3708 +
  8.3709 +consts
  8.3710 +  BUTFIRSTN :: "nat => 'a list => 'a list" 
  8.3711 +
  8.3712 +specification (BUTFIRSTN) BUTFIRSTN: "(ALL l::'a list. BUTFIRSTN (0::nat) l = l) &
  8.3713 +(ALL (n::nat) (x::'a) l::'a list. BUTFIRSTN (Suc n) (x # l) = BUTFIRSTN n l)"
  8.3714 +  by (import rich_list BUTFIRSTN)
  8.3715 +
  8.3716 +consts
  8.3717 +  SEG :: "nat => nat => 'a list => 'a list" 
  8.3718 +
  8.3719 +specification (SEG) SEG: "(ALL (k::nat) l::'a list. SEG (0::nat) k l = []) &
  8.3720 +(ALL (m::nat) (x::'a) l::'a list.
  8.3721 +    SEG (Suc m) (0::nat) (x # l) = x # SEG m (0::nat) l) &
  8.3722 +(ALL (m::nat) (k::nat) (x::'a) l::'a list.
  8.3723 +    SEG (Suc m) (Suc k) (x # l) = SEG (Suc m) k l)"
  8.3724 +  by (import rich_list SEG)
  8.3725 +
  8.3726 +lemma LAST: "ALL x l. last (SNOC x l) = x"
  8.3727 +  by (import rich_list LAST)
  8.3728 +
  8.3729 +lemma BUTLAST: "ALL x l. butlast (SNOC x l) = l"
  8.3730 +  by (import rich_list BUTLAST)
  8.3731 +
  8.3732 +consts
  8.3733 +  LASTN :: "nat => 'a list => 'a list" 
  8.3734 +
  8.3735 +specification (LASTN) LASTN: "(ALL l::'a list. LASTN (0::nat) l = []) &
  8.3736 +(ALL (n::nat) (x::'a) l::'a list.
  8.3737 +    LASTN (Suc n) (SNOC x l) = SNOC x (LASTN n l))"
  8.3738 +  by (import rich_list LASTN)
  8.3739 +
  8.3740 +consts
  8.3741 +  BUTLASTN :: "nat => 'a list => 'a list" 
  8.3742 +
  8.3743 +specification (BUTLASTN) BUTLASTN: "(ALL l::'a list. BUTLASTN (0::nat) l = l) &
  8.3744 +(ALL (n::nat) (x::'a) l::'a list.
  8.3745 +    BUTLASTN (Suc n) (SNOC x l) = BUTLASTN n l)"
  8.3746 +  by (import rich_list BUTLASTN)
  8.3747 +
  8.3748 +lemma EL: "(ALL x::'a list. EL (0::nat) x = hd x) &
  8.3749 +(ALL (x::nat) xa::'a list. EL (Suc x) xa = EL x (tl xa))"
  8.3750 +  by (import rich_list EL)
  8.3751 +
  8.3752 +consts
  8.3753 +  ELL :: "nat => 'a list => 'a" 
  8.3754 +
  8.3755 +specification (ELL) ELL: "(ALL l::'a list. ELL (0::nat) l = last l) &
  8.3756 +(ALL (n::nat) l::'a list. ELL (Suc n) l = ELL n (butlast l))"
  8.3757 +  by (import rich_list ELL)
  8.3758 +
  8.3759 +consts
  8.3760 +  IS_PREFIX :: "'a list => 'a list => bool" 
  8.3761 +
  8.3762 +specification (IS_PREFIX) IS_PREFIX: "(ALL l::'a list. IS_PREFIX l [] = True) &
  8.3763 +(ALL (x::'a) l::'a list. IS_PREFIX [] (x # l) = False) &
  8.3764 +(ALL (x1::'a) (l1::'a list) (x2::'a) l2::'a list.
  8.3765 +    IS_PREFIX (x1 # l1) (x2 # l2) = (x1 = x2 & IS_PREFIX l1 l2))"
  8.3766 +  by (import rich_list IS_PREFIX)
  8.3767 +
  8.3768 +lemma SNOC_APPEND: "ALL x l. SNOC x l = l @ [x]"
  8.3769 +  by (import rich_list SNOC_APPEND)
  8.3770 +
  8.3771 +lemma REVERSE: "rev [] = [] & (ALL (x::'a) xa::'a list. rev (x # xa) = SNOC x (rev xa))"
  8.3772 +  by (import rich_list REVERSE)
  8.3773 +
  8.3774 +lemma REVERSE_SNOC: "ALL x l. rev (SNOC x l) = x # rev l"
  8.3775 +  by (import rich_list REVERSE_SNOC)
  8.3776 +
  8.3777 +lemma SNOC_Axiom: "ALL (e::'b) f::'a => 'a list => 'b => 'b.
  8.3778 +   EX x::'a list => 'b.
  8.3779 +      x [] = e & (ALL (xa::'a) l::'a list. x (SNOC xa l) = f xa l (x l))"
  8.3780 +  by (import rich_list SNOC_Axiom)
  8.3781 +
  8.3782 +consts
  8.3783 +  IS_SUFFIX :: "'a list => 'a list => bool" 
  8.3784 +
  8.3785 +specification (IS_SUFFIX) IS_SUFFIX: "(ALL l::'a list. IS_SUFFIX l [] = True) &
  8.3786 +(ALL (x::'a) l::'a list. IS_SUFFIX [] (SNOC x l) = False) &
  8.3787 +(ALL (x1::'a) (l1::'a list) (x2::'a) l2::'a list.
  8.3788 +    IS_SUFFIX (SNOC x1 l1) (SNOC x2 l2) = (x1 = x2 & IS_SUFFIX l1 l2))"
  8.3789 +  by (import rich_list IS_SUFFIX)
  8.3790 +
  8.3791 +consts
  8.3792 +  IS_SUBLIST :: "'a list => 'a list => bool" 
  8.3793 +
  8.3794 +specification (IS_SUBLIST) IS_SUBLIST: "(ALL l::'a list. IS_SUBLIST l [] = True) &
  8.3795 +(ALL (x::'a) l::'a list. IS_SUBLIST [] (x # l) = False) &
  8.3796 +(ALL (x1::'a) (l1::'a list) (x2::'a) l2::'a list.
  8.3797 +    IS_SUBLIST (x1 # l1) (x2 # l2) =
  8.3798 +    (x1 = x2 & IS_PREFIX l1 l2 | IS_SUBLIST l1 (x2 # l2)))"
  8.3799 +  by (import rich_list IS_SUBLIST)
  8.3800 +
  8.3801 +consts
  8.3802 +  SPLITP :: "('a => bool) => 'a list => 'a list * 'a list" 
  8.3803 +
  8.3804 +specification (SPLITP) SPLITP: "(ALL P::'a => bool. SPLITP P [] = ([], [])) &
  8.3805 +(ALL (P::'a => bool) (x::'a) l::'a list.
  8.3806 +    SPLITP P (x # l) =
  8.3807 +    (if P x then ([], x # l) else (x # fst (SPLITP P l), snd (SPLITP P l))))"
  8.3808 +  by (import rich_list SPLITP)
  8.3809 +
  8.3810 +constdefs
  8.3811 +  PREFIX :: "('a => bool) => 'a list => 'a list" 
  8.3812 +  "PREFIX == %P l. fst (SPLITP (Not o P) l)"
  8.3813 +
  8.3814 +lemma PREFIX_DEF: "ALL P l. PREFIX P l = fst (SPLITP (Not o P) l)"
  8.3815 +  by (import rich_list PREFIX_DEF)
  8.3816 +
  8.3817 +constdefs
  8.3818 +  SUFFIX :: "('a => bool) => 'a list => 'a list" 
  8.3819 +  "SUFFIX == %P. foldl (%l' x. if P x then SNOC x l' else []) []"
  8.3820 +
  8.3821 +lemma SUFFIX_DEF: "ALL P l. SUFFIX P l = foldl (%l' x. if P x then SNOC x l' else []) [] l"
  8.3822 +  by (import rich_list SUFFIX_DEF)
  8.3823 +
  8.3824 +constdefs
  8.3825 +  UNZIP_FST :: "('a * 'b) list => 'a list" 
  8.3826 +  "UNZIP_FST == %l. fst (unzip l)"
  8.3827 +
  8.3828 +lemma UNZIP_FST_DEF: "ALL l. UNZIP_FST l = fst (unzip l)"
  8.3829 +  by (import rich_list UNZIP_FST_DEF)
  8.3830 +
  8.3831 +constdefs
  8.3832 +  UNZIP_SND :: "('a * 'b) list => 'b list" 
  8.3833 +  "UNZIP_SND == %l. snd (unzip l)"
  8.3834 +
  8.3835 +lemma UNZIP_SND_DEF: "ALL l. UNZIP_SND l = snd (unzip l)"
  8.3836 +  by (import rich_list UNZIP_SND_DEF)
  8.3837 +
  8.3838 +consts
  8.3839 +  GENLIST :: "(nat => 'a) => nat => 'a list" 
  8.3840 +
  8.3841 +specification (GENLIST) GENLIST: "(ALL f::nat => 'a. GENLIST f (0::nat) = []) &
  8.3842 +(ALL (f::nat => 'a) n::nat. GENLIST f (Suc n) = SNOC (f n) (GENLIST f n))"
  8.3843 +  by (import rich_list GENLIST)
  8.3844 +
  8.3845 +consts
  8.3846 +  REPLICATE :: "nat => 'a => 'a list" 
  8.3847 +
  8.3848 +specification (REPLICATE) REPLICATE: "(ALL x::'a. REPLICATE (0::nat) x = []) &
  8.3849 +(ALL (n::nat) x::'a. REPLICATE (Suc n) x = x # REPLICATE n x)"
  8.3850 +  by (import rich_list REPLICATE)
  8.3851 +
  8.3852 +lemma LENGTH_MAP2: "ALL l1 l2.
  8.3853 +   length l1 = length l2 -->
  8.3854 +   (ALL f.
  8.3855 +       length (map2 f l1 l2) = length l1 &
  8.3856 +       length (map2 f l1 l2) = length l2)"
  8.3857 +  by (import rich_list LENGTH_MAP2)
  8.3858 +
  8.3859 +lemma NULL_EQ_NIL: "ALL l. null l = (l = [])"
  8.3860 +  by (import rich_list NULL_EQ_NIL)
  8.3861 +
  8.3862 +lemma LENGTH_EQ: "ALL x y. x = y --> length x = length y"
  8.3863 +  by (import rich_list LENGTH_EQ)
  8.3864 +
  8.3865 +lemma LENGTH_NOT_NULL: "ALL l. (0 < length l) = (~ null l)"
  8.3866 +  by (import rich_list LENGTH_NOT_NULL)
  8.3867 +
  8.3868 +lemma SNOC_INDUCT: "ALL P. P [] & (ALL l. P l --> (ALL x. P (SNOC x l))) --> All P"
  8.3869 +  by (import rich_list SNOC_INDUCT)
  8.3870 +
  8.3871 +lemma SNOC_CASES: "ALL x'. x' = [] | (EX x l. x' = SNOC x l)"
  8.3872 +  by (import rich_list SNOC_CASES)
  8.3873 +
  8.3874 +lemma LENGTH_SNOC: "ALL x l. length (SNOC x l) = Suc (length l)"
  8.3875 +  by (import rich_list LENGTH_SNOC)
  8.3876 +
  8.3877 +lemma NOT_NIL_SNOC: "ALL x xa. [] ~= SNOC x xa"
  8.3878 +  by (import rich_list NOT_NIL_SNOC)
  8.3879 +
  8.3880 +lemma NOT_SNOC_NIL: "ALL x xa. SNOC x xa ~= []"
  8.3881 +  by (import rich_list NOT_SNOC_NIL)
  8.3882 +
  8.3883 +lemma SNOC_11: "ALL x l x' l'. (SNOC x l = SNOC x' l') = (x = x' & l = l')"
  8.3884 +  by (import rich_list SNOC_11)
  8.3885 +
  8.3886 +lemma SNOC_EQ_LENGTH_EQ: "ALL x1 l1 x2 l2. SNOC x1 l1 = SNOC x2 l2 --> length l1 = length l2"
  8.3887 +  by (import rich_list SNOC_EQ_LENGTH_EQ)
  8.3888 +
  8.3889 +lemma SNOC_REVERSE_CONS: "ALL x xa. SNOC x xa = rev (x # rev xa)"
  8.3890 +  by (import rich_list SNOC_REVERSE_CONS)
  8.3891 +
  8.3892 +lemma MAP_SNOC: "ALL x xa xb. map x (SNOC xa xb) = SNOC (x xa) (map x xb)"
  8.3893 +  by (import rich_list MAP_SNOC)
  8.3894 +
  8.3895 +lemma FOLDR_SNOC: "ALL f e x l. foldr f (SNOC x l) e = foldr f l (f x e)"
  8.3896 +  by (import rich_list FOLDR_SNOC)
  8.3897 +
  8.3898 +lemma FOLDL_SNOC: "ALL (f::'b => 'a => 'b) (e::'b) (x::'a) l::'a list.
  8.3899 +   foldl f e (SNOC x l) = f (foldl f e l) x"
  8.3900 +  by (import rich_list FOLDL_SNOC)
  8.3901 +
  8.3902 +lemma FOLDR_FOLDL: "ALL f e. MONOID f e --> (ALL l. foldr f l e = foldl f e l)"
  8.3903 +  by (import rich_list FOLDR_FOLDL)
  8.3904 +
  8.3905 +lemma LENGTH_FOLDR: "ALL l. length l = foldr (%x. Suc) l 0"
  8.3906 +  by (import rich_list LENGTH_FOLDR)
  8.3907 +
  8.3908 +lemma LENGTH_FOLDL: "ALL l. length l = foldl (%l' x. Suc l') 0 l"
  8.3909 +  by (import rich_list LENGTH_FOLDL)
  8.3910 +
  8.3911 +lemma MAP_FOLDR: "ALL f l. map f l = foldr (%x. op # (f x)) l []"
  8.3912 +  by (import rich_list MAP_FOLDR)
  8.3913 +
  8.3914 +lemma MAP_FOLDL: "ALL f l. map f l = foldl (%l' x. SNOC (f x) l') [] l"
  8.3915 +  by (import rich_list MAP_FOLDL)
  8.3916 +
  8.3917 +lemma MAP_o: "ALL (f::'b => 'c) g::'a => 'b. map (f o g) = map f o map g"
  8.3918 +  by (import rich_list MAP_o)
  8.3919 +
  8.3920 +lemma FILTER_FOLDR: "ALL P l. filter P l = foldr (%x l'. if P x then x # l' else l') l []"
  8.3921 +  by (import rich_list FILTER_FOLDR)
  8.3922 +
  8.3923 +lemma FILTER_SNOC: "ALL P x l.
  8.3924 +   filter P (SNOC x l) = (if P x then SNOC x (filter P l) else filter P l)"
  8.3925 +  by (import rich_list FILTER_SNOC)
  8.3926 +
  8.3927 +lemma FILTER_FOLDL: "ALL P l. filter P l = foldl (%l' x. if P x then SNOC x l' else l') [] l"
  8.3928 +  by (import rich_list FILTER_FOLDL)
  8.3929 +
  8.3930 +lemma FILTER_COMM: "ALL f1 f2 l. filter f1 (filter f2 l) = filter f2 (filter f1 l)"
  8.3931 +  by (import rich_list FILTER_COMM)
  8.3932 +
  8.3933 +lemma FILTER_IDEM: "ALL f l. filter f (filter f l) = filter f l"
  8.3934 +  by (import rich_list FILTER_IDEM)
  8.3935 +
  8.3936 +lemma FILTER_MAP: "ALL (f1::'b => bool) (f2::'a => 'b) l::'a list.
  8.3937 +   filter f1 (map f2 l) = map f2 (filter (f1 o f2) l)"
  8.3938 +  by (import rich_list FILTER_MAP)
  8.3939 +
  8.3940 +lemma LENGTH_SEG: "ALL n k l. n + k <= length l --> length (SEG n k l) = n"
  8.3941 +  by (import rich_list LENGTH_SEG)
  8.3942 +
  8.3943 +lemma APPEND_NIL: "(ALL l::'a list. l @ [] = l) & (ALL x::'a list. [] @ x = x)"
  8.3944 +  by (import rich_list APPEND_NIL)
  8.3945 +
  8.3946 +lemma APPEND_SNOC: "ALL l1 x l2. l1 @ SNOC x l2 = SNOC x (l1 @ l2)"
  8.3947 +  by (import rich_list APPEND_SNOC)
  8.3948 +
  8.3949 +lemma APPEND_FOLDR: "ALL l1 l2. l1 @ l2 = foldr op # l1 l2"
  8.3950 +  by (import rich_list APPEND_FOLDR)
  8.3951 +
  8.3952 +lemma APPEND_FOLDL: "ALL l1 l2. l1 @ l2 = foldl (%l' x. SNOC x l') l1 l2"
  8.3953 +  by (import rich_list APPEND_FOLDL)
  8.3954 +
  8.3955 +lemma CONS_APPEND: "ALL x l. x # l = [x] @ l"
  8.3956 +  by (import rich_list CONS_APPEND)
  8.3957 +
  8.3958 +lemma ASSOC_APPEND: "ASSOC op @"
  8.3959 +  by (import rich_list ASSOC_APPEND)
  8.3960 +
  8.3961 +lemma MONOID_APPEND_NIL: "MONOID op @ []"
  8.3962 +  by (import rich_list MONOID_APPEND_NIL)
  8.3963 +
  8.3964 +lemma APPEND_LENGTH_EQ: "ALL l1 l1'.
  8.3965 +   length l1 = length l1' -->
  8.3966 +   (ALL l2 l2'.
  8.3967 +       length l2 = length l2' -->
  8.3968 +       (l1 @ l2 = l1' @ l2') = (l1 = l1' & l2 = l2'))"
  8.3969 +  by (import rich_list APPEND_LENGTH_EQ)
  8.3970 +
  8.3971 +lemma FLAT_SNOC: "ALL x l. concat (SNOC x l) = concat l @ x"
  8.3972 +  by (import rich_list FLAT_SNOC)
  8.3973 +
  8.3974 +lemma FLAT_FOLDR: "ALL l. concat l = foldr op @ l []"
  8.3975 +  by (import rich_list FLAT_FOLDR)
  8.3976 +
  8.3977 +lemma FLAT_FOLDL: "ALL l. concat l = foldl op @ [] l"
  8.3978 +  by (import rich_list FLAT_FOLDL)
  8.3979 +
  8.3980 +lemma LENGTH_FLAT: "ALL l. length (concat l) = sum (map size l)"
  8.3981 +  by (import rich_list LENGTH_FLAT)
  8.3982 +
  8.3983 +lemma REVERSE_FOLDR: "ALL l. rev l = foldr SNOC l []"
  8.3984 +  by (import rich_list REVERSE_FOLDR)
  8.3985 +
  8.3986 +lemma REVERSE_FOLDL: "ALL l. rev l = foldl (%l' x. x # l') [] l"
  8.3987 +  by (import rich_list REVERSE_FOLDL)
  8.3988 +
  8.3989 +lemma ALL_EL_SNOC: "ALL P x l. list_all P (SNOC x l) = (list_all P l & P x)"
  8.3990 +  by (import rich_list ALL_EL_SNOC)
  8.3991 +
  8.3992 +lemma ALL_EL_MAP: "ALL (P::'b => bool) (f::'a => 'b) l::'a list.
  8.3993 +   list_all P (map f l) = list_all (P o f) l"
  8.3994 +  by (import rich_list ALL_EL_MAP)
  8.3995 +
  8.3996 +lemma SOME_EL_SNOC: "ALL P x l. list_exists P (SNOC x l) = (P x | list_exists P l)"
  8.3997 +  by (import rich_list SOME_EL_SNOC)
  8.3998 +
  8.3999 +lemma IS_EL_SNOC: "ALL y x l. y mem SNOC x l = (y = x | y mem l)"
  8.4000 +  by (import rich_list IS_EL_SNOC)
  8.4001 +
  8.4002 +lemma SUM_SNOC: "ALL x l. sum (SNOC x l) = sum l + x"
  8.4003 +  by (import rich_list SUM_SNOC)
  8.4004 +
  8.4005 +lemma SUM_FOLDL: "ALL l. sum l = foldl op + 0 l"
  8.4006 +  by (import rich_list SUM_FOLDL)
  8.4007 +
  8.4008 +lemma IS_PREFIX_APPEND: "ALL l1 l2. IS_PREFIX l1 l2 = (EX l. l1 = l2 @ l)"
  8.4009 +  by (import rich_list IS_PREFIX_APPEND)
  8.4010 +
  8.4011 +lemma IS_SUFFIX_APPEND: "ALL l1 l2. IS_SUFFIX l1 l2 = (EX l. l1 = l @ l2)"
  8.4012 +  by (import rich_list IS_SUFFIX_APPEND)
  8.4013 +
  8.4014 +lemma IS_SUBLIST_APPEND: "ALL l1 l2. IS_SUBLIST l1 l2 = (EX l l'. l1 = l @ l2 @ l')"
  8.4015 +  by (import rich_list IS_SUBLIST_APPEND)
  8.4016 +
  8.4017 +lemma IS_PREFIX_IS_SUBLIST: "ALL l1 l2. IS_PREFIX l1 l2 --> IS_SUBLIST l1 l2"
  8.4018 +  by (import rich_list IS_PREFIX_IS_SUBLIST)
  8.4019 +
  8.4020 +lemma IS_SUFFIX_IS_SUBLIST: "ALL l1 l2. IS_SUFFIX l1 l2 --> IS_SUBLIST l1 l2"
  8.4021 +  by (import rich_list IS_SUFFIX_IS_SUBLIST)
  8.4022 +
  8.4023 +lemma IS_PREFIX_REVERSE: "ALL l1 l2. IS_PREFIX (rev l1) (rev l2) = IS_SUFFIX l1 l2"
  8.4024 +  by (import rich_list IS_PREFIX_REVERSE)
  8.4025 +
  8.4026 +lemma IS_SUFFIX_REVERSE: "ALL l2 l1. IS_SUFFIX (rev l1) (rev l2) = IS_PREFIX l1 l2"
  8.4027 +  by (import rich_list IS_SUFFIX_REVERSE)
  8.4028 +
  8.4029 +lemma IS_SUBLIST_REVERSE: "ALL l1 l2. IS_SUBLIST (rev l1) (rev l2) = IS_SUBLIST l1 l2"
  8.4030 +  by (import rich_list IS_SUBLIST_REVERSE)
  8.4031 +
  8.4032 +lemma PREFIX_FOLDR: "ALL P x. PREFIX P x = foldr (%x l'. if P x then x # l' else []) x []"
  8.4033 +  by (import rich_list PREFIX_FOLDR)
  8.4034 +
  8.4035 +lemma PREFIX: "(ALL x::'a => bool. PREFIX x [] = []) &
  8.4036 +(ALL (x::'a => bool) (xa::'a) xb::'a list.
  8.4037 +    PREFIX x (xa # xb) = (if x xa then xa # PREFIX x xb else []))"
  8.4038 +  by (import rich_list PREFIX)
  8.4039 +
  8.4040 +lemma IS_PREFIX_PREFIX: "ALL P l. IS_PREFIX l (PREFIX P l)"
  8.4041 +  by (import rich_list IS_PREFIX_PREFIX)
  8.4042 +
  8.4043 +lemma LENGTH_SCANL: "ALL (f::'b => 'a => 'b) (e::'b) l::'a list.
  8.4044 +   length (SCANL f e l) = Suc (length l)"
  8.4045 +  by (import rich_list LENGTH_SCANL)
  8.4046 +
  8.4047 +lemma LENGTH_SCANR: "ALL f e l. length (SCANR f e l) = Suc (length l)"
  8.4048 +  by (import rich_list LENGTH_SCANR)
  8.4049 +
  8.4050 +lemma COMM_MONOID_FOLDL: "ALL x.
  8.4051 +   COMM x -->
  8.4052 +   (ALL xa. MONOID x xa --> (ALL e l. foldl x e l = x e (foldl x xa l)))"
  8.4053 +  by (import rich_list COMM_MONOID_FOLDL)
  8.4054 +
  8.4055 +lemma COMM_MONOID_FOLDR: "ALL x.
  8.4056 +   COMM x -->
  8.4057 +   (ALL xa. MONOID x xa --> (ALL e l. foldr x l e = x e (foldr x l xa)))"
  8.4058 +  by (import rich_list COMM_MONOID_FOLDR)
  8.4059 +
  8.4060 +lemma FCOMM_FOLDR_APPEND: "ALL x xa.
  8.4061 +   FCOMM x xa -->
  8.4062 +   (ALL xb.
  8.4063 +       LEFT_ID x xb -->
  8.4064 +       (ALL l1 l2.
  8.4065 +           foldr xa (l1 @ l2) xb = x (foldr xa l1 xb) (foldr xa l2 xb)))"
  8.4066 +  by (import rich_list FCOMM_FOLDR_APPEND)
  8.4067 +
  8.4068 +lemma FCOMM_FOLDL_APPEND: "ALL x xa.
  8.4069 +   FCOMM x xa -->
  8.4070 +   (ALL xb.
  8.4071 +       RIGHT_ID xa xb -->
  8.4072 +       (ALL l1 l2.
  8.4073 +           foldl x xb (l1 @ l2) = xa (foldl x xb l1) (foldl x xb l2)))"
  8.4074 +  by (import rich_list FCOMM_FOLDL_APPEND)
  8.4075 +
  8.4076 +lemma FOLDL_SINGLE: "ALL x xa xb. foldl x xa [xb] = x xa xb"
  8.4077 +  by (import rich_list FOLDL_SINGLE)
  8.4078 +
  8.4079 +lemma FOLDR_SINGLE: "ALL x xa xb. foldr x [xb] xa = x xb xa"
  8.4080 +  by (import rich_list FOLDR_SINGLE)
  8.4081 +
  8.4082 +lemma FOLDR_CONS_NIL: "ALL l. foldr op # l [] = l"
  8.4083 +  by (import rich_list FOLDR_CONS_NIL)
  8.4084 +
  8.4085 +lemma FOLDL_SNOC_NIL: "ALL l. foldl (%xs x. SNOC x xs) [] l = l"
  8.4086 +  by (import rich_list FOLDL_SNOC_NIL)
  8.4087 +
  8.4088 +lemma FOLDR_REVERSE: "ALL x xa xb. foldr x (rev xb) xa = foldl (%xa y. x y xa) xa xb"
  8.4089 +  by (import rich_list FOLDR_REVERSE)
  8.4090 +
  8.4091 +lemma FOLDL_REVERSE: "ALL x xa xb. foldl x xa (rev xb) = foldr (%xa y. x y xa) xb xa"
  8.4092 +  by (import rich_list FOLDL_REVERSE)
  8.4093 +
  8.4094 +lemma FOLDR_MAP: "ALL (f::'a => 'a => 'a) (e::'a) (g::'b => 'a) l::'b list.
  8.4095 +   foldr f (map g l) e = foldr (%x::'b. f (g x)) l e"
  8.4096 +  by (import rich_list FOLDR_MAP)
  8.4097 +
  8.4098 +lemma FOLDL_MAP: "ALL (f::'a => 'a => 'a) (e::'a) (g::'b => 'a) l::'b list.
  8.4099 +   foldl f e (map g l) = foldl (%(x::'a) y::'b. f x (g y)) e l"
  8.4100 +  by (import rich_list FOLDL_MAP)
  8.4101 +
  8.4102 +lemma ALL_EL_FOLDR: "ALL P l. list_all P l = foldr (%x. op & (P x)) l True"
  8.4103 +  by (import rich_list ALL_EL_FOLDR)
  8.4104 +
  8.4105 +lemma ALL_EL_FOLDL: "ALL P l. list_all P l = foldl (%l' x. l' & P x) True l"
  8.4106 +  by (import rich_list ALL_EL_FOLDL)
  8.4107 +
  8.4108 +lemma SOME_EL_FOLDR: "ALL P l. list_exists P l = foldr (%x. op | (P x)) l False"
  8.4109 +  by (import rich_list SOME_EL_FOLDR)
  8.4110 +
  8.4111 +lemma SOME_EL_FOLDL: "ALL P l. list_exists P l = foldl (%l' x. l' | P x) False l"
  8.4112 +  by (import rich_list SOME_EL_FOLDL)
  8.4113 +
  8.4114 +lemma ALL_EL_FOLDR_MAP: "ALL x xa. list_all x xa = foldr op & (map x xa) True"
  8.4115 +  by (import rich_list ALL_EL_FOLDR_MAP)
  8.4116 +
  8.4117 +lemma ALL_EL_FOLDL_MAP: "ALL x xa. list_all x xa = foldl op & True (map x xa)"
  8.4118 +  by (import rich_list ALL_EL_FOLDL_MAP)
  8.4119 +
  8.4120 +lemma SOME_EL_FOLDR_MAP: "ALL x xa. list_exists x xa = foldr op | (map x xa) False"
  8.4121 +  by (import rich_list SOME_EL_FOLDR_MAP)
  8.4122 +
  8.4123 +lemma SOME_EL_FOLDL_MAP: "ALL x xa. list_exists x xa = foldl op | False (map x xa)"
  8.4124 +  by (import rich_list SOME_EL_FOLDL_MAP)
  8.4125 +
  8.4126 +lemma FOLDR_FILTER: "ALL (f::'a => 'a => 'a) (e::'a) (P::'a => bool) l::'a list.
  8.4127 +   foldr f (filter P l) e =
  8.4128 +   foldr (%(x::'a) y::'a. if P x then f x y else y) l e"
  8.4129 +  by (import rich_list FOLDR_FILTER)
  8.4130 +
  8.4131 +lemma FOLDL_FILTER: "ALL (f::'a => 'a => 'a) (e::'a) (P::'a => bool) l::'a list.
  8.4132 +   foldl f e (filter P l) =
  8.4133 +   foldl (%(x::'a) y::'a. if P y then f x y else x) e l"
  8.4134 +  by (import rich_list FOLDL_FILTER)
  8.4135 +
  8.4136 +lemma ASSOC_FOLDR_FLAT: "ALL f.
  8.4137 +   ASSOC f -->
  8.4138 +   (ALL e.
  8.4139 +       LEFT_ID f e -->
  8.4140 +       (ALL l. foldr f (concat l) e = foldr f (map (FOLDR f e) l) e))"
  8.4141 +  by (import rich_list ASSOC_FOLDR_FLAT)
  8.4142 +
  8.4143 +lemma ASSOC_FOLDL_FLAT: "ALL f.
  8.4144 +   ASSOC f -->
  8.4145 +   (ALL e.
  8.4146 +       RIGHT_ID f e -->
  8.4147 +       (ALL l. foldl f e (concat l) = foldl f e (map (foldl f e) l)))"
  8.4148 +  by (import rich_list ASSOC_FOLDL_FLAT)
  8.4149 +
  8.4150 +lemma SOME_EL_MAP: "ALL (P::'b => bool) (f::'a => 'b) l::'a list.
  8.4151 +   list_exists P (map f l) = list_exists (P o f) l"
  8.4152 +  by (import rich_list SOME_EL_MAP)
  8.4153 +
  8.4154 +lemma SOME_EL_DISJ: "ALL P Q l.
  8.4155 +   list_exists (%x. P x | Q x) l = (list_exists P l | list_exists Q l)"
  8.4156 +  by (import rich_list SOME_EL_DISJ)
  8.4157 +
  8.4158 +lemma IS_EL_FOLDR: "ALL x xa. x mem xa = foldr (%xa. op | (x = xa)) xa False"
  8.4159 +  by (import rich_list IS_EL_FOLDR)
  8.4160 +
  8.4161 +lemma IS_EL_FOLDL: "ALL x xa. x mem xa = foldl (%l' xa. l' | x = xa) False xa"
  8.4162 +  by (import rich_list IS_EL_FOLDL)
  8.4163 +
  8.4164 +lemma NULL_FOLDR: "ALL l. null l = foldr (%x l'. False) l True"
  8.4165 +  by (import rich_list NULL_FOLDR)
  8.4166 +
  8.4167 +lemma NULL_FOLDL: "ALL l. null l = foldl (%x l'. False) True l"
  8.4168 +  by (import rich_list NULL_FOLDL)
  8.4169 +
  8.4170 +lemma FILTER_REVERSE: "ALL P l. filter P (rev l) = rev (filter P l)"
  8.4171 +  by (import rich_list FILTER_REVERSE)
  8.4172 +
  8.4173 +lemma SEG_LENGTH_ID: "ALL l. SEG (length l) 0 l = l"
  8.4174 +  by (import rich_list SEG_LENGTH_ID)
  8.4175 +
  8.4176 +lemma SEG_SUC_CONS: "ALL m n l x. SEG m (Suc n) (x # l) = SEG m n l"
  8.4177 +  by (import rich_list SEG_SUC_CONS)
  8.4178 +
  8.4179 +lemma SEG_0_SNOC: "ALL m l x. m <= length l --> SEG m 0 (SNOC x l) = SEG m 0 l"
  8.4180 +  by (import rich_list SEG_0_SNOC)
  8.4181 +
  8.4182 +lemma BUTLASTN_SEG: "ALL n l. n <= length l --> BUTLASTN n l = SEG (length l - n) 0 l"
  8.4183 +  by (import rich_list BUTLASTN_SEG)
  8.4184 +
  8.4185 +lemma LASTN_CONS: "ALL n l. n <= length l --> (ALL x. LASTN n (x # l) = LASTN n l)"
  8.4186 +  by (import rich_list LASTN_CONS)
  8.4187 +
  8.4188 +lemma LENGTH_LASTN: "ALL n l. n <= length l --> length (LASTN n l) = n"
  8.4189 +  by (import rich_list LENGTH_LASTN)
  8.4190 +
  8.4191 +lemma LASTN_LENGTH_ID: "ALL l. LASTN (length l) l = l"
  8.4192 +  by (import rich_list LASTN_LENGTH_ID)
  8.4193 +
  8.4194 +lemma LASTN_LASTN: "ALL l n m. m <= length l --> n <= m --> LASTN n (LASTN m l) = LASTN n l"
  8.4195 +  by (import rich_list LASTN_LASTN)
  8.4196 +
  8.4197 +lemma FIRSTN_LENGTH_ID: "ALL l. FIRSTN (length l) l = l"
  8.4198 +  by (import rich_list FIRSTN_LENGTH_ID)
  8.4199 +
  8.4200 +lemma FIRSTN_SNOC: "ALL n l. n <= length l --> (ALL x. FIRSTN n (SNOC x l) = FIRSTN n l)"
  8.4201 +  by (import rich_list FIRSTN_SNOC)
  8.4202 +
  8.4203 +lemma BUTLASTN_LENGTH_NIL: "ALL l. BUTLASTN (length l) l = []"
  8.4204 +  by (import rich_list BUTLASTN_LENGTH_NIL)
  8.4205 +
  8.4206 +lemma BUTLASTN_SUC_BUTLAST: "ALL n l. n < length l --> BUTLASTN (Suc n) l = BUTLASTN n (butlast l)"
  8.4207 +  by (import rich_list BUTLASTN_SUC_BUTLAST)
  8.4208 +
  8.4209 +lemma BUTLASTN_BUTLAST: "ALL n l. n < length l --> BUTLASTN n (butlast l) = butlast (BUTLASTN n l)"
  8.4210 +  by (import rich_list BUTLASTN_BUTLAST)
  8.4211 +
  8.4212 +lemma LENGTH_BUTLASTN: "ALL n l. n <= length l --> length (BUTLASTN n l) = length l - n"
  8.4213 +  by (import rich_list LENGTH_BUTLASTN)
  8.4214 +
  8.4215 +lemma BUTLASTN_BUTLASTN: "ALL m n l.
  8.4216 +   n + m <= length l --> BUTLASTN n (BUTLASTN m l) = BUTLASTN (n + m) l"
  8.4217 +  by (import rich_list BUTLASTN_BUTLASTN)
  8.4218 +
  8.4219 +lemma APPEND_BUTLASTN_LASTN: "ALL n l. n <= length l --> BUTLASTN n l @ LASTN n l = l"
  8.4220 +  by (import rich_list APPEND_BUTLASTN_LASTN)
  8.4221 +
  8.4222 +lemma APPEND_FIRSTN_LASTN: "ALL m n l. m + n = length l --> FIRSTN n l @ LASTN m l = l"
  8.4223 +  by (import rich_list APPEND_FIRSTN_LASTN)
  8.4224 +
  8.4225 +lemma BUTLASTN_APPEND2: "ALL n l1 l2. n <= length l2 --> BUTLASTN n (l1 @ l2) = l1 @ BUTLASTN n l2"
  8.4226 +  by (import rich_list BUTLASTN_APPEND2)
  8.4227 +
  8.4228 +lemma BUTLASTN_LENGTH_APPEND: "ALL l2 l1. BUTLASTN (length l2) (l1 @ l2) = l1"
  8.4229 +  by (import rich_list BUTLASTN_LENGTH_APPEND)
  8.4230 +
  8.4231 +lemma LASTN_LENGTH_APPEND: "ALL l2 l1. LASTN (length l2) (l1 @ l2) = l2"
  8.4232 +  by (import rich_list LASTN_LENGTH_APPEND)
  8.4233 +
  8.4234 +lemma BUTLASTN_CONS: "ALL n l. n <= length l --> (ALL x. BUTLASTN n (x # l) = x # BUTLASTN n l)"
  8.4235 +  by (import rich_list BUTLASTN_CONS)
  8.4236 +
  8.4237 +lemma BUTLASTN_LENGTH_CONS: "ALL l x. BUTLASTN (length l) (x # l) = [x]"
  8.4238 +  by (import rich_list BUTLASTN_LENGTH_CONS)
  8.4239 +
  8.4240 +lemma LAST_LASTN_LAST: "ALL n l. n <= length l --> 0 < n --> last (LASTN n l) = last l"
  8.4241 +  by (import rich_list LAST_LASTN_LAST)
  8.4242 +
  8.4243 +lemma BUTLASTN_LASTN_NIL: "ALL n l. n <= length l --> BUTLASTN n (LASTN n l) = []"
  8.4244 +  by (import rich_list BUTLASTN_LASTN_NIL)
  8.4245 +
  8.4246 +lemma LASTN_BUTLASTN: "ALL n m l.
  8.4247 +   n + m <= length l -->
  8.4248 +   LASTN n (BUTLASTN m l) = BUTLASTN m (LASTN (n + m) l)"
  8.4249 +  by (import rich_list LASTN_BUTLASTN)
  8.4250 +
  8.4251 +lemma BUTLASTN_LASTN: "ALL m n l.
  8.4252 +   m <= n & n <= length l -->
  8.4253 +   BUTLASTN m (LASTN n l) = LASTN (n - m) (BUTLASTN m l)"
  8.4254 +  by (import rich_list BUTLASTN_LASTN)
  8.4255 +
  8.4256 +lemma LASTN_1: "ALL l. l ~= [] --> LASTN 1 l = [last l]"
  8.4257 +  by (import rich_list LASTN_1)
  8.4258 +
  8.4259 +lemma BUTLASTN_1: "ALL l. l ~= [] --> BUTLASTN 1 l = butlast l"
  8.4260 +  by (import rich_list BUTLASTN_1)
  8.4261 +
  8.4262 +lemma BUTLASTN_APPEND1: "ALL l2 n.
  8.4263 +   length l2 <= n -->
  8.4264 +   (ALL l1. BUTLASTN n (l1 @ l2) = BUTLASTN (n - length l2) l1)"
  8.4265 +  by (import rich_list BUTLASTN_APPEND1)
  8.4266 +
  8.4267 +lemma LASTN_APPEND2: "ALL n l2. n <= length l2 --> (ALL l1. LASTN n (l1 @ l2) = LASTN n l2)"
  8.4268 +  by (import rich_list LASTN_APPEND2)
  8.4269 +
  8.4270 +lemma LASTN_APPEND1: "ALL l2 n.
  8.4271 +   length l2 <= n -->
  8.4272 +   (ALL l1. LASTN n (l1 @ l2) = LASTN (n - length l2) l1 @ l2)"
  8.4273 +  by (import rich_list LASTN_APPEND1)
  8.4274 +
  8.4275 +lemma LASTN_MAP: "ALL n l. n <= length l --> (ALL f. LASTN n (map f l) = map f (LASTN n l))"
  8.4276 +  by (import rich_list LASTN_MAP)
  8.4277 +
  8.4278 +lemma BUTLASTN_MAP: "ALL n l.
  8.4279 +   n <= length l --> (ALL f. BUTLASTN n (map f l) = map f (BUTLASTN n l))"
  8.4280 +  by (import rich_list BUTLASTN_MAP)
  8.4281 +
  8.4282 +lemma ALL_EL_LASTN: "ALL P l. list_all P l --> (ALL m<=length l. list_all P (LASTN m l))"
  8.4283 +  by (import rich_list ALL_EL_LASTN)
  8.4284 +
  8.4285 +lemma ALL_EL_BUTLASTN: "ALL P l. list_all P l --> (ALL m<=length l. list_all P (BUTLASTN m l))"
  8.4286 +  by (import rich_list ALL_EL_BUTLASTN)
  8.4287 +
  8.4288 +lemma LENGTH_FIRSTN: "ALL n l. n <= length l --> length (FIRSTN n l) = n"
  8.4289 +  by (import rich_list LENGTH_FIRSTN)
  8.4290 +
  8.4291 +lemma FIRSTN_FIRSTN: "ALL m l. m <= length l --> (ALL n<=m. FIRSTN n (FIRSTN m l) = FIRSTN n l)"
  8.4292 +  by (import rich_list FIRSTN_FIRSTN)
  8.4293 +
  8.4294 +lemma LENGTH_BUTFIRSTN: "ALL n l. n <= length l --> length (BUTFIRSTN n l) = length l - n"
  8.4295 +  by (import rich_list LENGTH_BUTFIRSTN)
  8.4296 +
  8.4297 +lemma BUTFIRSTN_LENGTH_NIL: "ALL l. BUTFIRSTN (length l) l = []"
  8.4298 +  by (import rich_list BUTFIRSTN_LENGTH_NIL)
  8.4299 +
  8.4300 +lemma BUTFIRSTN_APPEND1: "ALL n l1.
  8.4301 +   n <= length l1 --> (ALL l2. BUTFIRSTN n (l1 @ l2) = BUTFIRSTN n l1 @ l2)"
  8.4302 +  by (import rich_list BUTFIRSTN_APPEND1)
  8.4303 +
  8.4304 +lemma BUTFIRSTN_APPEND2: "ALL l1 n.
  8.4305 +   length l1 <= n -->
  8.4306 +   (ALL l2. BUTFIRSTN n (l1 @ l2) = BUTFIRSTN (n - length l1) l2)"
  8.4307 +  by (import rich_list BUTFIRSTN_APPEND2)
  8.4308 +
  8.4309 +lemma BUTFIRSTN_BUTFIRSTN: "ALL n m l.
  8.4310 +   n + m <= length l --> BUTFIRSTN n (BUTFIRSTN m l) = BUTFIRSTN (n + m) l"
  8.4311 +  by (import rich_list BUTFIRSTN_BUTFIRSTN)
  8.4312 +
  8.4313 +lemma APPEND_FIRSTN_BUTFIRSTN: "ALL n l. n <= length l --> FIRSTN n l @ BUTFIRSTN n l = l"
  8.4314 +  by (import rich_list APPEND_FIRSTN_BUTFIRSTN)
  8.4315 +
  8.4316 +lemma LASTN_SEG: "ALL n l. n <= length l --> LASTN n l = SEG n (length l - n) l"
  8.4317 +  by (import rich_list LASTN_SEG)
  8.4318 +
  8.4319 +lemma FIRSTN_SEG: "ALL n l. n <= length l --> FIRSTN n l = SEG n 0 l"
  8.4320 +  by (import rich_list FIRSTN_SEG)
  8.4321 +
  8.4322 +lemma BUTFIRSTN_SEG: "ALL n l. n <= length l --> BUTFIRSTN n l = SEG (length l - n) n l"
  8.4323 +  by (import rich_list BUTFIRSTN_SEG)
  8.4324 +
  8.4325 +lemma BUTFIRSTN_SNOC: "ALL n l.
  8.4326 +   n <= length l -->
  8.4327 +   (ALL x. BUTFIRSTN n (SNOC x l) = SNOC x (BUTFIRSTN n l))"
  8.4328 +  by (import rich_list BUTFIRSTN_SNOC)
  8.4329 +
  8.4330 +lemma APPEND_BUTLASTN_BUTFIRSTN: "ALL m n l. m + n = length l --> BUTLASTN m l @ BUTFIRSTN n l = l"
  8.4331 +  by (import rich_list APPEND_BUTLASTN_BUTFIRSTN)
  8.4332 +
  8.4333 +lemma SEG_SEG: "ALL n1 m1 n2 m2 l.
  8.4334 +   n1 + m1 <= length l & n2 + m2 <= n1 -->
  8.4335 +   SEG n2 m2 (SEG n1 m1 l) = SEG n2 (m1 + m2) l"
  8.4336 +  by (import rich_list SEG_SEG)
  8.4337 +
  8.4338 +lemma SEG_APPEND1: "ALL n m l1. n + m <= length l1 --> (ALL l2. SEG n m (l1 @ l2) = SEG n m l1)"
  8.4339 +  by (import rich_list SEG_APPEND1)
  8.4340 +
  8.4341 +lemma SEG_APPEND2: "ALL l1 m n l2.
  8.4342 +   length l1 <= m & n <= length l2 -->
  8.4343 +   SEG n m (l1 @ l2) = SEG n (m - length l1) l2"
  8.4344 +  by (import rich_list SEG_APPEND2)
  8.4345 +
  8.4346 +lemma SEG_FIRSTN_BUTFISTN: "ALL n m l. n + m <= length l --> SEG n m l = FIRSTN n (BUTFIRSTN m l)"
  8.4347 +  by (import rich_list SEG_FIRSTN_BUTFISTN)
  8.4348 +
  8.4349 +lemma SEG_APPEND: "ALL m l1 n l2.
  8.4350 +   m < length l1 & length l1 <= n + m & n + m <= length l1 + length l2 -->
  8.4351 +   SEG n m (l1 @ l2) =
  8.4352 +   SEG (length l1 - m) m l1 @ SEG (n + m - length l1) 0 l2"
  8.4353 +  by (import rich_list SEG_APPEND)
  8.4354 +
  8.4355 +lemma SEG_LENGTH_SNOC: "ALL x xa. SEG 1 (length x) (SNOC xa x) = [xa]"
  8.4356 +  by (import rich_list SEG_LENGTH_SNOC)
  8.4357 +
  8.4358 +lemma SEG_SNOC: "ALL n m l. n + m <= length l --> (ALL x. SEG n m (SNOC x l) = SEG n m l)"
  8.4359 +  by (import rich_list SEG_SNOC)
  8.4360 +
  8.4361 +lemma ELL_SEG: "ALL n l. n < length l --> ELL n l = hd (SEG 1 (PRE (length l - n)) l)"
  8.4362 +  by (import rich_list ELL_SEG)
  8.4363 +
  8.4364 +lemma SNOC_FOLDR: "ALL x l. SNOC x l = foldr op # l [x]"
  8.4365 +  by (import rich_list SNOC_FOLDR)
  8.4366 +
  8.4367 +lemma IS_EL_FOLDR_MAP: "ALL x xa. x mem xa = foldr op | (map (op = x) xa) False"
  8.4368 +  by (import rich_list IS_EL_FOLDR_MAP)
  8.4369 +
  8.4370 +lemma IS_EL_FOLDL_MAP: "ALL x xa. x mem xa = foldl op | False (map (op = x) xa)"
  8.4371 +  by (import rich_list IS_EL_FOLDL_MAP)
  8.4372 +
  8.4373 +lemma FILTER_FILTER: "ALL P Q l. filter P (filter Q l) = [x:l. P x & Q x]"
  8.4374 +  by (import rich_list FILTER_FILTER)
  8.4375 +
  8.4376 +lemma FCOMM_FOLDR_FLAT: "ALL g f.
  8.4377 +   FCOMM g f -->
  8.4378 +   (ALL e.
  8.4379 +       LEFT_ID g e -->
  8.4380 +       (ALL l. foldr f (concat l) e = foldr g (map (FOLDR f e) l) e))"
  8.4381 +  by (import rich_list FCOMM_FOLDR_FLAT)
  8.4382 +
  8.4383 +lemma FCOMM_FOLDL_FLAT: "ALL f g.
  8.4384 +   FCOMM f g -->
  8.4385 +   (ALL e.
  8.4386 +       RIGHT_ID g e -->
  8.4387 +       (ALL l. foldl f e (concat l) = foldl g e (map (foldl f e) l)))"
  8.4388 +  by (import rich_list FCOMM_FOLDL_FLAT)
  8.4389 +
  8.4390 +lemma FOLDR_MAP_REVERSE: "ALL f::'a => 'a => 'a.
  8.4391 +   (ALL (a::'a) (b::'a) c::'a. f a (f b c) = f b (f a c)) -->
  8.4392 +   (ALL (e::'a) (g::'b => 'a) l::'b list.
  8.4393 +       foldr f (map g (rev l)) e = foldr f (map g l) e)"
  8.4394 +  by (import rich_list FOLDR_MAP_REVERSE)
  8.4395 +
  8.4396 +lemma FOLDR_FILTER_REVERSE: "ALL f::'a => 'a => 'a.
  8.4397 +   (ALL (a::'a) (b::'a) c::'a. f a (f b c) = f b (f a c)) -->
  8.4398 +   (ALL (e::'a) (P::'a => bool) l::'a list.
  8.4399 +       foldr f (filter P (rev l)) e = foldr f (filter P l) e)"
  8.4400 +  by (import rich_list FOLDR_FILTER_REVERSE)
  8.4401 +
  8.4402 +lemma COMM_ASSOC_FOLDR_REVERSE: "ALL f. COMM f --> ASSOC f --> (ALL e l. foldr f (rev l) e = foldr f l e)"
  8.4403 +  by (import rich_list COMM_ASSOC_FOLDR_REVERSE)
  8.4404 +
  8.4405 +lemma COMM_ASSOC_FOLDL_REVERSE: "ALL f. COMM f --> ASSOC f --> (ALL e l. foldl f e (rev l) = foldl f e l)"
  8.4406 +  by (import rich_list COMM_ASSOC_FOLDL_REVERSE)
  8.4407 +
  8.4408 +lemma ELL_LAST: "ALL l. ~ null l --> ELL 0 l = last l"
  8.4409 +  by (import rich_list ELL_LAST)
  8.4410 +
  8.4411 +lemma ELL_0_SNOC: "ALL l x. ELL 0 (SNOC x l) = x"
  8.4412 +  by (import rich_list ELL_0_SNOC)
  8.4413 +
  8.4414 +lemma ELL_SNOC: "ALL n. 0 < n --> (ALL x l. ELL n (SNOC x l) = ELL (PRE n) l)"
  8.4415 +  by (import rich_list ELL_SNOC)
  8.4416 +
  8.4417 +lemma ELL_SUC_SNOC: "ALL n x xa. ELL (Suc n) (SNOC x xa) = ELL n xa"
  8.4418 +  by (import rich_list ELL_SUC_SNOC)
  8.4419 +
  8.4420 +lemma ELL_CONS: "ALL n l. n < length l --> (ALL x. ELL n (x # l) = ELL n l)"
  8.4421 +  by (import rich_list ELL_CONS)
  8.4422 +
  8.4423 +lemma ELL_LENGTH_CONS: "ALL l x. ELL (length l) (x # l) = x"
  8.4424 +  by (import rich_list ELL_LENGTH_CONS)
  8.4425 +
  8.4426 +lemma ELL_LENGTH_SNOC: "ALL l x. ELL (length l) (SNOC x l) = (if null l then x else hd l)"
  8.4427 +  by (import rich_list ELL_LENGTH_SNOC)
  8.4428 +
  8.4429 +lemma ELL_APPEND2: "ALL n l2. n < length l2 --> (ALL l1. ELL n (l1 @ l2) = ELL n l2)"
  8.4430 +  by (import rich_list ELL_APPEND2)
  8.4431 +
  8.4432 +lemma ELL_APPEND1: "ALL l2 n.
  8.4433 +   length l2 <= n --> (ALL l1. ELL n (l1 @ l2) = ELL (n - length l2) l1)"
  8.4434 +  by (import rich_list ELL_APPEND1)
  8.4435 +
  8.4436 +lemma ELL_PRE_LENGTH: "ALL l. l ~= [] --> ELL (PRE (length l)) l = hd l"
  8.4437 +  by (import rich_list ELL_PRE_LENGTH)
  8.4438 +
  8.4439 +lemma EL_LENGTH_SNOC: "ALL l x. EL (length l) (SNOC x l) = x"
  8.4440 +  by (import rich_list EL_LENGTH_SNOC)
  8.4441 +
  8.4442 +lemma EL_PRE_LENGTH: "ALL l. l ~= [] --> EL (PRE (length l)) l = last l"
  8.4443 +  by (import rich_list EL_PRE_LENGTH)
  8.4444 +
  8.4445 +lemma EL_SNOC: "ALL n l. n < length l --> (ALL x. EL n (SNOC x l) = EL n l)"
  8.4446 +  by (import rich_list EL_SNOC)
  8.4447 +
  8.4448 +lemma EL_ELL: "ALL n l. n < length l --> EL n l = ELL (PRE (length l - n)) l"
  8.4449 +  by (import rich_list EL_ELL)
  8.4450 +
  8.4451 +lemma EL_LENGTH_APPEND: "ALL l2 l1. ~ null l2 --> EL (length l1) (l1 @ l2) = hd l2"
  8.4452 +  by (import rich_list EL_LENGTH_APPEND)
  8.4453 +
  8.4454 +lemma ELL_EL: "ALL n l. n < length l --> ELL n l = EL (PRE (length l - n)) l"
  8.4455 +  by (import rich_list ELL_EL)
  8.4456 +
  8.4457 +lemma ELL_MAP: "ALL n l f. n < length l --> ELL n (map f l) = f (ELL n l)"
  8.4458 +  by (import rich_list ELL_MAP)
  8.4459 +
  8.4460 +lemma LENGTH_BUTLAST: "ALL l. l ~= [] --> length (butlast l) = PRE (length l)"
  8.4461 +  by (import rich_list LENGTH_BUTLAST)
  8.4462 +
  8.4463 +lemma BUTFIRSTN_LENGTH_APPEND: "ALL l1 l2. BUTFIRSTN (length l1) (l1 @ l2) = l2"
  8.4464 +  by (import rich_list BUTFIRSTN_LENGTH_APPEND)
  8.4465 +
  8.4466 +lemma FIRSTN_APPEND1: "ALL n l1. n <= length l1 --> (ALL l2. FIRSTN n (l1 @ l2) = FIRSTN n l1)"
  8.4467 +  by (import rich_list FIRSTN_APPEND1)
  8.4468 +
  8.4469 +lemma FIRSTN_APPEND2: "ALL l1 n.
  8.4470 +   length l1 <= n -->
  8.4471 +   (ALL l2. FIRSTN n (l1 @ l2) = l1 @ FIRSTN (n - length l1) l2)"
  8.4472 +  by (import rich_list FIRSTN_APPEND2)
  8.4473 +
  8.4474 +lemma FIRSTN_LENGTH_APPEND: "ALL l1 l2. FIRSTN (length l1) (l1 @ l2) = l1"
  8.4475 +  by (import rich_list FIRSTN_LENGTH_APPEND)
  8.4476 +
  8.4477 +lemma REVERSE_FLAT: "ALL l. rev (concat l) = concat (rev (map rev l))"
  8.4478 +  by (import rich_list REVERSE_FLAT)
  8.4479 +
  8.4480 +lemma MAP_FILTER: "ALL f P l.
  8.4481 +   (ALL x. P (f x) = P x) --> map f (filter P l) = filter P (map f l)"
  8.4482 +  by (import rich_list MAP_FILTER)
  8.4483 +
  8.4484 +lemma FLAT_REVERSE: "ALL l. concat (rev l) = rev (concat (map rev l))"
  8.4485 +  by (import rich_list FLAT_REVERSE)
  8.4486 +
  8.4487 +lemma FLAT_FLAT: "ALL l. concat (concat l) = concat (map concat l)"
  8.4488 +  by (import rich_list FLAT_FLAT)
  8.4489 +
  8.4490 +lemma ALL_EL_REVERSE: "ALL P l. list_all P (rev l) = list_all P l"
  8.4491 +  by (import rich_list ALL_EL_REVERSE)
  8.4492 +
  8.4493 +lemma SOME_EL_REVERSE: "ALL P l. list_exists P (rev l) = list_exists P l"
  8.4494 +  by (import rich_list SOME_EL_REVERSE)
  8.4495 +
  8.4496 +lemma ALL_EL_SEG: "ALL P l.
  8.4497 +   list_all P l --> (ALL m k. m + k <= length l --> list_all P (SEG m k l))"
  8.4498 +  by (import rich_list ALL_EL_SEG)
  8.4499 +
  8.4500 +lemma ALL_EL_FIRSTN: "ALL P l. list_all P l --> (ALL m<=length l. list_all P (FIRSTN m l))"
  8.4501 +  by (import rich_list ALL_EL_FIRSTN)
  8.4502 +
  8.4503 +lemma ALL_EL_BUTFIRSTN: "ALL P l. list_all P l --> (ALL m<=length l. list_all P (BUTFIRSTN m l))"
  8.4504 +  by (import rich_list ALL_EL_BUTFIRSTN)
  8.4505 +
  8.4506 +lemma SOME_EL_SEG: "ALL m k l.
  8.4507 +   m + k <= length l -->
  8.4508 +   (ALL P. list_exists P (SEG m k l) --> list_exists P l)"
  8.4509 +  by (import rich_list SOME_EL_SEG)
  8.4510 +
  8.4511 +lemma SOME_EL_FIRSTN: "ALL m l.
  8.4512 +   m <= length l --> (ALL P. list_exists P (FIRSTN m l) --> list_exists P l)"
  8.4513 +  by (import rich_list SOME_EL_FIRSTN)
  8.4514 +
  8.4515 +lemma SOME_EL_BUTFIRSTN: "ALL m l.
  8.4516 +   m <= length l -->
  8.4517 +   (ALL P. list_exists P (BUTFIRSTN m l) --> list_exists P l)"
  8.4518 +  by (import rich_list SOME_EL_BUTFIRSTN)
  8.4519 +
  8.4520 +lemma SOME_EL_LASTN: "ALL m l.
  8.4521 +   m <= length l --> (ALL P. list_exists P (LASTN m l) --> list_exists P l)"
  8.4522 +  by (import rich_list SOME_EL_LASTN)
  8.4523 +
  8.4524 +lemma SOME_EL_BUTLASTN: "ALL m l.
  8.4525 +   m <= length l -->
  8.4526 +   (ALL P. list_exists P (BUTLASTN m l) --> list_exists P l)"
  8.4527 +  by (import rich_list SOME_EL_BUTLASTN)
  8.4528 +
  8.4529 +lemma IS_EL_REVERSE: "ALL x l. x mem rev l = x mem l"
  8.4530 +  by (import rich_list IS_EL_REVERSE)
  8.4531 +
  8.4532 +lemma IS_EL_FILTER: "ALL P x. P x --> (ALL l. x mem filter P l = x mem l)"
  8.4533 +  by (import rich_list IS_EL_FILTER)
  8.4534 +
  8.4535 +lemma IS_EL_SEG: "ALL n m l. n + m <= length l --> (ALL x. x mem SEG n m l --> x mem l)"
  8.4536 +  by (import rich_list IS_EL_SEG)
  8.4537 +
  8.4538 +lemma IS_EL_SOME_EL: "ALL x l. x mem l = list_exists (op = x) l"
  8.4539 +  by (import rich_list IS_EL_SOME_EL)
  8.4540 +
  8.4541 +lemma IS_EL_FIRSTN: "ALL x xa. x <= length xa --> (ALL xb. xb mem FIRSTN x xa --> xb mem xa)"
  8.4542 +  by (import rich_list IS_EL_FIRSTN)
  8.4543 +
  8.4544 +lemma IS_EL_BUTFIRSTN: "ALL x xa. x <= length xa --> (ALL xb. xb mem BUTFIRSTN x xa --> xb mem xa)"
  8.4545 +  by (import rich_list IS_EL_BUTFIRSTN)
  8.4546 +
  8.4547 +lemma IS_EL_BUTLASTN: "ALL x xa. x <= length xa --> (ALL xb. xb mem BUTLASTN x xa --> xb mem xa)"
  8.4548 +  by (import rich_list IS_EL_BUTLASTN)
  8.4549 +
  8.4550 +lemma IS_EL_LASTN: "ALL x xa. x <= length xa --> (ALL xb. xb mem LASTN x xa --> xb mem xa)"
  8.4551 +  by (import rich_list IS_EL_LASTN)
  8.4552 +
  8.4553 +lemma ZIP_SNOC: "ALL l1 l2.
  8.4554 +   length l1 = length l2 -->
  8.4555 +   (ALL x1 x2. zip (SNOC x1 l1) (SNOC x2 l2) = SNOC (x1, x2) (zip l1 l2))"
  8.4556 +  by (import rich_list ZIP_SNOC)
  8.4557 +
  8.4558 +lemma UNZIP_SNOC: "ALL x l.
  8.4559 +   unzip (SNOC x l) =
  8.4560 +   (SNOC (fst x) (fst (unzip l)), SNOC (snd x) (snd (unzip l)))"
  8.4561 +  by (import rich_list UNZIP_SNOC)
  8.4562 +
  8.4563 +lemma LENGTH_UNZIP_FST: "ALL x. length (UNZIP_FST x) = length x"
  8.4564 +  by (import rich_list LENGTH_UNZIP_FST)
  8.4565 +
  8.4566 +lemma LENGTH_UNZIP_SND: "ALL x. length (UNZIP_SND x) = length x"
  8.4567 +  by (import rich_list LENGTH_UNZIP_SND)
  8.4568 +
  8.4569 +lemma SUM_APPEND: "ALL l1 l2. sum (l1 @ l2) = sum l1 + sum l2"
  8.4570 +  by (import rich_list SUM_APPEND)
  8.4571 +
  8.4572 +lemma SUM_REVERSE: "ALL l. sum (rev l) = sum l"
  8.4573 +  by (import rich_list SUM_REVERSE)
  8.4574 +
  8.4575 +lemma SUM_FLAT: "ALL l. sum (concat l) = sum (map sum l)"
  8.4576 +  by (import rich_list SUM_FLAT)
  8.4577 +
  8.4578 +lemma EL_APPEND1: "ALL n l1 l2. n < length l1 --> EL n (l1 @ l2) = EL n l1"
  8.4579 +  by (import rich_list EL_APPEND1)
  8.4580 +
  8.4581 +lemma EL_APPEND2: "ALL l1 n.
  8.4582 +   length l1 <= n --> (ALL l2. EL n (l1 @ l2) = EL (n - length l1) l2)"
  8.4583 +  by (import rich_list EL_APPEND2)
  8.4584 +
  8.4585 +lemma EL_MAP: "ALL n l. n < length l --> (ALL f. EL n (map f l) = f (EL n l))"
  8.4586 +  by (import rich_list EL_MAP)
  8.4587 +
  8.4588 +lemma EL_CONS: "ALL n. 0 < n --> (ALL x l. EL n (x # l) = EL (PRE n) l)"
  8.4589 +  by (import rich_list EL_CONS)
  8.4590 +
  8.4591 +lemma EL_SEG: "ALL n l. n < length l --> EL n l = hd (SEG 1 n l)"
  8.4592 +  by (import rich_list EL_SEG)
  8.4593 +
  8.4594 +lemma EL_IS_EL: "ALL n l. n < length l --> EL n l mem l"
  8.4595 +  by (import rich_list EL_IS_EL)
  8.4596 +
  8.4597 +lemma TL_SNOC: "ALL x l. tl (SNOC x l) = (if null l then [] else SNOC x (tl l))"
  8.4598 +  by (import rich_list TL_SNOC)
  8.4599 +
  8.4600 +lemma EL_REVERSE: "ALL n l. n < length l --> EL n (rev l) = EL (PRE (length l - n)) l"
  8.4601 +  by (import rich_list EL_REVERSE)
  8.4602 +
  8.4603 +lemma EL_REVERSE_ELL: "ALL n l. n < length l --> EL n (rev l) = ELL n l"
  8.4604 +  by (import rich_list EL_REVERSE_ELL)
  8.4605 +
  8.4606 +lemma ELL_LENGTH_APPEND: "ALL l1 l2. ~ null l1 --> ELL (length l2) (l1 @ l2) = last l1"
  8.4607 +  by (import rich_list ELL_LENGTH_APPEND)
  8.4608 +
  8.4609 +lemma ELL_IS_EL: "ALL n l. n < length l --> ELL n l mem l"
  8.4610 +  by (import rich_list ELL_IS_EL)
  8.4611 +
  8.4612 +lemma ELL_REVERSE: "ALL n l. n < length l --> ELL n (rev l) = ELL (PRE (length l - n)) l"
  8.4613 +  by (import rich_list ELL_REVERSE)
  8.4614 +
  8.4615 +lemma ELL_REVERSE_EL: "ALL n l. n < length l --> ELL n (rev l) = EL n l"
  8.4616 +  by (import rich_list ELL_REVERSE_EL)
  8.4617 +
  8.4618 +lemma FIRSTN_BUTLASTN: "ALL n l. n <= length l --> FIRSTN n l = BUTLASTN (length l - n) l"
  8.4619 +  by (import rich_list FIRSTN_BUTLASTN)
  8.4620 +
  8.4621 +lemma BUTLASTN_FIRSTN: "ALL n l. n <= length l --> BUTLASTN n l = FIRSTN (length l - n) l"
  8.4622 +  by (import rich_list BUTLASTN_FIRSTN)
  8.4623 +
  8.4624 +lemma LASTN_BUTFIRSTN: "ALL n l. n <= length l --> LASTN n l = BUTFIRSTN (length l - n) l"
  8.4625 +  by (import rich_list LASTN_BUTFIRSTN)
  8.4626 +
  8.4627 +lemma BUTFIRSTN_LASTN: "ALL n l. n <= length l --> BUTFIRSTN n l = LASTN (length l - n) l"
  8.4628 +  by (import rich_list BUTFIRSTN_LASTN)
  8.4629 +
  8.4630 +lemma SEG_LASTN_BUTLASTN: "ALL n m l.
  8.4631 +   n + m <= length l -->
  8.4632 +   SEG n m l = LASTN n (BUTLASTN (length l - (n + m)) l)"
  8.4633 +  by (import rich_list SEG_LASTN_BUTLASTN)
  8.4634 +
  8.4635 +lemma BUTFIRSTN_REVERSE: "ALL n l. n <= length l --> BUTFIRSTN n (rev l) = rev (BUTLASTN n l)"
  8.4636 +  by (import rich_list BUTFIRSTN_REVERSE)
  8.4637 +
  8.4638 +lemma BUTLASTN_REVERSE: "ALL n l. n <= length l --> BUTLASTN n (rev l) = rev (BUTFIRSTN n l)"
  8.4639 +  by (import rich_list BUTLASTN_REVERSE)
  8.4640 +
  8.4641 +lemma LASTN_REVERSE: "ALL n l. n <= length l --> LASTN n (rev l) = rev (FIRSTN n l)"
  8.4642 +  by (import rich_list LASTN_REVERSE)
  8.4643 +
  8.4644 +lemma FIRSTN_REVERSE: "ALL n l. n <= length l --> FIRSTN n (rev l) = rev (LASTN n l)"
  8.4645 +  by (import rich_list FIRSTN_REVERSE)
  8.4646 +
  8.4647 +lemma SEG_REVERSE: "ALL n m l.
  8.4648 +   n + m <= length l -->
  8.4649 +   SEG n m (rev l) = rev (SEG n (length l - (n + m)) l)"
  8.4650 +  by (import rich_list SEG_REVERSE)
  8.4651 +
  8.4652 +lemma LENGTH_GENLIST: "ALL f n. length (GENLIST f n) = n"
  8.4653 +  by (import rich_list LENGTH_GENLIST)
  8.4654 +
  8.4655 +lemma LENGTH_REPLICATE: "ALL n x. length (REPLICATE n x) = n"
  8.4656 +  by (import rich_list LENGTH_REPLICATE)
  8.4657 +
  8.4658 +lemma IS_EL_REPLICATE: "ALL n. 0 < n --> (ALL x. x mem REPLICATE n x)"
  8.4659 +  by (import rich_list IS_EL_REPLICATE)
  8.4660 +
  8.4661 +lemma ALL_EL_REPLICATE: "ALL x n. list_all (op = x) (REPLICATE n x)"
  8.4662 +  by (import rich_list ALL_EL_REPLICATE)
  8.4663 +
  8.4664 +lemma AND_EL_FOLDL: "ALL l. AND_EL l = foldl op & True l"
  8.4665 +  by (import rich_list AND_EL_FOLDL)
  8.4666 +
  8.4667 +lemma AND_EL_FOLDR: "ALL l. AND_EL l = foldr op & l True"
  8.4668 +  by (import rich_list AND_EL_FOLDR)
  8.4669 +
  8.4670 +lemma OR_EL_FOLDL: "ALL l. OR_EL l = foldl op | False l"
  8.4671 +  by (import rich_list OR_EL_FOLDL)
  8.4672 +
  8.4673 +lemma OR_EL_FOLDR: "ALL l. OR_EL l = foldr op | l False"
  8.4674 +  by (import rich_list OR_EL_FOLDR)
  8.4675 +
  8.4676 +;end_setup
  8.4677 +
  8.4678 +;setup_theory state_transformer
  8.4679 +
  8.4680 +constdefs
  8.4681 +  UNIT :: "'b => 'a => 'b * 'a" 
  8.4682 +  "(op ==::('b => 'a => 'b * 'a) => ('b => 'a => 'b * 'a) => prop)
  8.4683 + (UNIT::'b => 'a => 'b * 'a) (Pair::'b => 'a => 'b * 'a)"
  8.4684 +
  8.4685 +lemma UNIT_DEF: "ALL x::'b. UNIT x = Pair x"
  8.4686 +  by (import state_transformer UNIT_DEF)
  8.4687 +
  8.4688 +constdefs
  8.4689 +  BIND :: "('a => 'b * 'a) => ('b => 'a => 'c * 'a) => 'a => 'c * 'a" 
  8.4690 +  "BIND == %g f. split f o g"
  8.4691 +
  8.4692 +lemma BIND_DEF: "ALL g f. BIND g f = split f o g"
  8.4693 +  by (import state_transformer BIND_DEF)
  8.4694 +
  8.4695 +constdefs
  8.4696 +  MMAP :: "('c => 'b) => ('a => 'c * 'a) => 'a => 'b * 'a" 
  8.4697 +  "MMAP == %(f::'c => 'b) m::'a => 'c * 'a. BIND m (UNIT o f)"
  8.4698 +
  8.4699 +lemma MMAP_DEF: "ALL (f::'c => 'b) m::'a => 'c * 'a. MMAP f m = BIND m (UNIT o f)"
  8.4700 +  by (import state_transformer MMAP_DEF)
  8.4701 +
  8.4702 +constdefs
  8.4703 +  JOIN :: "('a => ('a => 'b * 'a) * 'a) => 'a => 'b * 'a" 
  8.4704 +  "JOIN == %z. BIND z I"
  8.4705 +
  8.4706 +lemma JOIN_DEF: "ALL z. JOIN z = BIND z I"
  8.4707 +  by (import state_transformer JOIN_DEF)
  8.4708 +
  8.4709 +lemma BIND_LEFT_UNIT: "ALL k x. BIND (UNIT x) k = k x"
  8.4710 +  by (import state_transformer BIND_LEFT_UNIT)
  8.4711 +
  8.4712 +lemma UNIT_UNCURRY: "ALL x. split UNIT x = x"
  8.4713 +  by (import state_transformer UNIT_UNCURRY)
  8.4714 +
  8.4715 +lemma BIND_RIGHT_UNIT: "ALL k. BIND k UNIT = k"
  8.4716 +  by (import state_transformer BIND_RIGHT_UNIT)
  8.4717 +
  8.4718 +lemma BIND_ASSOC: "ALL x xa xb. BIND x (%a. BIND (xa a) xb) = BIND (BIND x xa) xb"
  8.4719 +  by (import state_transformer BIND_ASSOC)
  8.4720 +
  8.4721 +lemma MMAP_ID: "MMAP I = I"
  8.4722 +  by (import state_transformer MMAP_ID)
  8.4723 +
  8.4724 +lemma MMAP_COMP: "ALL (f::'c => 'd) g::'b => 'c. MMAP (f o g) = MMAP f o MMAP g"
  8.4725 +  by (import state_transformer MMAP_COMP)
  8.4726 +
  8.4727 +lemma MMAP_UNIT: "ALL f::'b => 'c. MMAP f o UNIT = UNIT o f"
  8.4728 +  by (import state_transformer MMAP_UNIT)
  8.4729 +
  8.4730 +lemma MMAP_JOIN: "ALL f::'b => 'c. MMAP f o JOIN = JOIN o MMAP (MMAP f)"
  8.4731 +  by (import state_transformer MMAP_JOIN)
  8.4732 +
  8.4733 +lemma JOIN_UNIT: "JOIN o UNIT = I"
  8.4734 +  by (import state_transformer JOIN_UNIT)
  8.4735 +
  8.4736 +lemma JOIN_MMAP_UNIT: "JOIN o MMAP UNIT = I"
  8.4737 +  by (import state_transformer JOIN_MMAP_UNIT)
  8.4738 +
  8.4739 +lemma JOIN_MAP_JOIN: "JOIN o MMAP JOIN = JOIN o JOIN"
  8.4740 +  by (import state_transformer JOIN_MAP_JOIN)
  8.4741 +
  8.4742 +lemma JOIN_MAP: "ALL x xa. BIND x xa = JOIN (MMAP xa x)"
  8.4743 +  by (import state_transformer JOIN_MAP)
  8.4744 +
  8.4745 +lemma FST_o_UNIT: "ALL x. fst o UNIT x = K x"
  8.4746 +  by (import state_transformer FST_o_UNIT)
  8.4747 +
  8.4748 +lemma SND_o_UNIT: "ALL x. snd o UNIT x = I"
  8.4749 +  by (import state_transformer SND_o_UNIT)
  8.4750 +
  8.4751 +lemma FST_o_MMAP: "ALL x xa. fst o MMAP x xa = x o (fst o xa)"
  8.4752 +  by (import state_transformer FST_o_MMAP)
  8.4753 +
  8.4754 +;end_setup
  8.4755 +
  8.4756 +end
  8.4757 +
     9.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     9.2 +++ b/src/HOL/Import/HOL/HOL4Prob.thy	Fri Apr 02 17:37:45 2004 +0200
     9.3 @@ -0,0 +1,3981 @@
     9.4 +theory HOL4Prob = HOL4Real:
     9.5 +
     9.6 +;setup_theory prob_extra
     9.7 +
     9.8 +lemma BOOL_BOOL_CASES_THM: "ALL f. f = (%b. False) | f = (%b. True) | f = (%b. b) | f = Not"
     9.9 +  by (import prob_extra BOOL_BOOL_CASES_THM)
    9.10 +
    9.11 +lemma EVEN_ODD_BASIC: "EVEN 0 & ~ EVEN 1 & EVEN 2 & ~ ODD 0 & ODD 1 & ~ ODD 2"
    9.12 +  by (import prob_extra EVEN_ODD_BASIC)
    9.13 +
    9.14 +lemma EVEN_ODD_EXISTS_EQ: "ALL n. EVEN n = (EX m. n = 2 * m) & ODD n = (EX m. n = Suc (2 * m))"
    9.15 +  by (import prob_extra EVEN_ODD_EXISTS_EQ)
    9.16 +
    9.17 +lemma DIV_THEN_MULT: "ALL p q. Suc q * (p div Suc q) <= p"
    9.18 +  by (import prob_extra DIV_THEN_MULT)
    9.19 +
    9.20 +lemma DIV_TWO_UNIQUE: "(All::(nat => bool) => bool)
    9.21 + (%n::nat.
    9.22 +     (All::(nat => bool) => bool)
    9.23 +      (%q::nat.
    9.24 +          (All::(nat => bool) => bool)
    9.25 +           (%r::nat.
    9.26 +               (op -->::bool => bool => bool)
    9.27 +                ((op &::bool => bool => bool)
    9.28 +                  ((op =::nat => nat => bool) n
    9.29 +                    ((op +::nat => nat => nat)
    9.30 +                      ((op *::nat => nat => nat)
    9.31 +                        ((number_of::bin => nat)
    9.32 +                          ((op BIT::bin => bool => bin)
    9.33 +                            ((op BIT::bin => bool => bin) (bin.Pls::bin)
    9.34 +                              (True::bool))
    9.35 +                            (False::bool)))
    9.36 +                        q)
    9.37 +                      r))
    9.38 +                  ((op |::bool => bool => bool)
    9.39 +                    ((op =::nat => nat => bool) r (0::nat))
    9.40 +                    ((op =::nat => nat => bool) r (1::nat))))
    9.41 +                ((op &::bool => bool => bool)
    9.42 +                  ((op =::nat => nat => bool) q
    9.43 +                    ((op div::nat => nat => nat) n
    9.44 +                      ((number_of::bin => nat)
    9.45 +                        ((op BIT::bin => bool => bin)
    9.46 +                          ((op BIT::bin => bool => bin) (bin.Pls::bin)
    9.47 +                            (True::bool))
    9.48 +                          (False::bool)))))
    9.49 +                  ((op =::nat => nat => bool) r
    9.50 +                    ((op mod::nat => nat => nat) n
    9.51 +                      ((number_of::bin => nat)
    9.52 +                        ((op BIT::bin => bool => bin)
    9.53 +                          ((op BIT::bin => bool => bin) (bin.Pls::bin)
    9.54 +                            (True::bool))
    9.55 +                          (False::bool)))))))))"
    9.56 +  by (import prob_extra DIV_TWO_UNIQUE)
    9.57 +
    9.58 +lemma DIVISION_TWO: "ALL n::nat.
    9.59 +   n = (2::nat) * (n div (2::nat)) + n mod (2::nat) &
    9.60 +   (n mod (2::nat) = (0::nat) | n mod (2::nat) = (1::nat))"
    9.61 +  by (import prob_extra DIVISION_TWO)
    9.62 +
    9.63 +lemma DIV_TWO: "ALL n::nat. n = (2::nat) * (n div (2::nat)) + n mod (2::nat)"
    9.64 +  by (import prob_extra DIV_TWO)
    9.65 +
    9.66 +lemma MOD_TWO: "ALL n. n mod 2 = (if EVEN n then 0 else 1)"
    9.67 +  by (import prob_extra MOD_TWO)
    9.68 +
    9.69 +lemma DIV_TWO_BASIC: "(0::nat) div (2::nat) = (0::nat) &
    9.70 +(1::nat) div (2::nat) = (0::nat) & (2::nat) div (2::nat) = (1::nat)"
    9.71 +  by (import prob_extra DIV_TWO_BASIC)
    9.72 +
    9.73 +lemma DIV_TWO_MONO: "(All::(nat => bool) => bool)
    9.74 + (%m::nat.
    9.75 +     (All::(nat => bool) => bool)
    9.76 +      (%n::nat.
    9.77 +          (op -->::bool => bool => bool)
    9.78 +           ((op <::nat => nat => bool)
    9.79 +             ((op div::nat => nat => nat) m
    9.80 +               ((number_of::bin => nat)
    9.81 +                 ((op BIT::bin => bool => bin)
    9.82 +                   ((op BIT::bin => bool => bin) (bin.Pls::bin)
    9.83 +                     (True::bool))
    9.84 +                   (False::bool))))
    9.85 +             ((op div::nat => nat => nat) n
    9.86 +               ((number_of::bin => nat)
    9.87 +                 ((op BIT::bin => bool => bin)
    9.88 +                   ((op BIT::bin => bool => bin) (bin.Pls::bin)
    9.89 +                     (True::bool))
    9.90 +                   (False::bool)))))
    9.91 +           ((op <::nat => nat => bool) m n)))"
    9.92 +  by (import prob_extra DIV_TWO_MONO)
    9.93 +
    9.94 +lemma DIV_TWO_MONO_EVEN: "(All::(nat => bool) => bool)
    9.95 + (%m::nat.
    9.96 +     (All::(nat => bool) => bool)
    9.97 +      (%n::nat.
    9.98 +          (op -->::bool => bool => bool) ((EVEN::nat => bool) n)
    9.99 +           ((op =::bool => bool => bool)
   9.100 +             ((op <::nat => nat => bool)
   9.101 +               ((op div::nat => nat => nat) m
   9.102 +                 ((number_of::bin => nat)
   9.103 +                   ((op BIT::bin => bool => bin)
   9.104 +                     ((op BIT::bin => bool => bin) (bin.Pls::bin)
   9.105 +                       (True::bool))
   9.106 +                     (False::bool))))
   9.107 +               ((op div::nat => nat => nat) n
   9.108 +                 ((number_of::bin => nat)
   9.109 +                   ((op BIT::bin => bool => bin)
   9.110 +                     ((op BIT::bin => bool => bin) (bin.Pls::bin)
   9.111 +                       (True::bool))
   9.112 +                     (False::bool)))))
   9.113 +             ((op <::nat => nat => bool) m n))))"
   9.114 +  by (import prob_extra DIV_TWO_MONO_EVEN)
   9.115 +
   9.116 +lemma DIV_TWO_CANCEL: "ALL n. 2 * n div 2 = n & Suc (2 * n) div 2 = n"
   9.117 +  by (import prob_extra DIV_TWO_CANCEL)
   9.118 +
   9.119 +lemma EXP_DIV_TWO: "ALL n::nat. (2::nat) ^ Suc n div (2::nat) = (2::nat) ^ n"
   9.120 +  by (import prob_extra EXP_DIV_TWO)
   9.121 +
   9.122 +lemma EVEN_EXP_TWO: "ALL n. EVEN (2 ^ n) = (n ~= 0)"
   9.123 +  by (import prob_extra EVEN_EXP_TWO)
   9.124 +
   9.125 +lemma DIV_TWO_EXP: "ALL (n::nat) k::nat.
   9.126 +   (k div (2::nat) < (2::nat) ^ n) = (k < (2::nat) ^ Suc n)"
   9.127 +  by (import prob_extra DIV_TWO_EXP)
   9.128 +
   9.129 +consts
   9.130 +  inf :: "(real => bool) => real" 
   9.131 +
   9.132 +defs
   9.133 +  inf_primdef: "inf == %P. - sup (IMAGE uminus P)"
   9.134 +
   9.135 +lemma inf_def: "ALL P. inf P = - sup (IMAGE uminus P)"
   9.136 +  by (import prob_extra inf_def)
   9.137 +
   9.138 +lemma INF_DEF_ALT: "ALL P. inf P = - sup (%r. P (- r))"
   9.139 +  by (import prob_extra INF_DEF_ALT)
   9.140 +
   9.141 +lemma REAL_SUP_EXISTS_UNIQUE: "(All::((real => bool) => bool) => bool)
   9.142 + (%P::real => bool.
   9.143 +     (op -->::bool => bool => bool)
   9.144 +      ((op &::bool => bool => bool) ((Ex::(real => bool) => bool) P)
   9.145 +        ((Ex::(real => bool) => bool)
   9.146 +          (%z::real.
   9.147 +              (All::(real => bool) => bool)
   9.148 +               (%x::real.
   9.149 +                   (op -->::bool => bool => bool) (P x)
   9.150 +                    ((op <=::real => real => bool) x z)))))
   9.151 +      ((Ex1::(real => bool) => bool)
   9.152 +        (%s::real.
   9.153 +            (All::(real => bool) => bool)
   9.154 +             (%y::real.
   9.155 +                 (op =::bool => bool => bool)
   9.156 +                  ((Ex::(real => bool) => bool)
   9.157 +                    (%x::real.
   9.158 +                        (op &::bool => bool => bool) (P x)
   9.159 +                         ((op <::real => real => bool) y x)))
   9.160 +                  ((op <::real => real => bool) y s)))))"
   9.161 +  by (import prob_extra REAL_SUP_EXISTS_UNIQUE)
   9.162 +
   9.163 +lemma REAL_SUP_MAX: "(All::((real => bool) => bool) => bool)
   9.164 + (%P::real => bool.
   9.165 +     (All::(real => bool) => bool)
   9.166 +      (%z::real.
   9.167 +          (op -->::bool => bool => bool)
   9.168 +           ((op &::bool => bool => bool) (P z)
   9.169 +             ((All::(real => bool) => bool)
   9.170 +               (%x::real.
   9.171 +                   (op -->::bool => bool => bool) (P x)
   9.172 +                    ((op <=::real => real => bool) x z))))
   9.173 +           ((op =::real => real => bool) ((sup::(real => bool) => real) P)
   9.174 +             z)))"
   9.175 +  by (import prob_extra REAL_SUP_MAX)
   9.176 +
   9.177 +lemma REAL_INF_MIN: "(All::((real => bool) => bool) => bool)
   9.178 + (%P::real => bool.
   9.179 +     (All::(real => bool) => bool)
   9.180 +      (%z::real.
   9.181 +          (op -->::bool => bool => bool)
   9.182 +           ((op &::bool => bool => bool) (P z)
   9.183 +             ((All::(real => bool) => bool)
   9.184 +               (%x::real.
   9.185 +                   (op -->::bool => bool => bool) (P x)
   9.186 +                    ((op <=::real => real => bool) z x))))
   9.187 +           ((op =::real => real => bool) ((inf::(real => bool) => real) P)
   9.188 +             z)))"
   9.189 +  by (import prob_extra REAL_INF_MIN)
   9.190 +
   9.191 +lemma HALF_POS: "(0::real) < (1::real) / (2::real)"
   9.192 +  by (import prob_extra HALF_POS)
   9.193 +
   9.194 +lemma HALF_CANCEL: "(2::real) * ((1::real) / (2::real)) = (1::real)"
   9.195 +  by (import prob_extra HALF_CANCEL)
   9.196 +
   9.197 +lemma POW_HALF_POS: "ALL n::nat. (0::real) < ((1::real) / (2::real)) ^ n"
   9.198 +  by (import prob_extra POW_HALF_POS)
   9.199 +
   9.200 +lemma POW_HALF_MONO: "(All::(nat => bool) => bool)
   9.201 + (%m::nat.
   9.202 +     (All::(nat => bool) => bool)
   9.203 +      (%n::nat.
   9.204 +          (op -->::bool => bool => bool) ((op <=::nat => nat => bool) m n)
   9.205 +           ((op <=::real => real => bool)
   9.206 +             ((op ^::real => nat => real)
   9.207 +               ((op /::real => real => real) (1::real)
   9.208 +                 ((number_of::bin => real)
   9.209 +                   ((op BIT::bin => bool => bin)
   9.210 +                     ((op BIT::bin => bool => bin) (bin.Pls::bin)
   9.211 +                       (True::bool))
   9.212 +                     (False::bool))))
   9.213 +               n)
   9.214 +             ((op ^::real => nat => real)
   9.215 +               ((op /::real => real => real) (1::real)
   9.216 +                 ((number_of::bin => real)
   9.217 +                   ((op BIT::bin => bool => bin)
   9.218 +                     ((op BIT::bin => bool => bin) (bin.Pls::bin)
   9.219 +                       (True::bool))
   9.220 +                     (False::bool))))
   9.221 +               m))))"
   9.222 +  by (import prob_extra POW_HALF_MONO)
   9.223 +
   9.224 +lemma POW_HALF_TWICE: "ALL n::nat.
   9.225 +   ((1::real) / (2::real)) ^ n = (2::real) * ((1::real) / (2::real)) ^ Suc n"
   9.226 +  by (import prob_extra POW_HALF_TWICE)
   9.227 +
   9.228 +lemma X_HALF_HALF: "ALL x::real. (1::real) / (2::real) * x + (1::real) / (2::real) * x = x"
   9.229 +  by (import prob_extra X_HALF_HALF)
   9.230 +
   9.231 +lemma REAL_SUP_LE_X: "(All::((real => bool) => bool) => bool)
   9.232 + (%P::real => bool.
   9.233 +     (All::(real => bool) => bool)
   9.234 +      (%x::real.
   9.235 +          (op -->::bool => bool => bool)
   9.236 +           ((op &::bool => bool => bool) ((Ex::(real => bool) => bool) P)
   9.237 +             ((All::(real => bool) => bool)
   9.238 +               (%r::real.
   9.239 +                   (op -->::bool => bool => bool) (P r)
   9.240 +                    ((op <=::real => real => bool) r x))))
   9.241 +           ((op <=::real => real => bool) ((sup::(real => bool) => real) P)
   9.242 +             x)))"
   9.243 +  by (import prob_extra REAL_SUP_LE_X)
   9.244 +
   9.245 +lemma REAL_X_LE_SUP: "(All::((real => bool) => bool) => bool)
   9.246 + (%P::real => bool.
   9.247 +     (All::(real => bool) => bool)
   9.248 +      (%x::real.
   9.249 +          (op -->::bool => bool => bool)
   9.250 +           ((op &::bool => bool => bool) ((Ex::(real => bool) => bool) P)
   9.251 +             ((op &::bool => bool => bool)
   9.252 +               ((Ex::(real => bool) => bool)
   9.253 +                 (%z::real.
   9.254 +                     (All::(real => bool) => bool)
   9.255 +                      (%r::real.
   9.256 +                          (op -->::bool => bool => bool) (P r)
   9.257 +                           ((op <=::real => real => bool) r z))))
   9.258 +               ((Ex::(real => bool) => bool)
   9.259 +                 (%r::real.
   9.260 +                     (op &::bool => bool => bool) (P r)
   9.261 +                      ((op <=::real => real => bool) x r)))))
   9.262 +           ((op <=::real => real => bool) x
   9.263 +             ((sup::(real => bool) => real) P))))"
   9.264 +  by (import prob_extra REAL_X_LE_SUP)
   9.265 +
   9.266 +lemma ABS_BETWEEN_LE: "ALL (x::real) (y::real) d::real.
   9.267 +   ((0::real) <= d & x - d <= y & y <= x + d) = (abs (y - x) <= d)"
   9.268 +  by (import prob_extra ABS_BETWEEN_LE)
   9.269 +
   9.270 +lemma ONE_MINUS_HALF: "(1::real) - (1::real) / (2::real) = (1::real) / (2::real)"
   9.271 +  by (import prob_extra ONE_MINUS_HALF)
   9.272 +
   9.273 +lemma HALF_LT_1: "(1::real) / (2::real) < (1::real)"
   9.274 +  by (import prob_extra HALF_LT_1)
   9.275 +
   9.276 +lemma POW_HALF_EXP: "ALL n::nat. ((1::real) / (2::real)) ^ n = inverse (real ((2::nat) ^ n))"
   9.277 +  by (import prob_extra POW_HALF_EXP)
   9.278 +
   9.279 +lemma INV_SUC_POS: "ALL n. 0 < 1 / real (Suc n)"
   9.280 +  by (import prob_extra INV_SUC_POS)
   9.281 +
   9.282 +lemma INV_SUC_MAX: "ALL x. 1 / real (Suc x) <= 1"
   9.283 +  by (import prob_extra INV_SUC_MAX)
   9.284 +
   9.285 +lemma INV_SUC: "ALL n. 0 < 1 / real (Suc n) & 1 / real (Suc n) <= 1"
   9.286 +  by (import prob_extra INV_SUC)
   9.287 +
   9.288 +lemma ABS_UNIT_INTERVAL: "(All::(real => bool) => bool)
   9.289 + (%x::real.
   9.290 +     (All::(real => bool) => bool)
   9.291 +      (%y::real.
   9.292 +          (op -->::bool => bool => bool)
   9.293 +           ((op &::bool => bool => bool)
   9.294 +             ((op <=::real => real => bool) (0::real) x)
   9.295 +             ((op &::bool => bool => bool)
   9.296 +               ((op <=::real => real => bool) x (1::real))
   9.297 +               ((op &::bool => bool => bool)
   9.298 +                 ((op <=::real => real => bool) (0::real) y)
   9.299 +                 ((op <=::real => real => bool) y (1::real)))))
   9.300 +           ((op <=::real => real => bool)
   9.301 +             ((abs::real => real) ((op -::real => real => real) x y))
   9.302 +             (1::real))))"
   9.303 +  by (import prob_extra ABS_UNIT_INTERVAL)
   9.304 +
   9.305 +lemma MEM_NIL: "ALL l. (ALL x. ~ x mem l) = (l = [])"
   9.306 +  by (import prob_extra MEM_NIL)
   9.307 +
   9.308 +lemma MAP_MEM: "ALL f l x. x mem map f l = (EX y. y mem l & x = f y)"
   9.309 +  by (import prob_extra MAP_MEM)
   9.310 +
   9.311 +lemma MEM_NIL_MAP_CONS: "ALL x l. ~ [] mem map (op # x) l"
   9.312 +  by (import prob_extra MEM_NIL_MAP_CONS)
   9.313 +
   9.314 +lemma FILTER_TRUE: "ALL l. [x:l. True] = l"
   9.315 +  by (import prob_extra FILTER_TRUE)
   9.316 +
   9.317 +lemma FILTER_FALSE: "ALL l. [x:l. False] = []"
   9.318 +  by (import prob_extra FILTER_FALSE)
   9.319 +
   9.320 +lemma FILTER_MEM: "(All::(('a => bool) => bool) => bool)
   9.321 + (%P::'a => bool.
   9.322 +     (All::('a => bool) => bool)
   9.323 +      (%x::'a.
   9.324 +          (All::('a list => bool) => bool)
   9.325 +           (%l::'a list.
   9.326 +               (op -->::bool => bool => bool)
   9.327 +                ((op mem::'a => 'a list => bool) x
   9.328 +                  ((filter::('a => bool) => 'a list => 'a list) P l))
   9.329 +                (P x))))"
   9.330 +  by (import prob_extra FILTER_MEM)
   9.331 +
   9.332 +lemma MEM_FILTER: "(All::(('a => bool) => bool) => bool)
   9.333 + (%P::'a => bool.
   9.334 +     (All::('a list => bool) => bool)
   9.335 +      (%l::'a list.
   9.336 +          (All::('a => bool) => bool)
   9.337 +           (%x::'a.
   9.338 +               (op -->::bool => bool => bool)
   9.339 +                ((op mem::'a => 'a list => bool) x
   9.340 +                  ((filter::('a => bool) => 'a list => 'a list) P l))
   9.341 +                ((op mem::'a => 'a list => bool) x l))))"
   9.342 +  by (import prob_extra MEM_FILTER)
   9.343 +
   9.344 +lemma FILTER_OUT_ELT: "ALL x l. x mem l | [y:l. y ~= x] = l"
   9.345 +  by (import prob_extra FILTER_OUT_ELT)
   9.346 +
   9.347 +lemma IS_PREFIX_NIL: "ALL x. IS_PREFIX x [] & IS_PREFIX [] x = (x = [])"
   9.348 +  by (import prob_extra IS_PREFIX_NIL)
   9.349 +
   9.350 +lemma IS_PREFIX_REFL: "ALL x. IS_PREFIX x x"
   9.351 +  by (import prob_extra IS_PREFIX_REFL)
   9.352 +
   9.353 +lemma IS_PREFIX_ANTISYM: "(All::('a list => bool) => bool)
   9.354 + (%x::'a list.
   9.355 +     (All::('a list => bool) => bool)
   9.356 +      (%y::'a list.
   9.357 +          (op -->::bool => bool => bool)
   9.358 +           ((op &::bool => bool => bool)
   9.359 +             ((IS_PREFIX::'a list => 'a list => bool) y x)
   9.360 +             ((IS_PREFIX::'a list => 'a list => bool) x y))
   9.361 +           ((op =::'a list => 'a list => bool) x y)))"
   9.362 +  by (import prob_extra IS_PREFIX_ANTISYM)
   9.363 +
   9.364 +lemma IS_PREFIX_TRANS: "(All::('a list => bool) => bool)
   9.365 + (%x::'a list.
   9.366 +     (All::('a list => bool) => bool)
   9.367 +      (%y::'a list.
   9.368 +          (All::('a list => bool) => bool)
   9.369 +           (%z::'a list.
   9.370 +               (op -->::bool => bool => bool)
   9.371 +                ((op &::bool => bool => bool)
   9.372 +                  ((IS_PREFIX::'a list => 'a list => bool) x y)
   9.373 +                  ((IS_PREFIX::'a list => 'a list => bool) y z))
   9.374 +                ((IS_PREFIX::'a list => 'a list => bool) x z))))"
   9.375 +  by (import prob_extra IS_PREFIX_TRANS)
   9.376 +
   9.377 +lemma IS_PREFIX_BUTLAST: "ALL x y. IS_PREFIX (x # y) (butlast (x # y))"
   9.378 +  by (import prob_extra IS_PREFIX_BUTLAST)
   9.379 +
   9.380 +lemma IS_PREFIX_LENGTH: "(All::('a list => bool) => bool)
   9.381 + (%x::'a list.
   9.382 +     (All::('a list => bool) => bool)
   9.383 +      (%y::'a list.
   9.384 +          (op -->::bool => bool => bool)
   9.385 +           ((IS_PREFIX::'a list => 'a list => bool) y x)
   9.386 +           ((op <=::nat => nat => bool) ((size::'a list => nat) x)
   9.387 +             ((size::'a list => nat) y))))"
   9.388 +  by (import prob_extra IS_PREFIX_LENGTH)
   9.389 +
   9.390 +lemma IS_PREFIX_LENGTH_ANTI: "(All::('a list => bool) => bool)
   9.391 + (%x::'a list.
   9.392 +     (All::('a list => bool) => bool)
   9.393 +      (%y::'a list.
   9.394 +          (op -->::bool => bool => bool)
   9.395 +           ((op &::bool => bool => bool)
   9.396 +             ((IS_PREFIX::'a list => 'a list => bool) y x)
   9.397 +             ((op =::nat => nat => bool) ((size::'a list => nat) x)
   9.398 +               ((size::'a list => nat) y)))
   9.399 +           ((op =::'a list => 'a list => bool) x y)))"
   9.400 +  by (import prob_extra IS_PREFIX_LENGTH_ANTI)
   9.401 +
   9.402 +lemma IS_PREFIX_SNOC: "ALL x y z. IS_PREFIX (SNOC x y) z = (IS_PREFIX y z | z = SNOC x y)"
   9.403 +  by (import prob_extra IS_PREFIX_SNOC)
   9.404 +
   9.405 +lemma FOLDR_MAP: "ALL (f::'b => 'c => 'c) (e::'c) (g::'a => 'b) l::'a list.
   9.406 +   foldr f (map g l) e = foldr (%x::'a. f (g x)) l e"
   9.407 +  by (import prob_extra FOLDR_MAP)
   9.408 +
   9.409 +lemma LAST_MEM: "ALL h t. last (h # t) mem h # t"
   9.410 +  by (import prob_extra LAST_MEM)
   9.411 +
   9.412 +lemma LAST_MAP_CONS: "ALL (b::bool) (h::bool list) t::bool list list.
   9.413 +   EX x::bool list. last (map (op # b) (h # t)) = b # x"
   9.414 +  by (import prob_extra LAST_MAP_CONS)
   9.415 +
   9.416 +lemma EXISTS_LONGEST: "(All::('a list => bool) => bool)
   9.417 + (%x::'a list.
   9.418 +     (All::('a list list => bool) => bool)
   9.419 +      (%y::'a list list.
   9.420 +          (Ex::('a list => bool) => bool)
   9.421 +           (%z::'a list.
   9.422 +               (op &::bool => bool => bool)
   9.423 +                ((op mem::'a list => 'a list list => bool) z
   9.424 +                  ((op #::'a list => 'a list list => 'a list list) x y))
   9.425 +                ((All::('a list => bool) => bool)
   9.426 +                  (%w::'a list.
   9.427 +                      (op -->::bool => bool => bool)
   9.428 +                       ((op mem::'a list => 'a list list => bool) w
   9.429 +                         ((op #::'a list => 'a list list => 'a list list) x
   9.430 +                           y))
   9.431 +                       ((op <=::nat => nat => bool)
   9.432 +                         ((size::'a list => nat) w)
   9.433 +                         ((size::'a list => nat) z)))))))"
   9.434 +  by (import prob_extra EXISTS_LONGEST)
   9.435 +
   9.436 +lemma UNION_DEF_ALT: "ALL s t. pred_set.UNION s t = (%x. s x | t x)"
   9.437 +  by (import prob_extra UNION_DEF_ALT)
   9.438 +
   9.439 +lemma INTER_UNION_RDISTRIB: "ALL p q r.
   9.440 +   pred_set.INTER (pred_set.UNION p q) r =
   9.441 +   pred_set.UNION (pred_set.INTER p r) (pred_set.INTER q r)"
   9.442 +  by (import prob_extra INTER_UNION_RDISTRIB)
   9.443 +
   9.444 +lemma SUBSET_EQ: "ALL x xa. (x = xa) = (SUBSET x xa & SUBSET xa x)"
   9.445 +  by (import prob_extra SUBSET_EQ)
   9.446 +
   9.447 +lemma INTER_IS_EMPTY: "ALL s t. (pred_set.INTER s t = EMPTY) = (ALL x. ~ s x | ~ t x)"
   9.448 +  by (import prob_extra INTER_IS_EMPTY)
   9.449 +
   9.450 +lemma UNION_DISJOINT_SPLIT: "(All::(('a => bool) => bool) => bool)
   9.451 + (%s::'a => bool.
   9.452 +     (All::(('a => bool) => bool) => bool)
   9.453 +      (%t::'a => bool.
   9.454 +          (All::(('a => bool) => bool) => bool)
   9.455 +           (%u::'a => bool.
   9.456 +               (op -->::bool => bool => bool)
   9.457 +                ((op &::bool => bool => bool)
   9.458 +                  ((op =::('a => bool) => ('a => bool) => bool)
   9.459 +                    ((pred_set.UNION::('a => bool)
   9.460 +=> ('a => bool) => 'a => bool)
   9.461 +                      s t)
   9.462 +                    ((pred_set.UNION::('a => bool)
   9.463 +=> ('a => bool) => 'a => bool)
   9.464 +                      s u))
   9.465 +                  ((op &::bool => bool => bool)
   9.466 +                    ((op =::('a => bool) => ('a => bool) => bool)
   9.467 +                      ((pred_set.INTER::('a => bool)
   9.468 +  => ('a => bool) => 'a => bool)
   9.469 +                        s t)
   9.470 +                      (EMPTY::'a => bool))
   9.471 +                    ((op =::('a => bool) => ('a => bool) => bool)
   9.472 +                      ((pred_set.INTER::('a => bool)
   9.473 +  => ('a => bool) => 'a => bool)
   9.474 +                        s u)
   9.475 +                      (EMPTY::'a => bool))))
   9.476 +                ((op =::('a => bool) => ('a => bool) => bool) t u))))"
   9.477 +  by (import prob_extra UNION_DISJOINT_SPLIT)
   9.478 +
   9.479 +lemma GSPEC_DEF_ALT: "ALL f. GSPEC f = (%v. EX x. (v, True) = f x)"
   9.480 +  by (import prob_extra GSPEC_DEF_ALT)
   9.481 +
   9.482 +;end_setup
   9.483 +
   9.484 +;setup_theory prob_canon
   9.485 +
   9.486 +consts
   9.487 +  alg_twin :: "bool list => bool list => bool" 
   9.488 +
   9.489 +defs
   9.490 +  alg_twin_primdef: "alg_twin == %x y. EX l. x = SNOC True l & y = SNOC False l"
   9.491 +
   9.492 +lemma alg_twin_def: "ALL x y. alg_twin x y = (EX l. x = SNOC True l & y = SNOC False l)"
   9.493 +  by (import prob_canon alg_twin_def)
   9.494 +
   9.495 +constdefs
   9.496 +  alg_order_tupled :: "bool list * bool list => bool" 
   9.497 +  "(op ==::(bool list * bool list => bool)
   9.498 +        => (bool list * bool list => bool) => prop)
   9.499 + (alg_order_tupled::bool list * bool list => bool)
   9.500 + ((WFREC::(bool list * bool list => bool list * bool list => bool)
   9.501 +          => ((bool list * bool list => bool)
   9.502 +              => bool list * bool list => bool)
   9.503 +             => bool list * bool list => bool)
   9.504 +   ((Eps::((bool list * bool list => bool list * bool list => bool) => bool)
   9.505 +          => bool list * bool list => bool list * bool list => bool)
   9.506 +     (%R::bool list * bool list => bool list * bool list => bool.
   9.507 +         (op &::bool => bool => bool)
   9.508 +          ((WF::(bool list * bool list => bool list * bool list => bool)
   9.509 +                => bool)
   9.510 +            R)
   9.511 +          ((All::(bool => bool) => bool)
   9.512 +            (%h'::bool.
   9.513 +                (All::(bool => bool) => bool)
   9.514 +                 (%h::bool.
   9.515 +                     (All::(bool list => bool) => bool)
   9.516 +                      (%t'::bool list.
   9.517 +                          (All::(bool list => bool) => bool)
   9.518 +                           (%t::bool list.
   9.519 +                               R ((Pair::bool list
   9.520 +   => bool list => bool list * bool list)
   9.521 +                                   t t')
   9.522 +                                ((Pair::bool list
   9.523 +  => bool list => bool list * bool list)
   9.524 +                                  ((op #::bool => bool list => bool list) h
   9.525 +                                    t)
   9.526 +                                  ((op #::bool => bool list => bool list) h'
   9.527 +                                    t')))))))))
   9.528 +   (%alg_order_tupled::bool list * bool list => bool.
   9.529 +       (split::(bool list => bool list => bool)
   9.530 +               => bool list * bool list => bool)
   9.531 +        (%(v::bool list) v1::bool list.
   9.532 +            (list_case::bool
   9.533 +                        => (bool => bool list => bool) => bool list => bool)
   9.534 +             ((list_case::bool
   9.535 +                          => (bool => bool list => bool)
   9.536 +                             => bool list => bool)
   9.537 +               (True::bool) (%(v8::bool) v9::bool list. True::bool) v1)
   9.538 +             (%(v4::bool) v5::bool list.
   9.539 +                 (list_case::bool
   9.540 +                             => (bool => bool list => bool)
   9.541 +                                => bool list => bool)
   9.542 +                  (False::bool)
   9.543 +                  (%(v10::bool) v11::bool list.
   9.544 +                      (op |::bool => bool => bool)
   9.545 +                       ((op &::bool => bool => bool)
   9.546 +                         ((op =::bool => bool => bool) v4 (True::bool))
   9.547 +                         ((op =::bool => bool => bool) v10 (False::bool)))
   9.548 +                       ((op &::bool => bool => bool)
   9.549 +                         ((op =::bool => bool => bool) v4 v10)
   9.550 +                         (alg_order_tupled
   9.551 +                           ((Pair::bool list
   9.552 +                                   => bool list => bool list * bool list)
   9.553 +                             v5 v11))))
   9.554 +                  v1)
   9.555 +             v)))"
   9.556 +
   9.557 +lemma alg_order_tupled_primitive_def: "(op =::(bool list * bool list => bool)
   9.558 +       => (bool list * bool list => bool) => bool)
   9.559 + (alg_order_tupled::bool list * bool list => bool)
   9.560 + ((WFREC::(bool list * bool list => bool list * bool list => bool)
   9.561 +          => ((bool list * bool list => bool)
   9.562 +              => bool list * bool list => bool)
   9.563 +             => bool list * bool list => bool)
   9.564 +   ((Eps::((bool list * bool list => bool list * bool list => bool) => bool)
   9.565 +          => bool list * bool list => bool list * bool list => bool)
   9.566 +     (%R::bool list * bool list => bool list * bool list => bool.
   9.567 +         (op &::bool => bool => bool)
   9.568 +          ((WF::(bool list * bool list => bool list * bool list => bool)
   9.569 +                => bool)
   9.570 +            R)
   9.571 +          ((All::(bool => bool) => bool)
   9.572 +            (%h'::bool.
   9.573 +                (All::(bool => bool) => bool)
   9.574 +                 (%h::bool.
   9.575 +                     (All::(bool list => bool) => bool)
   9.576 +                      (%t'::bool list.
   9.577 +                          (All::(bool list => bool) => bool)
   9.578 +                           (%t::bool list.
   9.579 +                               R ((Pair::bool list
   9.580 +   => bool list => bool list * bool list)
   9.581 +                                   t t')
   9.582 +                                ((Pair::bool list
   9.583 +  => bool list => bool list * bool list)
   9.584 +                                  ((op #::bool => bool list => bool list) h
   9.585 +                                    t)
   9.586 +                                  ((op #::bool => bool list => bool list) h'
   9.587 +                                    t')))))))))
   9.588 +   (%alg_order_tupled::bool list * bool list => bool.
   9.589 +       (split::(bool list => bool list => bool)
   9.590 +               => bool list * bool list => bool)
   9.591 +        (%(v::bool list) v1::bool list.
   9.592 +            (list_case::bool
   9.593 +                        => (bool => bool list => bool) => bool list => bool)
   9.594 +             ((list_case::bool
   9.595 +                          => (bool => bool list => bool)
   9.596 +                             => bool list => bool)
   9.597 +               (True::bool) (%(v8::bool) v9::bool list. True::bool) v1)
   9.598 +             (%(v4::bool) v5::bool list.
   9.599 +                 (list_case::bool
   9.600 +                             => (bool => bool list => bool)
   9.601 +                                => bool list => bool)
   9.602 +                  (False::bool)
   9.603 +                  (%(v10::bool) v11::bool list.
   9.604 +                      (op |::bool => bool => bool)
   9.605 +                       ((op &::bool => bool => bool)
   9.606 +                         ((op =::bool => bool => bool) v4 (True::bool))
   9.607 +                         ((op =::bool => bool => bool) v10 (False::bool)))
   9.608 +                       ((op &::bool => bool => bool)
   9.609 +                         ((op =::bool => bool => bool) v4 v10)
   9.610 +                         (alg_order_tupled
   9.611 +                           ((Pair::bool list
   9.612 +                                   => bool list => bool list * bool list)
   9.613 +                             v5 v11))))
   9.614 +                  v1)
   9.615 +             v)))"
   9.616 +  by (import prob_canon alg_order_tupled_primitive_def)
   9.617 +
   9.618 +consts
   9.619 +  alg_order :: "bool list => bool list => bool" 
   9.620 +
   9.621 +defs
   9.622 +  alg_order_primdef: "alg_order == %x x1. alg_order_tupled (x, x1)"
   9.623 +
   9.624 +lemma alg_order_curried_def: "ALL x x1. alg_order x x1 = alg_order_tupled (x, x1)"
   9.625 +  by (import prob_canon alg_order_curried_def)
   9.626 +
   9.627 +lemma alg_order_ind: "(All::((bool list => bool list => bool) => bool) => bool)
   9.628 + (%P::bool list => bool list => bool.
   9.629 +     (op -->::bool => bool => bool)
   9.630 +      ((op &::bool => bool => bool)
   9.631 +        ((All::(bool => bool) => bool)
   9.632 +          (%x::bool.
   9.633 +              (All::(bool list => bool) => bool)
   9.634 +               (%xa::bool list.
   9.635 +                   P ([]::bool list)
   9.636 +                    ((op #::bool => bool list => bool list) x xa))))
   9.637 +        ((op &::bool => bool => bool) (P ([]::bool list) ([]::bool list))
   9.638 +          ((op &::bool => bool => bool)
   9.639 +            ((All::(bool => bool) => bool)
   9.640 +              (%x::bool.
   9.641 +                  (All::(bool list => bool) => bool)
   9.642 +                   (%xa::bool list.
   9.643 +                       P ((op #::bool => bool list => bool list) x xa)
   9.644 +                        ([]::bool list))))
   9.645 +            ((All::(bool => bool) => bool)
   9.646 +              (%x::bool.
   9.647 +                  (All::(bool list => bool) => bool)
   9.648 +                   (%xa::bool list.
   9.649 +                       (All::(bool => bool) => bool)
   9.650 +                        (%xb::bool.
   9.651 +                            (All::(bool list => bool) => bool)
   9.652 +                             (%xc::bool list.
   9.653 +                                 (op -->::bool => bool => bool) (P xa xc)
   9.654 +                                  (P ((op #::bool => bool list => bool list)
   9.655 + x xa)
   9.656 +                                    ((op #::bool => bool list => bool list)
   9.657 +xb xc))))))))))
   9.658 +      ((All::(bool list => bool) => bool)
   9.659 +        (%x::bool list. (All::(bool list => bool) => bool) (P x))))"
   9.660 +  by (import prob_canon alg_order_ind)
   9.661 +
   9.662 +lemma alg_order_def: "alg_order [] (v6 # v7) = True &
   9.663 +alg_order [] [] = True &
   9.664 +alg_order (v2 # v3) [] = False &
   9.665 +alg_order (h # t) (h' # t') =
   9.666 +(h = True & h' = False | h = h' & alg_order t t')"
   9.667 +  by (import prob_canon alg_order_def)
   9.668 +
   9.669 +consts
   9.670 +  alg_sorted :: "bool list list => bool" 
   9.671 +
   9.672 +defs
   9.673 +  alg_sorted_primdef: "alg_sorted ==
   9.674 +WFREC (SOME R. WF R & (ALL x z y. R (y # z) (x # y # z)))
   9.675 + (%alg_sorted.
   9.676 +     list_case True
   9.677 +      (%v2. list_case True
   9.678 +             (%v6 v7. alg_order v2 v6 & alg_sorted (v6 # v7))))"
   9.679 +
   9.680 +lemma alg_sorted_primitive_def: "alg_sorted =
   9.681 +WFREC (SOME R. WF R & (ALL x z y. R (y # z) (x # y # z)))
   9.682 + (%alg_sorted.
   9.683 +     list_case True
   9.684 +      (%v2. list_case True
   9.685 +             (%v6 v7. alg_order v2 v6 & alg_sorted (v6 # v7))))"
   9.686 +  by (import prob_canon alg_sorted_primitive_def)
   9.687 +
   9.688 +lemma alg_sorted_ind: "(All::((bool list list => bool) => bool) => bool)
   9.689 + (%P::bool list list => bool.
   9.690 +     (op -->::bool => bool => bool)
   9.691 +      ((op &::bool => bool => bool)
   9.692 +        ((All::(bool list => bool) => bool)
   9.693 +          (%x::bool list.
   9.694 +              (All::(bool list => bool) => bool)
   9.695 +               (%y::bool list.
   9.696 +                   (All::(bool list list => bool) => bool)
   9.697 +                    (%z::bool list list.
   9.698 +                        (op -->::bool => bool => bool)
   9.699 +                         (P ((op #::bool list
   9.700 +                                    => bool list list => bool list list)
   9.701 +                              y z))
   9.702 +                         (P ((op #::bool list
   9.703 +                                    => bool list list => bool list list)
   9.704 +                              x ((op #::bool list
   9.705 +  => bool list list => bool list list)
   9.706 +                                  y z)))))))
   9.707 +        ((op &::bool => bool => bool)
   9.708 +          ((All::(bool list => bool) => bool)
   9.709 +            (%v::bool list.
   9.710 +                P ((op #::bool list => bool list list => bool list list) v
   9.711 +                    ([]::bool list list))))
   9.712 +          (P ([]::bool list list))))
   9.713 +      ((All::(bool list list => bool) => bool) P))"
   9.714 +  by (import prob_canon alg_sorted_ind)
   9.715 +
   9.716 +lemma alg_sorted_def: "alg_sorted (x # y # z) = (alg_order x y & alg_sorted (y # z)) &
   9.717 +alg_sorted [v] = True & alg_sorted [] = True"
   9.718 +  by (import prob_canon alg_sorted_def)
   9.719 +
   9.720 +consts
   9.721 +  alg_prefixfree :: "bool list list => bool" 
   9.722 +
   9.723 +defs
   9.724 +  alg_prefixfree_primdef: "alg_prefixfree ==
   9.725 +WFREC (SOME R. WF R & (ALL x z y. R (y # z) (x # y # z)))
   9.726 + (%alg_prefixfree.
   9.727 +     list_case True
   9.728 +      (%v2. list_case True
   9.729 +             (%v6 v7. ~ IS_PREFIX v6 v2 & alg_prefixfree (v6 # v7))))"
   9.730 +
   9.731 +lemma alg_prefixfree_primitive_def: "alg_prefixfree =
   9.732 +WFREC (SOME R. WF R & (ALL x z y. R (y # z) (x # y # z)))
   9.733 + (%alg_prefixfree.
   9.734 +     list_case True
   9.735 +      (%v2. list_case True
   9.736 +             (%v6 v7. ~ IS_PREFIX v6 v2 & alg_prefixfree (v6 # v7))))"
   9.737 +  by (import prob_canon alg_prefixfree_primitive_def)
   9.738 +
   9.739 +lemma alg_prefixfree_ind: "(All::((bool list list => bool) => bool) => bool)
   9.740 + (%P::bool list list => bool.
   9.741 +     (op -->::bool => bool => bool)
   9.742 +      ((op &::bool => bool => bool)
   9.743 +        ((All::(bool list => bool) => bool)
   9.744 +          (%x::bool list.
   9.745 +              (All::(bool list => bool) => bool)
   9.746 +               (%y::bool list.
   9.747 +                   (All::(bool list list => bool) => bool)
   9.748 +                    (%z::bool list list.
   9.749 +                        (op -->::bool => bool => bool)
   9.750 +                         (P ((op #::bool list
   9.751 +                                    => bool list list => bool list list)
   9.752 +                              y z))
   9.753 +                         (P ((op #::bool list
   9.754 +                                    => bool list list => bool list list)
   9.755 +                              x ((op #::bool list
   9.756 +  => bool list list => bool list list)
   9.757 +                                  y z)))))))
   9.758 +        ((op &::bool => bool => bool)
   9.759 +          ((All::(bool list => bool) => bool)
   9.760 +            (%v::bool list.
   9.761 +                P ((op #::bool list => bool list list => bool list list) v
   9.762 +                    ([]::bool list list))))
   9.763 +          (P ([]::bool list list))))
   9.764 +      ((All::(bool list list => bool) => bool) P))"
   9.765 +  by (import prob_canon alg_prefixfree_ind)
   9.766 +
   9.767 +lemma alg_prefixfree_def: "alg_prefixfree (x # y # z) = (~ IS_PREFIX y x & alg_prefixfree (y # z)) &
   9.768 +alg_prefixfree [v] = True & alg_prefixfree [] = True"
   9.769 +  by (import prob_canon alg_prefixfree_def)
   9.770 +
   9.771 +consts
   9.772 +  alg_twinfree :: "bool list list => bool" 
   9.773 +
   9.774 +defs
   9.775 +  alg_twinfree_primdef: "alg_twinfree ==
   9.776 +WFREC (SOME R. WF R & (ALL x z y. R (y # z) (x # y # z)))
   9.777 + (%alg_twinfree.
   9.778 +     list_case True
   9.779 +      (%v2. list_case True
   9.780 +             (%v6 v7. ~ alg_twin v2 v6 & alg_twinfree (v6 # v7))))"
   9.781 +
   9.782 +lemma alg_twinfree_primitive_def: "alg_twinfree =
   9.783 +WFREC (SOME R. WF R & (ALL x z y. R (y # z) (x # y # z)))
   9.784 + (%alg_twinfree.
   9.785 +     list_case True
   9.786 +      (%v2. list_case True
   9.787 +             (%v6 v7. ~ alg_twin v2 v6 & alg_twinfree (v6 # v7))))"
   9.788 +  by (import prob_canon alg_twinfree_primitive_def)
   9.789 +
   9.790 +lemma alg_twinfree_ind: "(All::((bool list list => bool) => bool) => bool)
   9.791 + (%P::bool list list => bool.
   9.792 +     (op -->::bool => bool => bool)
   9.793 +      ((op &::bool => bool => bool)
   9.794 +        ((All::(bool list => bool) => bool)
   9.795 +          (%x::bool list.
   9.796 +              (All::(bool list => bool) => bool)
   9.797 +               (%y::bool list.
   9.798 +                   (All::(bool list list => bool) => bool)
   9.799 +                    (%z::bool list list.
   9.800 +                        (op -->::bool => bool => bool)
   9.801 +                         (P ((op #::bool list
   9.802 +                                    => bool list list => bool list list)
   9.803 +                              y z))
   9.804 +                         (P ((op #::bool list
   9.805 +                                    => bool list list => bool list list)
   9.806 +                              x ((op #::bool list
   9.807 +  => bool list list => bool list list)
   9.808 +                                  y z)))))))
   9.809 +        ((op &::bool => bool => bool)
   9.810 +          ((All::(bool list => bool) => bool)
   9.811 +            (%v::bool list.
   9.812 +                P ((op #::bool list => bool list list => bool list list) v
   9.813 +                    ([]::bool list list))))
   9.814 +          (P ([]::bool list list))))
   9.815 +      ((All::(bool list list => bool) => bool) P))"
   9.816 +  by (import prob_canon alg_twinfree_ind)
   9.817 +
   9.818 +lemma alg_twinfree_def: "alg_twinfree (x # y # z) = (~ alg_twin x y & alg_twinfree (y # z)) &
   9.819 +alg_twinfree [v] = True & alg_twinfree [] = True"
   9.820 +  by (import prob_canon alg_twinfree_def)
   9.821 +
   9.822 +consts
   9.823 +  alg_longest :: "bool list list => nat" 
   9.824 +
   9.825 +defs
   9.826 +  alg_longest_primdef: "alg_longest == FOLDR (%h t. if t <= length h then length h else t) 0"
   9.827 +
   9.828 +lemma alg_longest_def: "alg_longest = FOLDR (%h t. if t <= length h then length h else t) 0"
   9.829 +  by (import prob_canon alg_longest_def)
   9.830 +
   9.831 +consts
   9.832 +  alg_canon_prefs :: "bool list => bool list list => bool list list" 
   9.833 +
   9.834 +specification (alg_canon_prefs_primdef: alg_canon_prefs) alg_canon_prefs_def: "(ALL l. alg_canon_prefs l [] = [l]) &
   9.835 +(ALL l h t.
   9.836 +    alg_canon_prefs l (h # t) =
   9.837 +    (if IS_PREFIX h l then alg_canon_prefs l t else l # h # t))"
   9.838 +  by (import prob_canon alg_canon_prefs_def)
   9.839 +
   9.840 +consts
   9.841 +  alg_canon_find :: "bool list => bool list list => bool list list" 
   9.842 +
   9.843 +specification (alg_canon_find_primdef: alg_canon_find) alg_canon_find_def: "(ALL l. alg_canon_find l [] = [l]) &
   9.844 +(ALL l h t.
   9.845 +    alg_canon_find l (h # t) =
   9.846 +    (if alg_order h l
   9.847 +     then if IS_PREFIX l h then h # t else h # alg_canon_find l t
   9.848 +     else alg_canon_prefs l (h # t)))"
   9.849 +  by (import prob_canon alg_canon_find_def)
   9.850 +
   9.851 +consts
   9.852 +  alg_canon1 :: "bool list list => bool list list" 
   9.853 +
   9.854 +defs
   9.855 +  alg_canon1_primdef: "alg_canon1 == FOLDR alg_canon_find []"
   9.856 +
   9.857 +lemma alg_canon1_def: "alg_canon1 = FOLDR alg_canon_find []"
   9.858 +  by (import prob_canon alg_canon1_def)
   9.859 +
   9.860 +consts
   9.861 +  alg_canon_merge :: "bool list => bool list list => bool list list" 
   9.862 +
   9.863 +specification (alg_canon_merge_primdef: alg_canon_merge) alg_canon_merge_def: "(ALL l. alg_canon_merge l [] = [l]) &
   9.864 +(ALL l h t.
   9.865 +    alg_canon_merge l (h # t) =
   9.866 +    (if alg_twin l h then alg_canon_merge (butlast h) t else l # h # t))"
   9.867 +  by (import prob_canon alg_canon_merge_def)
   9.868 +
   9.869 +consts
   9.870 +  alg_canon2 :: "bool list list => bool list list" 
   9.871 +
   9.872 +defs
   9.873 +  alg_canon2_primdef: "alg_canon2 == FOLDR alg_canon_merge []"
   9.874 +
   9.875 +lemma alg_canon2_def: "alg_canon2 = FOLDR alg_canon_merge []"
   9.876 +  by (import prob_canon alg_canon2_def)
   9.877 +
   9.878 +consts
   9.879 +  alg_canon :: "bool list list => bool list list" 
   9.880 +
   9.881 +defs
   9.882 +  alg_canon_primdef: "alg_canon == %l. alg_canon2 (alg_canon1 l)"
   9.883 +
   9.884 +lemma alg_canon_def: "ALL l. alg_canon l = alg_canon2 (alg_canon1 l)"
   9.885 +  by (import prob_canon alg_canon_def)
   9.886 +
   9.887 +consts
   9.888 +  algebra_canon :: "bool list list => bool" 
   9.889 +
   9.890 +defs
   9.891 +  algebra_canon_primdef: "algebra_canon == %l. alg_canon l = l"
   9.892 +
   9.893 +lemma algebra_canon_def: "ALL l. algebra_canon l = (alg_canon l = l)"
   9.894 +  by (import prob_canon algebra_canon_def)
   9.895 +
   9.896 +lemma ALG_TWIN_NIL: "ALL l. ~ alg_twin l [] & ~ alg_twin [] l"
   9.897 +  by (import prob_canon ALG_TWIN_NIL)
   9.898 +
   9.899 +lemma ALG_TWIN_SING: "ALL x l.
   9.900 +   alg_twin [x] l = (x = True & l = [False]) &
   9.901 +   alg_twin l [x] = (l = [True] & x = False)"
   9.902 +  by (import prob_canon ALG_TWIN_SING)
   9.903 +
   9.904 +lemma ALG_TWIN_CONS: "ALL x y z h t.
   9.905 +   alg_twin (x # y # z) (h # t) = (x = h & alg_twin (y # z) t) &
   9.906 +   alg_twin (h # t) (x # y # z) = (x = h & alg_twin t (y # z))"
   9.907 +  by (import prob_canon ALG_TWIN_CONS)
   9.908 +
   9.909 +lemma ALG_TWIN_REDUCE: "ALL h t t'. alg_twin (h # t) (h # t') = alg_twin t t'"
   9.910 +  by (import prob_canon ALG_TWIN_REDUCE)
   9.911 +
   9.912 +lemma ALG_TWINS_PREFIX: "(All::(bool list => bool) => bool)
   9.913 + (%x::bool list.
   9.914 +     (All::(bool list => bool) => bool)
   9.915 +      (%l::bool list.
   9.916 +          (op -->::bool => bool => bool)
   9.917 +           ((IS_PREFIX::bool list => bool list => bool) x l)
   9.918 +           ((op |::bool => bool => bool)
   9.919 +             ((op =::bool list => bool list => bool) x l)
   9.920 +             ((op |::bool => bool => bool)
   9.921 +               ((IS_PREFIX::bool list => bool list => bool) x
   9.922 +                 ((SNOC::bool => bool list => bool list) (True::bool) l))
   9.923 +               ((IS_PREFIX::bool list => bool list => bool) x
   9.924 +                 ((SNOC::bool => bool list => bool list) (False::bool)
   9.925 +                   l))))))"
   9.926 +  by (import prob_canon ALG_TWINS_PREFIX)
   9.927 +
   9.928 +lemma ALG_ORDER_NIL: "ALL x. alg_order [] x & alg_order x [] = (x = [])"
   9.929 +  by (import prob_canon ALG_ORDER_NIL)
   9.930 +
   9.931 +lemma ALG_ORDER_REFL: "ALL x. alg_order x x"
   9.932 +  by (import prob_canon ALG_ORDER_REFL)
   9.933 +
   9.934 +lemma ALG_ORDER_ANTISYM: "(All::(bool list => bool) => bool)
   9.935 + (%x::bool list.
   9.936 +     (All::(bool list => bool) => bool)
   9.937 +      (%y::bool list.
   9.938 +          (op -->::bool => bool => bool)
   9.939 +           ((op &::bool => bool => bool)
   9.940 +             ((alg_order::bool list => bool list => bool) x y)
   9.941 +             ((alg_order::bool list => bool list => bool) y x))
   9.942 +           ((op =::bool list => bool list => bool) x y)))"
   9.943 +  by (import prob_canon ALG_ORDER_ANTISYM)
   9.944 +
   9.945 +lemma ALG_ORDER_TRANS: "(All::(bool list => bool) => bool)
   9.946 + (%x::bool list.
   9.947 +     (All::(bool list => bool) => bool)
   9.948 +      (%y::bool list.
   9.949 +          (All::(bool list => bool) => bool)
   9.950 +           (%z::bool list.
   9.951 +               (op -->::bool => bool => bool)
   9.952 +                ((op &::bool => bool => bool)
   9.953 +                  ((alg_order::bool list => bool list => bool) x y)
   9.954 +                  ((alg_order::bool list => bool list => bool) y z))
   9.955 +                ((alg_order::bool list => bool list => bool) x z))))"
   9.956 +  by (import prob_canon ALG_ORDER_TRANS)
   9.957 +
   9.958 +lemma ALG_ORDER_TOTAL: "ALL x y. alg_order x y | alg_order y x"
   9.959 +  by (import prob_canon ALG_ORDER_TOTAL)
   9.960 +
   9.961 +lemma ALG_ORDER_PREFIX: "(All::(bool list => bool) => bool)
   9.962 + (%x::bool list.
   9.963 +     (All::(bool list => bool) => bool)
   9.964 +      (%y::bool list.
   9.965 +          (op -->::bool => bool => bool)
   9.966 +           ((IS_PREFIX::bool list => bool list => bool) y x)
   9.967 +           ((alg_order::bool list => bool list => bool) x y)))"
   9.968 +  by (import prob_canon ALG_ORDER_PREFIX)
   9.969 +
   9.970 +lemma ALG_ORDER_PREFIX_ANTI: "(All::(bool list => bool) => bool)
   9.971 + (%x::bool list.
   9.972 +     (All::(bool list => bool) => bool)
   9.973 +      (%y::bool list.
   9.974 +          (op -->::bool => bool => bool)
   9.975 +           ((op &::bool => bool => bool)
   9.976 +             ((alg_order::bool list => bool list => bool) x y)
   9.977 +             ((IS_PREFIX::bool list => bool list => bool) x y))
   9.978 +           ((op =::bool list => bool list => bool) x y)))"
   9.979 +  by (import prob_canon ALG_ORDER_PREFIX_ANTI)
   9.980 +
   9.981 +lemma ALG_ORDER_PREFIX_MONO: "(All::(bool list => bool) => bool)
   9.982 + (%x::bool list.
   9.983 +     (All::(bool list => bool) => bool)
   9.984 +      (%y::bool list.
   9.985 +          (All::(bool list => bool) => bool)
   9.986 +           (%z::bool list.
   9.987 +               (op -->::bool => bool => bool)
   9.988 +                ((op &::bool => bool => bool)
   9.989 +                  ((alg_order::bool list => bool list => bool) x y)
   9.990 +                  ((op &::bool => bool => bool)
   9.991 +                    ((alg_order::bool list => bool list => bool) y z)
   9.992 +                    ((IS_PREFIX::bool list => bool list => bool) z x)))
   9.993 +                ((IS_PREFIX::bool list => bool list => bool) y x))))"
   9.994 +  by (import prob_canon ALG_ORDER_PREFIX_MONO)
   9.995 +
   9.996 +lemma ALG_ORDER_PREFIX_TRANS: "(All::(bool list => bool) => bool)
   9.997 + (%x::bool list.
   9.998 +     (All::(bool list => bool) => bool)
   9.999 +      (%y::bool list.
  9.1000 +          (All::(bool list => bool) => bool)
  9.1001 +           (%z::bool list.
  9.1002 +               (op -->::bool => bool => bool)
  9.1003 +                ((op &::bool => bool => bool)
  9.1004 +                  ((alg_order::bool list => bool list => bool) x y)
  9.1005 +                  ((IS_PREFIX::bool list => bool list => bool) y z))
  9.1006 +                ((op |::bool => bool => bool)
  9.1007 +                  ((alg_order::bool list => bool list => bool) x z)
  9.1008 +                  ((IS_PREFIX::bool list => bool list => bool) x z)))))"
  9.1009 +  by (import prob_canon ALG_ORDER_PREFIX_TRANS)
  9.1010 +
  9.1011 +lemma ALG_ORDER_SNOC: "ALL x l. ~ alg_order (SNOC x l) l"
  9.1012 +  by (import prob_canon ALG_ORDER_SNOC)
  9.1013 +
  9.1014 +lemma ALG_SORTED_MIN: "(All::(bool list => bool) => bool)
  9.1015 + (%h::bool list.
  9.1016 +     (All::(bool list list => bool) => bool)
  9.1017 +      (%t::bool list list.
  9.1018 +          (op -->::bool => bool => bool)
  9.1019 +           ((alg_sorted::bool list list => bool)
  9.1020 +             ((op #::bool list => bool list list => bool list list) h t))
  9.1021 +           ((All::(bool list => bool) => bool)
  9.1022 +             (%x::bool list.
  9.1023 +                 (op -->::bool => bool => bool)
  9.1024 +                  ((op mem::bool list => bool list list => bool) x t)
  9.1025 +                  ((alg_order::bool list => bool list => bool) h x)))))"
  9.1026 +  by (import prob_canon ALG_SORTED_MIN)
  9.1027 +
  9.1028 +lemma ALG_SORTED_DEF_ALT: "(All::(bool list => bool) => bool)
  9.1029 + (%h::bool list.
  9.1030 +     (All::(bool list list => bool) => bool)
  9.1031 +      (%t::bool list list.
  9.1032 +          (op =::bool => bool => bool)
  9.1033 +           ((alg_sorted::bool list list => bool)
  9.1034 +             ((op #::bool list => bool list list => bool list list) h t))
  9.1035 +           ((op &::bool => bool => bool)
  9.1036 +             ((All::(bool list => bool) => bool)
  9.1037 +               (%x::bool list.
  9.1038 +                   (op -->::bool => bool => bool)
  9.1039 +                    ((op mem::bool list => bool list list => bool) x t)
  9.1040 +                    ((alg_order::bool list => bool list => bool) h x)))
  9.1041 +             ((alg_sorted::bool list list => bool) t))))"
  9.1042 +  by (import prob_canon ALG_SORTED_DEF_ALT)
  9.1043 +
  9.1044 +lemma ALG_SORTED_TL: "(All::(bool list => bool) => bool)
  9.1045 + (%h::bool list.
  9.1046 +     (All::(bool list list => bool) => bool)
  9.1047 +      (%t::bool list list.
  9.1048 +          (op -->::bool => bool => bool)
  9.1049 +           ((alg_sorted::bool list list => bool)
  9.1050 +             ((op #::bool list => bool list list => bool list list) h t))
  9.1051 +           ((alg_sorted::bool list list => bool) t)))"
  9.1052 +  by (import prob_canon ALG_SORTED_TL)
  9.1053 +
  9.1054 +lemma ALG_SORTED_MONO: "(All::(bool list => bool) => bool)
  9.1055 + (%x::bool list.
  9.1056 +     (All::(bool list => bool) => bool)
  9.1057 +      (%y::bool list.
  9.1058 +          (All::(bool list list => bool) => bool)
  9.1059 +           (%z::bool list list.
  9.1060 +               (op -->::bool => bool => bool)
  9.1061 +                ((alg_sorted::bool list list => bool)
  9.1062 +                  ((op #::bool list => bool list list => bool list list) x
  9.1063 +                    ((op #::bool list => bool list list => bool list list) y
  9.1064 +                      z)))
  9.1065 +                ((alg_sorted::bool list list => bool)
  9.1066 +                  ((op #::bool list => bool list list => bool list list) x
  9.1067 +                    z)))))"
  9.1068 +  by (import prob_canon ALG_SORTED_MONO)
  9.1069 +
  9.1070 +lemma ALG_SORTED_TLS: "ALL l b. alg_sorted (map (op # b) l) = alg_sorted l"
  9.1071 +  by (import prob_canon ALG_SORTED_TLS)
  9.1072 +
  9.1073 +lemma ALG_SORTED_STEP: "ALL l1 l2.
  9.1074 +   alg_sorted (map (op # True) l1 @ map (op # False) l2) =
  9.1075 +   (alg_sorted l1 & alg_sorted l2)"
  9.1076 +  by (import prob_canon ALG_SORTED_STEP)
  9.1077 +
  9.1078 +lemma ALG_SORTED_APPEND: "ALL h h' t t'.
  9.1079 +   alg_sorted ((h # t) @ h' # t') =
  9.1080 +   (alg_sorted (h # t) & alg_sorted (h' # t') & alg_order (last (h # t)) h')"
  9.1081 +  by (import prob_canon ALG_SORTED_APPEND)
  9.1082 +
  9.1083 +lemma ALG_SORTED_FILTER: "(All::((bool list => bool) => bool) => bool)
  9.1084 + (%P::bool list => bool.
  9.1085 +     (All::(bool list list => bool) => bool)
  9.1086 +      (%b::bool list list.
  9.1087 +          (op -->::bool => bool => bool)
  9.1088 +           ((alg_sorted::bool list list => bool) b)
  9.1089 +           ((alg_sorted::bool list list => bool)
  9.1090 +             ((filter::(bool list => bool)
  9.1091 +                       => bool list list => bool list list)
  9.1092 +               P b))))"
  9.1093 +  by (import prob_canon ALG_SORTED_FILTER)
  9.1094 +
  9.1095 +lemma ALG_PREFIXFREE_TL: "(All::(bool list => bool) => bool)
  9.1096 + (%h::bool list.
  9.1097 +     (All::(bool list list => bool) => bool)
  9.1098 +      (%t::bool list list.
  9.1099 +          (op -->::bool => bool => bool)
  9.1100 +           ((alg_prefixfree::bool list list => bool)
  9.1101 +             ((op #::bool list => bool list list => bool list list) h t))
  9.1102 +           ((alg_prefixfree::bool list list => bool) t)))"
  9.1103 +  by (import prob_canon ALG_PREFIXFREE_TL)
  9.1104 +
  9.1105 +lemma ALG_PREFIXFREE_MONO: "(All::(bool list => bool) => bool)
  9.1106 + (%x::bool list.
  9.1107 +     (All::(bool list => bool) => bool)
  9.1108 +      (%y::bool list.
  9.1109 +          (All::(bool list list => bool) => bool)
  9.1110 +           (%z::bool list list.
  9.1111 +               (op -->::bool => bool => bool)
  9.1112 +                ((op &::bool => bool => bool)
  9.1113 +                  ((alg_sorted::bool list list => bool)
  9.1114 +                    ((op #::bool list => bool list list => bool list list) x
  9.1115 +                      ((op #::bool list => bool list list => bool list list)
  9.1116 +                        y z)))
  9.1117 +                  ((alg_prefixfree::bool list list => bool)
  9.1118 +                    ((op #::bool list => bool list list => bool list list) x
  9.1119 +                      ((op #::bool list => bool list list => bool list list)
  9.1120 +                        y z))))
  9.1121 +                ((alg_prefixfree::bool list list => bool)
  9.1122 +                  ((op #::bool list => bool list list => bool list list) x
  9.1123 +                    z)))))"
  9.1124 +  by (import prob_canon ALG_PREFIXFREE_MONO)
  9.1125 +
  9.1126 +lemma ALG_PREFIXFREE_ELT: "(All::(bool list => bool) => bool)
  9.1127 + (%h::bool list.
  9.1128 +     (All::(bool list list => bool) => bool)
  9.1129 +      (%t::bool list list.
  9.1130 +          (op -->::bool => bool => bool)
  9.1131 +           ((op &::bool => bool => bool)
  9.1132 +             ((alg_sorted::bool list list => bool)
  9.1133 +               ((op #::bool list => bool list list => bool list list) h t))
  9.1134 +             ((alg_prefixfree::bool list list => bool)
  9.1135 +               ((op #::bool list => bool list list => bool list list) h t)))
  9.1136 +           ((All::(bool list => bool) => bool)
  9.1137 +             (%x::bool list.
  9.1138 +                 (op -->::bool => bool => bool)
  9.1139 +                  ((op mem::bool list => bool list list => bool) x t)
  9.1140 +                  ((op &::bool => bool => bool)
  9.1141 +                    ((Not::bool => bool)
  9.1142 +                      ((IS_PREFIX::bool list => bool list => bool) x h))
  9.1143 +                    ((Not::bool => bool)
  9.1144 +                      ((IS_PREFIX::bool list => bool list => bool) h
  9.1145 +                        x)))))))"
  9.1146 +  by (import prob_canon ALG_PREFIXFREE_ELT)
  9.1147 +
  9.1148 +lemma ALG_PREFIXFREE_TLS: "ALL l b. alg_prefixfree (map (op # b) l) = alg_prefixfree l"
  9.1149 +  by (import prob_canon ALG_PREFIXFREE_TLS)
  9.1150 +
  9.1151 +lemma ALG_PREFIXFREE_STEP: "ALL l1 l2.
  9.1152 +   alg_prefixfree (map (op # True) l1 @ map (op # False) l2) =
  9.1153 +   (alg_prefixfree l1 & alg_prefixfree l2)"
  9.1154 +  by (import prob_canon ALG_PREFIXFREE_STEP)
  9.1155 +
  9.1156 +lemma ALG_PREFIXFREE_APPEND: "ALL h h' t t'.
  9.1157 +   alg_prefixfree ((h # t) @ h' # t') =
  9.1158 +   (alg_prefixfree (h # t) &
  9.1159 +    alg_prefixfree (h' # t') & ~ IS_PREFIX h' (last (h # t)))"
  9.1160 +  by (import prob_canon ALG_PREFIXFREE_APPEND)
  9.1161 +
  9.1162 +lemma ALG_PREFIXFREE_FILTER: "(All::((bool list => bool) => bool) => bool)
  9.1163 + (%P::bool list => bool.
  9.1164 +     (All::(bool list list => bool) => bool)
  9.1165 +      (%b::bool list list.
  9.1166 +          (op -->::bool => bool => bool)
  9.1167 +           ((op &::bool => bool => bool)
  9.1168 +             ((alg_sorted::bool list list => bool) b)
  9.1169 +             ((alg_prefixfree::bool list list => bool) b))
  9.1170 +           ((alg_prefixfree::bool list list => bool)
  9.1171 +             ((filter::(bool list => bool)
  9.1172 +                       => bool list list => bool list list)
  9.1173 +               P b))))"
  9.1174 +  by (import prob_canon ALG_PREFIXFREE_FILTER)
  9.1175 +
  9.1176 +lemma ALG_TWINFREE_TL: "(All::(bool list => bool) => bool)
  9.1177 + (%h::bool list.
  9.1178 +     (All::(bool list list => bool) => bool)
  9.1179 +      (%t::bool list list.
  9.1180 +          (op -->::bool => bool => bool)
  9.1181 +           ((alg_twinfree::bool list list => bool)
  9.1182 +             ((op #::bool list => bool list list => bool list list) h t))
  9.1183 +           ((alg_twinfree::bool list list => bool) t)))"
  9.1184 +  by (import prob_canon ALG_TWINFREE_TL)
  9.1185 +
  9.1186 +lemma ALG_TWINFREE_TLS: "ALL l b. alg_twinfree (map (op # b) l) = alg_twinfree l"
  9.1187 +  by (import prob_canon ALG_TWINFREE_TLS)
  9.1188 +
  9.1189 +lemma ALG_TWINFREE_STEP1: "(All::(bool list list => bool) => bool)
  9.1190 + (%l1::bool list list.
  9.1191 +     (All::(bool list list => bool) => bool)
  9.1192 +      (%l2::bool list list.
  9.1193 +          (op -->::bool => bool => bool)
  9.1194 +           ((alg_twinfree::bool list list => bool)
  9.1195 +             ((op @::bool list list => bool list list => bool list list)
  9.1196 +               ((map::(bool list => bool list)
  9.1197 +                      => bool list list => bool list list)
  9.1198 +                 ((op #::bool => bool list => bool list) (True::bool)) l1)
  9.1199 +               ((map::(bool list => bool list)
  9.1200 +                      => bool list list => bool list list)
  9.1201 +                 ((op #::bool => bool list => bool list) (False::bool))
  9.1202 +                 l2)))
  9.1203 +           ((op &::bool => bool => bool)
  9.1204 +             ((alg_twinfree::bool list list => bool) l1)
  9.1205 +             ((alg_twinfree::bool list list => bool) l2))))"
  9.1206 +  by (import prob_canon ALG_TWINFREE_STEP1)
  9.1207 +
  9.1208 +lemma ALG_TWINFREE_STEP2: "(All::(bool list list => bool) => bool)
  9.1209 + (%l1::bool list list.
  9.1210 +     (All::(bool list list => bool) => bool)
  9.1211 +      (%l2::bool list list.
  9.1212 +          (op -->::bool => bool => bool)
  9.1213 +           ((op &::bool => bool => bool)
  9.1214 +             ((op |::bool => bool => bool)
  9.1215 +               ((Not::bool => bool)
  9.1216 +                 ((op mem::bool list => bool list list => bool)
  9.1217 +                   ([]::bool list) l1))
  9.1218 +               ((Not::bool => bool)
  9.1219 +                 ((op mem::bool list => bool list list => bool)
  9.1220 +                   ([]::bool list) l2)))
  9.1221 +             ((op &::bool => bool => bool)
  9.1222 +               ((alg_twinfree::bool list list => bool) l1)
  9.1223 +               ((alg_twinfree::bool list list => bool) l2)))
  9.1224 +           ((alg_twinfree::bool list list => bool)
  9.1225 +             ((op @::bool list list => bool list list => bool list list)
  9.1226 +               ((map::(bool list => bool list)
  9.1227 +                      => bool list list => bool list list)
  9.1228 +                 ((op #::bool => bool list => bool list) (True::bool)) l1)
  9.1229 +               ((map::(bool list => bool list)
  9.1230 +                      => bool list list => bool list list)
  9.1231 +                 ((op #::bool => bool list => bool list) (False::bool))
  9.1232 +                 l2)))))"
  9.1233 +  by (import prob_canon ALG_TWINFREE_STEP2)
  9.1234 +
  9.1235 +lemma ALG_TWINFREE_STEP: "(All::(bool list list => bool) => bool)
  9.1236 + (%l1::bool list list.
  9.1237 +     (All::(bool list list => bool) => bool)
  9.1238 +      (%l2::bool list list.
  9.1239 +          (op -->::bool => bool => bool)
  9.1240 +           ((op |::bool => bool => bool)
  9.1241 +             ((Not::bool => bool)
  9.1242 +               ((op mem::bool list => bool list list => bool)
  9.1243 +                 ([]::bool list) l1))
  9.1244 +             ((Not::bool => bool)
  9.1245 +               ((op mem::bool list => bool list list => bool)
  9.1246 +                 ([]::bool list) l2)))
  9.1247 +           ((op =::bool => bool => bool)
  9.1248 +             ((alg_twinfree::bool list list => bool)
  9.1249 +               ((op @::bool list list => bool list list => bool list list)
  9.1250 +                 ((map::(bool list => bool list)
  9.1251 +                        => bool list list => bool list list)
  9.1252 +                   ((op #::bool => bool list => bool list) (True::bool)) l1)
  9.1253 +                 ((map::(bool list => bool list)
  9.1254 +                        => bool list list => bool list list)
  9.1255 +                   ((op #::bool => bool list => bool list) (False::bool))
  9.1256 +                   l2)))
  9.1257 +             ((op &::bool => bool => bool)
  9.1258 +               ((alg_twinfree::bool list list => bool) l1)
  9.1259 +               ((alg_twinfree::bool list list => bool) l2)))))"
  9.1260 +  by (import prob_canon ALG_TWINFREE_STEP)
  9.1261 +
  9.1262 +lemma ALG_LONGEST_HD: "ALL h t. length h <= alg_longest (h # t)"
  9.1263 +  by (import prob_canon ALG_LONGEST_HD)
  9.1264 +
  9.1265 +lemma ALG_LONGEST_TL: "ALL h t. alg_longest t <= alg_longest (h # t)"
  9.1266 +  by (import prob_canon ALG_LONGEST_TL)
  9.1267 +
  9.1268 +lemma ALG_LONGEST_TLS: "ALL h t b. alg_longest (map (op # b) (h # t)) = Suc (alg_longest (h # t))"
  9.1269 +  by (import prob_canon ALG_LONGEST_TLS)
  9.1270 +
  9.1271 +lemma ALG_LONGEST_APPEND: "ALL l1 l2.
  9.1272 +   alg_longest l1 <= alg_longest (l1 @ l2) &
  9.1273 +   alg_longest l2 <= alg_longest (l1 @ l2)"
  9.1274 +  by (import prob_canon ALG_LONGEST_APPEND)
  9.1275 +
  9.1276 +lemma ALG_CANON_PREFS_HD: "ALL l b. hd (alg_canon_prefs l b) = l"
  9.1277 +  by (import prob_canon ALG_CANON_PREFS_HD)
  9.1278 +
  9.1279 +lemma ALG_CANON_PREFS_DELETES: "(All::(bool list => bool) => bool)
  9.1280 + (%l::bool list.
  9.1281 +     (All::(bool list list => bool) => bool)
  9.1282 +      (%b::bool list list.
  9.1283 +          (All::(bool list => bool) => bool)
  9.1284 +           (%x::bool list.
  9.1285 +               (op -->::bool => bool => bool)
  9.1286 +                ((op mem::bool list => bool list list => bool) x
  9.1287 +                  ((alg_canon_prefs::bool list
  9.1288 +                                     => bool list list => bool list list)
  9.1289 +                    l b))
  9.1290 +                ((op mem::bool list => bool list list => bool) x
  9.1291 +                  ((op #::bool list => bool list list => bool list list) l
  9.1292 +                    b)))))"
  9.1293 +  by (import prob_canon ALG_CANON_PREFS_DELETES)
  9.1294 +
  9.1295 +lemma ALG_CANON_PREFS_SORTED: "(All::(bool list => bool) => bool)
  9.1296 + (%l::bool list.
  9.1297 +     (All::(bool list list => bool) => bool)
  9.1298 +      (%b::bool list list.
  9.1299 +          (op -->::bool => bool => bool)
  9.1300 +           ((alg_sorted::bool list list => bool)
  9.1301 +             ((op #::bool list => bool list list => bool list list) l b))
  9.1302 +           ((alg_sorted::bool list list => bool)
  9.1303 +             ((alg_canon_prefs::bool list
  9.1304 +                                => bool list list => bool list list)
  9.1305 +               l b))))"
  9.1306 +  by (import prob_canon ALG_CANON_PREFS_SORTED)
  9.1307 +
  9.1308 +lemma ALG_CANON_PREFS_PREFIXFREE: "(All::(bool list => bool) => bool)
  9.1309 + (%l::bool list.
  9.1310 +     (All::(bool list list => bool) => bool)
  9.1311 +      (%b::bool list list.
  9.1312 +          (op -->::bool => bool => bool)
  9.1313 +           ((op &::bool => bool => bool)
  9.1314 +             ((alg_sorted::bool list list => bool) b)
  9.1315 +             ((alg_prefixfree::bool list list => bool) b))
  9.1316 +           ((alg_prefixfree::bool list list => bool)
  9.1317 +             ((alg_canon_prefs::bool list
  9.1318 +                                => bool list list => bool list list)
  9.1319 +               l b))))"
  9.1320 +  by (import prob_canon ALG_CANON_PREFS_PREFIXFREE)
  9.1321 +
  9.1322 +lemma ALG_CANON_PREFS_CONSTANT: "(All::(bool list => bool) => bool)
  9.1323 + (%l::bool list.
  9.1324 +     (All::(bool list list => bool) => bool)
  9.1325 +      (%b::bool list list.
  9.1326 +          (op -->::bool => bool => bool)
  9.1327 +           ((alg_prefixfree::bool list list => bool)
  9.1328 +             ((op #::bool list => bool list list => bool list list) l b))
  9.1329 +           ((op =::bool list list => bool list list => bool)
  9.1330 +             ((alg_canon_prefs::bool list
  9.1331 +                                => bool list list => bool list list)
  9.1332 +               l b)
  9.1333 +             ((op #::bool list => bool list list => bool list list) l b))))"
  9.1334 +  by (import prob_canon ALG_CANON_PREFS_CONSTANT)
  9.1335 +
  9.1336 +lemma ALG_CANON_FIND_HD: "ALL l h t.
  9.1337 +   hd (alg_canon_find l (h # t)) = l | hd (alg_canon_find l (h # t)) = h"
  9.1338 +  by (import prob_canon ALG_CANON_FIND_HD)
  9.1339 +
  9.1340 +lemma ALG_CANON_FIND_DELETES: "(All::(bool list => bool) => bool)
  9.1341 + (%l::bool list.
  9.1342 +     (All::(bool list list => bool) => bool)
  9.1343 +      (%b::bool list list.
  9.1344 +          (All::(bool list => bool) => bool)
  9.1345 +           (%x::bool list.
  9.1346 +               (op -->::bool => bool => bool)
  9.1347 +                ((op mem::bool list => bool list list => bool) x
  9.1348 +                  ((alg_canon_find::bool list
  9.1349 +                                    => bool list list => bool list list)
  9.1350 +                    l b))
  9.1351 +                ((op mem::bool list => bool list list => bool) x
  9.1352 +                  ((op #::bool list => bool list list => bool list list) l
  9.1353 +                    b)))))"
  9.1354 +  by (import prob_canon ALG_CANON_FIND_DELETES)
  9.1355 +
  9.1356 +lemma ALG_CANON_FIND_SORTED: "(All::(bool list => bool) => bool)
  9.1357 + (%l::bool list.
  9.1358 +     (All::(bool list list => bool) => bool)
  9.1359 +      (%b::bool list list.
  9.1360 +          (op -->::bool => bool => bool)
  9.1361 +           ((alg_sorted::bool list list => bool) b)
  9.1362 +           ((alg_sorted::bool list list => bool)
  9.1363 +             ((alg_canon_find::bool list
  9.1364 +                               => bool list list => bool list list)
  9.1365 +               l b))))"
  9.1366 +  by (import prob_canon ALG_CANON_FIND_SORTED)
  9.1367 +
  9.1368 +lemma ALG_CANON_FIND_PREFIXFREE: "(All::(bool list => bool) => bool)
  9.1369 + (%l::bool list.
  9.1370 +     (All::(bool list list => bool) => bool)
  9.1371 +      (%b::bool list list.
  9.1372 +          (op -->::bool => bool => bool)
  9.1373 +           ((op &::bool => bool => bool)
  9.1374 +             ((alg_sorted::bool list list => bool) b)
  9.1375 +             ((alg_prefixfree::bool list list => bool) b))
  9.1376 +           ((alg_prefixfree::bool list list => bool)
  9.1377 +             ((alg_canon_find::bool list
  9.1378 +                               => bool list list => bool list list)
  9.1379 +               l b))))"
  9.1380 +  by (import prob_canon ALG_CANON_FIND_PREFIXFREE)
  9.1381 +
  9.1382 +lemma ALG_CANON_FIND_CONSTANT: "(All::(bool list => bool) => bool)
  9.1383 + (%l::bool list.
  9.1384 +     (All::(bool list list => bool) => bool)
  9.1385 +      (%b::bool list list.
  9.1386 +          (op -->::bool => bool => bool)
  9.1387 +           ((op &::bool => bool => bool)
  9.1388 +             ((alg_sorted::bool list list => bool)
  9.1389 +               ((op #::bool list => bool list list => bool list list) l b))
  9.1390 +             ((alg_prefixfree::bool list list => bool)
  9.1391 +               ((op #::bool list => bool list list => bool list list) l b)))
  9.1392 +           ((op =::bool list list => bool list list => bool)
  9.1393 +             ((alg_canon_find::bool list
  9.1394 +                               => bool list list => bool list list)
  9.1395 +               l b)
  9.1396 +             ((op #::bool list => bool list list => bool list list) l b))))"
  9.1397 +  by (import prob_canon ALG_CANON_FIND_CONSTANT)
  9.1398 +
  9.1399 +lemma ALG_CANON1_SORTED: "ALL x. alg_sorted (alg_canon1 x)"
  9.1400 +  by (import prob_canon ALG_CANON1_SORTED)
  9.1401 +
  9.1402 +lemma ALG_CANON1_PREFIXFREE: "ALL l. alg_prefixfree (alg_canon1 l)"
  9.1403 +  by (import prob_canon ALG_CANON1_PREFIXFREE)
  9.1404 +
  9.1405 +lemma ALG_CANON1_CONSTANT: "(All::(bool list list => bool) => bool)
  9.1406 + (%l::bool list list.
  9.1407 +     (op -->::bool => bool => bool)
  9.1408 +      ((op &::bool => bool => bool) ((alg_sorted::bool list list => bool) l)
  9.1409 +        ((alg_prefixfree::bool list list => bool) l))
  9.1410 +      ((op =::bool list list => bool list list => bool)
  9.1411 +        ((alg_canon1::bool list list => bool list list) l) l))"
  9.1412 +  by (import prob_canon ALG_CANON1_CONSTANT)
  9.1413 +
  9.1414 +lemma ALG_CANON_MERGE_SORTED_PREFIXFREE_TWINFREE: "(All::(bool list => bool) => bool)
  9.1415 + (%l::bool list.
  9.1416 +     (All::(bool list list => bool) => bool)
  9.1417 +      (%b::bool list list.
  9.1418 +          (op -->::bool => bool => bool)
  9.1419 +           ((op &::bool => bool => bool)
  9.1420 +             ((alg_sorted::bool list list => bool)
  9.1421 +               ((op #::bool list => bool list list => bool list list) l b))
  9.1422 +             ((op &::bool => bool => bool)
  9.1423 +               ((alg_prefixfree::bool list list => bool)
  9.1424 +                 ((op #::bool list => bool list list => bool list list) l
  9.1425 +                   b))
  9.1426 +               ((alg_twinfree::bool list list => bool) b)))
  9.1427 +           ((op &::bool => bool => bool)
  9.1428 +             ((alg_sorted::bool list list => bool)
  9.1429 +               ((alg_canon_merge::bool list
  9.1430 +                                  => bool list list => bool list list)
  9.1431 +                 l b))
  9.1432 +             ((op &::bool => bool => bool)
  9.1433 +               ((alg_prefixfree::bool list list => bool)
  9.1434 +                 ((alg_canon_merge::bool list
  9.1435 +                                    => bool list list => bool list list)
  9.1436 +                   l b))
  9.1437 +               ((alg_twinfree::bool list list => bool)
  9.1438 +                 ((alg_canon_merge::bool list
  9.1439 +                                    => bool list list => bool list list)
  9.1440 +                   l b))))))"
  9.1441 +  by (import prob_canon ALG_CANON_MERGE_SORTED_PREFIXFREE_TWINFREE)
  9.1442 +
  9.1443 +lemma ALG_CANON_MERGE_PREFIXFREE_PRESERVE: "(All::(bool list => bool) => bool)
  9.1444 + (%l::bool list.
  9.1445 +     (All::(bool list list => bool) => bool)
  9.1446 +      (%b::bool list list.
  9.1447 +          (All::(bool list => bool) => bool)
  9.1448 +           (%h::bool list.
  9.1449 +               (op -->::bool => bool => bool)
  9.1450 +                ((All::(bool list => bool) => bool)
  9.1451 +                  (%x::bool list.
  9.1452 +                      (op -->::bool => bool => bool)
  9.1453 +                       ((op mem::bool list => bool list list => bool) x
  9.1454 +                         ((op #::bool list
  9.1455 +                                 => bool list list => bool list list)
  9.1456 +                           l b))
  9.1457 +                       ((op &::bool => bool => bool)
  9.1458 +                         ((Not::bool => bool)
  9.1459 +                           ((IS_PREFIX::bool list => bool list => bool) h
  9.1460 +                             x))
  9.1461 +                         ((Not::bool => bool)
  9.1462 +                           ((IS_PREFIX::bool list => bool list => bool) x
  9.1463 +                             h)))))
  9.1464 +                ((All::(bool list => bool) => bool)
  9.1465 +                  (%x::bool list.
  9.1466 +                      (op -->::bool => bool => bool)
  9.1467 +                       ((op mem::bool list => bool list list => bool) x
  9.1468 +                         ((alg_canon_merge::bool list
  9.1469 +      => bool list list => bool list list)
  9.1470 +                           l b))
  9.1471 +                       ((op &::bool => bool => bool)
  9.1472 +                         ((Not::bool => bool)
  9.1473 +                           ((IS_PREFIX::bool list => bool list => bool) h
  9.1474 +                             x))
  9.1475 +                         ((Not::bool => bool)
  9.1476 +                           ((IS_PREFIX::bool list => bool list => bool) x
  9.1477 +                             h))))))))"
  9.1478 +  by (import prob_canon ALG_CANON_MERGE_PREFIXFREE_PRESERVE)
  9.1479 +
  9.1480 +lemma ALG_CANON_MERGE_SHORTENS: "(All::(bool list => bool) => bool)
  9.1481 + (%l::bool list.
  9.1482 +     (All::(bool list list => bool) => bool)
  9.1483 +      (%b::bool list list.
  9.1484 +          (All::(bool list => bool) => bool)
  9.1485 +           (%x::bool list.
  9.1486 +               (op -->::bool => bool => bool)
  9.1487 +                ((op mem::bool list => bool list list => bool) x
  9.1488 +                  ((alg_canon_merge::bool list
  9.1489 +                                     => bool list list => bool list list)
  9.1490 +                    l b))
  9.1491 +                ((Ex::(bool list => bool) => bool)
  9.1492 +                  (%y::bool list.
  9.1493 +                      (op &::bool => bool => bool)
  9.1494 +                       ((op mem::bool list => bool list list => bool) y
  9.1495 +                         ((op #::bool list
  9.1496 +                                 => bool list list => bool list list)
  9.1497 +                           l b))
  9.1498 +                       ((IS_PREFIX::bool list => bool list => bool) y
  9.1499 +                         x))))))"
  9.1500 +  by (import prob_canon ALG_CANON_MERGE_SHORTENS)
  9.1501 +
  9.1502 +lemma ALG_CANON_MERGE_CONSTANT: "(All::(bool list => bool) => bool)
  9.1503 + (%l::bool list.
  9.1504 +     (All::(bool list list => bool) => bool)
  9.1505 +      (%b::bool list list.
  9.1506 +          (op -->::bool => bool => bool)
  9.1507 +           ((alg_twinfree::bool list list => bool)
  9.1508 +             ((op #::bool list => bool list list => bool list list) l b))
  9.1509 +           ((op =::bool list list => bool list list => bool)
  9.1510 +             ((alg_canon_merge::bool list
  9.1511 +                                => bool list list => bool list list)
  9.1512 +               l b)
  9.1513 +             ((op #::bool list => bool list list => bool list list) l b))))"
  9.1514 +  by (import prob_canon ALG_CANON_MERGE_CONSTANT)
  9.1515 +
  9.1516 +lemma ALG_CANON2_PREFIXFREE_PRESERVE: "(All::(bool list list => bool) => bool)
  9.1517 + (%x::bool list list.
  9.1518 +     (All::(bool list => bool) => bool)
  9.1519 +      (%xa::bool list.
  9.1520 +          (op -->::bool => bool => bool)
  9.1521 +           ((All::(bool list => bool) => bool)
  9.1522 +             (%xb::bool list.
  9.1523 +                 (op -->::bool => bool => bool)
  9.1524 +                  ((op mem::bool list => bool list list => bool) xb x)
  9.1525 +                  ((op &::bool => bool => bool)
  9.1526 +                    ((Not::bool => bool)
  9.1527 +                      ((IS_PREFIX::bool list => bool list => bool) xa xb))
  9.1528 +                    ((Not::bool => bool)
  9.1529 +                      ((IS_PREFIX::bool list => bool list => bool) xb
  9.1530 +                        xa)))))
  9.1531 +           ((All::(bool list => bool) => bool)
  9.1532 +             (%xb::bool list.
  9.1533 +                 (op -->::bool => bool => bool)
  9.1534 +                  ((op mem::bool list => bool list list => bool) xb
  9.1535 +                    ((alg_canon2::bool list list => bool list list) x))
  9.1536 +                  ((op &::bool => bool => bool)
  9.1537 +                    ((Not::bool => bool)
  9.1538 +                      ((IS_PREFIX::bool list => bool list => bool) xa xb))
  9.1539 +                    ((Not::bool => bool)
  9.1540 +                      ((IS_PREFIX::bool list => bool list => bool) xb
  9.1541 +                        xa)))))))"
  9.1542 +  by (import prob_canon ALG_CANON2_PREFIXFREE_PRESERVE)
  9.1543 +
  9.1544 +lemma ALG_CANON2_SHORTENS: "(All::(bool list list => bool) => bool)
  9.1545 + (%x::bool list list.
  9.1546 +     (All::(bool list => bool) => bool)
  9.1547 +      (%xa::bool list.
  9.1548 +          (op -->::bool => bool => bool)
  9.1549 +           ((op mem::bool list => bool list list => bool) xa
  9.1550 +             ((alg_canon2::bool list list => bool list list) x))
  9.1551 +           ((Ex::(bool list => bool) => bool)
  9.1552 +             (%y::bool list.
  9.1553 +                 (op &::bool => bool => bool)
  9.1554 +                  ((op mem::bool list => bool list list => bool) y x)
  9.1555 +                  ((IS_PREFIX::bool list => bool list => bool) y xa)))))"
  9.1556 +  by (import prob_canon ALG_CANON2_SHORTENS)
  9.1557 +
  9.1558 +lemma ALG_CANON2_SORTED_PREFIXFREE_TWINFREE: "(All::(bool list list => bool) => bool)
  9.1559 + (%x::bool list list.
  9.1560 +     (op -->::bool => bool => bool)
  9.1561 +      ((op &::bool => bool => bool) ((alg_sorted::bool list list => bool) x)
  9.1562 +        ((alg_prefixfree::bool list list => bool) x))
  9.1563 +      ((op &::bool => bool => bool)
  9.1564 +        ((alg_sorted::bool list list => bool)
  9.1565 +          ((alg_canon2::bool list list => bool list list) x))
  9.1566 +        ((op &::bool => bool => bool)
  9.1567 +          ((alg_prefixfree::bool list list => bool)
  9.1568 +            ((alg_canon2::bool list list => bool list list) x))
  9.1569 +          ((alg_twinfree::bool list list => bool)
  9.1570 +            ((alg_canon2::bool list list => bool list list) x)))))"
  9.1571 +  by (import prob_canon ALG_CANON2_SORTED_PREFIXFREE_TWINFREE)
  9.1572 +
  9.1573 +lemma ALG_CANON2_CONSTANT: "(All::(bool list list => bool) => bool)
  9.1574 + (%l::bool list list.
  9.1575 +     (op -->::bool => bool => bool)
  9.1576 +      ((alg_twinfree::bool list list => bool) l)
  9.1577 +      ((op =::bool list list => bool list list => bool)
  9.1578 +        ((alg_canon2::bool list list => bool list list) l) l))"
  9.1579 +  by (import prob_canon ALG_CANON2_CONSTANT)
  9.1580 +
  9.1581 +lemma ALG_CANON_SORTED_PREFIXFREE_TWINFREE: "ALL l.
  9.1582 +   alg_sorted (alg_canon l) &
  9.1583 +   alg_prefixfree (alg_canon l) & alg_twinfree (alg_canon l)"
  9.1584 +  by (import prob_canon ALG_CANON_SORTED_PREFIXFREE_TWINFREE)
  9.1585 +
  9.1586 +lemma ALG_CANON_CONSTANT: "(All::(bool list list => bool) => bool)
  9.1587 + (%l::bool list list.
  9.1588 +     (op -->::bool => bool => bool)
  9.1589 +      ((op &::bool => bool => bool) ((alg_sorted::bool list list => bool) l)
  9.1590 +        ((op &::bool => bool => bool)
  9.1591 +          ((alg_prefixfree::bool list list => bool) l)
  9.1592 +          ((alg_twinfree::bool list list => bool) l)))
  9.1593 +      ((op =::bool list list => bool list list => bool)
  9.1594 +        ((alg_canon::bool list list => bool list list) l) l))"
  9.1595 +  by (import prob_canon ALG_CANON_CONSTANT)
  9.1596 +
  9.1597 +lemma ALG_CANON_IDEMPOT: "ALL l. alg_canon (alg_canon l) = alg_canon l"
  9.1598 +  by (import prob_canon ALG_CANON_IDEMPOT)
  9.1599 +
  9.1600 +lemma ALGEBRA_CANON_DEF_ALT: "ALL l. algebra_canon l = (alg_sorted l & alg_prefixfree l & alg_twinfree l)"
  9.1601 +  by (import prob_canon ALGEBRA_CANON_DEF_ALT)
  9.1602 +
  9.1603 +lemma ALGEBRA_CANON_BASIC: "algebra_canon [] & algebra_canon [[]] & (ALL x. algebra_canon [x])"
  9.1604 +  by (import prob_canon ALGEBRA_CANON_BASIC)
  9.1605 +
  9.1606 +lemma ALG_CANON_BASIC: "alg_canon [] = [] & alg_canon [[]] = [[]] & (ALL x. alg_canon [x] = [x])"
  9.1607 +  by (import prob_canon ALG_CANON_BASIC)
  9.1608 +
  9.1609 +lemma ALGEBRA_CANON_TL: "(All::(bool list => bool) => bool)
  9.1610 + (%h::bool list.
  9.1611 +     (All::(bool list list => bool) => bool)
  9.1612 +      (%t::bool list list.
  9.1613 +          (op -->::bool => bool => bool)
  9.1614 +           ((algebra_canon::bool list list => bool)
  9.1615 +             ((op #::bool list => bool list list => bool list list) h t))
  9.1616 +           ((algebra_canon::bool list list => bool) t)))"
  9.1617 +  by (import prob_canon ALGEBRA_CANON_TL)
  9.1618 +
  9.1619 +lemma ALGEBRA_CANON_NIL_MEM: "ALL l. (algebra_canon l & [] mem l) = (l = [[]])"
  9.1620 +  by (import prob_canon ALGEBRA_CANON_NIL_MEM)
  9.1621 +
  9.1622 +lemma ALGEBRA_CANON_TLS: "ALL l b. algebra_canon (map (op # b) l) = algebra_canon l"
  9.1623 +  by (import prob_canon ALGEBRA_CANON_TLS)
  9.1624 +
  9.1625 +lemma ALGEBRA_CANON_STEP1: "(All::(bool list list => bool) => bool)
  9.1626 + (%l1::bool list list.
  9.1627 +     (All::(bool list list => bool) => bool)
  9.1628 +      (%l2::bool list list.
  9.1629 +          (op -->::bool => bool => bool)
  9.1630 +           ((algebra_canon::bool list list => bool)
  9.1631 +             ((op @::bool list list => bool list list => bool list list)
  9.1632 +               ((map::(bool list => bool list)
  9.1633 +                      => bool list list => bool list list)
  9.1634 +                 ((op #::bool => bool list => bool list) (True::bool)) l1)
  9.1635 +               ((map::(bool list => bool list)
  9.1636 +                      => bool list list => bool list list)
  9.1637 +                 ((op #::bool => bool list => bool list) (False::bool))
  9.1638 +                 l2)))
  9.1639 +           ((op &::bool => bool => bool)
  9.1640 +             ((algebra_canon::bool list list => bool) l1)
  9.1641 +             ((algebra_canon::bool list list => bool) l2))))"
  9.1642 +  by (import prob_canon ALGEBRA_CANON_STEP1)
  9.1643 +
  9.1644 +lemma ALGEBRA_CANON_STEP2: "(All::(bool list list => bool) => bool)
  9.1645 + (%l1::bool list list.
  9.1646 +     (All::(bool list list => bool) => bool)
  9.1647 +      (%l2::bool list list.
  9.1648 +          (op -->::bool => bool => bool)
  9.1649 +           ((op &::bool => bool => bool)
  9.1650 +             ((op |::bool => bool => bool)
  9.1651 +               ((Not::bool => bool)
  9.1652 +                 ((op =::bool list list => bool list list => bool) l1
  9.1653 +                   ((op #::bool list => bool list list => bool list list)
  9.1654 +                     ([]::bool list) ([]::bool list list))))
  9.1655 +               ((Not::bool => bool)
  9.1656 +                 ((op =::bool list list => bool list list => bool) l2
  9.1657 +                   ((op #::bool list => bool list list => bool list list)
  9.1658 +                     ([]::bool list) ([]::bool list list)))))
  9.1659 +             ((op &::bool => bool => bool)
  9.1660 +               ((algebra_canon::bool list list => bool) l1)
  9.1661 +               ((algebra_canon::bool list list => bool) l2)))
  9.1662 +           ((algebra_canon::bool list list => bool)
  9.1663 +             ((op @::bool list list => bool list list => bool list list)
  9.1664 +               ((map::(bool list => bool list)
  9.1665 +                      => bool list list => bool list list)
  9.1666 +                 ((op #::bool => bool list => bool list) (True::bool)) l1)
  9.1667 +               ((map::(bool list => bool list)
  9.1668 +                      => bool list list => bool list list)
  9.1669 +                 ((op #::bool => bool list => bool list) (False::bool))
  9.1670 +                 l2)))))"
  9.1671 +  by (import prob_canon ALGEBRA_CANON_STEP2)
  9.1672 +
  9.1673 +lemma ALGEBRA_CANON_STEP: "(All::(bool list list => bool) => bool)
  9.1674 + (%l1::bool list list.
  9.1675 +     (All::(bool list list => bool) => bool)
  9.1676 +      (%l2::bool list list.
  9.1677 +          (op -->::bool => bool => bool)
  9.1678 +           ((op |::bool => bool => bool)
  9.1679 +             ((Not::bool => bool)
  9.1680 +               ((op =::bool list list => bool list list => bool) l1
  9.1681 +                 ((op #::bool list => bool list list => bool list list)
  9.1682 +                   ([]::bool list) ([]::bool list list))))
  9.1683 +             ((Not::bool => bool)
  9.1684 +               ((op =::bool list list => bool list list => bool) l2
  9.1685 +                 ((op #::bool list => bool list list => bool list list)
  9.1686 +                   ([]::bool list) ([]::bool list list)))))
  9.1687 +           ((op =::bool => bool => bool)
  9.1688 +             ((algebra_canon::bool list list => bool)
  9.1689 +               ((op @::bool list list => bool list list => bool list list)
  9.1690 +                 ((map::(bool list => bool list)
  9.1691 +                        => bool list list => bool list list)
  9.1692 +                   ((op #::bool => bool list => bool list) (True::bool)) l1)
  9.1693 +                 ((map::(bool list => bool list)
  9.1694 +                        => bool list list => bool list list)
  9.1695 +                   ((op #::bool => bool list => bool list) (False::bool))
  9.1696 +                   l2)))
  9.1697 +             ((op &::bool => bool => bool)
  9.1698 +               ((algebra_canon::bool list list => bool) l1)
  9.1699 +               ((algebra_canon::bool list list => bool) l2)))))"
  9.1700 +  by (import prob_canon ALGEBRA_CANON_STEP)
  9.1701 +
  9.1702 +lemma ALGEBRA_CANON_CASES_THM: "(All::(bool list list => bool) => bool)
  9.1703 + (%l::bool list list.
  9.1704 +     (op -->::bool => bool => bool)
  9.1705 +      ((algebra_canon::bool list list => bool) l)
  9.1706 +      ((op |::bool => bool => bool)
  9.1707 +        ((op =::bool list list => bool list list => bool) l
  9.1708 +          ([]::bool list list))
  9.1709 +        ((op |::bool => bool => bool)
  9.1710 +          ((op =::bool list list => bool list list => bool) l
  9.1711 +            ((op #::bool list => bool list list => bool list list)
  9.1712 +              ([]::bool list) ([]::bool list list)))
  9.1713 +          ((Ex::(bool list list => bool) => bool)
  9.1714 +            (%l1::bool list list.
  9.1715 +                (Ex::(bool list list => bool) => bool)
  9.1716 +                 (%l2::bool list list.
  9.1717 +                     (op &::bool => bool => bool)
  9.1718 +                      ((algebra_canon::bool list list => bool) l1)
  9.1719 +                      ((op &::bool => bool => bool)
  9.1720 +                        ((algebra_canon::bool list list => bool) l2)
  9.1721 +                        ((op =::bool list list => bool list list => bool) l
  9.1722 +                          ((op @::bool list list
  9.1723 +                                  => bool list list => bool list list)
  9.1724 +                            ((map::(bool list => bool list)
  9.1725 +                                   => bool list list => bool list list)
  9.1726 +                              ((op #::bool => bool list => bool list)
  9.1727 +                                (True::bool))
  9.1728 +                              l1)
  9.1729 +                            ((map::(bool list => bool list)
  9.1730 +                                   => bool list list => bool list list)
  9.1731 +                              ((op #::bool => bool list => bool list)
  9.1732 +                                (False::bool))
  9.1733 +                              l2))))))))))"
  9.1734 +  by (import prob_canon ALGEBRA_CANON_CASES_THM)
  9.1735 +
  9.1736 +lemma ALGEBRA_CANON_CASES: "(All::((bool list list => bool) => bool) => bool)
  9.1737 + (%P::bool list list => bool.
  9.1738 +     (op -->::bool => bool => bool)
  9.1739 +      ((op &::bool => bool => bool) (P ([]::bool list list))
  9.1740 +        ((op &::bool => bool => bool)
  9.1741 +          (P ((op #::bool list => bool list list => bool list list)
  9.1742 +               ([]::bool list) ([]::bool list list)))
  9.1743 +          ((All::(bool list list => bool) => bool)
  9.1744 +            (%l1::bool list list.
  9.1745 +                (All::(bool list list => bool) => bool)
  9.1746 +                 (%l2::bool list list.
  9.1747 +                     (op -->::bool => bool => bool)
  9.1748 +                      ((op &::bool => bool => bool)
  9.1749 +                        ((algebra_canon::bool list list => bool) l1)
  9.1750 +                        ((op &::bool => bool => bool)
  9.1751 +                          ((algebra_canon::bool list list => bool) l2)
  9.1752 +                          ((algebra_canon::bool list list => bool)
  9.1753 +                            ((op @::bool list list
  9.1754 +                                    => bool list list => bool list list)
  9.1755 +                              ((map::(bool list => bool list)
  9.1756 +                                     => bool list list => bool list list)
  9.1757 +                                ((op #::bool => bool list => bool list)
  9.1758 +                                  (True::bool))
  9.1759 +                                l1)
  9.1760 +                              ((map::(bool list => bool list)
  9.1761 +                                     => bool list list => bool list list)
  9.1762 +                                ((op #::bool => bool list => bool list)
  9.1763 +                                  (False::bool))
  9.1764 +                                l2)))))
  9.1765 +                      (P ((op @::bool list list
  9.1766 +                                 => bool list list => bool list list)
  9.1767 +                           ((map::(bool list => bool list)
  9.1768 +                                  => bool list list => bool list list)
  9.1769 +                             ((op #::bool => bool list => bool list)
  9.1770 +                               (True::bool))
  9.1771 +                             l1)
  9.1772 +                           ((map::(bool list => bool list)
  9.1773 +                                  => bool list list => bool list list)
  9.1774 +                             ((op #::bool => bool list => bool list)
  9.1775 +                               (False::bool))
  9.1776 +                             l2))))))))
  9.1777 +      ((All::(bool list list => bool) => bool)
  9.1778 +        (%l::bool list list.
  9.1779 +            (op -->::bool => bool => bool)
  9.1780 +             ((algebra_canon::bool list list => bool) l) (P l))))"
  9.1781 +  by (import prob_canon ALGEBRA_CANON_CASES)
  9.1782 +
  9.1783 +lemma ALGEBRA_CANON_INDUCTION: "(All::((bool list list => bool) => bool) => bool)
  9.1784 + (%P::bool list list => bool.
  9.1785 +     (op -->::bool => bool => bool)
  9.1786 +      ((op &::bool => bool => bool) (P ([]::bool list list))
  9.1787 +        ((op &::bool => bool => bool)
  9.1788 +          (P ((op #::bool list => bool list list => bool list list)
  9.1789 +               ([]::bool list) ([]::bool list list)))
  9.1790 +          ((All::(bool list list => bool) => bool)
  9.1791 +            (%l1::bool list list.
  9.1792 +                (All::(bool list list => bool) => bool)
  9.1793 +                 (%l2::bool list list.
  9.1794 +                     (op -->::bool => bool => bool)
  9.1795 +                      ((op &::bool => bool => bool)
  9.1796 +                        ((algebra_canon::bool list list => bool) l1)
  9.1797 +                        ((op &::bool => bool => bool)
  9.1798 +                          ((algebra_canon::bool list list => bool) l2)
  9.1799 +                          ((op &::bool => bool => bool) (P l1)
  9.1800 +                            ((op &::bool => bool => bool) (P l2)
  9.1801 +                              ((algebra_canon::bool list list => bool)
  9.1802 +                                ((op @::bool list list
  9.1803 +  => bool list list => bool list list)
  9.1804 +                                  ((map::(bool list => bool list)
  9.1805 +   => bool list list => bool list list)
  9.1806 +                                    ((op #::bool => bool list => bool list)
  9.1807 +(True::bool))
  9.1808 +                                    l1)
  9.1809 +                                  ((map::(bool list => bool list)
  9.1810 +   => bool list list => bool list list)
  9.1811 +                                    ((op #::bool => bool list => bool list)
  9.1812 +(False::bool))
  9.1813 +                                    l2)))))))
  9.1814 +                      (P ((op @::bool list list
  9.1815 +                                 => bool list list => bool list list)
  9.1816 +                           ((map::(bool list => bool list)
  9.1817 +                                  => bool list list => bool list list)
  9.1818 +                             ((op #::bool => bool list => bool list)
  9.1819 +                               (True::bool))
  9.1820 +                             l1)
  9.1821 +                           ((map::(bool list => bool list)
  9.1822 +                                  => bool list list => bool list list)
  9.1823 +                             ((op #::bool => bool list => bool list)
  9.1824 +                               (False::bool))
  9.1825 +                             l2))))))))
  9.1826 +      ((All::(bool list list => bool) => bool)
  9.1827 +        (%l::bool list list.
  9.1828 +            (op -->::bool => bool => bool)
  9.1829 +             ((algebra_canon::bool list list => bool) l) (P l))))"
  9.1830 +  by (import prob_canon ALGEBRA_CANON_INDUCTION)
  9.1831 +
  9.1832 +lemma MEM_NIL_STEP: "ALL l1 l2. ~ [] mem map (op # True) l1 @ map (op # False) l2"
  9.1833 +  by (import prob_canon MEM_NIL_STEP)
  9.1834 +
  9.1835 +lemma ALG_SORTED_PREFIXFREE_MEM_NIL: "ALL l. (alg_sorted l & alg_prefixfree l & [] mem l) = (l = [[]])"
  9.1836 +  by (import prob_canon ALG_SORTED_PREFIXFREE_MEM_NIL)
  9.1837 +
  9.1838 +lemma ALG_SORTED_PREFIXFREE_EQUALITY: "(All::(bool list list => bool) => bool)
  9.1839 + (%l::bool list list.
  9.1840 +     (All::(bool list list => bool) => bool)
  9.1841 +      (%l'::bool list list.
  9.1842 +          (op -->::bool => bool => bool)
  9.1843 +           ((op &::bool => bool => bool)
  9.1844 +             ((All::(bool list => bool) => bool)
  9.1845 +               (%x::bool list.
  9.1846 +                   (op =::bool => bool => bool)
  9.1847 +                    ((op mem::bool list => bool list list => bool) x l)
  9.1848 +                    ((op mem::bool list => bool list list => bool) x l')))
  9.1849 +             ((op &::bool => bool => bool)
  9.1850 +               ((alg_sorted::bool list list => bool) l)
  9.1851 +               ((op &::bool => bool => bool)
  9.1852 +                 ((alg_sorted::bool list list => bool) l')
  9.1853 +                 ((op &::bool => bool => bool)
  9.1854 +                   ((alg_prefixfree::bool list list => bool) l)
  9.1855 +                   ((alg_prefixfree::bool list list => bool) l')))))
  9.1856 +           ((op =::bool list list => bool list list => bool) l l')))"
  9.1857 +  by (import prob_canon ALG_SORTED_PREFIXFREE_EQUALITY)
  9.1858 +
  9.1859 +;end_setup
  9.1860 +
  9.1861 +;setup_theory boolean_sequence
  9.1862 +
  9.1863 +consts
  9.1864 +  SHD :: "(nat => bool) => bool" 
  9.1865 +
  9.1866 +defs
  9.1867 +  SHD_primdef: "SHD == %f. f 0"
  9.1868 +
  9.1869 +lemma SHD_def: "ALL f. SHD f = f 0"
  9.1870 +  by (import boolean_sequence SHD_def)
  9.1871 +
  9.1872 +consts
  9.1873 +  STL :: "(nat => bool) => nat => bool" 
  9.1874 +
  9.1875 +defs
  9.1876 +  STL_primdef: "STL == %f n. f (Suc n)"
  9.1877 +
  9.1878 +lemma STL_def: "ALL f n. STL f n = f (Suc n)"
  9.1879 +  by (import boolean_sequence STL_def)
  9.1880 +
  9.1881 +consts
  9.1882 +  SCONS :: "bool => (nat => bool) => nat => bool" 
  9.1883 +
  9.1884 +specification (SCONS_primdef: SCONS) SCONS_def: "(ALL h t. SCONS h t 0 = h) & (ALL h t n. SCONS h t (Suc n) = t n)"
  9.1885 +  by (import boolean_sequence SCONS_def)
  9.1886 +
  9.1887 +consts
  9.1888 +  SDEST :: "(nat => bool) => bool * (nat => bool)" 
  9.1889 +
  9.1890 +defs
  9.1891 +  SDEST_primdef: "SDEST == %s. (SHD s, STL s)"
  9.1892 +
  9.1893 +lemma SDEST_def: "SDEST = (%s. (SHD s, STL s))"
  9.1894 +  by (import boolean_sequence SDEST_def)
  9.1895 +
  9.1896 +consts
  9.1897 +  SCONST :: "bool => nat => bool" 
  9.1898 +
  9.1899 +defs
  9.1900 +  SCONST_primdef: "SCONST == K"
  9.1901 +
  9.1902 +lemma SCONST_def: "SCONST = K"
  9.1903 +  by (import boolean_sequence SCONST_def)
  9.1904 +
  9.1905 +consts
  9.1906 +  STAKE :: "nat => (nat => bool) => bool list" 
  9.1907 +
  9.1908 +specification (STAKE_primdef: STAKE) STAKE_def: "(ALL s. STAKE 0 s = []) &
  9.1909 +(ALL n s. STAKE (Suc n) s = SHD s # STAKE n (STL s))"
  9.1910 +  by (import boolean_sequence STAKE_def)
  9.1911 +
  9.1912 +consts
  9.1913 +  SDROP :: "nat => (nat => bool) => nat => bool" 
  9.1914 +
  9.1915 +specification (SDROP_primdef: SDROP) SDROP_def: "SDROP 0 = I & (ALL n. SDROP (Suc n) = SDROP n o STL)"
  9.1916 +  by (import boolean_sequence SDROP_def)
  9.1917 +
  9.1918 +lemma SCONS_SURJ: "ALL x. EX xa t. x = SCONS xa t"
  9.1919 +  by (import boolean_sequence SCONS_SURJ)
  9.1920 +
  9.1921 +lemma SHD_STL_ISO: "ALL h t. EX x. SHD x = h & STL x = t"
  9.1922 +  by (import boolean_sequence SHD_STL_ISO)
  9.1923 +
  9.1924 +lemma SHD_SCONS: "ALL h t. SHD (SCONS h t) = h"
  9.1925 +  by (import boolean_sequence SHD_SCONS)
  9.1926 +
  9.1927 +lemma STL_SCONS: "ALL h t. STL (SCONS h t) = t"
  9.1928 +  by (import boolean_sequence STL_SCONS)
  9.1929 +
  9.1930 +lemma SHD_SCONST: "ALL b. SHD (SCONST b) = b"
  9.1931 +  by (import boolean_sequence SHD_SCONST)
  9.1932 +
  9.1933 +lemma STL_SCONST: "ALL b. STL (SCONST b) = SCONST b"
  9.1934 +  by (import boolean_sequence STL_SCONST)
  9.1935 +
  9.1936 +;end_setup
  9.1937 +
  9.1938 +;setup_theory prob_algebra
  9.1939 +
  9.1940 +consts
  9.1941 +  alg_embed :: "bool list => (nat => bool) => bool" 
  9.1942 +
  9.1943 +specification (alg_embed_primdef: alg_embed) alg_embed_def: "(ALL s. alg_embed [] s = True) &
  9.1944 +(ALL h t s. alg_embed (h # t) s = (h = SHD s & alg_embed t (STL s)))"
  9.1945 +  by (import prob_algebra alg_embed_def)
  9.1946 +
  9.1947 +consts
  9.1948 +  algebra_embed :: "bool list list => (nat => bool) => bool" 
  9.1949 +
  9.1950 +specification (algebra_embed_primdef: algebra_embed) algebra_embed_def: "algebra_embed [] = EMPTY &
  9.1951 +(ALL h t.
  9.1952 +    algebra_embed (h # t) = pred_set.UNION (alg_embed h) (algebra_embed t))"
  9.1953 +  by (import prob_algebra algebra_embed_def)
  9.1954 +
  9.1955 +consts
  9.1956 +  measurable :: "((nat => bool) => bool) => bool" 
  9.1957 +
  9.1958 +defs
  9.1959 +  measurable_primdef: "measurable == %s. EX b. s = algebra_embed b"
  9.1960 +
  9.1961 +lemma measurable_def: "ALL s. measurable s = (EX b. s = algebra_embed b)"
  9.1962 +  by (import prob_algebra measurable_def)
  9.1963 +
  9.1964 +lemma HALVES_INTER: "pred_set.INTER (%x. SHD x = True) (%x. SHD x = False) = EMPTY"
  9.1965 +  by (import prob_algebra HALVES_INTER)
  9.1966 +
  9.1967 +lemma INTER_STL: "ALL p q. pred_set.INTER p q o STL = pred_set.INTER (p o STL) (q o STL)"
  9.1968 +  by (import prob_algebra INTER_STL)
  9.1969 +
  9.1970 +lemma COMPL_SHD: "ALL b. COMPL (%x. SHD x = b) = (%x. SHD x = (~ b))"
  9.1971 +  by (import prob_algebra COMPL_SHD)
  9.1972 +
  9.1973 +lemma ALG_EMBED_BASIC: "alg_embed [] = pred_set.UNIV &
  9.1974 +(ALL h t.
  9.1975 +    alg_embed (h # t) = pred_set.INTER (%x. SHD x = h) (alg_embed t o STL))"
  9.1976 +  by (import prob_algebra ALG_EMBED_BASIC)
  9.1977 +
  9.1978 +lemma ALG_EMBED_NIL: "ALL c. All (alg_embed c) = (c = [])"
  9.1979 +  by (import prob_algebra ALG_EMBED_NIL)
  9.1980 +
  9.1981 +lemma ALG_EMBED_POPULATED: "ALL b. Ex (alg_embed b)"
  9.1982 +  by (import prob_algebra ALG_EMBED_POPULATED)
  9.1983 +
  9.1984 +lemma ALG_EMBED_PREFIX: "(All::(bool list => bool) => bool)
  9.1985 + (%b::bool list.
  9.1986 +     (All::(bool list => bool) => bool)
  9.1987 +      (%c::bool list.
  9.1988 +          (All::((nat => bool) => bool) => bool)
  9.1989 +           (%s::nat => bool.
  9.1990 +               (op -->::bool => bool => bool)
  9.1991 +                ((op &::bool => bool => bool)
  9.1992 +                  ((alg_embed::bool list => (nat => bool) => bool) b s)
  9.1993 +                  ((alg_embed::bool list => (nat => bool) => bool) c s))
  9.1994 +                ((op |::bool => bool => bool)
  9.1995 +                  ((IS_PREFIX::bool list => bool list => bool) b c)
  9.1996 +                  ((IS_PREFIX::bool list => bool list => bool) c b)))))"
  9.1997 +  by (import prob_algebra ALG_EMBED_PREFIX)
  9.1998 +
  9.1999 +lemma ALG_EMBED_PREFIX_SUBSET: "ALL b c. SUBSET (alg_embed b) (alg_embed c) = IS_PREFIX b c"
  9.2000 +  by (import prob_algebra ALG_EMBED_PREFIX_SUBSET)
  9.2001 +
  9.2002 +lemma ALG_EMBED_TWINS: "ALL l.
  9.2003 +   pred_set.UNION (alg_embed (SNOC True l)) (alg_embed (SNOC False l)) =
  9.2004 +   alg_embed l"
  9.2005 +  by (import prob_algebra ALG_EMBED_TWINS)
  9.2006 +
  9.2007 +lemma ALGEBRA_EMBED_BASIC: "algebra_embed [] = EMPTY &
  9.2008 +algebra_embed [[]] = pred_set.UNIV &
  9.2009 +(ALL b. algebra_embed [[b]] = (%s. SHD s = b))"
  9.2010 +  by (import prob_algebra ALGEBRA_EMBED_BASIC)
  9.2011 +
  9.2012 +lemma ALGEBRA_EMBED_MEM: "(All::(bool list list => bool) => bool)
  9.2013 + (%b::bool list list.
  9.2014 +     (All::((nat => bool) => bool) => bool)
  9.2015 +      (%x::nat => bool.
  9.2016 +          (op -->::bool => bool => bool)
  9.2017 +           ((algebra_embed::bool list list => (nat => bool) => bool) b x)
  9.2018 +           ((Ex::(bool list => bool) => bool)
  9.2019 +             (%l::bool list.
  9.2020 +                 (op &::bool => bool => bool)
  9.2021 +                  ((op mem::bool list => bool list list => bool) l b)
  9.2022 +                  ((alg_embed::bool list => (nat => bool) => bool) l x)))))"
  9.2023 +  by (import prob_algebra ALGEBRA_EMBED_MEM)
  9.2024 +
  9.2025 +lemma ALGEBRA_EMBED_APPEND: "ALL l1 l2.
  9.2026 +   algebra_embed (l1 @ l2) =
  9.2027 +   pred_set.UNION (algebra_embed l1) (algebra_embed l2)"
  9.2028 +  by (import prob_algebra ALGEBRA_EMBED_APPEND)
  9.2029 +
  9.2030 +lemma ALGEBRA_EMBED_TLS: "ALL l b.
  9.2031 +   algebra_embed (map (op # b) l) (SCONS h t) = (h = b & algebra_embed l t)"
  9.2032 +  by (import prob_algebra ALGEBRA_EMBED_TLS)
  9.2033 +
  9.2034 +lemma ALG_CANON_PREFS_EMBED: "ALL l b. algebra_embed (alg_canon_prefs l b) = algebra_embed (l # b)"
  9.2035 +  by (import prob_algebra ALG_CANON_PREFS_EMBED)
  9.2036 +
  9.2037 +lemma ALG_CANON_FIND_EMBED: "ALL l b. algebra_embed (alg_canon_find l b) = algebra_embed (l # b)"
  9.2038 +  by (import prob_algebra ALG_CANON_FIND_EMBED)
  9.2039 +
  9.2040 +lemma ALG_CANON1_EMBED: "ALL x. algebra_embed (alg_canon1 x) = algebra_embed x"
  9.2041 +  by (import prob_algebra ALG_CANON1_EMBED)
  9.2042 +
  9.2043 +lemma ALG_CANON_MERGE_EMBED: "ALL l b. algebra_embed (alg_canon_merge l b) = algebra_embed (l # b)"
  9.2044 +  by (import prob_algebra ALG_CANON_MERGE_EMBED)
  9.2045 +
  9.2046 +lemma ALG_CANON2_EMBED: "ALL x. algebra_embed (alg_canon2 x) = algebra_embed x"
  9.2047 +  by (import prob_algebra ALG_CANON2_EMBED)
  9.2048 +
  9.2049 +lemma ALG_CANON_EMBED: "ALL l. algebra_embed (alg_canon l) = algebra_embed l"
  9.2050 +  by (import prob_algebra ALG_CANON_EMBED)
  9.2051 +
  9.2052 +lemma ALGEBRA_CANON_UNIV: "(All::(bool list list => bool) => bool)
  9.2053 + (%l::bool list list.
  9.2054 +     (op -->::bool => bool => bool)
  9.2055 +      ((algebra_canon::bool list list => bool) l)
  9.2056 +      ((op -->::bool => bool => bool)
  9.2057 +        ((op =::((nat => bool) => bool) => ((nat => bool) => bool) => bool)
  9.2058 +          ((algebra_embed::bool list list => (nat => bool) => bool) l)
  9.2059 +          (pred_set.UNIV::(nat => bool) => bool))
  9.2060 +        ((op =::bool list list => bool list list => bool) l
  9.2061 +          ((op #::bool list => bool list list => bool list list)
  9.2062 +            ([]::bool list) ([]::bool list list)))))"
  9.2063 +  by (import prob_algebra ALGEBRA_CANON_UNIV)
  9.2064 +
  9.2065 +lemma ALG_CANON_REP: "ALL b c. (alg_canon b = alg_canon c) = (algebra_embed b = algebra_embed c)"
  9.2066 +  by (import prob_algebra ALG_CANON_REP)
  9.2067 +
  9.2068 +lemma ALGEBRA_CANON_EMBED_EMPTY: "(All::(bool list list => bool) => bool)
  9.2069 + (%l::bool list list.
  9.2070 +     (op -->::bool => bool => bool)
  9.2071 +      ((algebra_canon::bool list list => bool) l)
  9.2072 +      ((op =::bool => bool => bool)
  9.2073 +        ((All::((nat => bool) => bool) => bool)
  9.2074 +          (%v::nat => bool.
  9.2075 +              (Not::bool => bool)
  9.2076 +               ((algebra_embed::bool list list => (nat => bool) => bool) l
  9.2077 +                 v)))
  9.2078 +        ((op =::bool list list => bool list list => bool) l
  9.2079 +          ([]::bool list list))))"
  9.2080 +  by (import prob_algebra ALGEBRA_CANON_EMBED_EMPTY)
  9.2081 +
  9.2082 +lemma ALGEBRA_CANON_EMBED_UNIV: "(All::(bool list list => bool) => bool)
  9.2083 + (%l::bool list list.
  9.2084 +     (op -->::bool => bool => bool)
  9.2085 +      ((algebra_canon::bool list list => bool) l)
  9.2086 +      ((op =::bool => bool => bool)
  9.2087 +        ((All::((nat => bool) => bool) => bool)
  9.2088 +          ((algebra_embed::bool list list => (nat => bool) => bool) l))
  9.2089 +        ((op =::bool list list => bool list list => bool) l
  9.2090 +          ((op #::bool list => bool list list => bool list list)
  9.2091 +            ([]::bool list) ([]::bool list list)))))"
  9.2092 +  by (import prob_algebra ALGEBRA_CANON_EMBED_UNIV)
  9.2093 +
  9.2094 +lemma MEASURABLE_ALGEBRA: "ALL b. measurable (algebra_embed b)"
  9.2095 +  by (import prob_algebra MEASURABLE_ALGEBRA)
  9.2096 +
  9.2097 +lemma MEASURABLE_BASIC: "measurable EMPTY &
  9.2098 +measurable pred_set.UNIV & (ALL b. measurable (%s. SHD s = b))"
  9.2099 +  by (import prob_algebra MEASURABLE_BASIC)
  9.2100 +
  9.2101 +lemma MEASURABLE_SHD: "ALL b. measurable (%s. SHD s = b)"
  9.2102 +  by (import prob_algebra MEASURABLE_SHD)
  9.2103 +
  9.2104 +lemma ALGEBRA_EMBED_COMPL: "ALL l. EX l'. COMPL (algebra_embed l) = algebra_embed l'"
  9.2105 +  by (import prob_algebra ALGEBRA_EMBED_COMPL)
  9.2106 +
  9.2107 +lemma MEASURABLE_COMPL: "ALL s. measurable (COMPL s) = measurable s"
  9.2108 +  by (import prob_algebra MEASURABLE_COMPL)
  9.2109 +
  9.2110 +lemma MEASURABLE_UNION: "(All::(((nat => bool) => bool) => bool) => bool)
  9.2111 + (%s::(nat => bool) => bool.
  9.2112 +     (All::(((nat => bool) => bool) => bool) => bool)
  9.2113 +      (%t::(nat => bool) => bool.
  9.2114 +          (op -->::bool => bool => bool)
  9.2115 +           ((op &::bool => bool => bool)
  9.2116 +             ((measurable::((nat => bool) => bool) => bool) s)
  9.2117 +             ((measurable::((nat => bool) => bool) => bool) t))
  9.2118 +           ((measurable::((nat => bool) => bool) => bool)
  9.2119 +             ((pred_set.UNION::((nat => bool) => bool)
  9.2120 +                               => ((nat => bool) => bool)
  9.2121 +                                  => (nat => bool) => bool)
  9.2122 +               s t))))"
  9.2123 +  by (import prob_algebra MEASURABLE_UNION)
  9.2124 +
  9.2125 +lemma MEASURABLE_INTER: "(All::(((nat => bool) => bool) => bool) => bool)
  9.2126 + (%s::(nat => bool) => bool.
  9.2127 +     (All::(((nat => bool) => bool) => bool) => bool)
  9.2128 +      (%t::(nat => bool) => bool.
  9.2129 +          (op -->::bool => bool => bool)
  9.2130 +           ((op &::bool => bool => bool)
  9.2131 +             ((measurable::((nat => bool) => bool) => bool) s)
  9.2132 +             ((measurable::((nat => bool) => bool) => bool) t))
  9.2133 +           ((measurable::((nat => bool) => bool) => bool)
  9.2134 +             ((pred_set.INTER::((nat => bool) => bool)
  9.2135 +                               => ((nat => bool) => bool)
  9.2136 +                                  => (nat => bool) => bool)
  9.2137 +               s t))))"
  9.2138 +  by (import prob_algebra MEASURABLE_INTER)
  9.2139 +
  9.2140 +lemma MEASURABLE_STL: "ALL p. measurable (p o STL) = measurable p"
  9.2141 +  by (import prob_algebra MEASURABLE_STL)
  9.2142 +
  9.2143 +lemma MEASURABLE_SDROP: "ALL n p. measurable (p o SDROP n) = measurable p"
  9.2144 +  by (import prob_algebra MEASURABLE_SDROP)
  9.2145 +
  9.2146 +lemma MEASURABLE_INTER_HALVES: "ALL p.