HOL/Import: Update HOL4 generated files to current Isabelle.
authorCezary Kaliszyk <kaliszyk@in.tum.de>
Wed Sep 07 07:59:45 2011 +0900 (2011-09-07)
changeset 44763b50d5d694838
parent 44762 8f9d09241a68
child 44767 233f30abb040
HOL/Import: Update HOL4 generated files to current Isabelle.
src/HOL/Import/HOL/HOL4Base.thy
src/HOL/Import/HOL/HOL4Prob.thy
src/HOL/Import/HOL/HOL4Real.thy
src/HOL/Import/HOL/HOL4Vec.thy
src/HOL/Import/HOL/HOL4Word32.thy
src/HOL/Import/HOL/arithmetic.imp
src/HOL/Import/HOL/bits.imp
src/HOL/Import/HOL/bool.imp
src/HOL/Import/HOL/combin.imp
src/HOL/Import/HOL/divides.imp
src/HOL/Import/HOL/lim.imp
src/HOL/Import/HOL/list.imp
src/HOL/Import/HOL/num.imp
src/HOL/Import/HOL/option.imp
src/HOL/Import/HOL/pair.imp
src/HOL/Import/HOL/poly.imp
src/HOL/Import/HOL/prim_rec.imp
src/HOL/Import/HOL/prob_extra.imp
src/HOL/Import/HOL/real.imp
src/HOL/Import/HOL/realax.imp
src/HOL/Import/HOL/rich_list.imp
src/HOL/Import/HOL/seq.imp
src/HOL/Import/HOL/sum.imp
src/HOL/Import/HOL/word32.imp
     1.1 --- a/src/HOL/Import/HOL/HOL4Base.thy	Wed Sep 07 00:08:09 2011 +0200
     1.2 +++ b/src/HOL/Import/HOL/HOL4Base.thy	Wed Sep 07 07:59:45 2011 +0900
     1.3 @@ -4,277 +4,225 @@
     1.4  
     1.5  ;setup_theory bool
     1.6  
     1.7 -definition ARB :: "'a" where 
     1.8 -  "ARB == SOME x::'a::type. True"
     1.9 -
    1.10 -lemma ARB_DEF: "ARB = (SOME x::'a::type. True)"
    1.11 -  by (import bool ARB_DEF)
    1.12 -
    1.13 -definition IN :: "'a => ('a => bool) => bool" where 
    1.14 -  "IN == %(x::'a::type) f::'a::type => bool. f x"
    1.15 -
    1.16 -lemma IN_DEF: "IN = (%(x::'a::type) f::'a::type => bool. f x)"
    1.17 -  by (import bool IN_DEF)
    1.18 -
    1.19 -definition RES_FORALL :: "('a => bool) => ('a => bool) => bool" where 
    1.20 -  "RES_FORALL ==
    1.21 -%(p::'a::type => bool) m::'a::type => bool. ALL x::'a::type. IN x p --> m x"
    1.22 -
    1.23 -lemma RES_FORALL_DEF: "RES_FORALL =
    1.24 -(%(p::'a::type => bool) m::'a::type => bool.
    1.25 -    ALL x::'a::type. IN x p --> m x)"
    1.26 -  by (import bool RES_FORALL_DEF)
    1.27 -
    1.28 -definition RES_EXISTS :: "('a => bool) => ('a => bool) => bool" where 
    1.29 -  "RES_EXISTS ==
    1.30 -%(p::'a::type => bool) m::'a::type => bool. EX x::'a::type. IN x p & m x"
    1.31 -
    1.32 -lemma RES_EXISTS_DEF: "RES_EXISTS =
    1.33 -(%(p::'a::type => bool) m::'a::type => bool. EX x::'a::type. IN x p & m x)"
    1.34 -  by (import bool RES_EXISTS_DEF)
    1.35 -
    1.36 -definition RES_EXISTS_UNIQUE :: "('a => bool) => ('a => bool) => bool" where 
    1.37 +definition
    1.38 +  ARB :: "'a"  where
    1.39 +  "ARB == SOME x. True"
    1.40 +
    1.41 +lemma ARB_DEF: "ARB = (SOME x. True)"
    1.42 +  sorry
    1.43 +
    1.44 +definition
    1.45 +  IN :: "'a => ('a => bool) => bool"  where
    1.46 +  "IN == %x f. f x"
    1.47 +
    1.48 +lemma IN_DEF: "IN = (%x f. f x)"
    1.49 +  sorry
    1.50 +
    1.51 +definition
    1.52 +  RES_FORALL :: "('a => bool) => ('a => bool) => bool"  where
    1.53 +  "RES_FORALL == %p m. ALL x. IN x p --> m x"
    1.54 +
    1.55 +lemma RES_FORALL_DEF: "RES_FORALL = (%p m. ALL x. IN x p --> m x)"
    1.56 +  sorry
    1.57 +
    1.58 +definition
    1.59 +  RES_EXISTS :: "('a => bool) => ('a => bool) => bool"  where
    1.60 +  "RES_EXISTS == %p m. EX x. IN x p & m x"
    1.61 +
    1.62 +lemma RES_EXISTS_DEF: "RES_EXISTS = (%p m. EX x. IN x p & m x)"
    1.63 +  sorry
    1.64 +
    1.65 +definition
    1.66 +  RES_EXISTS_UNIQUE :: "('a => bool) => ('a => bool) => bool"  where
    1.67    "RES_EXISTS_UNIQUE ==
    1.68 -%(p::'a::type => bool) m::'a::type => bool.
    1.69 -   RES_EXISTS p m &
    1.70 -   RES_FORALL p
    1.71 -    (%x::'a::type. RES_FORALL p (%y::'a::type. m x & m y --> x = y))"
    1.72 +%p m. RES_EXISTS p m &
    1.73 +      RES_FORALL p (%x. RES_FORALL p (%y. m x & m y --> x = y))"
    1.74  
    1.75  lemma RES_EXISTS_UNIQUE_DEF: "RES_EXISTS_UNIQUE =
    1.76 -(%(p::'a::type => bool) m::'a::type => bool.
    1.77 -    RES_EXISTS p m &
    1.78 -    RES_FORALL p
    1.79 -     (%x::'a::type. RES_FORALL p (%y::'a::type. m x & m y --> x = y)))"
    1.80 -  by (import bool RES_EXISTS_UNIQUE_DEF)
    1.81 -
    1.82 -definition RES_SELECT :: "('a => bool) => ('a => bool) => 'a" where 
    1.83 -  "RES_SELECT ==
    1.84 -%(p::'a::type => bool) m::'a::type => bool. SOME x::'a::type. IN x p & m x"
    1.85 -
    1.86 -lemma RES_SELECT_DEF: "RES_SELECT =
    1.87 -(%(p::'a::type => bool) m::'a::type => bool. SOME x::'a::type. IN x p & m x)"
    1.88 -  by (import bool RES_SELECT_DEF)
    1.89 -
    1.90 -lemma EXCLUDED_MIDDLE: "ALL t::bool. t | ~ t"
    1.91 -  by (import bool EXCLUDED_MIDDLE)
    1.92 -
    1.93 -lemma FORALL_THM: "All (f::'a::type => bool) = All f"
    1.94 -  by (import bool FORALL_THM)
    1.95 -
    1.96 -lemma EXISTS_THM: "Ex (f::'a::type => bool) = Ex f"
    1.97 -  by (import bool EXISTS_THM)
    1.98 -
    1.99 -lemma F_IMP: "ALL t::bool. ~ t --> t --> False"
   1.100 -  by (import bool F_IMP)
   1.101 -
   1.102 -lemma NOT_AND: "~ ((t::bool) & ~ t)"
   1.103 -  by (import bool NOT_AND)
   1.104 -
   1.105 -lemma AND_CLAUSES: "ALL t::bool.
   1.106 -   (True & t) = t &
   1.107 -   (t & True) = t & (False & t) = False & (t & False) = False & (t & t) = t"
   1.108 -  by (import bool AND_CLAUSES)
   1.109 -
   1.110 -lemma OR_CLAUSES: "ALL t::bool.
   1.111 -   (True | t) = True &
   1.112 -   (t | True) = True & (False | t) = t & (t | False) = t & (t | t) = t"
   1.113 -  by (import bool OR_CLAUSES)
   1.114 -
   1.115 -lemma IMP_CLAUSES: "ALL t::bool.
   1.116 -   (True --> t) = t &
   1.117 -   (t --> True) = True &
   1.118 -   (False --> t) = True & (t --> t) = True & (t --> False) = (~ t)"
   1.119 -  by (import bool IMP_CLAUSES)
   1.120 -
   1.121 -lemma NOT_CLAUSES: "(ALL t::bool. (~ ~ t) = t) & (~ True) = False & (~ False) = True"
   1.122 -  by (import bool NOT_CLAUSES)
   1.123 +(%p m. RES_EXISTS p m &
   1.124 +       RES_FORALL p (%x. RES_FORALL p (%y. m x & m y --> x = y)))"
   1.125 +  sorry
   1.126 +
   1.127 +definition
   1.128 +  RES_SELECT :: "('a => bool) => ('a => bool) => 'a"  where
   1.129 +  "RES_SELECT == %p m. SOME x. IN x p & m x"
   1.130 +
   1.131 +lemma RES_SELECT_DEF: "RES_SELECT = (%p m. SOME x. IN x p & m x)"
   1.132 +  sorry
   1.133 +
   1.134 +lemma EXCLUDED_MIDDLE: "t | ~ t"
   1.135 +  sorry
   1.136 +
   1.137 +lemma FORALL_THM: "All f = All f"
   1.138 +  sorry
   1.139 +
   1.140 +lemma EXISTS_THM: "Ex f = Ex f"
   1.141 +  sorry
   1.142 +
   1.143 +lemma F_IMP: "[| ~ t; t |] ==> False"
   1.144 +  sorry
   1.145 +
   1.146 +lemma NOT_AND: "~ (t & ~ t)"
   1.147 +  sorry
   1.148 +
   1.149 +lemma AND_CLAUSES: "(True & t) = t &
   1.150 +(t & True) = t & (False & t) = False & (t & False) = False & (t & t) = t"
   1.151 +  sorry
   1.152 +
   1.153 +lemma OR_CLAUSES: "(True | t) = True &
   1.154 +(t | True) = True & (False | t) = t & (t | False) = t & (t | t) = t"
   1.155 +  sorry
   1.156 +
   1.157 +lemma IMP_CLAUSES: "(True --> t) = t &
   1.158 +(t --> True) = True &
   1.159 +(False --> t) = True & (t --> t) = True & (t --> False) = (~ t)"
   1.160 +  sorry
   1.161 +
   1.162 +lemma NOT_CLAUSES: "(ALL t. (~ ~ t) = t) & (~ True) = False & (~ False) = True"
   1.163 +  sorry
   1.164  
   1.165  lemma BOOL_EQ_DISTINCT: "True ~= False & False ~= True"
   1.166 -  by (import bool BOOL_EQ_DISTINCT)
   1.167 -
   1.168 -lemma EQ_CLAUSES: "ALL t::bool.
   1.169 -   (True = t) = t &
   1.170 -   (t = True) = t & (False = t) = (~ t) & (t = False) = (~ t)"
   1.171 -  by (import bool EQ_CLAUSES)
   1.172 -
   1.173 -lemma COND_CLAUSES: "ALL (t1::'a::type) t2::'a::type.
   1.174 -   (if True then t1 else t2) = t1 & (if False then t1 else t2) = t2"
   1.175 -  by (import bool COND_CLAUSES)
   1.176 -
   1.177 -lemma SELECT_UNIQUE: "ALL (P::'a::type => bool) x::'a::type.
   1.178 -   (ALL y::'a::type. P y = (y = x)) --> Eps P = x"
   1.179 -  by (import bool SELECT_UNIQUE)
   1.180 -
   1.181 -lemma BOTH_EXISTS_AND_THM: "ALL (P::bool) Q::bool.
   1.182 -   (EX x::'a::type. P & Q) = ((EX x::'a::type. P) & (EX x::'a::type. Q))"
   1.183 -  by (import bool BOTH_EXISTS_AND_THM)
   1.184 -
   1.185 -lemma BOTH_FORALL_OR_THM: "ALL (P::bool) Q::bool.
   1.186 -   (ALL x::'a::type. P | Q) = ((ALL x::'a::type. P) | (ALL x::'a::type. Q))"
   1.187 -  by (import bool BOTH_FORALL_OR_THM)
   1.188 -
   1.189 -lemma BOTH_FORALL_IMP_THM: "ALL (P::bool) Q::bool.
   1.190 -   (ALL x::'a::type. P --> Q) =
   1.191 -   ((EX x::'a::type. P) --> (ALL x::'a::type. Q))"
   1.192 -  by (import bool BOTH_FORALL_IMP_THM)
   1.193 -
   1.194 -lemma BOTH_EXISTS_IMP_THM: "ALL (P::bool) Q::bool.
   1.195 -   (EX x::'a::type. P --> Q) =
   1.196 -   ((ALL x::'a::type. P) --> (EX x::'a::type. Q))"
   1.197 -  by (import bool BOTH_EXISTS_IMP_THM)
   1.198 -
   1.199 -lemma OR_IMP_THM: "ALL (A::bool) B::bool. (A = (B | A)) = (B --> A)"
   1.200 -  by (import bool OR_IMP_THM)
   1.201 -
   1.202 -lemma DE_MORGAN_THM: "ALL (A::bool) B::bool. (~ (A & B)) = (~ A | ~ B) & (~ (A | B)) = (~ A & ~ B)"
   1.203 -  by (import bool DE_MORGAN_THM)
   1.204 -
   1.205 -lemma IMP_F_EQ_F: "ALL t::bool. (t --> False) = (t = False)"
   1.206 -  by (import bool IMP_F_EQ_F)
   1.207 -
   1.208 -lemma EQ_EXPAND: "ALL (t1::bool) t2::bool. (t1 = t2) = (t1 & t2 | ~ t1 & ~ t2)"
   1.209 -  by (import bool EQ_EXPAND)
   1.210 -
   1.211 -lemma COND_RATOR: "ALL (b::bool) (f::'a::type => 'b::type) (g::'a::type => 'b::type)
   1.212 -   x::'a::type. (if b then f else g) x = (if b then f x else g x)"
   1.213 -  by (import bool COND_RATOR)
   1.214 -
   1.215 -lemma COND_ABS: "ALL (b::bool) (f::'a::type => 'b::type) g::'a::type => 'b::type.
   1.216 -   (%x::'a::type. if b then f x else g x) = (if b then f else g)"
   1.217 -  by (import bool COND_ABS)
   1.218 -
   1.219 -lemma COND_EXPAND: "ALL (b::bool) (t1::bool) t2::bool.
   1.220 -   (if b then t1 else t2) = ((~ b | t1) & (b | t2))"
   1.221 -  by (import bool COND_EXPAND)
   1.222 -
   1.223 -lemma ONE_ONE_THM: "ALL f::'a::type => 'b::type.
   1.224 -   inj f = (ALL (x1::'a::type) x2::'a::type. f x1 = f x2 --> x1 = x2)"
   1.225 -  by (import bool ONE_ONE_THM)
   1.226 -
   1.227 -lemma ABS_REP_THM: "(All::(('a::type => bool) => bool) => bool)
   1.228 - (%P::'a::type => bool.
   1.229 -     (op -->::bool => bool => bool)
   1.230 -      ((Ex::(('b::type => 'a::type) => bool) => bool)
   1.231 -        ((TYPE_DEFINITION::('a::type => bool)
   1.232 -                           => ('b::type => 'a::type) => bool)
   1.233 -          P))
   1.234 -      ((Ex::(('b::type => 'a::type) => bool) => bool)
   1.235 -        (%x::'b::type => 'a::type.
   1.236 -            (Ex::(('a::type => 'b::type) => bool) => bool)
   1.237 -             (%abs::'a::type => 'b::type.
   1.238 -                 (op &::bool => bool => bool)
   1.239 -                  ((All::('b::type => bool) => bool)
   1.240 -                    (%a::'b::type.
   1.241 -                        (op =::'b::type => 'b::type => bool) (abs (x a)) a))
   1.242 -                  ((All::('a::type => bool) => bool)
   1.243 -                    (%r::'a::type.
   1.244 -                        (op =::bool => bool => bool) (P r)
   1.245 -                         ((op =::'a::type => 'a::type => bool) (x (abs r))
   1.246 -                           r)))))))"
   1.247 -  by (import bool ABS_REP_THM)
   1.248 -
   1.249 -lemma LET_RAND: "(P::'b::type => bool) (Let (M::'a::type) (N::'a::type => 'b::type)) =
   1.250 -(let x::'a::type = M in P (N x))"
   1.251 -  by (import bool LET_RAND)
   1.252 -
   1.253 -lemma LET_RATOR: "Let (M::'a::type) (N::'a::type => 'b::type => 'c::type) (b::'b::type) =
   1.254 -(let x::'a::type = M in N x b)"
   1.255 -  by (import bool LET_RATOR)
   1.256 -
   1.257 -lemma SWAP_FORALL_THM: "ALL P::'a::type => 'b::type => bool.
   1.258 -   (ALL x::'a::type. All (P x)) = (ALL (y::'b::type) x::'a::type. P x y)"
   1.259 -  by (import bool SWAP_FORALL_THM)
   1.260 -
   1.261 -lemma SWAP_EXISTS_THM: "ALL P::'a::type => 'b::type => bool.
   1.262 -   (EX x::'a::type. Ex (P x)) = (EX (y::'b::type) x::'a::type. P x y)"
   1.263 -  by (import bool SWAP_EXISTS_THM)
   1.264 -
   1.265 -lemma AND_CONG: "ALL (P::bool) (P'::bool) (Q::bool) Q'::bool.
   1.266 -   (Q --> P = P') & (P' --> Q = Q') --> (P & Q) = (P' & Q')"
   1.267 -  by (import bool AND_CONG)
   1.268 -
   1.269 -lemma OR_CONG: "ALL (P::bool) (P'::bool) (Q::bool) Q'::bool.
   1.270 -   (~ Q --> P = P') & (~ P' --> Q = Q') --> (P | Q) = (P' | Q')"
   1.271 -  by (import bool OR_CONG)
   1.272 -
   1.273 -lemma COND_CONG: "ALL (P::bool) (Q::bool) (x::'a::type) (x'::'a::type) (y::'a::type)
   1.274 -   y'::'a::type.
   1.275 -   P = Q & (Q --> x = x') & (~ Q --> y = y') -->
   1.276 -   (if P then x else y) = (if Q then x' else y')"
   1.277 -  by (import bool COND_CONG)
   1.278 -
   1.279 -lemma MONO_COND: "((x::bool) --> (y::bool)) -->
   1.280 -((z::bool) --> (w::bool)) -->
   1.281 -(if b::bool then x else z) --> (if b then y else w)"
   1.282 -  by (import bool MONO_COND)
   1.283 -
   1.284 -lemma SKOLEM_THM: "ALL P::'a::type => 'b::type => bool.
   1.285 -   (ALL x::'a::type. Ex (P x)) =
   1.286 -   (EX f::'a::type => 'b::type. ALL x::'a::type. P x (f x))"
   1.287 -  by (import bool SKOLEM_THM)
   1.288 -
   1.289 -lemma bool_case_thm: "(ALL (e0::'a::type) e1::'a::type.
   1.290 -    (case True of True => e0 | False => e1) = e0) &
   1.291 -(ALL (e0::'a::type) e1::'a::type.
   1.292 -    (case False of True => e0 | False => e1) = e1)"
   1.293 -  by (import bool bool_case_thm)
   1.294 -
   1.295 -lemma bool_case_ID: "ALL (x::'a::type) b::bool. (case b of True => x | _ => x) = x"
   1.296 -  by (import bool bool_case_ID)
   1.297 -
   1.298 -lemma boolAxiom: "ALL (e0::'a::type) e1::'a::type.
   1.299 -   EX x::bool => 'a::type. x True = e0 & x False = e1"
   1.300 -  by (import bool boolAxiom)
   1.301 -
   1.302 -lemma UEXISTS_OR_THM: "ALL (P::'a::type => bool) Q::'a::type => bool.
   1.303 -   (EX! x::'a::type. P x | Q x) --> Ex1 P | Ex1 Q"
   1.304 -  by (import bool UEXISTS_OR_THM)
   1.305 -
   1.306 -lemma UEXISTS_SIMP: "(EX! x::'a::type. (t::bool)) = (t & (ALL x::'a::type. All (op = x)))"
   1.307 -  by (import bool UEXISTS_SIMP)
   1.308 +  sorry
   1.309 +
   1.310 +lemma EQ_CLAUSES: "(True = t) = t & (t = True) = t & (False = t) = (~ t) & (t = False) = (~ t)"
   1.311 +  sorry
   1.312 +
   1.313 +lemma COND_CLAUSES: "(if True then t1 else t2) = t1 & (if False then t1 else t2) = t2"
   1.314 +  sorry
   1.315 +
   1.316 +lemma SELECT_UNIQUE: "(!!y. P y = (y = x)) ==> Eps P = x"
   1.317 +  sorry
   1.318 +
   1.319 +lemma BOTH_EXISTS_AND_THM: "(EX x::'a. (P::bool) & (Q::bool)) = ((EX x::'a. P) & (EX x::'a. Q))"
   1.320 +  sorry
   1.321 +
   1.322 +lemma BOTH_FORALL_OR_THM: "(ALL x::'a. (P::bool) | (Q::bool)) = ((ALL x::'a. P) | (ALL x::'a. Q))"
   1.323 +  sorry
   1.324 +
   1.325 +lemma BOTH_FORALL_IMP_THM: "(ALL x::'a. (P::bool) --> (Q::bool)) = ((EX x::'a. P) --> (ALL x::'a. Q))"
   1.326 +  sorry
   1.327 +
   1.328 +lemma BOTH_EXISTS_IMP_THM: "(EX x::'a. (P::bool) --> (Q::bool)) = ((ALL x::'a. P) --> (EX x::'a. Q))"
   1.329 +  sorry
   1.330 +
   1.331 +lemma OR_IMP_THM: "(A = (B | A)) = (B --> A)"
   1.332 +  sorry
   1.333 +
   1.334 +lemma DE_MORGAN_THM: "(~ (A & B)) = (~ A | ~ B) & (~ (A | B)) = (~ A & ~ B)"
   1.335 +  sorry
   1.336 +
   1.337 +lemma IMP_F_EQ_F: "(t --> False) = (t = False)"
   1.338 +  sorry
   1.339 +
   1.340 +lemma COND_RATOR: "(if b::bool then f::'a => 'b else (g::'a => 'b)) (x::'a) =
   1.341 +(if b then f x else g x)"
   1.342 +  sorry
   1.343 +
   1.344 +lemma COND_ABS: "(%x. if b then f x else g x) = (if b then f else g)"
   1.345 +  sorry
   1.346 +
   1.347 +lemma COND_EXPAND: "(if b then t1 else t2) = ((~ b | t1) & (b | t2))"
   1.348 +  sorry
   1.349 +
   1.350 +lemma ONE_ONE_THM: "inj f = (ALL x1 x2. f x1 = f x2 --> x1 = x2)"
   1.351 +  sorry
   1.352 +
   1.353 +lemma ABS_REP_THM: "(op ==>::prop => prop => prop)
   1.354 + ((Trueprop::bool => prop)
   1.355 +   ((Ex::(('b::type => 'a::type) => bool) => bool)
   1.356 +     ((TYPE_DEFINITION::('a::type => bool)
   1.357 +                        => ('b::type => 'a::type) => bool)
   1.358 +       (P::'a::type => bool))))
   1.359 + ((Trueprop::bool => prop)
   1.360 +   ((Ex::(('b::type => 'a::type) => bool) => bool)
   1.361 +     (%x::'b::type => 'a::type.
   1.362 +         (Ex::(('a::type => 'b::type) => bool) => bool)
   1.363 +          (%abs::'a::type => 'b::type.
   1.364 +              (op &::bool => bool => bool)
   1.365 +               ((All::('b::type => bool) => bool)
   1.366 +                 (%a::'b::type.
   1.367 +                     (op =::'b::type => 'b::type => bool) (abs (x a)) a))
   1.368 +               ((All::('a::type => bool) => bool)
   1.369 +                 (%r::'a::type.
   1.370 +                     (op =::bool => bool => bool) (P r)
   1.371 +                      ((op =::'a::type => 'a::type => bool) (x (abs r))
   1.372 +                        r)))))))"
   1.373 +  sorry
   1.374 +
   1.375 +lemma LET_RAND: "(P::'b => bool) (Let (M::'a) (N::'a => 'b)) = (let x::'a = M in P (N x))"
   1.376 +  sorry
   1.377 +
   1.378 +lemma LET_RATOR: "Let (M::'a) (N::'a => 'b => 'c) (b::'b) = (let x::'a = M in N x b)"
   1.379 +  sorry
   1.380 +
   1.381 +lemma AND_CONG: "(Q --> P = P') & (P' --> Q = Q') ==> (P & Q) = (P' & Q')"
   1.382 +  sorry
   1.383 +
   1.384 +lemma OR_CONG: "(~ Q --> P = P') & (~ P' --> Q = Q') ==> (P | Q) = (P' | Q')"
   1.385 +  sorry
   1.386 +
   1.387 +lemma COND_CONG: "P = Q & (Q --> x = x') & (~ Q --> y = y')
   1.388 +==> (if P then x else y) = (if Q then x' else y')"
   1.389 +  sorry
   1.390 +
   1.391 +lemma MONO_COND: "[| x ==> y; z ==> w; if b then x else z |] ==> if b then y else w"
   1.392 +  sorry
   1.393 +
   1.394 +lemma SKOLEM_THM: "(ALL x. Ex (P x)) = (EX f. ALL x. P x (f x))"
   1.395 +  sorry
   1.396 +
   1.397 +lemma bool_case_thm: "(ALL (e0::'a) e1::'a. (case True of True => e0 | False => e1) = e0) &
   1.398 +(ALL (e0::'a) e1::'a. (case False of True => e0 | False => e1) = e1)"
   1.399 +  sorry
   1.400 +
   1.401 +lemma bool_case_ID: "(case b of True => x | _ => x) = x"
   1.402 +  sorry
   1.403 +
   1.404 +lemma boolAxiom: "EX x. x True = e0 & x False = e1"
   1.405 +  sorry
   1.406 +
   1.407 +lemma UEXISTS_OR_THM: "EX! x. P x | Q x ==> Ex1 P | Ex1 Q"
   1.408 +  sorry
   1.409 +
   1.410 +lemma UEXISTS_SIMP: "(EX! x::'a. (t::bool)) = (t & (ALL x::'a. All (op = x)))"
   1.411 +  sorry
   1.412  
   1.413  consts
   1.414    RES_ABSTRACT :: "('a => bool) => ('a => 'b) => 'a => 'b" 
   1.415  
   1.416 -specification (RES_ABSTRACT) RES_ABSTRACT_DEF: "(ALL (p::'a::type => bool) (m::'a::type => 'b::type) x::'a::type.
   1.417 +specification (RES_ABSTRACT) RES_ABSTRACT_DEF: "(ALL (p::'a => bool) (m::'a => 'b) x::'a.
   1.418      IN x p --> RES_ABSTRACT p m x = m x) &
   1.419 -(ALL (p::'a::type => bool) (m1::'a::type => 'b::type)
   1.420 -    m2::'a::type => 'b::type.
   1.421 -    (ALL x::'a::type. IN x p --> m1 x = m2 x) -->
   1.422 +(ALL (p::'a => bool) (m1::'a => 'b) m2::'a => 'b.
   1.423 +    (ALL x::'a. IN x p --> m1 x = m2 x) -->
   1.424      RES_ABSTRACT p m1 = RES_ABSTRACT p m2)"
   1.425 -  by (import bool RES_ABSTRACT_DEF)
   1.426 -
   1.427 -lemma BOOL_FUN_CASES_THM: "ALL f::bool => bool.
   1.428 -   f = (%b::bool. True) |
   1.429 -   f = (%b::bool. False) | f = (%b::bool. b) | f = Not"
   1.430 -  by (import bool BOOL_FUN_CASES_THM)
   1.431 -
   1.432 -lemma BOOL_FUN_INDUCT: "ALL P::(bool => bool) => bool.
   1.433 -   P (%b::bool. True) & P (%b::bool. False) & P (%b::bool. b) & P Not -->
   1.434 -   All P"
   1.435 -  by (import bool BOOL_FUN_INDUCT)
   1.436 +  sorry
   1.437 +
   1.438 +lemma BOOL_FUN_CASES_THM: "f = (%b. True) | f = (%b. False) | f = (%b. b) | f = Not"
   1.439 +  sorry
   1.440 +
   1.441 +lemma BOOL_FUN_INDUCT: "P (%b. True) & P (%b. False) & P (%b. b) & P Not ==> P x"
   1.442 +  sorry
   1.443  
   1.444  ;end_setup
   1.445  
   1.446  ;setup_theory combin
   1.447  
   1.448 -definition K :: "'a => 'b => 'a" where 
   1.449 -  "K == %(x::'a::type) y::'b::type. x"
   1.450 -
   1.451 -lemma K_DEF: "K = (%(x::'a::type) y::'b::type. x)"
   1.452 -  by (import combin K_DEF)
   1.453 -
   1.454 -definition S :: "('a => 'b => 'c) => ('a => 'b) => 'a => 'c" where 
   1.455 -  "S ==
   1.456 -%(f::'a::type => 'b::type => 'c::type) (g::'a::type => 'b::type)
   1.457 -   x::'a::type. f x (g x)"
   1.458 -
   1.459 -lemma S_DEF: "S =
   1.460 -(%(f::'a::type => 'b::type => 'c::type) (g::'a::type => 'b::type)
   1.461 -    x::'a::type. f x (g x))"
   1.462 -  by (import combin S_DEF)
   1.463 -
   1.464 -definition I :: "'a => 'a" where 
   1.465 +definition
   1.466 +  K :: "'a => 'b => 'a"  where
   1.467 +  "K == %x y. x"
   1.468 +
   1.469 +lemma K_DEF: "K = (%x y. x)"
   1.470 +  sorry
   1.471 +
   1.472 +definition
   1.473 +  S :: "('a => 'b => 'c) => ('a => 'b) => 'a => 'c"  where
   1.474 +  "S == %f g x. f x (g x)"
   1.475 +
   1.476 +lemma S_DEF: "S = (%f g x. f x (g x))"
   1.477 +  sorry
   1.478 +
   1.479 +definition
   1.480 +  I :: "'a => 'a"  where
   1.481    "(op ==::('a::type => 'a::type) => ('a::type => 'a::type) => prop)
   1.482   (I::'a::type => 'a::type)
   1.483   ((S::('a::type => ('a::type => 'a::type) => 'a::type)
   1.484 @@ -288,47 +236,46 @@
   1.485        => ('a::type => 'a::type => 'a::type) => 'a::type => 'a::type)
   1.486     (K::'a::type => ('a::type => 'a::type) => 'a::type)
   1.487     (K::'a::type => 'a::type => 'a::type))"
   1.488 -  by (import combin I_DEF)
   1.489 -
   1.490 -definition C :: "('a => 'b => 'c) => 'b => 'a => 'c" where 
   1.491 -  "C == %(f::'a::type => 'b::type => 'c::type) (x::'b::type) y::'a::type. f y x"
   1.492 -
   1.493 -lemma C_DEF: "C =
   1.494 -(%(f::'a::type => 'b::type => 'c::type) (x::'b::type) y::'a::type. f y x)"
   1.495 -  by (import combin C_DEF)
   1.496 -
   1.497 -definition W :: "('a => 'a => 'b) => 'a => 'b" where 
   1.498 -  "W == %(f::'a::type => 'a::type => 'b::type) x::'a::type. f x x"
   1.499 -
   1.500 -lemma W_DEF: "W = (%(f::'a::type => 'a::type => 'b::type) x::'a::type. f x x)"
   1.501 -  by (import combin W_DEF)
   1.502 -
   1.503 -lemma I_THM: "ALL x::'a::type. I x = x"
   1.504 -  by (import combin I_THM)
   1.505 -
   1.506 -lemma I_o_ID: "ALL f::'a::type => 'b::type. I o f = f & f o I = f"
   1.507 -  by (import combin I_o_ID)
   1.508 +  sorry
   1.509 +
   1.510 +definition
   1.511 +  C :: "('a => 'b => 'c) => 'b => 'a => 'c"  where
   1.512 +  "C == %f x y. f y x"
   1.513 +
   1.514 +lemma C_DEF: "C = (%f x y. f y x)"
   1.515 +  sorry
   1.516 +
   1.517 +definition
   1.518 +  W :: "('a => 'a => 'b) => 'a => 'b"  where
   1.519 +  "W == %f x. f x x"
   1.520 +
   1.521 +lemma W_DEF: "W = (%f x. f x x)"
   1.522 +  sorry
   1.523 +
   1.524 +lemma I_THM: "I x = x"
   1.525 +  sorry
   1.526 +
   1.527 +lemma I_o_ID: "I o f = f & f o I = f"
   1.528 +  sorry
   1.529  
   1.530  ;end_setup
   1.531  
   1.532  ;setup_theory sum
   1.533  
   1.534 -lemma ISL_OR_ISR: "ALL x::'a::type + 'b::type. ISL x | ISR x"
   1.535 -  by (import sum ISL_OR_ISR)
   1.536 -
   1.537 -lemma INL: "ALL x::'a::type + 'b::type. ISL x --> Inl (OUTL x) = x"
   1.538 -  by (import sum INL)
   1.539 -
   1.540 -lemma INR: "ALL x::'a::type + 'b::type. ISR x --> Inr (OUTR x) = x"
   1.541 -  by (import sum INR)
   1.542 -
   1.543 -lemma sum_case_cong: "ALL (M::'b::type + 'c::type) (M'::'b::type + 'c::type)
   1.544 -   (f::'b::type => 'a::type) g::'c::type => 'a::type.
   1.545 -   M = M' &
   1.546 -   (ALL x::'b::type. M' = Inl x --> f x = (f'::'b::type => 'a::type) x) &
   1.547 -   (ALL y::'c::type. M' = Inr y --> g y = (g'::'c::type => 'a::type) y) -->
   1.548 -   sum_case f g M = sum_case f' g' M'"
   1.549 -  by (import sum sum_case_cong)
   1.550 +lemma ISL_OR_ISR: "ISL x | ISR x"
   1.551 +  sorry
   1.552 +
   1.553 +lemma INL: "ISL x ==> Inl (OUTL x) = x"
   1.554 +  sorry
   1.555 +
   1.556 +lemma INR: "ISR x ==> Inr (OUTR x) = x"
   1.557 +  sorry
   1.558 +
   1.559 +lemma sum_case_cong: "(M::'b + 'c) = (M'::'b + 'c) &
   1.560 +(ALL x::'b. M' = Inl x --> (f::'b => 'a) x = (f'::'b => 'a) x) &
   1.561 +(ALL y::'c. M' = Inr y --> (g::'c => 'a) y = (g'::'c => 'a) y)
   1.562 +==> sum_case f g M = sum_case f' g' M'"
   1.563 +  sorry
   1.564  
   1.565  ;end_setup
   1.566  
   1.567 @@ -345,34 +292,34 @@
   1.568          (%y::'a::type.
   1.569              (op =::bool => bool => bool)
   1.570               ((op =::'a::type option => 'a::type option => bool)
   1.571 -               ((Some::'a::type ~=> 'a::type) x)
   1.572 -               ((Some::'a::type ~=> 'a::type) y))
   1.573 +               ((Some::'a::type => 'a::type option) x)
   1.574 +               ((Some::'a::type => 'a::type option) y))
   1.575               ((op =::'a::type => 'a::type => bool) x y))))
   1.576   ((op &::bool => bool => bool)
   1.577     ((All::('a::type => bool) => bool)
   1.578       (%x::'a::type.
   1.579           (op =::'a::type => 'a::type => bool)
   1.580            ((the::'a::type option => 'a::type)
   1.581 -            ((Some::'a::type ~=> 'a::type) x))
   1.582 +            ((Some::'a::type => 'a::type option) x))
   1.583            x))
   1.584     ((op &::bool => bool => bool)
   1.585       ((All::('a::type => bool) => bool)
   1.586         (%x::'a::type.
   1.587 -           (Not::bool => bool)
   1.588 -            ((op =::'a::type option => 'a::type option => bool)
   1.589 -              (None::'a::type option) ((Some::'a::type ~=> 'a::type) x))))
   1.590 +           (op ~=::'a::type option => 'a::type option => bool)
   1.591 +            (None::'a::type option)
   1.592 +            ((Some::'a::type => 'a::type option) x)))
   1.593       ((op &::bool => bool => bool)
   1.594         ((All::('a::type => bool) => bool)
   1.595           (%x::'a::type.
   1.596 -             (Not::bool => bool)
   1.597 -              ((op =::'a::type option => 'a::type option => bool)
   1.598 -                ((Some::'a::type ~=> 'a::type) x) (None::'a::type option))))
   1.599 +             (op ~=::'a::type option => 'a::type option => bool)
   1.600 +              ((Some::'a::type => 'a::type option) x)
   1.601 +              (None::'a::type option)))
   1.602         ((op &::bool => bool => bool)
   1.603           ((All::('a::type => bool) => bool)
   1.604             (%x::'a::type.
   1.605                 (op =::bool => bool => bool)
   1.606                  ((IS_SOME::'a::type option => bool)
   1.607 -                  ((Some::'a::type ~=> 'a::type) x))
   1.608 +                  ((Some::'a::type => 'a::type option) x))
   1.609                  (True::bool)))
   1.610           ((op &::bool => bool => bool)
   1.611             ((op =::bool => bool => bool)
   1.612 @@ -399,7 +346,7 @@
   1.613                         (op -->::bool => bool => bool)
   1.614                          ((IS_SOME::'a::type option => bool) x)
   1.615                          ((op =::'a::type option => 'a::type option => bool)
   1.616 -                          ((Some::'a::type ~=> 'a::type)
   1.617 +                          ((Some::'a::type => 'a::type option)
   1.618                              ((the::'a::type option => 'a::type) x))
   1.619                            x)))
   1.620                   ((op &::bool => bool => bool)
   1.621 @@ -407,9 +354,9 @@
   1.622                       (%x::'a::type option.
   1.623                           (op =::'a::type option => 'a::type option => bool)
   1.624                            ((option_case::'a::type option
   1.625 -   => ('a::type ~=> 'a::type) => 'a::type option ~=> 'a::type)
   1.626 +   => ('a::type => 'a::type option) => 'a::type option => 'a::type option)
   1.627                              (None::'a::type option)
   1.628 -                            (Some::'a::type ~=> 'a::type) x)
   1.629 +                            (Some::'a::type => 'a::type option) x)
   1.630                            x))
   1.631                     ((op &::bool => bool => bool)
   1.632                       ((All::('a::type option => bool) => bool)
   1.633 @@ -417,8 +364,8 @@
   1.634                             (op =::'a::type option
   1.635                                    => 'a::type option => bool)
   1.636                              ((option_case::'a::type option
   1.637 -     => ('a::type ~=> 'a::type) => 'a::type option ~=> 'a::type)
   1.638 -                              x (Some::'a::type ~=> 'a::type) x)
   1.639 +     => ('a::type => 'a::type option) => 'a::type option => 'a::type option)
   1.640 +                              x (Some::'a::type => 'a::type option) x)
   1.641                              x))
   1.642                       ((op &::bool => bool => bool)
   1.643                         ((All::('a::type option => bool) => bool)
   1.644 @@ -449,8 +396,9 @@
   1.645                                    ((op =::'a::type option
   1.646      => 'a::type option => bool)
   1.647                                      ((option_case::'a::type option
   1.648 -             => ('a::type ~=> 'a::type) => 'a::type option ~=> 'a::type)
   1.649 -(ea::'a::type option) (Some::'a::type ~=> 'a::type) x)
   1.650 +             => ('a::type => 'a::type option)
   1.651 +                => 'a::type option => 'a::type option)
   1.652 +(ea::'a::type option) (Some::'a::type => 'a::type option) x)
   1.653                                      x)))
   1.654                             ((op &::bool => bool => bool)
   1.655                               ((All::('b::type => bool) => bool)
   1.656 @@ -475,7 +423,7 @@
   1.657            ((option_case::'b::type
   1.658                           => ('a::type => 'b::type)
   1.659                              => 'a::type option => 'b::type)
   1.660 -            u f ((Some::'a::type ~=> 'a::type) x))
   1.661 +            u f ((Some::'a::type => 'a::type option) x))
   1.662            (f x)))))
   1.663                                 ((op &::bool => bool => bool)
   1.664                                   ((All::(('a::type => 'b::type) => bool)
   1.665 @@ -484,51 +432,48 @@
   1.666   (All::('a::type => bool) => bool)
   1.667    (%x::'a::type.
   1.668        (op =::'b::type option => 'b::type option => bool)
   1.669 -       ((option_map::('a::type => 'b::type) => 'a::type option ~=> 'b::type)
   1.670 -         f ((Some::'a::type ~=> 'a::type) x))
   1.671 -       ((Some::'b::type ~=> 'b::type) (f x)))))
   1.672 +       ((Option.map::('a::type => 'b::type)
   1.673 +                     => 'a::type option => 'b::type option)
   1.674 +         f ((Some::'a::type => 'a::type option) x))
   1.675 +       ((Some::'b::type => 'b::type option) (f x)))))
   1.676                                   ((op &::bool => bool => bool)
   1.677                                     ((All::(('a::type => 'b::type) => bool)
   1.678      => bool)
   1.679                                       (%f::'a::type => 'b::type.
   1.680     (op =::'b::type option => 'b::type option => bool)
   1.681 -    ((option_map::('a::type => 'b::type) => 'a::type option ~=> 'b::type) f
   1.682 -      (None::'a::type option))
   1.683 +    ((Option.map::('a::type => 'b::type)
   1.684 +                  => 'a::type option => 'b::type option)
   1.685 +      f (None::'a::type option))
   1.686      (None::'b::type option)))
   1.687                                     ((op &::bool => bool => bool)
   1.688                                       ((op =::'a::type option
   1.689         => 'a::type option => bool)
   1.690 - ((OPTION_JOIN::'a::type option option ~=> 'a::type)
   1.691 + ((OPTION_JOIN::'a::type option option => 'a::type option)
   1.692     (None::'a::type option option))
   1.693   (None::'a::type option))
   1.694                                       ((All::('a::type option => bool)
   1.695        => bool)
   1.696   (%x::'a::type option.
   1.697       (op =::'a::type option => 'a::type option => bool)
   1.698 -      ((OPTION_JOIN::'a::type option option ~=> 'a::type)
   1.699 -        ((Some::'a::type option ~=> 'a::type option) x))
   1.700 +      ((OPTION_JOIN::'a::type option option => 'a::type option)
   1.701 +        ((Some::'a::type option => 'a::type option option) x))
   1.702        x))))))))))))))))))))"
   1.703 -  by (import option option_CLAUSES)
   1.704 -
   1.705 -lemma option_case_compute: "option_case (e::'b::type) (f::'a::type => 'b::type) (x::'a::type option) =
   1.706 +  sorry
   1.707 +
   1.708 +lemma option_case_compute: "option_case (e::'b) (f::'a => 'b) (x::'a option) =
   1.709  (if IS_SOME x then f (the x) else e)"
   1.710 -  by (import option option_case_compute)
   1.711 -
   1.712 -lemma OPTION_MAP_EQ_SOME: "ALL (f::'a::type => 'b::type) (x::'a::type option) y::'b::type.
   1.713 -   (option_map f x = Some y) = (EX z::'a::type. x = Some z & y = f z)"
   1.714 -  by (import option OPTION_MAP_EQ_SOME)
   1.715 -
   1.716 -lemma OPTION_JOIN_EQ_SOME: "ALL (x::'a::type option option) xa::'a::type.
   1.717 -   (OPTION_JOIN x = Some xa) = (x = Some (Some xa))"
   1.718 -  by (import option OPTION_JOIN_EQ_SOME)
   1.719 -
   1.720 -lemma option_case_cong: "ALL (M::'a::type option) (M'::'a::type option) (u::'b::type)
   1.721 -   f::'a::type => 'b::type.
   1.722 -   M = M' &
   1.723 -   (M' = None --> u = (u'::'b::type)) &
   1.724 -   (ALL x::'a::type. M' = Some x --> f x = (f'::'a::type => 'b::type) x) -->
   1.725 -   option_case u f M = option_case u' f' M'"
   1.726 -  by (import option option_case_cong)
   1.727 +  sorry
   1.728 +
   1.729 +lemma OPTION_MAP_EQ_SOME: "(Option.map (f::'a => 'b) (x::'a option) = Some (y::'b)) =
   1.730 +(EX z::'a. x = Some z & y = f z)"
   1.731 +  sorry
   1.732 +
   1.733 +lemma OPTION_JOIN_EQ_SOME: "(OPTION_JOIN x = Some xa) = (x = Some (Some xa))"
   1.734 +  sorry
   1.735 +
   1.736 +lemma option_case_cong: "M = M' & (M' = None --> u = u') & (ALL x. M' = Some x --> f x = f' x)
   1.737 +==> option_case u f M = option_case u' f' M'"
   1.738 +  sorry
   1.739  
   1.740  ;end_setup
   1.741  
   1.742 @@ -538,531 +483,341 @@
   1.743    stmarker :: "'a => 'a" 
   1.744  
   1.745  defs
   1.746 -  stmarker_primdef: "stmarker == %x::'a::type. x"
   1.747 -
   1.748 -lemma stmarker_def: "ALL x::'a::type. stmarker x = x"
   1.749 -  by (import marker stmarker_def)
   1.750 -
   1.751 -lemma move_left_conj: "ALL (x::bool) (xa::bool) xb::bool.
   1.752 -   (x & stmarker xb) = (stmarker xb & x) &
   1.753 -   ((stmarker xb & x) & xa) = (stmarker xb & x & xa) &
   1.754 -   (x & stmarker xb & xa) = (stmarker xb & x & xa)"
   1.755 -  by (import marker move_left_conj)
   1.756 -
   1.757 -lemma move_right_conj: "ALL (x::bool) (xa::bool) xb::bool.
   1.758 -   (stmarker xb & x) = (x & stmarker xb) &
   1.759 -   (x & xa & stmarker xb) = ((x & xa) & stmarker xb) &
   1.760 -   ((x & stmarker xb) & xa) = ((x & xa) & stmarker xb)"
   1.761 -  by (import marker move_right_conj)
   1.762 -
   1.763 -lemma move_left_disj: "ALL (x::bool) (xa::bool) xb::bool.
   1.764 -   (x | stmarker xb) = (stmarker xb | x) &
   1.765 -   ((stmarker xb | x) | xa) = (stmarker xb | x | xa) &
   1.766 -   (x | stmarker xb | xa) = (stmarker xb | x | xa)"
   1.767 -  by (import marker move_left_disj)
   1.768 -
   1.769 -lemma move_right_disj: "ALL (x::bool) (xa::bool) xb::bool.
   1.770 -   (stmarker xb | x) = (x | stmarker xb) &
   1.771 -   (x | xa | stmarker xb) = ((x | xa) | stmarker xb) &
   1.772 -   ((x | stmarker xb) | xa) = ((x | xa) | stmarker xb)"
   1.773 -  by (import marker move_right_disj)
   1.774 +  stmarker_primdef: "stmarker == %x. x"
   1.775 +
   1.776 +lemma stmarker_def: "stmarker x = x"
   1.777 +  sorry
   1.778 +
   1.779 +lemma move_left_conj: "(x & stmarker xb) = (stmarker xb & x) &
   1.780 +((stmarker xb & x) & xa) = (stmarker xb & x & xa) &
   1.781 +(x & stmarker xb & xa) = (stmarker xb & x & xa)"
   1.782 +  sorry
   1.783 +
   1.784 +lemma move_right_conj: "(stmarker xb & x) = (x & stmarker xb) &
   1.785 +(x & xa & stmarker xb) = ((x & xa) & stmarker xb) &
   1.786 +((x & stmarker xb) & xa) = ((x & xa) & stmarker xb)"
   1.787 +  sorry
   1.788 +
   1.789 +lemma move_left_disj: "(x | stmarker xb) = (stmarker xb | x) &
   1.790 +((stmarker xb | x) | xa) = (stmarker xb | x | xa) &
   1.791 +(x | stmarker xb | xa) = (stmarker xb | x | xa)"
   1.792 +  sorry
   1.793 +
   1.794 +lemma move_right_disj: "(stmarker xb | x) = (x | stmarker xb) &
   1.795 +(x | xa | stmarker xb) = ((x | xa) | stmarker xb) &
   1.796 +((x | stmarker xb) | xa) = ((x | xa) | stmarker xb)"
   1.797 +  sorry
   1.798  
   1.799  ;end_setup
   1.800  
   1.801  ;setup_theory relation
   1.802  
   1.803 -definition TC :: "('a => 'a => bool) => 'a => 'a => bool" where 
   1.804 +definition
   1.805 +  TC :: "('a => 'a => bool) => 'a => 'a => bool"  where
   1.806    "TC ==
   1.807 -%(R::'a::type => 'a::type => bool) (a::'a::type) b::'a::type.
   1.808 -   ALL P::'a::type => 'a::type => bool.
   1.809 -      (ALL (x::'a::type) y::'a::type. R x y --> P x y) &
   1.810 -      (ALL (x::'a::type) (y::'a::type) z::'a::type.
   1.811 -          P x y & P y z --> P x z) -->
   1.812 +%R a b.
   1.813 +   ALL P.
   1.814 +      (ALL x y. R x y --> P x y) & (ALL x y z. P x y & P y z --> P x z) -->
   1.815        P a b"
   1.816  
   1.817 -lemma TC_DEF: "ALL (R::'a::type => 'a::type => bool) (a::'a::type) b::'a::type.
   1.818 -   TC R a b =
   1.819 -   (ALL P::'a::type => 'a::type => bool.
   1.820 -       (ALL (x::'a::type) y::'a::type. R x y --> P x y) &
   1.821 -       (ALL (x::'a::type) (y::'a::type) z::'a::type.
   1.822 -           P x y & P y z --> P x z) -->
   1.823 -       P a b)"
   1.824 -  by (import relation TC_DEF)
   1.825 -
   1.826 -definition RTC :: "('a => 'a => bool) => 'a => 'a => bool" where 
   1.827 +lemma TC_DEF: "TC R a b =
   1.828 +(ALL P.
   1.829 +    (ALL x y. R x y --> P x y) & (ALL x y z. P x y & P y z --> P x z) -->
   1.830 +    P a b)"
   1.831 +  sorry
   1.832 +
   1.833 +definition
   1.834 +  RTC :: "('a => 'a => bool) => 'a => 'a => bool"  where
   1.835    "RTC ==
   1.836 -%(R::'a::type => 'a::type => bool) (a::'a::type) b::'a::type.
   1.837 -   ALL P::'a::type => 'a::type => bool.
   1.838 -      (ALL x::'a::type. P x x) &
   1.839 -      (ALL (x::'a::type) (y::'a::type) z::'a::type.
   1.840 -          R x y & P y z --> P x z) -->
   1.841 -      P a b"
   1.842 -
   1.843 -lemma RTC_DEF: "ALL (R::'a::type => 'a::type => bool) (a::'a::type) b::'a::type.
   1.844 -   RTC R a b =
   1.845 -   (ALL P::'a::type => 'a::type => bool.
   1.846 -       (ALL x::'a::type. P x x) &
   1.847 -       (ALL (x::'a::type) (y::'a::type) z::'a::type.
   1.848 -           R x y & P y z --> P x z) -->
   1.849 -       P a b)"
   1.850 -  by (import relation RTC_DEF)
   1.851 +%R a b.
   1.852 +   ALL P. (ALL x. P x x) & (ALL x y z. R x y & P y z --> P x z) --> P a b"
   1.853 +
   1.854 +lemma RTC_DEF: "RTC R a b =
   1.855 +(ALL P. (ALL x. P x x) & (ALL x y z. R x y & P y z --> P x z) --> P a b)"
   1.856 +  sorry
   1.857  
   1.858  consts
   1.859    RC :: "('a => 'a => bool) => 'a => 'a => bool" 
   1.860  
   1.861  defs
   1.862 -  RC_primdef: "RC ==
   1.863 -%(R::'a::type => 'a::type => bool) (x::'a::type) y::'a::type. x = y | R x y"
   1.864 -
   1.865 -lemma RC_def: "ALL (R::'a::type => 'a::type => bool) (x::'a::type) y::'a::type.
   1.866 -   RC R x y = (x = y | R x y)"
   1.867 -  by (import relation RC_def)
   1.868 +  RC_primdef: "RC == %R x y. x = y | R x y"
   1.869 +
   1.870 +lemma RC_def: "RC R x y = (x = y | R x y)"
   1.871 +  sorry
   1.872  
   1.873  consts
   1.874    transitive :: "('a => 'a => bool) => bool" 
   1.875  
   1.876  defs
   1.877 -  transitive_primdef: "transitive ==
   1.878 -%R::'a::type => 'a::type => bool.
   1.879 -   ALL (x::'a::type) (y::'a::type) z::'a::type. R x y & R y z --> R x z"
   1.880 -
   1.881 -lemma transitive_def: "ALL R::'a::type => 'a::type => bool.
   1.882 -   transitive R =
   1.883 -   (ALL (x::'a::type) (y::'a::type) z::'a::type. R x y & R y z --> R x z)"
   1.884 -  by (import relation transitive_def)
   1.885 -
   1.886 -definition pred_reflexive :: "('a => 'a => bool) => bool" where 
   1.887 -  "pred_reflexive == %R::'a::type => 'a::type => bool. ALL x::'a::type. R x x"
   1.888 -
   1.889 -lemma reflexive_def: "ALL R::'a::type => 'a::type => bool.
   1.890 -   pred_reflexive R = (ALL x::'a::type. R x x)"
   1.891 -  by (import relation reflexive_def)
   1.892 -
   1.893 -lemma TC_TRANSITIVE: "ALL x::'a::type => 'a::type => bool. transitive (TC x)"
   1.894 -  by (import relation TC_TRANSITIVE)
   1.895 -
   1.896 -lemma RTC_INDUCT: "ALL (x::'a::type => 'a::type => bool) xa::'a::type => 'a::type => bool.
   1.897 -   (ALL x::'a::type. xa x x) &
   1.898 -   (ALL (xb::'a::type) (y::'a::type) z::'a::type.
   1.899 -       x xb y & xa y z --> xa xb z) -->
   1.900 -   (ALL (xb::'a::type) xc::'a::type. RTC x xb xc --> xa xb xc)"
   1.901 -  by (import relation RTC_INDUCT)
   1.902 -
   1.903 -lemma TC_RULES: "ALL x::'a::type => 'a::type => bool.
   1.904 -   (ALL (xa::'a::type) xb::'a::type. x xa xb --> TC x xa xb) &
   1.905 -   (ALL (xa::'a::type) (xb::'a::type) xc::'a::type.
   1.906 -       TC x xa xb & TC x xb xc --> TC x xa xc)"
   1.907 -  by (import relation TC_RULES)
   1.908 -
   1.909 -lemma RTC_RULES: "ALL x::'a::type => 'a::type => bool.
   1.910 -   (ALL xa::'a::type. RTC x xa xa) &
   1.911 -   (ALL (xa::'a::type) (xb::'a::type) xc::'a::type.
   1.912 -       x xa xb & RTC x xb xc --> RTC x xa xc)"
   1.913 -  by (import relation RTC_RULES)
   1.914 -
   1.915 -lemma RTC_STRONG_INDUCT: "ALL (R::'a::type => 'a::type => bool) P::'a::type => 'a::type => bool.
   1.916 -   (ALL x::'a::type. P x x) &
   1.917 -   (ALL (x::'a::type) (y::'a::type) z::'a::type.
   1.918 -       R x y & RTC R y z & P y z --> P x z) -->
   1.919 -   (ALL (x::'a::type) y::'a::type. RTC R x y --> P x y)"
   1.920 -  by (import relation RTC_STRONG_INDUCT)
   1.921 -
   1.922 -lemma RTC_RTC: "ALL (R::'a::type => 'a::type => bool) (x::'a::type) y::'a::type.
   1.923 -   RTC R x y --> (ALL z::'a::type. RTC R y z --> RTC R x z)"
   1.924 -  by (import relation RTC_RTC)
   1.925 -
   1.926 -lemma RTC_TRANSITIVE: "ALL x::'a::type => 'a::type => bool. transitive (RTC x)"
   1.927 -  by (import relation RTC_TRANSITIVE)
   1.928 -
   1.929 -lemma RTC_REFLEXIVE: "ALL R::'a::type => 'a::type => bool. pred_reflexive (RTC R)"
   1.930 -  by (import relation RTC_REFLEXIVE)
   1.931 -
   1.932 -lemma RC_REFLEXIVE: "ALL R::'a::type => 'a::type => bool. pred_reflexive (RC R)"
   1.933 -  by (import relation RC_REFLEXIVE)
   1.934 -
   1.935 -lemma TC_SUBSET: "ALL (x::'a::type => 'a::type => bool) (xa::'a::type) xb::'a::type.
   1.936 -   x xa xb --> TC x xa xb"
   1.937 -  by (import relation TC_SUBSET)
   1.938 -
   1.939 -lemma RTC_SUBSET: "ALL (R::'a::type => 'a::type => bool) (x::'a::type) y::'a::type.
   1.940 -   R x y --> RTC R x y"
   1.941 -  by (import relation RTC_SUBSET)
   1.942 -
   1.943 -lemma RC_SUBSET: "ALL (R::'a::type => 'a::type => bool) (x::'a::type) y::'a::type.
   1.944 -   R x y --> RC R x y"
   1.945 -  by (import relation RC_SUBSET)
   1.946 -
   1.947 -lemma RC_RTC: "ALL (R::'a::type => 'a::type => bool) (x::'a::type) y::'a::type.
   1.948 -   RC R x y --> RTC R x y"
   1.949 -  by (import relation RC_RTC)
   1.950 -
   1.951 -lemma TC_INDUCT: "ALL (x::'a::type => 'a::type => bool) xa::'a::type => 'a::type => bool.
   1.952 -   (ALL (xb::'a::type) y::'a::type. x xb y --> xa xb y) &
   1.953 -   (ALL (x::'a::type) (y::'a::type) z::'a::type.
   1.954 -       xa x y & xa y z --> xa x z) -->
   1.955 -   (ALL (xb::'a::type) xc::'a::type. TC x xb xc --> xa xb xc)"
   1.956 -  by (import relation TC_INDUCT)
   1.957 -
   1.958 -lemma TC_INDUCT_LEFT1: "ALL (x::'a::type => 'a::type => bool) xa::'a::type => 'a::type => bool.
   1.959 -   (ALL (xb::'a::type) y::'a::type. x xb y --> xa xb y) &
   1.960 -   (ALL (xb::'a::type) (y::'a::type) z::'a::type.
   1.961 -       x xb y & xa y z --> xa xb z) -->
   1.962 -   (ALL (xb::'a::type) xc::'a::type. TC x xb xc --> xa xb xc)"
   1.963 -  by (import relation TC_INDUCT_LEFT1)
   1.964 -
   1.965 -lemma TC_STRONG_INDUCT: "ALL (R::'a::type => 'a::type => bool) P::'a::type => 'a::type => bool.
   1.966 -   (ALL (x::'a::type) y::'a::type. R x y --> P x y) &
   1.967 -   (ALL (x::'a::type) (y::'a::type) z::'a::type.
   1.968 -       P x y & P y z & TC R x y & TC R y z --> P x z) -->
   1.969 -   (ALL (u::'a::type) v::'a::type. TC R u v --> P u v)"
   1.970 -  by (import relation TC_STRONG_INDUCT)
   1.971 -
   1.972 -lemma TC_STRONG_INDUCT_LEFT1: "ALL (R::'a::type => 'a::type => bool) P::'a::type => 'a::type => bool.
   1.973 -   (ALL (x::'a::type) y::'a::type. R x y --> P x y) &
   1.974 -   (ALL (x::'a::type) (y::'a::type) z::'a::type.
   1.975 -       R x y & P y z & TC R y z --> P x z) -->
   1.976 -   (ALL (u::'a::type) v::'a::type. TC R u v --> P u v)"
   1.977 -  by (import relation TC_STRONG_INDUCT_LEFT1)
   1.978 -
   1.979 -lemma TC_RTC: "ALL (R::'a::type => 'a::type => bool) (x::'a::type) y::'a::type.
   1.980 -   TC R x y --> RTC R x y"
   1.981 -  by (import relation TC_RTC)
   1.982 -
   1.983 -lemma RTC_TC_RC: "ALL (R::'a::type => 'a::type => bool) (x::'a::type) y::'a::type.
   1.984 -   RTC R x y --> RC R x y | TC R x y"
   1.985 -  by (import relation RTC_TC_RC)
   1.986 -
   1.987 -lemma TC_RC_EQNS: "ALL R::'a::type => 'a::type => bool. RC (TC R) = RTC R & TC (RC R) = RTC R"
   1.988 -  by (import relation TC_RC_EQNS)
   1.989 -
   1.990 -lemma RC_IDEM: "ALL R::'a::type => 'a::type => bool. RC (RC R) = RC R"
   1.991 -  by (import relation RC_IDEM)
   1.992 -
   1.993 -lemma TC_IDEM: "ALL R::'a::type => 'a::type => bool. TC (TC R) = TC R"
   1.994 -  by (import relation TC_IDEM)
   1.995 -
   1.996 -lemma RTC_IDEM: "ALL R::'a::type => 'a::type => bool. RTC (RTC R) = RTC R"
   1.997 -  by (import relation RTC_IDEM)
   1.998 -
   1.999 -lemma RTC_CASES1: "ALL (x::'a::type => 'a::type => bool) (xa::'a::type) xb::'a::type.
  1.1000 -   RTC x xa xb = (xa = xb | (EX u::'a::type. x xa u & RTC x u xb))"
  1.1001 -  by (import relation RTC_CASES1)
  1.1002 -
  1.1003 -lemma RTC_CASES2: "ALL (x::'a::type => 'a::type => bool) (xa::'a::type) xb::'a::type.
  1.1004 -   RTC x xa xb = (xa = xb | (EX u::'a::type. RTC x xa u & x u xb))"
  1.1005 -  by (import relation RTC_CASES2)
  1.1006 -
  1.1007 -lemma RTC_CASES_RTC_TWICE: "ALL (x::'a::type => 'a::type => bool) (xa::'a::type) xb::'a::type.
  1.1008 -   RTC x xa xb = (EX u::'a::type. RTC x xa u & RTC x u xb)"
  1.1009 -  by (import relation RTC_CASES_RTC_TWICE)
  1.1010 -
  1.1011 -lemma TC_CASES1: "ALL (R::'a::type => 'a::type => bool) (x::'a::type) z::'a::type.
  1.1012 -   TC R x z --> R x z | (EX y::'a::type. R x y & TC R y z)"
  1.1013 -  by (import relation TC_CASES1)
  1.1014 -
  1.1015 -lemma TC_CASES2: "ALL (R::'a::type => 'a::type => bool) (x::'a::type) z::'a::type.
  1.1016 -   TC R x z --> R x z | (EX y::'a::type. TC R x y & R y z)"
  1.1017 -  by (import relation TC_CASES2)
  1.1018 -
  1.1019 -lemma TC_MONOTONE: "ALL (R::'a::type => 'a::type => bool) Q::'a::type => 'a::type => bool.
  1.1020 -   (ALL (x::'a::type) y::'a::type. R x y --> Q x y) -->
  1.1021 -   (ALL (x::'a::type) y::'a::type. TC R x y --> TC Q x y)"
  1.1022 -  by (import relation TC_MONOTONE)
  1.1023 -
  1.1024 -lemma RTC_MONOTONE: "ALL (R::'a::type => 'a::type => bool) Q::'a::type => 'a::type => bool.
  1.1025 -   (ALL (x::'a::type) y::'a::type. R x y --> Q x y) -->
  1.1026 -   (ALL (x::'a::type) y::'a::type. RTC R x y --> RTC Q x y)"
  1.1027 -  by (import relation RTC_MONOTONE)
  1.1028 -
  1.1029 -definition WF :: "('a => 'a => bool) => bool" where 
  1.1030 -  "WF ==
  1.1031 -%R::'a::type => 'a::type => bool.
  1.1032 -   ALL B::'a::type => bool.
  1.1033 -      Ex B -->
  1.1034 -      (EX min::'a::type. B min & (ALL b::'a::type. R b min --> ~ B b))"
  1.1035 -
  1.1036 -lemma WF_DEF: "ALL R::'a::type => 'a::type => bool.
  1.1037 -   WF R =
  1.1038 -   (ALL B::'a::type => bool.
  1.1039 -       Ex B -->
  1.1040 -       (EX min::'a::type. B min & (ALL b::'a::type. R b min --> ~ B b)))"
  1.1041 -  by (import relation WF_DEF)
  1.1042 -
  1.1043 -lemma WF_INDUCTION_THM: "ALL R::'a::type => 'a::type => bool.
  1.1044 -   WF R -->
  1.1045 -   (ALL P::'a::type => bool.
  1.1046 -       (ALL x::'a::type. (ALL y::'a::type. R y x --> P y) --> P x) -->
  1.1047 -       All P)"
  1.1048 -  by (import relation WF_INDUCTION_THM)
  1.1049 -
  1.1050 -lemma WF_NOT_REFL: "ALL (x::'a::type => 'a::type => bool) (xa::'a::type) xb::'a::type.
  1.1051 -   WF x --> x xa xb --> xa ~= xb"
  1.1052 -  by (import relation WF_NOT_REFL)
  1.1053 -
  1.1054 -definition EMPTY_REL :: "'a => 'a => bool" where 
  1.1055 -  "EMPTY_REL == %(x::'a::type) y::'a::type. False"
  1.1056 -
  1.1057 -lemma EMPTY_REL_DEF: "ALL (x::'a::type) y::'a::type. EMPTY_REL x y = False"
  1.1058 -  by (import relation EMPTY_REL_DEF)
  1.1059 +  transitive_primdef: "transitive == %R. ALL x y z. R x y & R y z --> R x z"
  1.1060 +
  1.1061 +lemma transitive_def: "transitive R = (ALL x y z. R x y & R y z --> R x z)"
  1.1062 +  sorry
  1.1063 +
  1.1064 +definition
  1.1065 +  pred_reflexive :: "('a => 'a => bool) => bool"  where
  1.1066 +  "pred_reflexive == %R. ALL x. R x x"
  1.1067 +
  1.1068 +lemma reflexive_def: "pred_reflexive R = (ALL x. R x x)"
  1.1069 +  sorry
  1.1070 +
  1.1071 +lemma TC_TRANSITIVE: "transitive (TC x)"
  1.1072 +  sorry
  1.1073 +
  1.1074 +lemma RTC_INDUCT: "[| (ALL x. xa x x) & (ALL xb y z. x xb y & xa y z --> xa xb z);
  1.1075 +   RTC x xb xc |]
  1.1076 +==> xa xb xc"
  1.1077 +  sorry
  1.1078 +
  1.1079 +lemma TC_RULES: "(ALL xa xb. x xa xb --> TC x xa xb) &
  1.1080 +(ALL xa xb xc. TC x xa xb & TC x xb xc --> TC x xa xc)"
  1.1081 +  sorry
  1.1082 +
  1.1083 +lemma RTC_RULES: "(ALL xa. RTC x xa xa) &
  1.1084 +(ALL xa xb xc. x xa xb & RTC x xb xc --> RTC x xa xc)"
  1.1085 +  sorry
  1.1086 +
  1.1087 +lemma RTC_STRONG_INDUCT: "[| (ALL x. P x x) & (ALL x y z. R x y & RTC R y z & P y z --> P x z);
  1.1088 +   RTC R x y |]
  1.1089 +==> P x y"
  1.1090 +  sorry
  1.1091 +
  1.1092 +lemma RTC_RTC: "[| RTC R x y; RTC R y z |] ==> RTC R x z"
  1.1093 +  sorry
  1.1094 +
  1.1095 +lemma RTC_TRANSITIVE: "transitive (RTC x)"
  1.1096 +  sorry
  1.1097 +
  1.1098 +lemma RTC_REFLEXIVE: "pred_reflexive (RTC R)"
  1.1099 +  sorry
  1.1100 +
  1.1101 +lemma RC_REFLEXIVE: "pred_reflexive (RC R)"
  1.1102 +  sorry
  1.1103 +
  1.1104 +lemma TC_SUBSET: "x xa xb ==> TC x xa xb"
  1.1105 +  sorry
  1.1106 +
  1.1107 +lemma RTC_SUBSET: "R x y ==> RTC R x y"
  1.1108 +  sorry
  1.1109 +
  1.1110 +lemma RC_SUBSET: "R x y ==> RC R x y"
  1.1111 +  sorry
  1.1112 +
  1.1113 +lemma RC_RTC: "RC R x y ==> RTC R x y"
  1.1114 +  sorry
  1.1115 +
  1.1116 +lemma TC_INDUCT: "[| (ALL xb y. x xb y --> xa xb y) & (ALL x y z. xa x y & xa y z --> xa x z);
  1.1117 +   TC x xb xc |]
  1.1118 +==> xa xb xc"
  1.1119 +  sorry
  1.1120 +
  1.1121 +lemma TC_INDUCT_LEFT1: "[| (ALL xb y. x xb y --> xa xb y) &
  1.1122 +   (ALL xb y z. x xb y & xa y z --> xa xb z);
  1.1123 +   TC x xb xc |]
  1.1124 +==> xa xb xc"
  1.1125 +  sorry
  1.1126 +
  1.1127 +lemma TC_STRONG_INDUCT: "[| (ALL x y. R x y --> P x y) &
  1.1128 +   (ALL x y z. P x y & P y z & TC R x y & TC R y z --> P x z);
  1.1129 +   TC R u v |]
  1.1130 +==> P u v"
  1.1131 +  sorry
  1.1132 +
  1.1133 +lemma TC_STRONG_INDUCT_LEFT1: "[| (ALL x y. R x y --> P x y) &
  1.1134 +   (ALL x y z. R x y & P y z & TC R y z --> P x z);
  1.1135 +   TC R u v |]
  1.1136 +==> P u v"
  1.1137 +  sorry
  1.1138 +
  1.1139 +lemma TC_RTC: "TC R x y ==> RTC R x y"
  1.1140 +  sorry
  1.1141 +
  1.1142 +lemma RTC_TC_RC: "RTC R x y ==> RC R x y | TC R x y"
  1.1143 +  sorry
  1.1144 +
  1.1145 +lemma TC_RC_EQNS: "RC (TC R) = RTC R & TC (RC R) = RTC R"
  1.1146 +  sorry
  1.1147 +
  1.1148 +lemma RC_IDEM: "RC (RC R) = RC R"
  1.1149 +  sorry
  1.1150 +
  1.1151 +lemma TC_IDEM: "TC (TC R) = TC R"
  1.1152 +  sorry
  1.1153 +
  1.1154 +lemma RTC_IDEM: "RTC (RTC R) = RTC R"
  1.1155 +  sorry
  1.1156 +
  1.1157 +lemma RTC_CASES1: "RTC x xa xb = (xa = xb | (EX u. x xa u & RTC x u xb))"
  1.1158 +  sorry
  1.1159 +
  1.1160 +lemma RTC_CASES2: "RTC x xa xb = (xa = xb | (EX u. RTC x xa u & x u xb))"
  1.1161 +  sorry
  1.1162 +
  1.1163 +lemma RTC_CASES_RTC_TWICE: "RTC x xa xb = (EX u. RTC x xa u & RTC x u xb)"
  1.1164 +  sorry
  1.1165 +
  1.1166 +lemma TC_CASES1: "TC R x z ==> R x z | (EX y. R x y & TC R y z)"
  1.1167 +  sorry
  1.1168 +
  1.1169 +lemma TC_CASES2: "TC R x z ==> R x z | (EX y. TC R x y & R y z)"
  1.1170 +  sorry
  1.1171 +
  1.1172 +lemma TC_MONOTONE: "[| !!x y. R x y ==> Q x y; TC R x y |] ==> TC Q x y"
  1.1173 +  sorry
  1.1174 +
  1.1175 +lemma RTC_MONOTONE: "[| !!x y. R x y ==> Q x y; RTC R x y |] ==> RTC Q x y"
  1.1176 +  sorry
  1.1177 +
  1.1178 +definition
  1.1179 +  WF :: "('a => 'a => bool) => bool"  where
  1.1180 +  "WF == %R. ALL B. Ex B --> (EX min. B min & (ALL b. R b min --> ~ B b))"
  1.1181 +
  1.1182 +lemma WF_DEF: "WF R = (ALL B. Ex B --> (EX min. B min & (ALL b. R b min --> ~ B b)))"
  1.1183 +  sorry
  1.1184 +
  1.1185 +lemma WF_INDUCTION_THM: "[| WF R; !!x. (!!y. R y x ==> P y) ==> P x |] ==> P x"
  1.1186 +  sorry
  1.1187 +
  1.1188 +lemma WF_NOT_REFL: "[| WF x; x xa xb |] ==> xa ~= xb"
  1.1189 +  sorry
  1.1190 +
  1.1191 +definition
  1.1192 +  EMPTY_REL :: "'a => 'a => bool"  where
  1.1193 +  "EMPTY_REL == %x y. False"
  1.1194 +
  1.1195 +lemma EMPTY_REL_DEF: "EMPTY_REL x y = False"
  1.1196 +  sorry
  1.1197  
  1.1198  lemma WF_EMPTY_REL: "WF EMPTY_REL"
  1.1199 -  by (import relation WF_EMPTY_REL)
  1.1200 -
  1.1201 -lemma WF_SUBSET: "ALL (x::'a::type => 'a::type => bool) xa::'a::type => 'a::type => bool.
  1.1202 -   WF x & (ALL (xb::'a::type) y::'a::type. xa xb y --> x xb y) --> WF xa"
  1.1203 -  by (import relation WF_SUBSET)
  1.1204 -
  1.1205 -lemma WF_TC: "ALL R::'a::type => 'a::type => bool. WF R --> WF (TC R)"
  1.1206 -  by (import relation WF_TC)
  1.1207 +  sorry
  1.1208 +
  1.1209 +lemma WF_SUBSET: "WF x & (ALL xb y. xa xb y --> x xb y) ==> WF xa"
  1.1210 +  sorry
  1.1211 +
  1.1212 +lemma WF_TC: "WF R ==> WF (TC R)"
  1.1213 +  sorry
  1.1214  
  1.1215  consts
  1.1216    inv_image :: "('b => 'b => bool) => ('a => 'b) => 'a => 'a => bool" 
  1.1217  
  1.1218  defs
  1.1219    inv_image_primdef: "relation.inv_image ==
  1.1220 -%(R::'b::type => 'b::type => bool) (f::'a::type => 'b::type) (x::'a::type)
  1.1221 -   y::'a::type. R (f x) (f y)"
  1.1222 -
  1.1223 -lemma inv_image_def: "ALL (R::'b::type => 'b::type => bool) f::'a::type => 'b::type.
  1.1224 -   relation.inv_image R f = (%(x::'a::type) y::'a::type. R (f x) (f y))"
  1.1225 -  by (import relation inv_image_def)
  1.1226 -
  1.1227 -lemma WF_inv_image: "ALL (R::'b::type => 'b::type => bool) f::'a::type => 'b::type.
  1.1228 -   WF R --> WF (relation.inv_image R f)"
  1.1229 -  by (import relation WF_inv_image)
  1.1230 -
  1.1231 -definition RESTRICT :: "('a => 'b) => ('a => 'a => bool) => 'a => 'a => 'b" where 
  1.1232 -  "RESTRICT ==
  1.1233 -%(f::'a::type => 'b::type) (R::'a::type => 'a::type => bool) (x::'a::type)
  1.1234 -   y::'a::type. if R y x then f y else ARB"
  1.1235 -
  1.1236 -lemma RESTRICT_DEF: "ALL (f::'a::type => 'b::type) (R::'a::type => 'a::type => bool) x::'a::type.
  1.1237 -   RESTRICT f R x = (%y::'a::type. if R y x then f y else ARB)"
  1.1238 -  by (import relation RESTRICT_DEF)
  1.1239 -
  1.1240 -lemma RESTRICT_LEMMA: "ALL (x::'a::type => 'b::type) (xa::'a::type => 'a::type => bool)
  1.1241 -   (xb::'a::type) xc::'a::type. xa xb xc --> RESTRICT x xa xc xb = x xb"
  1.1242 -  by (import relation RESTRICT_LEMMA)
  1.1243 +%(R::'b => 'b => bool) (f::'a => 'b) (x::'a) y::'a. R (f x) (f y)"
  1.1244 +
  1.1245 +lemma inv_image_def: "relation.inv_image R f = (%x y. R (f x) (f y))"
  1.1246 +  sorry
  1.1247 +
  1.1248 +lemma WF_inv_image: "WF (R::'b => 'b => bool) ==> WF (relation.inv_image R (f::'a => 'b))"
  1.1249 +  sorry
  1.1250 +
  1.1251 +definition
  1.1252 +  RESTRICT :: "('a => 'b) => ('a => 'a => bool) => 'a => 'a => 'b"  where
  1.1253 +  "RESTRICT == %f R x y. if R y x then f y else ARB"
  1.1254 +
  1.1255 +lemma RESTRICT_DEF: "RESTRICT f R x = (%y. if R y x then f y else ARB)"
  1.1256 +  sorry
  1.1257 +
  1.1258 +lemma RESTRICT_LEMMA: "xa xb xc ==> RESTRICT x xa xc xb = x xb"
  1.1259 +  sorry
  1.1260  
  1.1261  consts
  1.1262    approx :: "('a => 'a => bool) => (('a => 'b) => 'a => 'b) => 'a => ('a => 'b) => bool" 
  1.1263  
  1.1264  defs
  1.1265 -  approx_primdef: "approx ==
  1.1266 -%(R::'a::type => 'a::type => bool)
  1.1267 -   (M::('a::type => 'b::type) => 'a::type => 'b::type) (x::'a::type)
  1.1268 -   f::'a::type => 'b::type.
  1.1269 -   f = RESTRICT (%y::'a::type. M (RESTRICT f R y) y) R x"
  1.1270 -
  1.1271 -lemma approx_def: "ALL (R::'a::type => 'a::type => bool)
  1.1272 -   (M::('a::type => 'b::type) => 'a::type => 'b::type) (x::'a::type)
  1.1273 -   f::'a::type => 'b::type.
  1.1274 -   approx R M x f = (f = RESTRICT (%y::'a::type. M (RESTRICT f R y) y) R x)"
  1.1275 -  by (import relation approx_def)
  1.1276 +  approx_primdef: "approx == %R M x f. f = RESTRICT (%y. M (RESTRICT f R y) y) R x"
  1.1277 +
  1.1278 +lemma approx_def: "approx R M x f = (f = RESTRICT (%y. M (RESTRICT f R y) y) R x)"
  1.1279 +  sorry
  1.1280  
  1.1281  consts
  1.1282    the_fun :: "('a => 'a => bool) => (('a => 'b) => 'a => 'b) => 'a => 'a => 'b" 
  1.1283  
  1.1284  defs
  1.1285 -  the_fun_primdef: "the_fun ==
  1.1286 -%(R::'a::type => 'a::type => bool)
  1.1287 -   (M::('a::type => 'b::type) => 'a::type => 'b::type) x::'a::type.
  1.1288 -   Eps (approx R M x)"
  1.1289 -
  1.1290 -lemma the_fun_def: "ALL (R::'a::type => 'a::type => bool)
  1.1291 -   (M::('a::type => 'b::type) => 'a::type => 'b::type) x::'a::type.
  1.1292 -   the_fun R M x = Eps (approx R M x)"
  1.1293 -  by (import relation the_fun_def)
  1.1294 -
  1.1295 -definition WFREC :: "('a => 'a => bool) => (('a => 'b) => 'a => 'b) => 'a => 'b" where 
  1.1296 +  the_fun_primdef: "the_fun == %R M x. Eps (approx R M x)"
  1.1297 +
  1.1298 +lemma the_fun_def: "the_fun R M x = Eps (approx R M x)"
  1.1299 +  sorry
  1.1300 +
  1.1301 +definition
  1.1302 +  WFREC :: "('a => 'a => bool) => (('a => 'b) => 'a => 'b) => 'a => 'b"  where
  1.1303    "WFREC ==
  1.1304 -%(R::'a::type => 'a::type => bool)
  1.1305 -   (M::('a::type => 'b::type) => 'a::type => 'b::type) x::'a::type.
  1.1306 -   M (RESTRICT
  1.1307 -       (the_fun (TC R)
  1.1308 -         (%(f::'a::type => 'b::type) v::'a::type. M (RESTRICT f R v) v) x)
  1.1309 -       R x)
  1.1310 -    x"
  1.1311 -
  1.1312 -lemma WFREC_DEF: "ALL (R::'a::type => 'a::type => bool)
  1.1313 -   M::('a::type => 'b::type) => 'a::type => 'b::type.
  1.1314 -   WFREC R M =
  1.1315 -   (%x::'a::type.
  1.1316 -       M (RESTRICT
  1.1317 -           (the_fun (TC R)
  1.1318 -             (%(f::'a::type => 'b::type) v::'a::type. M (RESTRICT f R v) v)
  1.1319 -             x)
  1.1320 -           R x)
  1.1321 -        x)"
  1.1322 -  by (import relation WFREC_DEF)
  1.1323 -
  1.1324 -lemma WFREC_THM: "ALL (R::'a::type => 'a::type => bool)
  1.1325 -   M::('a::type => 'b::type) => 'a::type => 'b::type.
  1.1326 -   WF R --> (ALL x::'a::type. WFREC R M x = M (RESTRICT (WFREC R M) R x) x)"
  1.1327 -  by (import relation WFREC_THM)
  1.1328 -
  1.1329 -lemma WFREC_COROLLARY: "ALL (M::('a::type => 'b::type) => 'a::type => 'b::type)
  1.1330 -   (R::'a::type => 'a::type => bool) f::'a::type => 'b::type.
  1.1331 -   f = WFREC R M --> WF R --> (ALL x::'a::type. f x = M (RESTRICT f R x) x)"
  1.1332 -  by (import relation WFREC_COROLLARY)
  1.1333 -
  1.1334 -lemma WF_RECURSION_THM: "ALL R::'a::type => 'a::type => bool.
  1.1335 -   WF R -->
  1.1336 -   (ALL M::('a::type => 'b::type) => 'a::type => 'b::type.
  1.1337 -       EX! f::'a::type => 'b::type.
  1.1338 -          ALL x::'a::type. f x = M (RESTRICT f R x) x)"
  1.1339 -  by (import relation WF_RECURSION_THM)
  1.1340 +%R M x. M (RESTRICT (the_fun (TC R) (%f v. M (RESTRICT f R v) v) x) R x) x"
  1.1341 +
  1.1342 +lemma WFREC_DEF: "WFREC R M =
  1.1343 +(%x. M (RESTRICT (the_fun (TC R) (%f v. M (RESTRICT f R v) v) x) R x) x)"
  1.1344 +  sorry
  1.1345 +
  1.1346 +lemma WFREC_THM: "WF R ==> WFREC R M x = M (RESTRICT (WFREC R M) R x) x"
  1.1347 +  sorry
  1.1348 +
  1.1349 +lemma WFREC_COROLLARY: "[| f = WFREC R M; WF R |] ==> f x = M (RESTRICT f R x) x"
  1.1350 +  sorry
  1.1351 +
  1.1352 +lemma WF_RECURSION_THM: "WF R ==> EX! f. ALL x. f x = M (RESTRICT f R x) x"
  1.1353 +  sorry
  1.1354  
  1.1355  ;end_setup
  1.1356  
  1.1357  ;setup_theory pair
  1.1358  
  1.1359 -lemma CURRY_ONE_ONE_THM: "(curry (f::'a::type * 'b::type => 'c::type) =
  1.1360 - curry (g::'a::type * 'b::type => 'c::type)) =
  1.1361 -(f = g)"
  1.1362 -  by (import pair CURRY_ONE_ONE_THM)
  1.1363 -
  1.1364 -lemma UNCURRY_ONE_ONE_THM: "(op =::bool => bool => bool)
  1.1365 - ((op =::('a::type * 'b::type => 'c::type)
  1.1366 -         => ('a::type * 'b::type => 'c::type) => bool)
  1.1367 -   ((split::('a::type => 'b::type => 'c::type)
  1.1368 -            => 'a::type * 'b::type => 'c::type)
  1.1369 -     (f::'a::type => 'b::type => 'c::type))
  1.1370 -   ((split::('a::type => 'b::type => 'c::type)
  1.1371 -            => 'a::type * 'b::type => 'c::type)
  1.1372 -     (g::'a::type => 'b::type => 'c::type)))
  1.1373 - ((op =::('a::type => 'b::type => 'c::type)
  1.1374 -         => ('a::type => 'b::type => 'c::type) => bool)
  1.1375 -   f g)"
  1.1376 -  by (import pair UNCURRY_ONE_ONE_THM)
  1.1377 -
  1.1378 -lemma pair_Axiom: "ALL f::'a::type => 'b::type => 'c::type.
  1.1379 -   EX x::'a::type * 'b::type => 'c::type.
  1.1380 -      ALL (xa::'a::type) y::'b::type. x (xa, y) = f xa y"
  1.1381 -  by (import pair pair_Axiom)
  1.1382 -
  1.1383 -lemma UNCURRY_CONG: "ALL (M::'a::type * 'b::type) (M'::'a::type * 'b::type)
  1.1384 -   f::'a::type => 'b::type => 'c::type.
  1.1385 -   M = M' &
  1.1386 -   (ALL (x::'a::type) y::'b::type.
  1.1387 -       M' = (x, y) -->
  1.1388 -       f x y = (f'::'a::type => 'b::type => 'c::type) x y) -->
  1.1389 -   split f M = split f' M'"
  1.1390 -  by (import pair UNCURRY_CONG)
  1.1391 -
  1.1392 -lemma ELIM_PEXISTS: "(EX p::'a::type * 'b::type.
  1.1393 -    (P::'a::type => 'b::type => bool) (fst p) (snd p)) =
  1.1394 -(EX p1::'a::type. Ex (P p1))"
  1.1395 -  by (import pair ELIM_PEXISTS)
  1.1396 -
  1.1397 -lemma ELIM_PFORALL: "(ALL p::'a::type * 'b::type.
  1.1398 -    (P::'a::type => 'b::type => bool) (fst p) (snd p)) =
  1.1399 -(ALL p1::'a::type. All (P p1))"
  1.1400 -  by (import pair ELIM_PFORALL)
  1.1401 -
  1.1402 -lemma PFORALL_THM: "(All::(('a::type => 'b::type => bool) => bool) => bool)
  1.1403 - (%x::'a::type => 'b::type => bool.
  1.1404 -     (op =::bool => bool => bool)
  1.1405 -      ((All::('a::type => bool) => bool)
  1.1406 -        (%xa::'a::type. (All::('b::type => bool) => bool) (x xa)))
  1.1407 -      ((All::('a::type * 'b::type => bool) => bool)
  1.1408 -        ((split::('a::type => 'b::type => bool)
  1.1409 -                 => 'a::type * 'b::type => bool)
  1.1410 -          x)))"
  1.1411 -  by (import pair PFORALL_THM)
  1.1412 -
  1.1413 -lemma PEXISTS_THM: "(All::(('a::type => 'b::type => bool) => bool) => bool)
  1.1414 - (%x::'a::type => 'b::type => bool.
  1.1415 -     (op =::bool => bool => bool)
  1.1416 -      ((Ex::('a::type => bool) => bool)
  1.1417 -        (%xa::'a::type. (Ex::('b::type => bool) => bool) (x xa)))
  1.1418 -      ((Ex::('a::type * 'b::type => bool) => bool)
  1.1419 -        ((split::('a::type => 'b::type => bool)
  1.1420 -                 => 'a::type * 'b::type => bool)
  1.1421 -          x)))"
  1.1422 -  by (import pair PEXISTS_THM)
  1.1423 -
  1.1424 -lemma LET2_RAND: "(All::(('c::type => 'd::type) => bool) => bool)
  1.1425 - (%x::'c::type => 'd::type.
  1.1426 -     (All::('a::type * 'b::type => bool) => bool)
  1.1427 -      (%xa::'a::type * 'b::type.
  1.1428 -          (All::(('a::type => 'b::type => 'c::type) => bool) => bool)
  1.1429 -           (%xb::'a::type => 'b::type => 'c::type.
  1.1430 -               (op =::'d::type => 'd::type => bool)
  1.1431 -                (x ((Let::'a::type * 'b::type
  1.1432 -                          => ('a::type * 'b::type => 'c::type) => 'c::type)
  1.1433 -                     xa ((split::('a::type => 'b::type => 'c::type)
  1.1434 -                                 => 'a::type * 'b::type => 'c::type)
  1.1435 -                          xb)))
  1.1436 -                ((Let::'a::type * 'b::type
  1.1437 -                       => ('a::type * 'b::type => 'd::type) => 'd::type)
  1.1438 -                  xa ((split::('a::type => 'b::type => 'd::type)
  1.1439 -                              => 'a::type * 'b::type => 'd::type)
  1.1440 -                       (%(xa::'a::type) y::'b::type. x (xb xa y)))))))"
  1.1441 -  by (import pair LET2_RAND)
  1.1442 -
  1.1443 -lemma LET2_RATOR: "(All::('a1::type * 'a2::type => bool) => bool)
  1.1444 - (%x::'a1::type * 'a2::type.
  1.1445 -     (All::(('a1::type => 'a2::type => 'b::type => 'c::type) => bool)
  1.1446 -           => bool)
  1.1447 -      (%xa::'a1::type => 'a2::type => 'b::type => 'c::type.
  1.1448 -          (All::('b::type => bool) => bool)
  1.1449 -           (%xb::'b::type.
  1.1450 -               (op =::'c::type => 'c::type => bool)
  1.1451 -                ((Let::'a1::type * 'a2::type
  1.1452 -                       => ('a1::type * 'a2::type => 'b::type => 'c::type)
  1.1453 -                          => 'b::type => 'c::type)
  1.1454 -                  x ((split::('a1::type
  1.1455 -                              => 'a2::type => 'b::type => 'c::type)
  1.1456 -                             => 'a1::type * 'a2::type
  1.1457 -                                => 'b::type => 'c::type)
  1.1458 -                      xa)
  1.1459 -                  xb)
  1.1460 -                ((Let::'a1::type * 'a2::type
  1.1461 -                       => ('a1::type * 'a2::type => 'c::type) => 'c::type)
  1.1462 -                  x ((split::('a1::type => 'a2::type => 'c::type)
  1.1463 -                             => 'a1::type * 'a2::type => 'c::type)
  1.1464 -                      (%(x::'a1::type) y::'a2::type. xa x y xb))))))"
  1.1465 -  by (import pair LET2_RATOR)
  1.1466 -
  1.1467 -lemma pair_case_cong: "ALL (x::'a::type * 'b::type) (xa::'a::type * 'b::type)
  1.1468 -   xb::'a::type => 'b::type => 'c::type.
  1.1469 -   x = xa &
  1.1470 -   (ALL (x::'a::type) y::'b::type.
  1.1471 -       xa = (x, y) -->
  1.1472 -       xb x y = (f'::'a::type => 'b::type => 'c::type) x y) -->
  1.1473 -   split xb x = split f' xa"
  1.1474 -  by (import pair pair_case_cong)
  1.1475 -
  1.1476 -definition LEX :: "('a => 'a => bool) => ('b => 'b => bool) => 'a * 'b => 'a * 'b => bool" where 
  1.1477 -  "LEX ==
  1.1478 -%(R1::'a::type => 'a::type => bool) (R2::'b::type => 'b::type => bool)
  1.1479 -   (s::'a::type, t::'b::type) (u::'a::type, v::'b::type).
  1.1480 -   R1 s u | s = u & R2 t v"
  1.1481 -
  1.1482 -lemma LEX_DEF: "ALL (R1::'a::type => 'a::type => bool) R2::'b::type => 'b::type => bool.
  1.1483 -   LEX R1 R2 =
  1.1484 -   (%(s::'a::type, t::'b::type) (u::'a::type, v::'b::type).
  1.1485 -       R1 s u | s = u & R2 t v)"
  1.1486 -  by (import pair LEX_DEF)
  1.1487 -
  1.1488 -lemma WF_LEX: "ALL (x::'a::type => 'a::type => bool) xa::'b::type => 'b::type => bool.
  1.1489 -   WF x & WF xa --> WF (LEX x xa)"
  1.1490 -  by (import pair WF_LEX)
  1.1491 -
  1.1492 -definition RPROD :: "('a => 'a => bool) => ('b => 'b => bool) => 'a * 'b => 'a * 'b => bool" where 
  1.1493 -  "RPROD ==
  1.1494 -%(R1::'a::type => 'a::type => bool) (R2::'b::type => 'b::type => bool)
  1.1495 -   (s::'a::type, t::'b::type) (u::'a::type, v::'b::type). R1 s u & R2 t v"
  1.1496 -
  1.1497 -lemma RPROD_DEF: "ALL (R1::'a::type => 'a::type => bool) R2::'b::type => 'b::type => bool.
  1.1498 -   RPROD R1 R2 =
  1.1499 -   (%(s::'a::type, t::'b::type) (u::'a::type, v::'b::type). R1 s u & R2 t v)"
  1.1500 -  by (import pair RPROD_DEF)
  1.1501 -
  1.1502 -lemma WF_RPROD: "ALL (R::'a::type => 'a::type => bool) Q::'b::type => 'b::type => bool.
  1.1503 -   WF R & WF Q --> WF (RPROD R Q)"
  1.1504 -  by (import pair WF_RPROD)
  1.1505 +lemma CURRY_ONE_ONE_THM: "(curry f = curry g) = (f = g)"
  1.1506 +  sorry
  1.1507 +
  1.1508 +lemma UNCURRY_ONE_ONE_THM: "((%(x, y). f x y) = (%(x, y). g x y)) = (f = g)"
  1.1509 +  sorry
  1.1510 +
  1.1511 +lemma pair_Axiom: "EX x. ALL xa y. x (xa, y) = f xa y"
  1.1512 +  sorry
  1.1513 +
  1.1514 +lemma UNCURRY_CONG: "M = M' & (ALL x y. M' = (x, y) --> f x y = f' x y)
  1.1515 +==> prod_case f M = prod_case f' M'"
  1.1516 +  sorry
  1.1517 +
  1.1518 +lemma ELIM_PEXISTS: "(EX p. P (fst p) (snd p)) = (EX p1. Ex (P p1))"
  1.1519 +  sorry
  1.1520 +
  1.1521 +lemma ELIM_PFORALL: "(ALL p. P (fst p) (snd p)) = (ALL p1. All (P p1))"
  1.1522 +  sorry
  1.1523 +
  1.1524 +lemma PFORALL_THM: "(ALL xa. All (x xa)) = All (%(xa, y). x xa y)"
  1.1525 +  sorry
  1.1526 +
  1.1527 +lemma PEXISTS_THM: "(EX xa. Ex (x xa)) = Ex (%(xa, y). x xa y)"
  1.1528 +  sorry
  1.1529 +
  1.1530 +lemma LET2_RAND: "(x::'c => 'd)
  1.1531 + (let (x::'a, y::'b) = xa::'a * 'b in (xb::'a => 'b => 'c) x y) =
  1.1532 +(let (xa::'a, y::'b) = xa in x (xb xa y))"
  1.1533 +  sorry
  1.1534 +
  1.1535 +lemma LET2_RATOR: "(let (x::'a1, y::'a2) = x::'a1 * 'a2 in (xa::'a1 => 'a2 => 'b => 'c) x y)
  1.1536 + (xb::'b) =
  1.1537 +(let (x::'a1, y::'a2) = x in xa x y xb)"
  1.1538 +  sorry
  1.1539 +
  1.1540 +lemma pair_case_cong: "x = xa & (ALL x y. xa = (x, y) --> xb x y = f' x y)
  1.1541 +==> prod_case xb x = prod_case f' xa"
  1.1542 +  sorry
  1.1543 +
  1.1544 +definition
  1.1545 +  LEX :: "('a => 'a => bool) => ('b => 'b => bool) => 'a * 'b => 'a * 'b => bool"  where
  1.1546 +  "LEX == %R1 R2 (s, t) (u, v). R1 s u | s = u & R2 t v"
  1.1547 +
  1.1548 +lemma LEX_DEF: "LEX R1 R2 = (%(s, t) (u, v). R1 s u | s = u & R2 t v)"
  1.1549 +  sorry
  1.1550 +
  1.1551 +lemma WF_LEX: "WF x & WF xa ==> WF (LEX x xa)"
  1.1552 +  sorry
  1.1553 +
  1.1554 +definition
  1.1555 +  RPROD :: "('a => 'a => bool) => ('b => 'b => bool) => 'a * 'b => 'a * 'b => bool"  where
  1.1556 +  "RPROD == %R1 R2 (s, t) (u, v). R1 s u & R2 t v"
  1.1557 +
  1.1558 +lemma RPROD_DEF: "RPROD R1 R2 = (%(s, t) (u, v). R1 s u & R2 t v)"
  1.1559 +  sorry
  1.1560 +
  1.1561 +lemma WF_RPROD: "WF R & WF Q ==> WF (RPROD R Q)"
  1.1562 +  sorry
  1.1563  
  1.1564  ;end_setup
  1.1565  
  1.1566 @@ -1073,174 +828,113 @@
  1.1567  ;setup_theory prim_rec
  1.1568  
  1.1569  lemma LESS_0_0: "0 < Suc 0"
  1.1570 -  by (import prim_rec LESS_0_0)
  1.1571 -
  1.1572 -lemma LESS_LEMMA1: "ALL (x::nat) xa::nat. x < Suc xa --> x = xa | x < xa"
  1.1573 -  by (import prim_rec LESS_LEMMA1)
  1.1574 -
  1.1575 -lemma LESS_LEMMA2: "ALL (m::nat) n::nat. m = n | m < n --> m < Suc n"
  1.1576 -  by (import prim_rec LESS_LEMMA2)
  1.1577 -
  1.1578 -lemma LESS_THM: "ALL (m::nat) n::nat. (m < Suc n) = (m = n | m < n)"
  1.1579 -  by (import prim_rec LESS_THM)
  1.1580 -
  1.1581 -lemma LESS_SUC_IMP: "ALL (x::nat) xa::nat. x < Suc xa --> x ~= xa --> x < xa"
  1.1582 -  by (import prim_rec LESS_SUC_IMP)
  1.1583 -
  1.1584 -lemma EQ_LESS: "ALL n::nat. Suc (m::nat) = n --> m < n"
  1.1585 -  by (import prim_rec EQ_LESS)
  1.1586 -
  1.1587 -lemma NOT_LESS_EQ: "ALL (m::nat) n::nat. m = n --> ~ m < n"
  1.1588 -  by (import prim_rec NOT_LESS_EQ)
  1.1589 -
  1.1590 -definition SIMP_REC_REL :: "(nat => 'a) => 'a => ('a => 'a) => nat => bool" where 
  1.1591 -  "(op ==::((nat => 'a::type)
  1.1592 -         => 'a::type => ('a::type => 'a::type) => nat => bool)
  1.1593 -        => ((nat => 'a::type)
  1.1594 -            => 'a::type => ('a::type => 'a::type) => nat => bool)
  1.1595 -           => prop)
  1.1596 - (SIMP_REC_REL::(nat => 'a::type)
  1.1597 -                => 'a::type => ('a::type => 'a::type) => nat => bool)
  1.1598 - (%(fun::nat => 'a::type) (x::'a::type) (f::'a::type => 'a::type) n::nat.
  1.1599 -     (op &::bool => bool => bool)
  1.1600 -      ((op =::'a::type => 'a::type => bool) (fun (0::nat)) x)
  1.1601 -      ((All::(nat => bool) => bool)
  1.1602 -        (%m::nat.
  1.1603 -            (op -->::bool => bool => bool) ((op <::nat => nat => bool) m n)
  1.1604 -             ((op =::'a::type => 'a::type => bool)
  1.1605 -               (fun ((Suc::nat => nat) m)) (f (fun m))))))"
  1.1606 -
  1.1607 -lemma SIMP_REC_REL: "(All::((nat => 'a::type) => bool) => bool)
  1.1608 - (%fun::nat => 'a::type.
  1.1609 -     (All::('a::type => bool) => bool)
  1.1610 -      (%x::'a::type.
  1.1611 -          (All::(('a::type => 'a::type) => bool) => bool)
  1.1612 -           (%f::'a::type => 'a::type.
  1.1613 -               (All::(nat => bool) => bool)
  1.1614 -                (%n::nat.
  1.1615 -                    (op =::bool => bool => bool)
  1.1616 -                     ((SIMP_REC_REL::(nat => 'a::type)
  1.1617 -                                     => 'a::type
  1.1618 -  => ('a::type => 'a::type) => nat => bool)
  1.1619 -                       fun x f n)
  1.1620 -                     ((op &::bool => bool => bool)
  1.1621 -                       ((op =::'a::type => 'a::type => bool) (fun (0::nat))
  1.1622 -                         x)
  1.1623 -                       ((All::(nat => bool) => bool)
  1.1624 -                         (%m::nat.
  1.1625 -                             (op -->::bool => bool => bool)
  1.1626 -                              ((op <::nat => nat => bool) m n)
  1.1627 -                              ((op =::'a::type => 'a::type => bool)
  1.1628 -                                (fun ((Suc::nat => nat) m))
  1.1629 -                                (f (fun m))))))))))"
  1.1630 -  by (import prim_rec SIMP_REC_REL)
  1.1631 -
  1.1632 -lemma SIMP_REC_EXISTS: "ALL (x::'a::type) (f::'a::type => 'a::type) n::nat.
  1.1633 -   EX fun::nat => 'a::type. SIMP_REC_REL fun x f n"
  1.1634 -  by (import prim_rec SIMP_REC_EXISTS)
  1.1635 -
  1.1636 -lemma SIMP_REC_REL_UNIQUE: "ALL (x::'a::type) (xa::'a::type => 'a::type) (xb::nat => 'a::type)
  1.1637 -   (xc::nat => 'a::type) (xd::nat) xe::nat.
  1.1638 -   SIMP_REC_REL xb x xa xd & SIMP_REC_REL xc x xa xe -->
  1.1639 -   (ALL n::nat. n < xd & n < xe --> xb n = xc n)"
  1.1640 -  by (import prim_rec SIMP_REC_REL_UNIQUE)
  1.1641 -
  1.1642 -lemma SIMP_REC_REL_UNIQUE_RESULT: "ALL (x::'a::type) (f::'a::type => 'a::type) n::nat.
  1.1643 -   EX! y::'a::type.
  1.1644 -      EX g::nat => 'a::type. SIMP_REC_REL g x f (Suc n) & y = g n"
  1.1645 -  by (import prim_rec SIMP_REC_REL_UNIQUE_RESULT)
  1.1646 +  sorry
  1.1647 +
  1.1648 +lemma LESS_LEMMA1: "x < Suc xa ==> x = xa | x < xa"
  1.1649 +  sorry
  1.1650 +
  1.1651 +lemma LESS_LEMMA2: "m = n | m < n ==> m < Suc n"
  1.1652 +  sorry
  1.1653 +
  1.1654 +lemma LESS_THM: "(m < Suc n) = (m = n | m < n)"
  1.1655 +  sorry
  1.1656 +
  1.1657 +lemma LESS_SUC_IMP: "[| x < Suc xa; x ~= xa |] ==> x < xa"
  1.1658 +  sorry
  1.1659 +
  1.1660 +lemma EQ_LESS: "Suc m = n ==> m < n"
  1.1661 +  sorry
  1.1662 +
  1.1663 +lemma NOT_LESS_EQ: "(m::nat) = (n::nat) ==> ~ m < n"
  1.1664 +  sorry
  1.1665 +
  1.1666 +definition
  1.1667 +  SIMP_REC_REL :: "(nat => 'a) => 'a => ('a => 'a) => nat => bool"  where
  1.1668 +  "SIMP_REC_REL == %fun x f n. fun 0 = x & (ALL m<n. fun (Suc m) = f (fun m))"
  1.1669 +
  1.1670 +lemma SIMP_REC_REL: "SIMP_REC_REL fun x f n = (fun 0 = x & (ALL m<n. fun (Suc m) = f (fun m)))"
  1.1671 +  sorry
  1.1672 +
  1.1673 +lemma SIMP_REC_EXISTS: "EX fun. SIMP_REC_REL fun x f n"
  1.1674 +  sorry
  1.1675 +
  1.1676 +lemma SIMP_REC_REL_UNIQUE: "[| SIMP_REC_REL xb x xa xd & SIMP_REC_REL xc x xa xe; n < xd & n < xe |]
  1.1677 +==> xb n = xc n"
  1.1678 +  sorry
  1.1679 +
  1.1680 +lemma SIMP_REC_REL_UNIQUE_RESULT: "EX! y. EX g. SIMP_REC_REL g x f (Suc n) & y = g n"
  1.1681 +  sorry
  1.1682  
  1.1683  consts
  1.1684    SIMP_REC :: "'a => ('a => 'a) => nat => 'a" 
  1.1685  
  1.1686 -specification (SIMP_REC) SIMP_REC: "ALL (x::'a::type) (f'::'a::type => 'a::type) n::nat.
  1.1687 -   EX g::nat => 'a::type.
  1.1688 -      SIMP_REC_REL g x f' (Suc n) & SIMP_REC x f' n = g n"
  1.1689 -  by (import prim_rec SIMP_REC)
  1.1690 -
  1.1691 -lemma LESS_SUC_SUC: "ALL m::nat. m < Suc m & m < Suc (Suc m)"
  1.1692 -  by (import prim_rec LESS_SUC_SUC)
  1.1693 -
  1.1694 -lemma SIMP_REC_THM: "ALL (x::'a::type) f::'a::type => 'a::type.
  1.1695 -   SIMP_REC x f 0 = x &
  1.1696 -   (ALL m::nat. SIMP_REC x f (Suc m) = f (SIMP_REC x f m))"
  1.1697 -  by (import prim_rec SIMP_REC_THM)
  1.1698 -
  1.1699 -definition PRE :: "nat => nat" where 
  1.1700 -  "PRE == %m::nat. if m = 0 then 0 else SOME n::nat. m = Suc n"
  1.1701 -
  1.1702 -lemma PRE_DEF: "ALL m::nat. PRE m = (if m = 0 then 0 else SOME n::nat. m = Suc n)"
  1.1703 -  by (import prim_rec PRE_DEF)
  1.1704 -
  1.1705 -lemma PRE: "PRE 0 = 0 & (ALL m::nat. PRE (Suc m) = m)"
  1.1706 -  by (import prim_rec PRE)
  1.1707 -
  1.1708 -definition PRIM_REC_FUN :: "'a => ('a => nat => 'a) => nat => nat => 'a" where 
  1.1709 -  "PRIM_REC_FUN ==
  1.1710 -%(x::'a::type) f::'a::type => nat => 'a::type.
  1.1711 -   SIMP_REC (%n::nat. x) (%(fun::nat => 'a::type) n::nat. f (fun (PRE n)) n)"
  1.1712 -
  1.1713 -lemma PRIM_REC_FUN: "ALL (x::'a::type) f::'a::type => nat => 'a::type.
  1.1714 -   PRIM_REC_FUN x f =
  1.1715 -   SIMP_REC (%n::nat. x) (%(fun::nat => 'a::type) n::nat. f (fun (PRE n)) n)"
  1.1716 -  by (import prim_rec PRIM_REC_FUN)
  1.1717 -
  1.1718 -lemma PRIM_REC_EQN: "ALL (x::'a::type) f::'a::type => nat => 'a::type.
  1.1719 -   (ALL n::nat. PRIM_REC_FUN x f 0 n = x) &
  1.1720 -   (ALL (m::nat) n::nat.
  1.1721 -       PRIM_REC_FUN x f (Suc m) n = f (PRIM_REC_FUN x f m (PRE n)) n)"
  1.1722 -  by (import prim_rec PRIM_REC_EQN)
  1.1723 -
  1.1724 -definition PRIM_REC :: "'a => ('a => nat => 'a) => nat => 'a" where 
  1.1725 -  "PRIM_REC ==
  1.1726 -%(x::'a::type) (f::'a::type => nat => 'a::type) m::nat.
  1.1727 -   PRIM_REC_FUN x f m (PRE m)"
  1.1728 -
  1.1729 -lemma PRIM_REC: "ALL (x::'a::type) (f::'a::type => nat => 'a::type) m::nat.
  1.1730 -   PRIM_REC x f m = PRIM_REC_FUN x f m (PRE m)"
  1.1731 -  by (import prim_rec PRIM_REC)
  1.1732 -
  1.1733 -lemma PRIM_REC_THM: "ALL (x::'a::type) f::'a::type => nat => 'a::type.
  1.1734 -   PRIM_REC x f 0 = x &
  1.1735 -   (ALL m::nat. PRIM_REC x f (Suc m) = f (PRIM_REC x f m) m)"
  1.1736 -  by (import prim_rec PRIM_REC_THM)
  1.1737 -
  1.1738 -lemma DC: "ALL (P::'a::type => bool) (R::'a::type => 'a::type => bool) a::'a::type.
  1.1739 -   P a & (ALL x::'a::type. P x --> (EX y::'a::type. P y & R x y)) -->
  1.1740 -   (EX x::nat => 'a::type.
  1.1741 -       x 0 = a & (ALL n::nat. P (x n) & R (x n) (x (Suc n))))"
  1.1742 -  by (import prim_rec DC)
  1.1743 -
  1.1744 -lemma num_Axiom_old: "ALL (e::'a::type) f::'a::type => nat => 'a::type.
  1.1745 -   EX! fn1::nat => 'a::type.
  1.1746 -      fn1 0 = e & (ALL n::nat. fn1 (Suc n) = f (fn1 n) n)"
  1.1747 -  by (import prim_rec num_Axiom_old)
  1.1748 -
  1.1749 -lemma num_Axiom: "ALL (e::'a::type) f::nat => 'a::type => 'a::type.
  1.1750 -   EX x::nat => 'a::type. x 0 = e & (ALL n::nat. x (Suc n) = f n (x n))"
  1.1751 -  by (import prim_rec num_Axiom)
  1.1752 +specification (SIMP_REC) SIMP_REC: "ALL x f' n. EX g. SIMP_REC_REL g x f' (Suc n) & SIMP_REC x f' n = g n"
  1.1753 +  sorry
  1.1754 +
  1.1755 +lemma LESS_SUC_SUC: "m < Suc m & m < Suc (Suc m)"
  1.1756 +  sorry
  1.1757 +
  1.1758 +lemma SIMP_REC_THM: "SIMP_REC x f 0 = x & (ALL m. SIMP_REC x f (Suc m) = f (SIMP_REC x f m))"
  1.1759 +  sorry
  1.1760 +
  1.1761 +definition
  1.1762 +  PRE :: "nat => nat"  where
  1.1763 +  "PRE == %m. if m = 0 then 0 else SOME n. m = Suc n"
  1.1764 +
  1.1765 +lemma PRE_DEF: "PRE m = (if m = 0 then 0 else SOME n. m = Suc n)"
  1.1766 +  sorry
  1.1767 +
  1.1768 +lemma PRE: "PRE 0 = 0 & (ALL m. PRE (Suc m) = m)"
  1.1769 +  sorry
  1.1770 +
  1.1771 +definition
  1.1772 +  PRIM_REC_FUN :: "'a => ('a => nat => 'a) => nat => nat => 'a"  where
  1.1773 +  "PRIM_REC_FUN == %x f. SIMP_REC (%n. x) (%fun n. f (fun (PRE n)) n)"
  1.1774 +
  1.1775 +lemma PRIM_REC_FUN: "PRIM_REC_FUN x f = SIMP_REC (%n. x) (%fun n. f (fun (PRE n)) n)"
  1.1776 +  sorry
  1.1777 +
  1.1778 +lemma PRIM_REC_EQN: "(ALL n. PRIM_REC_FUN x f 0 n = x) &
  1.1779 +(ALL m n. PRIM_REC_FUN x f (Suc m) n = f (PRIM_REC_FUN x f m (PRE n)) n)"
  1.1780 +  sorry
  1.1781 +
  1.1782 +definition
  1.1783 +  PRIM_REC :: "'a => ('a => nat => 'a) => nat => 'a"  where
  1.1784 +  "PRIM_REC == %x f m. PRIM_REC_FUN x f m (PRE m)"
  1.1785 +
  1.1786 +lemma PRIM_REC: "PRIM_REC x f m = PRIM_REC_FUN x f m (PRE m)"
  1.1787 +  sorry
  1.1788 +
  1.1789 +lemma PRIM_REC_THM: "PRIM_REC x f 0 = x & (ALL m. PRIM_REC x f (Suc m) = f (PRIM_REC x f m) m)"
  1.1790 +  sorry
  1.1791 +
  1.1792 +lemma DC: "P a & (ALL x. P x --> (EX y. P y & R x y))
  1.1793 +==> EX x. x 0 = a & (ALL n. P (x n) & R (x n) (x (Suc n)))"
  1.1794 +  sorry
  1.1795 +
  1.1796 +lemma num_Axiom_old: "EX! fn1. fn1 0 = e & (ALL n. fn1 (Suc n) = f (fn1 n) n)"
  1.1797 +  sorry
  1.1798 +
  1.1799 +lemma num_Axiom: "EX x. x 0 = e & (ALL n. x (Suc n) = f n (x n))"
  1.1800 +  sorry
  1.1801  
  1.1802  consts
  1.1803    wellfounded :: "('a => 'a => bool) => bool" 
  1.1804  
  1.1805  defs
  1.1806 -  wellfounded_primdef: "wellfounded ==
  1.1807 -%R::'a::type => 'a::type => bool.
  1.1808 -   ~ (EX f::nat => 'a::type. ALL n::nat. R (f (Suc n)) (f n))"
  1.1809 -
  1.1810 -lemma wellfounded_def: "ALL R::'a::type => 'a::type => bool.
  1.1811 -   wellfounded R =
  1.1812 -   (~ (EX f::nat => 'a::type. ALL n::nat. R (f (Suc n)) (f n)))"
  1.1813 -  by (import prim_rec wellfounded_def)
  1.1814 -
  1.1815 -lemma WF_IFF_WELLFOUNDED: "ALL R::'a::type => 'a::type => bool. WF R = wellfounded R"
  1.1816 -  by (import prim_rec WF_IFF_WELLFOUNDED)
  1.1817 -
  1.1818 -lemma WF_PRED: "WF (%(x::nat) y::nat. y = Suc x)"
  1.1819 -  by (import prim_rec WF_PRED)
  1.1820 +  wellfounded_primdef: "wellfounded == %R. ~ (EX f. ALL n. R (f (Suc n)) (f n))"
  1.1821 +
  1.1822 +lemma wellfounded_def: "wellfounded R = (~ (EX f. ALL n. R (f (Suc n)) (f n)))"
  1.1823 +  sorry
  1.1824 +
  1.1825 +lemma WF_IFF_WELLFOUNDED: "WF R = wellfounded R"
  1.1826 +  sorry
  1.1827 +
  1.1828 +lemma WF_PRED: "WF (%x y. y = Suc x)"
  1.1829 +  sorry
  1.1830  
  1.1831  lemma WF_LESS: "(WF::(nat => nat => bool) => bool) (op <::nat => nat => bool)"
  1.1832 -  by (import prim_rec WF_LESS)
  1.1833 +  sorry
  1.1834  
  1.1835  consts
  1.1836    measure :: "('a => nat) => 'a => 'a => bool" 
  1.1837 @@ -1249,616 +943,533 @@
  1.1838    measure_primdef: "prim_rec.measure == relation.inv_image op <"
  1.1839  
  1.1840  lemma measure_def: "prim_rec.measure = relation.inv_image op <"
  1.1841 -  by (import prim_rec measure_def)
  1.1842 -
  1.1843 -lemma WF_measure: "ALL x::'a::type => nat. WF (prim_rec.measure x)"
  1.1844 -  by (import prim_rec WF_measure)
  1.1845 -
  1.1846 -lemma measure_thm: "ALL (x::'a::type => nat) (xa::'a::type) xb::'a::type.
  1.1847 -   prim_rec.measure x xa xb = (x xa < x xb)"
  1.1848 -  by (import prim_rec measure_thm)
  1.1849 +  sorry
  1.1850 +
  1.1851 +lemma WF_measure: "WF (prim_rec.measure x)"
  1.1852 +  sorry
  1.1853 +
  1.1854 +lemma measure_thm: "prim_rec.measure x xa xb = (x xa < x xb)"
  1.1855 +  sorry
  1.1856  
  1.1857  ;end_setup
  1.1858  
  1.1859  ;setup_theory arithmetic
  1.1860  
  1.1861 -definition nat_elim__magic :: "nat => nat" where 
  1.1862 -  "nat_elim__magic == %n::nat. n"
  1.1863 -
  1.1864 -lemma nat_elim__magic: "ALL n::nat. nat_elim__magic n = n"
  1.1865 -  by (import arithmetic nat_elim__magic)
  1.1866 +definition
  1.1867 +  nat_elim__magic :: "nat => nat"  where
  1.1868 +  "nat_elim__magic == %n. n"
  1.1869 +
  1.1870 +lemma nat_elim__magic: "nat_elim__magic n = n"
  1.1871 +  sorry
  1.1872  
  1.1873  consts
  1.1874    EVEN :: "nat => bool" 
  1.1875  
  1.1876 -specification (EVEN) EVEN: "EVEN 0 = True & (ALL n::nat. EVEN (Suc n) = (~ EVEN n))"
  1.1877 -  by (import arithmetic EVEN)
  1.1878 +specification (EVEN) EVEN: "EVEN 0 = True & (ALL n. EVEN (Suc n) = (~ EVEN n))"
  1.1879 +  sorry
  1.1880  
  1.1881  consts
  1.1882    ODD :: "nat => bool" 
  1.1883  
  1.1884 -specification (ODD) ODD: "ODD 0 = False & (ALL n::nat. ODD (Suc n) = (~ ODD n))"
  1.1885 -  by (import arithmetic ODD)
  1.1886 +specification (ODD) ODD: "ODD 0 = False & (ALL n. ODD (Suc n) = (~ ODD n))"
  1.1887 +  sorry
  1.1888  
  1.1889  lemma TWO: "2 = Suc 1"
  1.1890 -  by (import arithmetic TWO)
  1.1891 -
  1.1892 -lemma NORM_0: "(op =::nat => nat => bool) (0::nat) (0::nat)"
  1.1893 -  by (import arithmetic NORM_0)
  1.1894 -
  1.1895 -lemma num_case_compute: "ALL n::nat.
  1.1896 -   nat_case (f::'a::type) (g::nat => 'a::type) n =
  1.1897 -   (if n = 0 then f else g (PRE n))"
  1.1898 -  by (import arithmetic num_case_compute)
  1.1899 -
  1.1900 -lemma ADD_CLAUSES: "0 + (m::nat) = m &
  1.1901 -m + 0 = m & Suc m + (n::nat) = Suc (m + n) & m + Suc n = Suc (m + n)"
  1.1902 -  by (import arithmetic ADD_CLAUSES)
  1.1903 -
  1.1904 -lemma LESS_ADD: "ALL (m::nat) n::nat. n < m --> (EX p::nat. p + n = m)"
  1.1905 -  by (import arithmetic LESS_ADD)
  1.1906 -
  1.1907 -lemma LESS_ANTISYM: "ALL (m::nat) n::nat. ~ (m < n & n < m)"
  1.1908 -  by (import arithmetic LESS_ANTISYM)
  1.1909 -
  1.1910 -lemma LESS_LESS_SUC: "ALL (x::nat) xa::nat. ~ (x < xa & xa < Suc x)"
  1.1911 -  by (import arithmetic LESS_LESS_SUC)
  1.1912 -
  1.1913 -lemma FUN_EQ_LEMMA: "ALL (f::'a::type => bool) (x1::'a::type) x2::'a::type.
  1.1914 -   f x1 & ~ f x2 --> x1 ~= x2"
  1.1915 -  by (import arithmetic FUN_EQ_LEMMA)
  1.1916 -
  1.1917 -lemma LESS_NOT_SUC: "ALL (m::nat) n::nat. m < n & n ~= Suc m --> Suc m < n"
  1.1918 -  by (import arithmetic LESS_NOT_SUC)
  1.1919 -
  1.1920 -lemma LESS_0_CASES: "ALL m::nat. 0 = m | 0 < m"
  1.1921 -  by (import arithmetic LESS_0_CASES)
  1.1922 -
  1.1923 -lemma LESS_CASES_IMP: "ALL (m::nat) n::nat. ~ m < n & m ~= n --> n < m"
  1.1924 -  by (import arithmetic LESS_CASES_IMP)
  1.1925 -
  1.1926 -lemma LESS_CASES: "ALL (m::nat) n::nat. m < n | n <= m"
  1.1927 -  by (import arithmetic LESS_CASES)
  1.1928 -
  1.1929 -lemma LESS_EQ_SUC_REFL: "ALL m::nat. m <= Suc m"
  1.1930 -  by (import arithmetic LESS_EQ_SUC_REFL)
  1.1931 -
  1.1932 -lemma LESS_ADD_NONZERO: "ALL (m::nat) n::nat. n ~= 0 --> m < m + n"
  1.1933 -  by (import arithmetic LESS_ADD_NONZERO)
  1.1934 -
  1.1935 -lemma LESS_EQ_ANTISYM: "ALL (x::nat) xa::nat. ~ (x < xa & xa <= x)"
  1.1936 -  by (import arithmetic LESS_EQ_ANTISYM)
  1.1937 -
  1.1938 -lemma SUB_0: "ALL m::nat. 0 - m = 0 & m - 0 = m"
  1.1939 -  by (import arithmetic SUB_0)
  1.1940 -
  1.1941 -lemma SUC_SUB1: "ALL m::nat. Suc m - 1 = m"
  1.1942 -  by (import arithmetic SUC_SUB1)
  1.1943 -
  1.1944 -lemma PRE_SUB1: "ALL m::nat. PRE m = m - 1"
  1.1945 -  by (import arithmetic PRE_SUB1)
  1.1946 -
  1.1947 -lemma MULT_CLAUSES: "ALL (x::nat) xa::nat.
  1.1948 -   0 * x = 0 &
  1.1949 -   x * 0 = 0 &
  1.1950 -   1 * x = x &
  1.1951 -   x * 1 = x & Suc x * xa = x * xa + xa & x * Suc xa = x + x * xa"
  1.1952 -  by (import arithmetic MULT_CLAUSES)
  1.1953 -
  1.1954 -lemma PRE_SUB: "ALL (m::nat) n::nat. PRE (m - n) = PRE m - n"
  1.1955 -  by (import arithmetic PRE_SUB)
  1.1956 -
  1.1957 -lemma ADD_EQ_1: "ALL (m::nat) n::nat. (m + n = 1) = (m = 1 & n = 0 | m = 0 & n = 1)"
  1.1958 -  by (import arithmetic ADD_EQ_1)
  1.1959 -
  1.1960 -lemma ADD_INV_0_EQ: "ALL (m::nat) n::nat. (m + n = m) = (n = 0)"
  1.1961 -  by (import arithmetic ADD_INV_0_EQ)
  1.1962 -
  1.1963 -lemma PRE_SUC_EQ: "ALL (m::nat) n::nat. 0 < n --> (m = PRE n) = (Suc m = n)"
  1.1964 -  by (import arithmetic PRE_SUC_EQ)
  1.1965 -
  1.1966 -lemma INV_PRE_EQ: "ALL (m::nat) n::nat. 0 < m & 0 < n --> (PRE m = PRE n) = (m = n)"
  1.1967 -  by (import arithmetic INV_PRE_EQ)
  1.1968 -
  1.1969 -lemma LESS_SUC_NOT: "ALL (m::nat) n::nat. m < n --> ~ n < Suc m"
  1.1970 -  by (import arithmetic LESS_SUC_NOT)
  1.1971 -
  1.1972 -lemma ADD_EQ_SUB: "ALL (m::nat) (n::nat) p::nat. n <= p --> (m + n = p) = (m = p - n)"
  1.1973 -  by (import arithmetic ADD_EQ_SUB)
  1.1974 -
  1.1975 -lemma LESS_ADD_1: "ALL (x::nat) xa::nat. xa < x --> (EX xb::nat. x = xa + (xb + 1))"
  1.1976 -  by (import arithmetic LESS_ADD_1)
  1.1977 -
  1.1978 -lemma NOT_ODD_EQ_EVEN: "ALL (n::nat) m::nat. Suc (n + n) ~= m + m"
  1.1979 -  by (import arithmetic NOT_ODD_EQ_EVEN)
  1.1980 -
  1.1981 -lemma MULT_SUC_EQ: "ALL (p::nat) (m::nat) n::nat. (n * Suc p = m * Suc p) = (n = m)"
  1.1982 -  by (import arithmetic MULT_SUC_EQ)
  1.1983 -
  1.1984 -lemma MULT_EXP_MONO: "ALL (p::nat) (q::nat) (n::nat) m::nat.
  1.1985 -   (n * Suc q ^ p = m * Suc q ^ p) = (n = m)"
  1.1986 -  by (import arithmetic MULT_EXP_MONO)
  1.1987 -
  1.1988 -lemma LESS_ADD_SUC: "ALL (m::nat) n::nat. m < m + Suc n"
  1.1989 -  by (import arithmetic LESS_ADD_SUC)
  1.1990 -
  1.1991 -lemma LESS_OR_EQ_ADD: "ALL (n::nat) m::nat. n < m | (EX p::nat. n = p + m)"
  1.1992 -  by (import arithmetic LESS_OR_EQ_ADD)
  1.1993 -
  1.1994 -lemma WOP: "(All::((nat => bool) => bool) => bool)
  1.1995 - (%P::nat => bool.
  1.1996 -     (op -->::bool => bool => bool) ((Ex::(nat => bool) => bool) P)
  1.1997 -      ((Ex::(nat => bool) => bool)
  1.1998 -        (%n::nat.
  1.1999 -            (op &::bool => bool => bool) (P n)
  1.2000 -             ((All::(nat => bool) => bool)
  1.2001 -               (%m::nat.
  1.2002 -                   (op -->::bool => bool => bool)
  1.2003 -                    ((op <::nat => nat => bool) m n)
  1.2004 -                    ((Not::bool => bool) (P m)))))))"
  1.2005 -  by (import arithmetic WOP)
  1.2006 -
  1.2007 -lemma INV_PRE_LESS: "ALL m>0. ALL n::nat. (PRE m < PRE n) = (m < n)"
  1.2008 -  by (import arithmetic INV_PRE_LESS)
  1.2009 -
  1.2010 -lemma INV_PRE_LESS_EQ: "ALL n>0. ALL m::nat. (PRE m <= PRE n) = (m <= n)"
  1.2011 -  by (import arithmetic INV_PRE_LESS_EQ)
  1.2012 -
  1.2013 -lemma SUB_EQ_EQ_0: "ALL (m::nat) n::nat. (m - n = m) = (m = 0 | n = 0)"
  1.2014 -  by (import arithmetic SUB_EQ_EQ_0)
  1.2015 -
  1.2016 -lemma SUB_LESS_OR: "ALL (m::nat) n::nat. n < m --> n <= m - 1"
  1.2017 -  by (import arithmetic SUB_LESS_OR)
  1.2018 -
  1.2019 -lemma LESS_SUB_ADD_LESS: "ALL (n::nat) (m::nat) i::nat. i < n - m --> i + m < n"
  1.2020 -  by (import arithmetic LESS_SUB_ADD_LESS)
  1.2021 -
  1.2022 -lemma LESS_EQ_SUB_LESS: "ALL (x::nat) xa::nat. xa <= x --> (ALL c::nat. (x - xa < c) = (x < xa + c))"
  1.2023 -  by (import arithmetic LESS_EQ_SUB_LESS)
  1.2024 -
  1.2025 -lemma NOT_SUC_LESS_EQ: "ALL (x::nat) xa::nat. (~ Suc x <= xa) = (xa <= x)"
  1.2026 -  by (import arithmetic NOT_SUC_LESS_EQ)
  1.2027 -
  1.2028 -lemma SUB_LESS_EQ_ADD: "ALL (m::nat) p::nat. m <= p --> (ALL n::nat. (p - m <= n) = (p <= m + n))"
  1.2029 -  by (import arithmetic SUB_LESS_EQ_ADD)
  1.2030 -
  1.2031 -lemma SUB_CANCEL: "ALL (x::nat) (xa::nat) xb::nat.
  1.2032 -   xa <= x & xb <= x --> (x - xa = x - xb) = (xa = xb)"
  1.2033 -  by (import arithmetic SUB_CANCEL)
  1.2034 -
  1.2035 -lemma NOT_EXP_0: "ALL (m::nat) n::nat. Suc n ^ m ~= 0"
  1.2036 -  by (import arithmetic NOT_EXP_0)
  1.2037 -
  1.2038 -lemma ZERO_LESS_EXP: "ALL (m::nat) n::nat. 0 < Suc n ^ m"
  1.2039 -  by (import arithmetic ZERO_LESS_EXP)
  1.2040 -
  1.2041 -lemma ODD_OR_EVEN: "ALL x::nat. EX xa::nat. x = Suc (Suc 0) * xa | x = Suc (Suc 0) * xa + 1"
  1.2042 -  by (import arithmetic ODD_OR_EVEN)
  1.2043 -
  1.2044 -lemma LESS_EXP_SUC_MONO: "ALL (n::nat) m::nat. Suc (Suc m) ^ n < Suc (Suc m) ^ Suc n"
  1.2045 -  by (import arithmetic LESS_EXP_SUC_MONO)
  1.2046 -
  1.2047 -lemma LESS_LESS_CASES: "ALL (m::nat) n::nat. m = n | m < n | n < m"
  1.2048 -  by (import arithmetic LESS_LESS_CASES)
  1.2049 -
  1.2050 -lemma LESS_EQUAL_ADD: "ALL (m::nat) n::nat. m <= n --> (EX p::nat. n = m + p)"
  1.2051 -  by (import arithmetic LESS_EQUAL_ADD)
  1.2052 -
  1.2053 -lemma MULT_EQ_1: "ALL (x::nat) y::nat. (x * y = 1) = (x = 1 & y = 1)"
  1.2054 -  by (import arithmetic MULT_EQ_1)
  1.2055 +  sorry
  1.2056 +
  1.2057 +lemma NORM_0: "(0::nat) = (0::nat)"
  1.2058 +  sorry
  1.2059 +
  1.2060 +lemma num_case_compute: "nat_case f g n = (if n = 0 then f else g (PRE n))"
  1.2061 +  sorry
  1.2062 +
  1.2063 +lemma ADD_CLAUSES: "0 + m = m & m + 0 = m & Suc m + n = Suc (m + n) & m + Suc n = Suc (m + n)"
  1.2064 +  sorry
  1.2065 +
  1.2066 +lemma LESS_ADD: "(n::nat) < (m::nat) ==> EX p::nat. p + n = m"
  1.2067 +  sorry
  1.2068 +
  1.2069 +lemma LESS_ANTISYM: "~ ((m::nat) < (n::nat) & n < m)"
  1.2070 +  sorry
  1.2071 +
  1.2072 +lemma LESS_LESS_SUC: "~ (x < xa & xa < Suc x)"
  1.2073 +  sorry
  1.2074 +
  1.2075 +lemma FUN_EQ_LEMMA: "f x1 & ~ f x2 ==> x1 ~= x2"
  1.2076 +  sorry
  1.2077 +
  1.2078 +lemma LESS_NOT_SUC: "m < n & n ~= Suc m ==> Suc m < n"
  1.2079 +  sorry
  1.2080 +
  1.2081 +lemma LESS_0_CASES: "(0::nat) = (m::nat) | (0::nat) < m"
  1.2082 +  sorry
  1.2083 +
  1.2084 +lemma LESS_CASES_IMP: "~ (m::nat) < (n::nat) & m ~= n ==> n < m"
  1.2085 +  sorry
  1.2086 +
  1.2087 +lemma LESS_CASES: "(m::nat) < (n::nat) | n <= m"
  1.2088 +  sorry
  1.2089 +
  1.2090 +lemma LESS_EQ_SUC_REFL: "m <= Suc m"
  1.2091 +  sorry
  1.2092 +
  1.2093 +lemma LESS_ADD_NONZERO: "(n::nat) ~= (0::nat) ==> (m::nat) < m + n"
  1.2094 +  sorry
  1.2095 +
  1.2096 +lemma LESS_EQ_ANTISYM: "~ ((x::nat) < (xa::nat) & xa <= x)"
  1.2097 +  sorry
  1.2098 +
  1.2099 +lemma SUB_0: "(0::nat) - (m::nat) = (0::nat) & m - (0::nat) = m"
  1.2100 +  sorry
  1.2101 +
  1.2102 +lemma PRE_SUB1: "PRE m = m - 1"
  1.2103 +  sorry
  1.2104 +
  1.2105 +lemma MULT_CLAUSES: "0 * x = 0 &
  1.2106 +x * 0 = 0 &
  1.2107 +1 * x = x & x * 1 = x & Suc x * xa = x * xa + xa & x * Suc xa = x + x * xa"
  1.2108 +  sorry
  1.2109 +
  1.2110 +lemma PRE_SUB: "PRE (m - n) = PRE m - n"
  1.2111 +  sorry
  1.2112 +
  1.2113 +lemma ADD_EQ_1: "((m::nat) + (n::nat) = (1::nat)) =
  1.2114 +(m = (1::nat) & n = (0::nat) | m = (0::nat) & n = (1::nat))"
  1.2115 +  sorry
  1.2116 +
  1.2117 +lemma ADD_INV_0_EQ: "((m::nat) + (n::nat) = m) = (n = (0::nat))"
  1.2118 +  sorry
  1.2119 +
  1.2120 +lemma PRE_SUC_EQ: "0 < n ==> (m = PRE n) = (Suc m = n)"
  1.2121 +  sorry
  1.2122 +
  1.2123 +lemma INV_PRE_EQ: "0 < m & 0 < n ==> (PRE m = PRE n) = (m = n)"
  1.2124 +  sorry
  1.2125 +
  1.2126 +lemma LESS_SUC_NOT: "m < n ==> ~ n < Suc m"
  1.2127 +  sorry
  1.2128 +
  1.2129 +lemma ADD_EQ_SUB: "(n::nat) <= (p::nat) ==> ((m::nat) + n = p) = (m = p - n)"
  1.2130 +  sorry
  1.2131 +
  1.2132 +lemma LESS_ADD_1: "(xa::nat) < (x::nat) ==> EX xb::nat. x = xa + (xb + (1::nat))"
  1.2133 +  sorry
  1.2134 +
  1.2135 +lemma NOT_ODD_EQ_EVEN: "Suc (n + n) ~= m + m"
  1.2136 +  sorry
  1.2137 +
  1.2138 +lemma MULT_SUC_EQ: "(n * Suc p = m * Suc p) = (n = m)"
  1.2139 +  sorry
  1.2140 +
  1.2141 +lemma MULT_EXP_MONO: "(n * Suc q ^ p = m * Suc q ^ p) = (n = m)"
  1.2142 +  sorry
  1.2143 +
  1.2144 +lemma LESS_ADD_SUC: "m < m + Suc n"
  1.2145 +  sorry
  1.2146 +
  1.2147 +lemma LESS_OR_EQ_ADD: "(n::nat) < (m::nat) | (EX p::nat. n = p + m)"
  1.2148 +  sorry
  1.2149 +
  1.2150 +lemma WOP: "Ex (P::nat => bool) ==> EX n::nat. P n & (ALL m<n. ~ P m)"
  1.2151 +  sorry
  1.2152 +
  1.2153 +lemma INV_PRE_LESS: "0 < m ==> (PRE m < PRE n) = (m < n)"
  1.2154 +  sorry
  1.2155 +
  1.2156 +lemma INV_PRE_LESS_EQ: "0 < n ==> (PRE m <= PRE n) = (m <= n)"
  1.2157 +  sorry
  1.2158 +
  1.2159 +lemma SUB_EQ_EQ_0: "((m::nat) - (n::nat) = m) = (m = (0::nat) | n = (0::nat))"
  1.2160 +  sorry
  1.2161 +
  1.2162 +lemma SUB_LESS_OR: "(n::nat) < (m::nat) ==> n <= m - (1::nat)"
  1.2163 +  sorry
  1.2164 +
  1.2165 +lemma LESS_SUB_ADD_LESS: "(i::nat) < (n::nat) - (m::nat) ==> i + m < n"
  1.2166 +  sorry
  1.2167 +
  1.2168 +lemma LESS_EQ_SUB_LESS: "(xa::nat) <= (x::nat) ==> (x - xa < (c::nat)) = (x < xa + c)"
  1.2169 +  sorry
  1.2170 +
  1.2171 +lemma NOT_SUC_LESS_EQ: "(~ Suc x <= xa) = (xa <= x)"
  1.2172 +  sorry
  1.2173 +
  1.2174 +lemma SUB_LESS_EQ_ADD: "(m::nat) <= (p::nat) ==> (p - m <= (n::nat)) = (p <= m + n)"
  1.2175 +  sorry
  1.2176 +
  1.2177 +lemma SUB_CANCEL: "(xa::nat) <= (x::nat) & (xb::nat) <= x ==> (x - xa = x - xb) = (xa = xb)"
  1.2178 +  sorry
  1.2179 +
  1.2180 +lemma NOT_EXP_0: "Suc n ^ m ~= 0"
  1.2181 +  sorry
  1.2182 +
  1.2183 +lemma ZERO_LESS_EXP: "0 < Suc n ^ m"
  1.2184 +  sorry
  1.2185 +
  1.2186 +lemma ODD_OR_EVEN: "EX xa. x = Suc (Suc 0) * xa | x = Suc (Suc 0) * xa + 1"
  1.2187 +  sorry
  1.2188 +
  1.2189 +lemma LESS_EXP_SUC_MONO: "Suc (Suc m) ^ n < Suc (Suc m) ^ Suc n"
  1.2190 +  sorry
  1.2191 +
  1.2192 +lemma LESS_LESS_CASES: "(m::nat) = (n::nat) | m < n | n < m"
  1.2193 +  sorry
  1.2194  
  1.2195  consts
  1.2196    FACT :: "nat => nat" 
  1.2197  
  1.2198 -specification (FACT) FACT: "FACT 0 = 1 & (ALL n::nat. FACT (Suc n) = Suc n * FACT n)"
  1.2199 -  by (import arithmetic FACT)
  1.2200 -
  1.2201 -lemma FACT_LESS: "ALL n::nat. 0 < FACT n"
  1.2202 -  by (import arithmetic FACT_LESS)
  1.2203 -
  1.2204 -lemma EVEN_ODD: "ALL n::nat. EVEN n = (~ ODD n)"
  1.2205 -  by (import arithmetic EVEN_ODD)
  1.2206 -
  1.2207 -lemma ODD_EVEN: "ALL x::nat. ODD x = (~ EVEN x)"
  1.2208 -  by (import arithmetic ODD_EVEN)
  1.2209 -
  1.2210 -lemma EVEN_OR_ODD: "ALL x::nat. EVEN x | ODD x"
  1.2211 -  by (import arithmetic EVEN_OR_ODD)
  1.2212 -
  1.2213 -lemma EVEN_AND_ODD: "ALL x::nat. ~ (EVEN x & ODD x)"
  1.2214 -  by (import arithmetic EVEN_AND_ODD)
  1.2215 -
  1.2216 -lemma EVEN_ADD: "ALL (m::nat) n::nat. EVEN (m + n) = (EVEN m = EVEN n)"
  1.2217 -  by (import arithmetic EVEN_ADD)
  1.2218 -
  1.2219 -lemma EVEN_MULT: "ALL (m::nat) n::nat. EVEN (m * n) = (EVEN m | EVEN n)"
  1.2220 -  by (import arithmetic EVEN_MULT)
  1.2221 -
  1.2222 -lemma ODD_ADD: "ALL (m::nat) n::nat. ODD (m + n) = (ODD m ~= ODD n)"
  1.2223 -  by (import arithmetic ODD_ADD)
  1.2224 -
  1.2225 -lemma ODD_MULT: "ALL (m::nat) n::nat. ODD (m * n) = (ODD m & ODD n)"
  1.2226 -  by (import arithmetic ODD_MULT)
  1.2227 -
  1.2228 -lemma EVEN_DOUBLE: "ALL n::nat. EVEN (2 * n)"
  1.2229 -  by (import arithmetic EVEN_DOUBLE)
  1.2230 -
  1.2231 -lemma ODD_DOUBLE: "ALL x::nat. ODD (Suc (2 * x))"
  1.2232 -  by (import arithmetic ODD_DOUBLE)
  1.2233 -
  1.2234 -lemma EVEN_ODD_EXISTS: "ALL x::nat.
  1.2235 -   (EVEN x --> (EX m::nat. x = 2 * m)) &
  1.2236 -   (ODD x --> (EX m::nat. x = Suc (2 * m)))"
  1.2237 -  by (import arithmetic EVEN_ODD_EXISTS)
  1.2238 -
  1.2239 -lemma EVEN_EXISTS: "ALL n::nat. EVEN n = (EX m::nat. n = 2 * m)"
  1.2240 -  by (import arithmetic EVEN_EXISTS)
  1.2241 -
  1.2242 -lemma ODD_EXISTS: "ALL n::nat. ODD n = (EX m::nat. n = Suc (2 * m))"
  1.2243 -  by (import arithmetic ODD_EXISTS)
  1.2244 -
  1.2245 -lemma NOT_SUC_LESS_EQ_0: "ALL x::nat. ~ Suc x <= 0"
  1.2246 -  by (import arithmetic NOT_SUC_LESS_EQ_0)
  1.2247 -
  1.2248 -lemma NOT_LEQ: "ALL (x::nat) xa::nat. (~ x <= xa) = (Suc xa <= x)"
  1.2249 -  by (import arithmetic NOT_LEQ)
  1.2250 -
  1.2251 -lemma NOT_NUM_EQ: "ALL (x::nat) xa::nat. (x ~= xa) = (Suc x <= xa | Suc xa <= x)"
  1.2252 -  by (import arithmetic NOT_NUM_EQ)
  1.2253 -
  1.2254 -lemma NOT_GREATER_EQ: "ALL (x::nat) xa::nat. (~ xa <= x) = (Suc x <= xa)"
  1.2255 -  by (import arithmetic NOT_GREATER_EQ)
  1.2256 -
  1.2257 -lemma SUC_ADD_SYM: "ALL (m::nat) n::nat. Suc (m + n) = Suc n + m"
  1.2258 -  by (import arithmetic SUC_ADD_SYM)
  1.2259 -
  1.2260 -lemma NOT_SUC_ADD_LESS_EQ: "ALL (m::nat) n::nat. ~ Suc (m + n) <= m"
  1.2261 -  by (import arithmetic NOT_SUC_ADD_LESS_EQ)
  1.2262 -
  1.2263 -lemma SUB_LEFT_ADD: "ALL (m::nat) (n::nat) p::nat.
  1.2264 -   m + (n - p) = (if n <= p then m else m + n - p)"
  1.2265 -  by (import arithmetic SUB_LEFT_ADD)
  1.2266 -
  1.2267 -lemma SUB_RIGHT_ADD: "ALL (m::nat) (n::nat) p::nat. m - n + p = (if m <= n then p else m + p - n)"
  1.2268 -  by (import arithmetic SUB_RIGHT_ADD)
  1.2269 -
  1.2270 -lemma SUB_LEFT_SUB: "ALL (m::nat) (n::nat) p::nat.
  1.2271 -   m - (n - p) = (if n <= p then m else m + p - n)"
  1.2272 -  by (import arithmetic SUB_LEFT_SUB)
  1.2273 -
  1.2274 -lemma SUB_LEFT_SUC: "ALL (m::nat) n::nat. Suc (m - n) = (if m <= n then Suc 0 else Suc m - n)"
  1.2275 -  by (import arithmetic SUB_LEFT_SUC)
  1.2276 -
  1.2277 -lemma SUB_LEFT_LESS_EQ: "ALL (m::nat) (n::nat) p::nat. (m <= n - p) = (m + p <= n | m <= 0)"
  1.2278 -  by (import arithmetic SUB_LEFT_LESS_EQ)
  1.2279 -
  1.2280 -lemma SUB_RIGHT_LESS_EQ: "ALL (m::nat) (n::nat) p::nat. (m - n <= p) = (m <= n + p)"
  1.2281 -  by (import arithmetic SUB_RIGHT_LESS_EQ)
  1.2282 -
  1.2283 -lemma SUB_RIGHT_LESS: "ALL (m::nat) (n::nat) p::nat. (m - n < p) = (m < n + p & 0 < p)"
  1.2284 -  by (import arithmetic SUB_RIGHT_LESS)
  1.2285 -
  1.2286 -lemma SUB_RIGHT_GREATER_EQ: "ALL (m::nat) (n::nat) p::nat. (p <= m - n) = (n + p <= m | p <= 0)"
  1.2287 -  by (import arithmetic SUB_RIGHT_GREATER_EQ)
  1.2288 -
  1.2289 -lemma SUB_LEFT_GREATER: "ALL (m::nat) (n::nat) p::nat. (n - p < m) = (n < m + p & 0 < m)"
  1.2290 -  by (import arithmetic SUB_LEFT_GREATER)
  1.2291 -
  1.2292 -lemma SUB_RIGHT_GREATER: "ALL (m::nat) (n::nat) p::nat. (p < m - n) = (n + p < m)"
  1.2293 -  by (import arithmetic SUB_RIGHT_GREATER)
  1.2294 -
  1.2295 -lemma SUB_LEFT_EQ: "ALL (m::nat) (n::nat) p::nat. (m = n - p) = (m + p = n | m <= 0 & n <= p)"
  1.2296 -  by (import arithmetic SUB_LEFT_EQ)
  1.2297 -
  1.2298 -lemma SUB_RIGHT_EQ: "ALL (m::nat) (n::nat) p::nat. (m - n = p) = (m = n + p | m <= n & p <= 0)"
  1.2299 -  by (import arithmetic SUB_RIGHT_EQ)
  1.2300 -
  1.2301 -lemma LE: "(ALL n::nat. (n <= 0) = (n = 0)) &
  1.2302 +specification (FACT) FACT: "FACT 0 = 1 & (ALL n. FACT (Suc n) = Suc n * FACT n)"
  1.2303 +  sorry
  1.2304 +
  1.2305 +lemma FACT_LESS: "0 < FACT n"
  1.2306 +  sorry
  1.2307 +
  1.2308 +lemma EVEN_ODD: "EVEN n = (~ ODD n)"
  1.2309 +  sorry
  1.2310 +
  1.2311 +lemma ODD_EVEN: "ODD x = (~ EVEN x)"
  1.2312 +  sorry
  1.2313 +
  1.2314 +lemma EVEN_OR_ODD: "EVEN x | ODD x"
  1.2315 +  sorry
  1.2316 +
  1.2317 +lemma EVEN_AND_ODD: "~ (EVEN x & ODD x)"
  1.2318 +  sorry
  1.2319 +
  1.2320 +lemma EVEN_ADD: "EVEN (m + n) = (EVEN m = EVEN n)"
  1.2321 +  sorry
  1.2322 +
  1.2323 +lemma EVEN_MULT: "EVEN (m * n) = (EVEN m | EVEN n)"
  1.2324 +  sorry
  1.2325 +
  1.2326 +lemma ODD_ADD: "ODD (m + n) = (ODD m ~= ODD n)"
  1.2327 +  sorry
  1.2328 +
  1.2329 +lemma ODD_MULT: "ODD (m * n) = (ODD m & ODD n)"
  1.2330 +  sorry
  1.2331 +
  1.2332 +lemma EVEN_DOUBLE: "EVEN (2 * n)"
  1.2333 +  sorry
  1.2334 +
  1.2335 +lemma ODD_DOUBLE: "ODD (Suc (2 * x))"
  1.2336 +  sorry
  1.2337 +
  1.2338 +lemma EVEN_ODD_EXISTS: "(EVEN x --> (EX m. x = 2 * m)) & (ODD x --> (EX m. x = Suc (2 * m)))"
  1.2339 +  sorry
  1.2340 +
  1.2341 +lemma EVEN_EXISTS: "EVEN n = (EX m. n = 2 * m)"
  1.2342 +  sorry
  1.2343 +
  1.2344 +lemma ODD_EXISTS: "ODD n = (EX m. n = Suc (2 * m))"
  1.2345 +  sorry
  1.2346 +
  1.2347 +lemma NOT_SUC_LESS_EQ_0: "~ Suc x <= 0"
  1.2348 +  sorry
  1.2349 +
  1.2350 +lemma NOT_NUM_EQ: "(x ~= xa) = (Suc x <= xa | Suc xa <= x)"
  1.2351 +  sorry
  1.2352 +
  1.2353 +lemma SUC_ADD_SYM: "Suc (m + n) = Suc n + m"
  1.2354 +  sorry
  1.2355 +
  1.2356 +lemma NOT_SUC_ADD_LESS_EQ: "~ Suc (m + n) <= m"
  1.2357 +  sorry
  1.2358 +
  1.2359 +lemma SUB_LEFT_ADD: "(m::nat) + ((n::nat) - (p::nat)) = (if n <= p then m else m + n - p)"
  1.2360 +  sorry
  1.2361 +
  1.2362 +lemma SUB_RIGHT_ADD: "(m::nat) - (n::nat) + (p::nat) = (if m <= n then p else m + p - n)"
  1.2363 +  sorry
  1.2364 +
  1.2365 +lemma SUB_LEFT_SUB: "(m::nat) - ((n::nat) - (p::nat)) = (if n <= p then m else m + p - n)"
  1.2366 +  sorry
  1.2367 +
  1.2368 +lemma SUB_LEFT_SUC: "Suc (m - n) = (if m <= n then Suc 0 else Suc m - n)"
  1.2369 +  sorry
  1.2370 +
  1.2371 +lemma SUB_LEFT_LESS_EQ: "((m::nat) <= (n::nat) - (p::nat)) = (m + p <= n | m <= (0::nat))"
  1.2372 +  sorry
  1.2373 +
  1.2374 +lemma SUB_RIGHT_LESS_EQ: "((m::nat) - (n::nat) <= (p::nat)) = (m <= n + p)"
  1.2375 +  sorry
  1.2376 +
  1.2377 +lemma SUB_RIGHT_LESS: "((m::nat) - (n::nat) < (p::nat)) = (m < n + p & (0::nat) < p)"
  1.2378 +  sorry
  1.2379 +
  1.2380 +lemma SUB_RIGHT_GREATER_EQ: "((p::nat) <= (m::nat) - (n::nat)) = (n + p <= m | p <= (0::nat))"
  1.2381 +  sorry
  1.2382 +
  1.2383 +lemma SUB_LEFT_GREATER: "((n::nat) - (p::nat) < (m::nat)) = (n < m + p & (0::nat) < m)"
  1.2384 +  sorry
  1.2385 +
  1.2386 +lemma SUB_RIGHT_GREATER: "((p::nat) < (m::nat) - (n::nat)) = (n + p < m)"
  1.2387 +  sorry
  1.2388 +
  1.2389 +lemma SUB_LEFT_EQ: "((m::nat) = (n::nat) - (p::nat)) = (m + p = n | m <= (0::nat) & n <= p)"
  1.2390 +  sorry
  1.2391 +
  1.2392 +lemma SUB_RIGHT_EQ: "((m::nat) - (n::nat) = (p::nat)) = (m = n + p | m <= n & p <= (0::nat))"
  1.2393 +  sorry
  1.2394 +
  1.2395 +lemma LE: "(ALL n::nat. (n <= (0::nat)) = (n = (0::nat))) &
  1.2396  (ALL (m::nat) n::nat. (m <= Suc n) = (m = Suc n | m <= n))"
  1.2397 -  by (import arithmetic LE)
  1.2398 -
  1.2399 -lemma DA: "ALL (k::nat) n::nat. 0 < n --> (EX (x::nat) q::nat. k = q * n + x & x < n)"
  1.2400 -  by (import arithmetic DA)
  1.2401 -
  1.2402 -lemma DIV_LESS_EQ: "ALL n>0. ALL k::nat. k div n <= k"
  1.2403 -  by (import arithmetic DIV_LESS_EQ)
  1.2404 -
  1.2405 -lemma DIV_UNIQUE: "ALL (n::nat) (k::nat) q::nat.
  1.2406 -   (EX r::nat. k = q * n + r & r < n) --> k div n = q"
  1.2407 -  by (import arithmetic DIV_UNIQUE)
  1.2408 -
  1.2409 -lemma MOD_UNIQUE: "ALL (n::nat) (k::nat) r::nat.
  1.2410 -   (EX q::nat. k = q * n + r & r < n) --> k mod n = r"
  1.2411 -  by (import arithmetic MOD_UNIQUE)
  1.2412 -
  1.2413 -lemma DIV_MULT: "ALL (n::nat) r::nat. r < n --> (ALL q::nat. (q * n + r) div n = q)"
  1.2414 -  by (import arithmetic DIV_MULT)
  1.2415 -
  1.2416 -lemma MOD_EQ_0: "ALL n>0. ALL k::nat. k * n mod n = 0"
  1.2417 -  by (import arithmetic MOD_EQ_0)
  1.2418 -
  1.2419 -lemma ZERO_MOD: "(All::(nat => bool) => bool)
  1.2420 - (%n::nat.
  1.2421 -     (op -->::bool => bool => bool) ((op <::nat => nat => bool) (0::nat) n)
  1.2422 -      ((op =::nat => nat => bool) ((op mod::nat => nat => nat) (0::nat) n)
  1.2423 -        (0::nat)))"
  1.2424 -  by (import arithmetic ZERO_MOD)
  1.2425 -
  1.2426 -lemma ZERO_DIV: "(All::(nat => bool) => bool)
  1.2427 - (%n::nat.
  1.2428 -     (op -->::bool => bool => bool) ((op <::nat => nat => bool) (0::nat) n)
  1.2429 -      ((op =::nat => nat => bool) ((op div::nat => nat => nat) (0::nat) n)
  1.2430 -        (0::nat)))"
  1.2431 -  by (import arithmetic ZERO_DIV)
  1.2432 -
  1.2433 -lemma MOD_MULT: "ALL (n::nat) r::nat. r < n --> (ALL q::nat. (q * n + r) mod n = r)"
  1.2434 -  by (import arithmetic MOD_MULT)
  1.2435 -
  1.2436 -lemma MOD_TIMES: "ALL n>0. ALL (q::nat) r::nat. (q * n + r) mod n = r mod n"
  1.2437 -  by (import arithmetic MOD_TIMES)
  1.2438 -
  1.2439 -lemma MOD_PLUS: "ALL n>0. ALL (j::nat) k::nat. (j mod n + k mod n) mod n = (j + k) mod n"
  1.2440 -  by (import arithmetic MOD_PLUS)
  1.2441 -
  1.2442 -lemma MOD_MOD: "ALL n>0. ALL k::nat. k mod n mod n = k mod n"
  1.2443 -  by (import arithmetic MOD_MOD)
  1.2444 -
  1.2445 -lemma ADD_DIV_ADD_DIV: "ALL x>0. ALL (xa::nat) r::nat. (xa * x + r) div x = xa + r div x"
  1.2446 -  by (import arithmetic ADD_DIV_ADD_DIV)
  1.2447 -
  1.2448 -lemma MOD_MULT_MOD: "ALL (m::nat) n::nat.
  1.2449 -   0 < n & 0 < m --> (ALL x::nat. x mod (n * m) mod n = x mod n)"
  1.2450 -  by (import arithmetic MOD_MULT_MOD)
  1.2451 -
  1.2452 -lemma DIVMOD_ID: "(All::(nat => bool) => bool)
  1.2453 - (%n::nat.
  1.2454 -     (op -->::bool => bool => bool) ((op <::nat => nat => bool) (0::nat) n)
  1.2455 -      ((op &::bool => bool => bool)
  1.2456 -        ((op =::nat => nat => bool) ((op div::nat => nat => nat) n n)
  1.2457 -          (1::nat))
  1.2458 -        ((op =::nat => nat => bool) ((op mod::nat => nat => nat) n n)
  1.2459 -          (0::nat))))"
  1.2460 -  by (import arithmetic DIVMOD_ID)
  1.2461 -
  1.2462 -lemma DIV_DIV_DIV_MULT: "ALL (x::nat) xa::nat.
  1.2463 -   0 < x & 0 < xa --> (ALL xb::nat. xb div x div xa = xb div (x * xa))"
  1.2464 -  by (import arithmetic DIV_DIV_DIV_MULT)
  1.2465 -
  1.2466 -lemma DIV_P: "ALL (P::nat => bool) (p::nat) q::nat.
  1.2467 -   0 < q --> P (p div q) = (EX (k::nat) r::nat. p = k * q + r & r < q & P k)"
  1.2468 -  by (import arithmetic DIV_P)
  1.2469 -
  1.2470 -lemma MOD_P: "ALL (P::nat => bool) (p::nat) q::nat.
  1.2471 -   0 < q --> P (p mod q) = (EX (k::nat) r::nat. p = k * q + r & r < q & P r)"
  1.2472 -  by (import arithmetic MOD_P)
  1.2473 -
  1.2474 -lemma MOD_TIMES2: "ALL n>0. ALL (j::nat) k::nat. j mod n * (k mod n) mod n = j * k mod n"
  1.2475 -  by (import arithmetic MOD_TIMES2)
  1.2476 -
  1.2477 -lemma MOD_COMMON_FACTOR: "ALL (n::nat) (p::nat) q::nat.
  1.2478 -   0 < n & 0 < q --> n * (p mod q) = n * p mod (n * q)"
  1.2479 -  by (import arithmetic MOD_COMMON_FACTOR)
  1.2480 -
  1.2481 -lemma num_case_cong: "ALL (M::nat) (M'::nat) (b::'a::type) f::nat => 'a::type.
  1.2482 -   M = M' &
  1.2483 -   (M' = 0 --> b = (b'::'a::type)) &
  1.2484 -   (ALL n::nat. M' = Suc n --> f n = (f'::nat => 'a::type) n) -->
  1.2485 -   nat_case b f M = nat_case b' f' M'"
  1.2486 -  by (import arithmetic num_case_cong)
  1.2487 -
  1.2488 -lemma SUC_ELIM_THM: "ALL P::nat => nat => bool.
  1.2489 -   (ALL n::nat. P (Suc n) n) = (ALL n>0. P n (n - 1))"
  1.2490 -  by (import arithmetic SUC_ELIM_THM)
  1.2491 +  sorry
  1.2492 +
  1.2493 +lemma DA: "(0::nat) < (n::nat) ==> EX (x::nat) q::nat. (k::nat) = q * n + x & x < n"
  1.2494 +  sorry
  1.2495 +
  1.2496 +lemma DIV_LESS_EQ: "(0::nat) < (n::nat) ==> (k::nat) div n <= k"
  1.2497 +  sorry
  1.2498 +
  1.2499 +lemma DIV_UNIQUE: "EX r::nat. (k::nat) = (q::nat) * (n::nat) + r & r < n ==> k div n = q"
  1.2500 +  sorry
  1.2501 +
  1.2502 +lemma MOD_UNIQUE: "EX q::nat. (k::nat) = q * (n::nat) + (r::nat) & r < n ==> k mod n = r"
  1.2503 +  sorry
  1.2504 +
  1.2505 +lemma DIV_MULT: "(r::nat) < (n::nat) ==> ((q::nat) * n + r) div n = q"
  1.2506 +  sorry
  1.2507 +
  1.2508 +lemma MOD_EQ_0: "(0::nat) < (n::nat) ==> (k::nat) * n mod n = (0::nat)"
  1.2509 +  sorry
  1.2510 +
  1.2511 +lemma ZERO_MOD: "(0::nat) < (n::nat) ==> (0::nat) mod n = (0::nat)"
  1.2512 +  sorry
  1.2513 +
  1.2514 +lemma ZERO_DIV: "(0::nat) < (n::nat) ==> (0::nat) div n = (0::nat)"
  1.2515 +  sorry
  1.2516 +
  1.2517 +lemma MOD_MULT: "(r::nat) < (n::nat) ==> ((q::nat) * n + r) mod n = r"
  1.2518 +  sorry
  1.2519 +
  1.2520 +lemma MOD_TIMES: "(0::nat) < (n::nat) ==> ((q::nat) * n + (r::nat)) mod n = r mod n"
  1.2521 +  sorry
  1.2522 +
  1.2523 +lemma MOD_PLUS: "(0::nat) < (n::nat)
  1.2524 +==> ((j::nat) mod n + (k::nat) mod n) mod n = (j + k) mod n"
  1.2525 +  sorry
  1.2526 +
  1.2527 +lemma MOD_MOD: "(0::nat) < (n::nat) ==> (k::nat) mod n mod n = k mod n"
  1.2528 +  sorry
  1.2529 +
  1.2530 +lemma ADD_DIV_ADD_DIV: "(0::nat) < (x::nat) ==> ((xa::nat) * x + (r::nat)) div x = xa + r div x"
  1.2531 +  sorry
  1.2532 +
  1.2533 +lemma MOD_MULT_MOD: "(0::nat) < (n::nat) & (0::nat) < (m::nat)
  1.2534 +==> (x::nat) mod (n * m) mod n = x mod n"
  1.2535 +  sorry
  1.2536 +
  1.2537 +lemma DIVMOD_ID: "(0::nat) < (n::nat) ==> n div n = (1::nat) & n mod n = (0::nat)"
  1.2538 +  sorry
  1.2539 +
  1.2540 +lemma DIV_DIV_DIV_MULT: "(0::nat) < (x::nat) & (0::nat) < (xa::nat)
  1.2541 +==> (xb::nat) div x div xa = xb div (x * xa)"
  1.2542 +  sorry
  1.2543 +
  1.2544 +lemma DIV_P: "(0::nat) < (q::nat)
  1.2545 +==> (P::nat => bool) ((p::nat) div q) =
  1.2546 +    (EX (k::nat) r::nat. p = k * q + r & r < q & P k)"
  1.2547 +  sorry
  1.2548 +
  1.2549 +lemma MOD_P: "(0::nat) < (q::nat)
  1.2550 +==> (P::nat => bool) ((p::nat) mod q) =
  1.2551 +    (EX (k::nat) r::nat. p = k * q + r & r < q & P r)"
  1.2552 +  sorry
  1.2553 +
  1.2554 +lemma MOD_TIMES2: "(0::nat) < (n::nat)
  1.2555 +==> (j::nat) mod n * ((k::nat) mod n) mod n = j * k mod n"
  1.2556 +  sorry
  1.2557 +
  1.2558 +lemma MOD_COMMON_FACTOR: "(0::nat) < (n::nat) & (0::nat) < (q::nat)
  1.2559 +==> n * ((p::nat) mod q) = n * p mod (n * q)"
  1.2560 +  sorry
  1.2561 +
  1.2562 +lemma num_case_cong: "M = M' & (M' = 0 --> b = b') & (ALL n. M' = Suc n --> f n = f' n)
  1.2563 +==> nat_case b f M = nat_case b' f' M'"
  1.2564 +  sorry
  1.2565 +
  1.2566 +lemma SUC_ELIM_THM: "(ALL n. P (Suc n) n) = (ALL n>0. P n (n - 1))"
  1.2567 +  sorry
  1.2568  
  1.2569  lemma SUB_ELIM_THM: "(P::nat => bool) ((a::nat) - (b::nat)) =
  1.2570 -(ALL x::nat. (b = a + x --> P 0) & (a = b + x --> P x))"
  1.2571 -  by (import arithmetic SUB_ELIM_THM)
  1.2572 -
  1.2573 -lemma PRE_ELIM_THM: "(P::nat => bool) (PRE (n::nat)) =
  1.2574 -(ALL m::nat. (n = 0 --> P 0) & (n = Suc m --> P m))"
  1.2575 -  by (import arithmetic PRE_ELIM_THM)
  1.2576 -
  1.2577 -lemma MULT_INCREASES: "ALL (m::nat) n::nat. 1 < m & 0 < n --> Suc n <= m * n"
  1.2578 -  by (import arithmetic MULT_INCREASES)
  1.2579 -
  1.2580 -lemma EXP_ALWAYS_BIG_ENOUGH: "ALL b>1. ALL n::nat. EX m::nat. n <= b ^ m"
  1.2581 -  by (import arithmetic EXP_ALWAYS_BIG_ENOUGH)
  1.2582 -
  1.2583 -lemma EXP_EQ_0: "ALL (n::nat) m::nat. (n ^ m = 0) = (n = 0 & 0 < m)"
  1.2584 -  by (import arithmetic EXP_EQ_0)
  1.2585 -
  1.2586 -lemma EXP_1: "(All::(nat => bool) => bool)
  1.2587 - (%x::nat.
  1.2588 -     (op &::bool => bool => bool)
  1.2589 -      ((op =::nat => nat => bool) ((op ^::nat => nat => nat) (1::nat) x)
  1.2590 -        (1::nat))
  1.2591 -      ((op =::nat => nat => bool) ((op ^::nat => nat => nat) x (1::nat)) x))"
  1.2592 -  by (import arithmetic EXP_1)
  1.2593 -
  1.2594 -lemma EXP_EQ_1: "ALL (n::nat) m::nat. (n ^ m = 1) = (n = 1 | m = 0)"
  1.2595 -  by (import arithmetic EXP_EQ_1)
  1.2596 -
  1.2597 -lemma MIN_MAX_EQ: "ALL (x::nat) xa::nat. (min x xa = max x xa) = (x = xa)"
  1.2598 -  by (import arithmetic MIN_MAX_EQ)
  1.2599 -
  1.2600 -lemma MIN_MAX_LT: "ALL (x::nat) xa::nat. (min x xa < max x xa) = (x ~= xa)"
  1.2601 -  by (import arithmetic MIN_MAX_LT)
  1.2602 -
  1.2603 -lemma MIN_MAX_PRED: "ALL (P::nat => bool) (m::nat) n::nat.
  1.2604 -   P m & P n --> P (min m n) & P (max m n)"
  1.2605 -  by (import arithmetic MIN_MAX_PRED)
  1.2606 -
  1.2607 -lemma MIN_LT: "ALL (x::nat) xa::nat.
  1.2608 -   (min xa x < xa) = (xa ~= x & min xa x = x) &
  1.2609 -   (min xa x < x) = (xa ~= x & min xa x = xa) &
  1.2610 -   (xa < min xa x) = False & (x < min xa x) = False"
  1.2611 -  by (import arithmetic MIN_LT)
  1.2612 -
  1.2613 -lemma MAX_LT: "ALL (x::nat) xa::nat.
  1.2614 -   (xa < max xa x) = (xa ~= x & max xa x = x) &
  1.2615 -   (x < max xa x) = (xa ~= x & max xa x = xa) &
  1.2616 -   (max xa x < xa) = False & (max xa x < x) = False"
  1.2617 -  by (import arithmetic MAX_LT)
  1.2618 -
  1.2619 -lemma MIN_LE: "ALL (x::nat) xa::nat. min xa x <= xa & min xa x <= x"
  1.2620 -  by (import arithmetic MIN_LE)
  1.2621 -
  1.2622 -lemma MAX_LE: "ALL (x::nat) xa::nat. xa <= max xa x & x <= max xa x"
  1.2623 -  by (import arithmetic MAX_LE)
  1.2624 -
  1.2625 -lemma MIN_0: "ALL x::nat. min x 0 = 0 & min 0 x = 0"
  1.2626 -  by (import arithmetic MIN_0)
  1.2627 -
  1.2628 -lemma MAX_0: "ALL x::nat. max x 0 = x & max 0 x = x"
  1.2629 -  by (import arithmetic MAX_0)
  1.2630 -
  1.2631 -lemma EXISTS_GREATEST: "ALL P::nat => bool.
  1.2632 -   (Ex P & (EX x::nat. ALL y::nat. x < y --> ~ P y)) =
  1.2633 -   (EX x::nat. P x & (ALL y::nat. x < y --> ~ P y))"
  1.2634 -  by (import arithmetic EXISTS_GREATEST)
  1.2635 +(ALL x::nat. (b = a + x --> P (0::nat)) & (a = b + x --> P x))"
  1.2636 +  sorry
  1.2637 +
  1.2638 +lemma PRE_ELIM_THM: "P (PRE n) = (ALL m. (n = 0 --> P 0) & (n = Suc m --> P m))"
  1.2639 +  sorry
  1.2640 +
  1.2641 +lemma MULT_INCREASES: "1 < m & 0 < n ==> Suc n <= m * n"
  1.2642 +  sorry
  1.2643 +
  1.2644 +lemma EXP_ALWAYS_BIG_ENOUGH: "(1::nat) < (b::nat) ==> EX m::nat. (n::nat) <= b ^ m"
  1.2645 +  sorry
  1.2646 +
  1.2647 +lemma EXP_EQ_0: "((n::nat) ^ (m::nat) = (0::nat)) = (n = (0::nat) & (0::nat) < m)"
  1.2648 +  sorry
  1.2649 +
  1.2650 +lemma EXP_1: "(1::nat) ^ (x::nat) = (1::nat) & x ^ (1::nat) = x"
  1.2651 +  sorry
  1.2652 +
  1.2653 +lemma MIN_MAX_EQ: "(min (x::nat) (xa::nat) = max x xa) = (x = xa)"
  1.2654 +  sorry
  1.2655 +
  1.2656 +lemma MIN_MAX_LT: "(min (x::nat) (xa::nat) < max x xa) = (x ~= xa)"
  1.2657 +  sorry
  1.2658 +
  1.2659 +lemma MIN_MAX_PRED: "(P::nat => bool) (m::nat) & P (n::nat) ==> P (min m n) & P (max m n)"
  1.2660 +  sorry
  1.2661 +
  1.2662 +lemma MIN_LT: "(min (xa::nat) (x::nat) < xa) = (xa ~= x & min xa x = x) &
  1.2663 +(min xa x < x) = (xa ~= x & min xa x = xa) &
  1.2664 +(xa < min xa x) = False & (x < min xa x) = False"
  1.2665 +  sorry
  1.2666 +
  1.2667 +lemma MAX_LT: "((xa::nat) < max xa (x::nat)) = (xa ~= x & max xa x = x) &
  1.2668 +(x < max xa x) = (xa ~= x & max xa x = xa) &
  1.2669 +(max xa x < xa) = False & (max xa x < x) = False"
  1.2670 +  sorry
  1.2671 +
  1.2672 +lemma MIN_LE: "min (xa::nat) (x::nat) <= xa & min xa x <= x"
  1.2673 +  sorry
  1.2674 +
  1.2675 +lemma MAX_LE: "(xa::nat) <= max xa (x::nat) & x <= max xa x"
  1.2676 +  sorry
  1.2677 +
  1.2678 +lemma MIN_0: "min (x::nat) (0::nat) = (0::nat) & min (0::nat) x = (0::nat)"
  1.2679 +  sorry
  1.2680 +
  1.2681 +lemma MAX_0: "max (x::nat) (0::nat) = x & max (0::nat) x = x"
  1.2682 +  sorry
  1.2683 +
  1.2684 +lemma EXISTS_GREATEST: "(Ex (P::nat => bool) & (EX x::nat. ALL y>x. ~ P y)) =
  1.2685 +(EX x::nat. P x & (ALL y>x. ~ P y))"
  1.2686 +  sorry
  1.2687  
  1.2688  ;end_setup
  1.2689  
  1.2690  ;setup_theory hrat
  1.2691  
  1.2692 -definition trat_1 :: "nat * nat" where 
  1.2693 +definition
  1.2694 +  trat_1 :: "nat * nat"  where
  1.2695    "trat_1 == (0, 0)"
  1.2696  
  1.2697  lemma trat_1: "trat_1 = (0, 0)"
  1.2698 -  by (import hrat trat_1)
  1.2699 -
  1.2700 -definition trat_inv :: "nat * nat => nat * nat" where 
  1.2701 -  "trat_inv == %(x::nat, y::nat). (y, x)"
  1.2702 -
  1.2703 -lemma trat_inv: "ALL (x::nat) y::nat. trat_inv (x, y) = (y, x)"
  1.2704 -  by (import hrat trat_inv)
  1.2705 -
  1.2706 -definition trat_add :: "nat * nat => nat * nat => nat * nat" where 
  1.2707 +  sorry
  1.2708 +
  1.2709 +definition
  1.2710 +  trat_inv :: "nat * nat => nat * nat"  where
  1.2711 +  "trat_inv == %(x, y). (y, x)"
  1.2712 +
  1.2713 +lemma trat_inv: "trat_inv (x, y) = (y, x)"
  1.2714 +  sorry
  1.2715 +
  1.2716 +definition
  1.2717 +  trat_add :: "nat * nat => nat * nat => nat * nat"  where
  1.2718    "trat_add ==
  1.2719 -%(x::nat, y::nat) (x'::nat, y'::nat).
  1.2720 +%(x, y) (x', y').
  1.2721     (PRE (Suc x * Suc y' + Suc x' * Suc y), PRE (Suc y * Suc y'))"
  1.2722  
  1.2723 -lemma trat_add: "ALL (x::nat) (y::nat) (x'::nat) y'::nat.
  1.2724 -   trat_add (x, y) (x', y') =
  1.2725 -   (PRE (Suc x * Suc y' + Suc x' * Suc y), PRE (Suc y * Suc y'))"
  1.2726 -  by (import hrat trat_add)
  1.2727 -
  1.2728 -definition trat_mul :: "nat * nat => nat * nat => nat * nat" where 
  1.2729 -  "trat_mul ==
  1.2730 -%(x::nat, y::nat) (x'::nat, y'::nat).
  1.2731 -   (PRE (Suc x * Suc x'), PRE (Suc y * Suc y'))"
  1.2732 -
  1.2733 -lemma trat_mul: "ALL (x::nat) (y::nat) (x'::nat) y'::nat.
  1.2734 -   trat_mul (x, y) (x', y') = (PRE (Suc x * Suc x'), PRE (Suc y * Suc y'))"
  1.2735 -  by (import hrat trat_mul)
  1.2736 +lemma trat_add: "trat_add (x, y) (x', y') =
  1.2737 +(PRE (Suc x * Suc y' + Suc x' * Suc y), PRE (Suc y * Suc y'))"
  1.2738 +  sorry
  1.2739 +
  1.2740 +definition
  1.2741 +  trat_mul :: "nat * nat => nat * nat => nat * nat"  where
  1.2742 +  "trat_mul == %(x, y) (x', y'). (PRE (Suc x * Suc x'), PRE (Suc y * Suc y'))"
  1.2743 +
  1.2744 +lemma trat_mul: "trat_mul (x, y) (x', y') = (PRE (Suc x * Suc x'), PRE (Suc y * Suc y'))"
  1.2745 +  sorry
  1.2746  
  1.2747  consts
  1.2748    trat_sucint :: "nat => nat * nat" 
  1.2749  
  1.2750  specification (trat_sucint) trat_sucint: "trat_sucint 0 = trat_1 &
  1.2751 -(ALL n::nat. trat_sucint (Suc n) = trat_add (trat_sucint n) trat_1)"
  1.2752 -  by (import hrat trat_sucint)
  1.2753 -
  1.2754 -definition trat_eq :: "nat * nat => nat * nat => bool" where 
  1.2755 -  "trat_eq ==
  1.2756 -%(x::nat, y::nat) (x'::nat, y'::nat). Suc x * Suc y' = Suc x' * Suc y"
  1.2757 -
  1.2758 -lemma trat_eq: "ALL (x::nat) (y::nat) (x'::nat) y'::nat.
  1.2759 -   trat_eq (x, y) (x', y') = (Suc x * Suc y' = Suc x' * Suc y)"
  1.2760 -  by (import hrat trat_eq)
  1.2761 -
  1.2762 -lemma TRAT_EQ_REFL: "ALL p::nat * nat. trat_eq p p"
  1.2763 -  by (import hrat TRAT_EQ_REFL)
  1.2764 -
  1.2765 -lemma TRAT_EQ_SYM: "ALL (p::nat * nat) q::nat * nat. trat_eq p q = trat_eq q p"
  1.2766 -  by (import hrat TRAT_EQ_SYM)
  1.2767 -
  1.2768 -lemma TRAT_EQ_TRANS: "ALL (p::nat * nat) (q::nat * nat) r::nat * nat.
  1.2769 -   trat_eq p q & trat_eq q r --> trat_eq p r"
  1.2770 -  by (import hrat TRAT_EQ_TRANS)
  1.2771 -
  1.2772 -lemma TRAT_EQ_AP: "ALL (p::nat * nat) q::nat * nat. p = q --> trat_eq p q"
  1.2773 -  by (import hrat TRAT_EQ_AP)
  1.2774 -
  1.2775 -lemma TRAT_ADD_SYM_EQ: "ALL (h::nat * nat) i::nat * nat. trat_add h i = trat_add i h"
  1.2776 -  by (import hrat TRAT_ADD_SYM_EQ)
  1.2777 -
  1.2778 -lemma TRAT_MUL_SYM_EQ: "ALL (h::nat * nat) i::nat * nat. trat_mul h i = trat_mul i h"
  1.2779 -  by (import hrat TRAT_MUL_SYM_EQ)
  1.2780 -
  1.2781 -lemma TRAT_INV_WELLDEFINED: "ALL (p::nat * nat) q::nat * nat.
  1.2782 -   trat_eq p q --> trat_eq (trat_inv p) (trat_inv q)"
  1.2783 -  by (import hrat TRAT_INV_WELLDEFINED)
  1.2784 -
  1.2785 -lemma TRAT_ADD_WELLDEFINED: "ALL (p::nat * nat) (q::nat * nat) r::nat * nat.
  1.2786 -   trat_eq p q --> trat_eq (trat_add p r) (trat_add q r)"
  1.2787 -  by (import hrat TRAT_ADD_WELLDEFINED)
  1.2788 -
  1.2789 -lemma TRAT_ADD_WELLDEFINED2: "ALL (p1::nat * nat) (p2::nat * nat) (q1::nat * nat) q2::nat * nat.
  1.2790 -   trat_eq p1 p2 & trat_eq q1 q2 -->
  1.2791 -   trat_eq (trat_add p1 q1) (trat_add p2 q2)"
  1.2792 -  by (import hrat TRAT_ADD_WELLDEFINED2)
  1.2793 -
  1.2794 -lemma TRAT_MUL_WELLDEFINED: "ALL (p::nat * nat) (q::nat * nat) r::nat * nat.
  1.2795 -   trat_eq p q --> trat_eq (trat_mul p r) (trat_mul q r)"
  1.2796 -  by (import hrat TRAT_MUL_WELLDEFINED)
  1.2797 -
  1.2798 -lemma TRAT_MUL_WELLDEFINED2: "ALL (p1::nat * nat) (p2::nat * nat) (q1::nat * nat) q2::nat * nat.
  1.2799 -   trat_eq p1 p2 & trat_eq q1 q2 -->
  1.2800 -   trat_eq (trat_mul p1 q1) (trat_mul p2 q2)"
  1.2801 -  by (import hrat TRAT_MUL_WELLDEFINED2)
  1.2802 -
  1.2803 -lemma TRAT_ADD_SYM: "ALL (h::nat * nat) i::nat * nat. trat_eq (trat_add h i) (trat_add i h)"
  1.2804 -  by (import hrat TRAT_ADD_SYM)
  1.2805 -
  1.2806 -lemma TRAT_ADD_ASSOC: "ALL (h::nat * nat) (i::nat * nat) j::nat * nat.
  1.2807 -   trat_eq (trat_add h (trat_add i j)) (trat_add (trat_add h i) j)"
  1.2808 -  by (import hrat TRAT_ADD_ASSOC)
  1.2809 -
  1.2810 -lemma TRAT_MUL_SYM: "ALL (h::nat * nat) i::nat * nat. trat_eq (trat_mul h i) (trat_mul i h)"
  1.2811 -  by (import hrat TRAT_MUL_SYM)
  1.2812 -
  1.2813 -lemma TRAT_MUL_ASSOC: "ALL (h::nat * nat) (i::nat * nat) j::nat * nat.
  1.2814 -   trat_eq (trat_mul h (trat_mul i j)) (trat_mul (trat_mul h i) j)"
  1.2815 -  by (import hrat TRAT_MUL_ASSOC)
  1.2816 -
  1.2817 -lemma TRAT_LDISTRIB: "ALL (h::nat * nat) (i::nat * nat) j::nat * nat.
  1.2818 -   trat_eq (trat_mul h (trat_add i j))
  1.2819 -    (trat_add (trat_mul h i) (trat_mul h j))"
  1.2820 -  by (import hrat TRAT_LDISTRIB)
  1.2821 -
  1.2822 -lemma TRAT_MUL_LID: "ALL h::nat * nat. trat_eq (trat_mul trat_1 h) h"
  1.2823 -  by (import hrat TRAT_MUL_LID)
  1.2824 -
  1.2825 -lemma TRAT_MUL_LINV: "ALL h::nat * nat. trat_eq (trat_mul (trat_inv h) h) trat_1"
  1.2826 -  by (import hrat TRAT_MUL_LINV)
  1.2827 -
  1.2828 -lemma TRAT_NOZERO: "ALL (h::nat * nat) i::nat * nat. ~ trat_eq (trat_add h i) h"
  1.2829 -  by (import hrat TRAT_NOZERO)
  1.2830 -
  1.2831 -lemma TRAT_ADD_TOTAL: "ALL (h::nat * nat) i::nat * nat.
  1.2832 -   trat_eq h i |
  1.2833 -   (EX d::nat * nat. trat_eq h (trat_add i d)) |
  1.2834 -   (EX d::nat * nat. trat_eq i (trat_add h d))"
  1.2835 -  by (import hrat TRAT_ADD_TOTAL)
  1.2836 -
  1.2837 -lemma TRAT_SUCINT_0: "ALL n::nat. trat_eq (trat_sucint n) (n, 0)"
  1.2838 -  by (import hrat TRAT_SUCINT_0)
  1.2839 -
  1.2840 -lemma TRAT_ARCH: "ALL h::nat * nat.
  1.2841 -   EX (n::nat) d::nat * nat. trat_eq (trat_sucint n) (trat_add h d)"
  1.2842 -  by (import hrat TRAT_ARCH)
  1.2843 +(ALL n. trat_sucint (Suc n) = trat_add (trat_sucint n) trat_1)"
  1.2844 +  sorry
  1.2845 +
  1.2846 +definition
  1.2847 +  trat_eq :: "nat * nat => nat * nat => bool"  where
  1.2848 +  "trat_eq == %(x, y) (x', y'). Suc x * Suc y' = Suc x' * Suc y"
  1.2849 +
  1.2850 +lemma trat_eq: "trat_eq (x, y) (x', y') = (Suc x * Suc y' = Suc x' * Suc y)"
  1.2851 +  sorry
  1.2852 +
  1.2853 +lemma TRAT_EQ_REFL: "trat_eq p p"
  1.2854 +  sorry
  1.2855 +
  1.2856 +lemma TRAT_EQ_SYM: "trat_eq p q = trat_eq q p"
  1.2857 +  sorry
  1.2858 +
  1.2859 +lemma TRAT_EQ_TRANS: "trat_eq p q & trat_eq q r ==> trat_eq p r"
  1.2860 +  sorry
  1.2861 +
  1.2862 +lemma TRAT_EQ_AP: "p = q ==> trat_eq p q"
  1.2863 +  sorry
  1.2864 +
  1.2865 +lemma TRAT_ADD_SYM_EQ: "trat_add h i = trat_add i h"
  1.2866 +  sorry
  1.2867 +
  1.2868 +lemma TRAT_MUL_SYM_EQ: "trat_mul h i = trat_mul i h"
  1.2869 +  sorry
  1.2870 +
  1.2871 +lemma TRAT_INV_WELLDEFINED: "trat_eq p q ==> trat_eq (trat_inv p) (trat_inv q)"
  1.2872 +  sorry
  1.2873 +
  1.2874 +lemma TRAT_ADD_WELLDEFINED: "trat_eq p q ==> trat_eq (trat_add p r) (trat_add q r)"
  1.2875 +  sorry
  1.2876 +
  1.2877 +lemma TRAT_ADD_WELLDEFINED2: "trat_eq p1 p2 & trat_eq q1 q2 ==> trat_eq (trat_add p1 q1) (trat_add p2 q2)"
  1.2878 +  sorry
  1.2879 +
  1.2880 +lemma TRAT_MUL_WELLDEFINED: "trat_eq p q ==> trat_eq (trat_mul p r) (trat_mul q r)"
  1.2881 +  sorry
  1.2882 +
  1.2883 +lemma TRAT_MUL_WELLDEFINED2: "trat_eq p1 p2 & trat_eq q1 q2 ==> trat_eq (trat_mul p1 q1) (trat_mul p2 q2)"
  1.2884 +  sorry
  1.2885 +
  1.2886 +lemma TRAT_ADD_SYM: "trat_eq (trat_add h i) (trat_add i h)"
  1.2887 +  sorry
  1.2888 +
  1.2889 +lemma TRAT_ADD_ASSOC: "trat_eq (trat_add h (trat_add i j)) (trat_add (trat_add h i) j)"
  1.2890 +  sorry
  1.2891 +
  1.2892 +lemma TRAT_MUL_SYM: "trat_eq (trat_mul h i) (trat_mul i h)"
  1.2893 +  sorry
  1.2894 +
  1.2895 +lemma TRAT_MUL_ASSOC: "trat_eq (trat_mul h (trat_mul i j)) (trat_mul (trat_mul h i) j)"
  1.2896 +  sorry
  1.2897 +
  1.2898 +lemma TRAT_LDISTRIB: "trat_eq (trat_mul h (trat_add i j)) (trat_add (trat_mul h i) (trat_mul h j))"
  1.2899 +  sorry
  1.2900 +
  1.2901 +lemma TRAT_MUL_LID: "trat_eq (trat_mul trat_1 h) h"
  1.2902 +  sorry
  1.2903 +
  1.2904 +lemma TRAT_MUL_LINV: "trat_eq (trat_mul (trat_inv h) h) trat_1"
  1.2905 +  sorry
  1.2906 +
  1.2907 +lemma TRAT_NOZERO: "~ trat_eq (trat_add h i) h"
  1.2908 +  sorry
  1.2909 +
  1.2910 +lemma TRAT_ADD_TOTAL: "trat_eq h i |
  1.2911 +(EX d. trat_eq h (trat_add i d)) | (EX d. trat_eq i (trat_add h d))"
  1.2912 +  sorry
  1.2913 +
  1.2914 +lemma TRAT_SUCINT_0: "trat_eq (trat_sucint n) (n, 0)"
  1.2915 +  sorry
  1.2916 +
  1.2917 +lemma TRAT_ARCH: "EX n d. trat_eq (trat_sucint n) (trat_add h d)"
  1.2918 +  sorry
  1.2919  
  1.2920  lemma TRAT_SUCINT: "trat_eq (trat_sucint 0) trat_1 &
  1.2921 -(ALL n::nat.
  1.2922 -    trat_eq (trat_sucint (Suc n)) (trat_add (trat_sucint n) trat_1))"
  1.2923 -  by (import hrat TRAT_SUCINT)
  1.2924 -
  1.2925 -lemma TRAT_EQ_EQUIV: "ALL (p::nat * nat) q::nat * nat. trat_eq p q = (trat_eq p = trat_eq q)"
  1.2926 -  by (import hrat TRAT_EQ_EQUIV)
  1.2927 -
  1.2928 -typedef (open) hrat = "{x::nat * nat => bool. EX xa::nat * nat. x = trat_eq xa}" 
  1.2929 -  by (rule typedef_helper,import hrat hrat_TY_DEF)
  1.2930 +(ALL n. trat_eq (trat_sucint (Suc n)) (trat_add (trat_sucint n) trat_1))"
  1.2931 +  sorry
  1.2932 +
  1.2933 +lemma TRAT_EQ_EQUIV: "trat_eq p q = (trat_eq p = trat_eq q)"
  1.2934 +  sorry
  1.2935 +
  1.2936 +typedef (open) hrat = "{x. EX xa. x = trat_eq xa}" 
  1.2937 +  sorry
  1.2938  
  1.2939  lemmas hrat_TY_DEF = typedef_hol2hol4 [OF type_definition_hrat]
  1.2940  
  1.2941 @@ -1866,227 +1477,213 @@
  1.2942    mk_hrat :: "(nat * nat => bool) => hrat" 
  1.2943    dest_hrat :: "hrat => nat * nat => bool" 
  1.2944  
  1.2945 -specification (dest_hrat mk_hrat) hrat_tybij: "(ALL a::hrat. mk_hrat (dest_hrat a) = a) &
  1.2946 -(ALL r::nat * nat => bool.
  1.2947 -    (EX x::nat * nat. r = trat_eq x) = (dest_hrat (mk_hrat r) = r))"
  1.2948 -  by (import hrat hrat_tybij)
  1.2949 -
  1.2950 -definition hrat_1 :: "hrat" where 
  1.2951 +specification (dest_hrat mk_hrat) hrat_tybij: "(ALL a. mk_hrat (dest_hrat a) = a) &
  1.2952 +(ALL r. (EX x. r = trat_eq x) = (dest_hrat (mk_hrat r) = r))"
  1.2953 +  sorry
  1.2954 +
  1.2955 +definition
  1.2956 +  hrat_1 :: "hrat"  where
  1.2957    "hrat_1 == mk_hrat (trat_eq trat_1)"
  1.2958  
  1.2959  lemma hrat_1: "hrat_1 = mk_hrat (trat_eq trat_1)"
  1.2960 -  by (import hrat hrat_1)
  1.2961 -
  1.2962 -definition hrat_inv :: "hrat => hrat" where 
  1.2963 -  "hrat_inv == %T1::hrat. mk_hrat (trat_eq (trat_inv (Eps (dest_hrat T1))))"
  1.2964 -
  1.2965 -lemma hrat_inv: "ALL T1::hrat.
  1.2966 -   hrat_inv T1 = mk_hrat (trat_eq (trat_inv (Eps (dest_hrat T1))))"
  1.2967 -  by (import hrat hrat_inv)
  1.2968 -
  1.2969 -definition hrat_add :: "hrat => hrat => hrat" where 
  1.2970 +  sorry
  1.2971 +
  1.2972 +definition
  1.2973 +  hrat_inv :: "hrat => hrat"  where
  1.2974 +  "hrat_inv == %T1. mk_hrat (trat_eq (trat_inv (Eps (dest_hrat T1))))"
  1.2975 +
  1.2976 +lemma hrat_inv: "hrat_inv T1 = mk_hrat (trat_eq (trat_inv (Eps (dest_hrat T1))))"
  1.2977 +  sorry
  1.2978 +
  1.2979 +definition
  1.2980 +  hrat_add :: "hrat => hrat => hrat"  where
  1.2981    "hrat_add ==
  1.2982 -%(T1::hrat) T2::hrat.
  1.2983 +%T1 T2.
  1.2984     mk_hrat (trat_eq (trat_add (Eps (dest_hrat T1)) (Eps (dest_hrat T2))))"
  1.2985  
  1.2986 -lemma hrat_add: "ALL (T1::hrat) T2::hrat.
  1.2987 -   hrat_add T1 T2 =
  1.2988 -   mk_hrat (trat_eq (trat_add (Eps (dest_hrat T1)) (Eps (dest_hrat T2))))"
  1.2989 -  by (import hrat hrat_add)
  1.2990 -
  1.2991 -definition hrat_mul :: "hrat => hrat => hrat" where 
  1.2992 +lemma hrat_add: "hrat_add T1 T2 =
  1.2993 +mk_hrat (trat_eq (trat_add (Eps (dest_hrat T1)) (Eps (dest_hrat T2))))"
  1.2994 +  sorry
  1.2995 +
  1.2996 +definition
  1.2997 +  hrat_mul :: "hrat => hrat => hrat"  where
  1.2998    "hrat_mul ==
  1.2999 -%(T1::hrat) T2::hrat.
  1.3000 -   mk_hrat (trat_eq (trat_mul (Eps (dest_hrat T1)) (Eps (dest_hrat T2))))"
  1.3001 -
  1.3002 -lemma hrat_mul: "ALL (T1::hrat) T2::hrat.
  1.3003 -   hrat_mul T1 T2 =
  1.3004 +%T1 T2.
  1.3005     mk_hrat (trat_eq (trat_mul (Eps (dest_hrat T1)) (Eps (dest_hrat T2))))"
  1.3006 -  by (import hrat hrat_mul)
  1.3007 -
  1.3008 -definition hrat_sucint :: "nat => hrat" where 
  1.3009 -  "hrat_sucint == %T1::nat. mk_hrat (trat_eq (trat_sucint T1))"
  1.3010 -
  1.3011 -lemma hrat_sucint: "ALL T1::nat. hrat_sucint T1 = mk_hrat (trat_eq (trat_sucint T1))"
  1.3012 -  by (import hrat hrat_sucint)
  1.3013 -
  1.3014 -lemma HRAT_ADD_SYM: "ALL (h::hrat) i::hrat. hrat_add h i = hrat_add i h"
  1.3015 -  by (import hrat HRAT_ADD_SYM)
  1.3016 -
  1.3017 -lemma HRAT_ADD_ASSOC: "ALL (h::hrat) (i::hrat) j::hrat.
  1.3018 -   hrat_add h (hrat_add i j) = hrat_add (hrat_add h i) j"
  1.3019 -  by (import hrat HRAT_ADD_ASSOC)
  1.3020 -
  1.3021 -lemma HRAT_MUL_SYM: "ALL (h::hrat) i::hrat. hrat_mul h i = hrat_mul i h"
  1.3022 -  by (import hrat HRAT_MUL_SYM)
  1.3023 -
  1.3024 -lemma HRAT_MUL_ASSOC: "ALL (h::hrat) (i::hrat) j::hrat.
  1.3025 -   hrat_mul h (hrat_mul i j) = hrat_mul (hrat_mul h i) j"
  1.3026 -  by (import hrat HRAT_MUL_ASSOC)
  1.3027 -
  1.3028 -lemma HRAT_LDISTRIB: "ALL (h::hrat) (i::hrat) j::hrat.
  1.3029 -   hrat_mul h (hrat_add i j) = hrat_add (hrat_mul h i) (hrat_mul h j)"
  1.3030 -  by (import hrat HRAT_LDISTRIB)
  1.3031 -
  1.3032 -lemma HRAT_MUL_LID: "ALL h::hrat. hrat_mul hrat_1 h = h"
  1.3033 -  by (import hrat HRAT_MUL_LID)
  1.3034 -
  1.3035 -lemma HRAT_MUL_LINV: "ALL h::hrat. hrat_mul (hrat_inv h) h = hrat_1"
  1.3036 -  by (import hrat HRAT_MUL_LINV)
  1.3037 -
  1.3038 -lemma HRAT_NOZERO: "ALL (h::hrat) i::hrat. hrat_add h i ~= h"
  1.3039 -  by (import hrat HRAT_NOZERO)
  1.3040 -
  1.3041 -lemma HRAT_ADD_TOTAL: "ALL (h::hrat) i::hrat.
  1.3042 -   h = i | (EX x::hrat. h = hrat_add i x) | (EX x::hrat. i = hrat_add h x)"
  1.3043 -  by (import hrat HRAT_ADD_TOTAL)
  1.3044 -
  1.3045 -lemma HRAT_ARCH: "ALL h::hrat. EX (x::nat) xa::hrat. hrat_sucint x = hrat_add h xa"
  1.3046 -  by (import hrat HRAT_ARCH)
  1.3047 +
  1.3048 +lemma hrat_mul: "hrat_mul T1 T2 =
  1.3049 +mk_hrat (trat_eq (trat_mul (Eps (dest_hrat T1)) (Eps (dest_hrat T2))))"
  1.3050 +  sorry
  1.3051 +
  1.3052 +definition
  1.3053 +  hrat_sucint :: "nat => hrat"  where
  1.3054 +  "hrat_sucint == %T1. mk_hrat (trat_eq (trat_sucint T1))"
  1.3055 +
  1.3056 +lemma hrat_sucint: "hrat_sucint T1 = mk_hrat (trat_eq (trat_sucint T1))"
  1.3057 +  sorry
  1.3058 +
  1.3059 +lemma HRAT_ADD_SYM: "hrat_add h i = hrat_add i h"
  1.3060 +  sorry
  1.3061 +
  1.3062 +lemma HRAT_ADD_ASSOC: "hrat_add h (hrat_add i j) = hrat_add (hrat_add h i) j"
  1.3063 +  sorry
  1.3064 +
  1.3065 +lemma HRAT_MUL_SYM: "hrat_mul h i = hrat_mul i h"
  1.3066 +  sorry
  1.3067 +
  1.3068 +lemma HRAT_MUL_ASSOC: "hrat_mul h (hrat_mul i j) = hrat_mul (hrat_mul h i) j"
  1.3069 +  sorry
  1.3070 +
  1.3071 +lemma HRAT_LDISTRIB: "hrat_mul h (hrat_add i j) = hrat_add (hrat_mul h i) (hrat_mul h j)"
  1.3072 +  sorry
  1.3073 +
  1.3074 +lemma HRAT_MUL_LID: "hrat_mul hrat_1 h = h"
  1.3075 +  sorry
  1.3076 +
  1.3077 +lemma HRAT_MUL_LINV: "hrat_mul (hrat_inv h) h = hrat_1"
  1.3078 +  sorry
  1.3079 +
  1.3080 +lemma HRAT_NOZERO: "hrat_add h i ~= h"
  1.3081 +  sorry
  1.3082 +
  1.3083 +lemma HRAT_ADD_TOTAL: "h = i | (EX x. h = hrat_add i x) | (EX x. i = hrat_add h x)"
  1.3084 +  sorry
  1.3085 +
  1.3086 +lemma HRAT_ARCH: "EX x xa. hrat_sucint x = hrat_add h xa"
  1.3087 +  sorry
  1.3088  
  1.3089  lemma HRAT_SUCINT: "hrat_sucint 0 = hrat_1 &
  1.3090 -(ALL x::nat. hrat_sucint (Suc x) = hrat_add (hrat_sucint x) hrat_1)"
  1.3091 -  by (import hrat HRAT_SUCINT)
  1.3092 +(ALL x. hrat_sucint (Suc x) = hrat_add (hrat_sucint x) hrat_1)"
  1.3093 +  sorry
  1.3094  
  1.3095  ;end_setup
  1.3096  
  1.3097  ;setup_theory hreal
  1.3098  
  1.3099 -definition hrat_lt :: "hrat => hrat => bool" where 
  1.3100 -  "hrat_lt == %(x::hrat) y::hrat. EX d::hrat. y = hrat_add x d"
  1.3101 -
  1.3102 -lemma hrat_lt: "ALL (x::hrat) y::hrat. hrat_lt x y = (EX d::hrat. y = hrat_add x d)"
  1.3103 -  by (import hreal hrat_lt)
  1.3104 -
  1.3105 -lemma HRAT_LT_REFL: "ALL x::hrat. ~ hrat_lt x x"
  1.3106 -  by (import hreal HRAT_LT_REFL)
  1.3107 -
  1.3108 -lemma HRAT_LT_TRANS: "ALL (x::hrat) (y::hrat) z::hrat. hrat_lt x y & hrat_lt y z --> hrat_lt x z"
  1.3109 -  by (import hreal HRAT_LT_TRANS)
  1.3110 -
  1.3111 -lemma HRAT_LT_ANTISYM: "ALL (x::hrat) y::hrat. ~ (hrat_lt x y & hrat_lt y x)"
  1.3112 -  by (import hreal HRAT_LT_ANTISYM)
  1.3113 -
  1.3114 -lemma HRAT_LT_TOTAL: "ALL (x::hrat) y::hrat. x = y | hrat_lt x y | hrat_lt y x"
  1.3115 -  by (import hreal HRAT_LT_TOTAL)
  1.3116 -
  1.3117 -lemma HRAT_MUL_RID: "ALL x::hrat. hrat_mul x hrat_1 = x"
  1.3118 -  by (import hreal HRAT_MUL_RID)
  1.3119 -
  1.3120 -lemma HRAT_MUL_RINV: "ALL x::hrat. hrat_mul x (hrat_inv x) = hrat_1"
  1.3121 -  by (import hreal HRAT_MUL_RINV)
  1.3122 -
  1.3123 -lemma HRAT_RDISTRIB: "ALL (x::hrat) (y::hrat) z::hrat.
  1.3124 -   hrat_mul (hrat_add x y) z = hrat_add (hrat_mul x z) (hrat_mul y z)"
  1.3125 -  by (import hreal HRAT_RDISTRIB)
  1.3126 -
  1.3127 -lemma HRAT_LT_ADDL: "ALL (x::hrat) y::hrat. hrat_lt x (hrat_add x y)"
  1.3128 -  by (import hreal HRAT_LT_ADDL)
  1.3129 -
  1.3130 -lemma HRAT_LT_ADDR: "ALL (x::hrat) xa::hrat. hrat_lt xa (hrat_add x xa)"
  1.3131 -  by (import hreal HRAT_LT_ADDR)
  1.3132 -
  1.3133 -lemma HRAT_LT_GT: "ALL (x::hrat) y::hrat. hrat_lt x y --> ~ hrat_lt y x"
  1.3134 -  by (import hreal HRAT_LT_GT)
  1.3135 -
  1.3136 -lemma HRAT_LT_NE: "ALL (x::hrat) y::hrat. hrat_lt x y --> x ~= y"
  1.3137 -  by (import hreal HRAT_LT_NE)
  1.3138 -
  1.3139 -lemma HRAT_EQ_LADD: "ALL (x::hrat) (y::hrat) z::hrat. (hrat_add x y = hrat_add x z) = (y = z)"
  1.3140 -  by (import hreal HRAT_EQ_LADD)
  1.3141 -
  1.3142 -lemma HRAT_EQ_LMUL: "ALL (x::hrat) (y::hrat) z::hrat. (hrat_mul x y = hrat_mul x z) = (y = z)"
  1.3143 -  by (import hreal HRAT_EQ_LMUL)
  1.3144 -
  1.3145 -lemma HRAT_LT_ADD2: "ALL (u::hrat) (v::hrat) (x::hrat) y::hrat.
  1.3146 -   hrat_lt u x & hrat_lt v y --> hrat_lt (hrat_add u v) (hrat_add x y)"
  1.3147 -  by (import hreal HRAT_LT_ADD2)
  1.3148 -
  1.3149 -lemma HRAT_LT_LADD: "ALL (x::hrat) (y::hrat) z::hrat.
  1.3150 -   hrat_lt (hrat_add z x) (hrat_add z y) = hrat_lt x y"
  1.3151 -  by (import hreal HRAT_LT_LADD)
  1.3152 -
  1.3153 -lemma HRAT_LT_RADD: "ALL (x::hrat) (y::hrat) z::hrat.
  1.3154 -   hrat_lt (hrat_add x z) (hrat_add y z) = hrat_lt x y"
  1.3155 -  by (import hreal HRAT_LT_RADD)
  1.3156 -
  1.3157 -lemma HRAT_LT_MUL2: "ALL (u::hrat) (v::hrat) (x::hrat) y::hrat.
  1.3158 -   hrat_lt u x & hrat_lt v y --> hrat_lt (hrat_mul u v) (hrat_mul x y)"
  1.3159 -  by (import hreal HRAT_LT_MUL2)
  1.3160 -
  1.3161 -lemma HRAT_LT_LMUL: "ALL (x::hrat) (y::hrat) z::hrat.
  1.3162 -   hrat_lt (hrat_mul z x) (hrat_mul z y) = hrat_lt x y"
  1.3163 -  by (import hreal HRAT_LT_LMUL)
  1.3164 -
  1.3165 -lemma HRAT_LT_RMUL: "ALL (x::hrat) (y::hrat) z::hrat.
  1.3166 -   hrat_lt (hrat_mul x z) (hrat_mul y z) = hrat_lt x y"
  1.3167 -  by (import hreal HRAT_LT_RMUL)
  1.3168 -
  1.3169 -lemma HRAT_LT_LMUL1: "ALL (x::hrat) y::hrat. hrat_lt (hrat_mul x y) y = hrat_lt x hrat_1"
  1.3170 -  by (import hreal HRAT_LT_LMUL1)
  1.3171 -
  1.3172 -lemma HRAT_LT_RMUL1: "ALL (x::hrat) y::hrat. hrat_lt (hrat_mul x y) x = hrat_lt y hrat_1"
  1.3173 -  by (import hreal HRAT_LT_RMUL1)
  1.3174 -
  1.3175 -lemma HRAT_GT_LMUL1: "ALL (x::hrat) y::hrat. hrat_lt y (hrat_mul x y) = hrat_lt hrat_1 x"
  1.3176 -  by (import hreal HRAT_GT_LMUL1)
  1.3177 -
  1.3178 -lemma HRAT_LT_L1: "ALL (x::hrat) y::hrat.
  1.3179 -   hrat_lt (hrat_mul (hrat_inv x) y) hrat_1 = hrat_lt y x"
  1.3180 -  by (import hreal HRAT_LT_L1)
  1.3181 -
  1.3182 -lemma HRAT_LT_R1: "ALL (x::hrat) y::hrat.
  1.3183 -   hrat_lt (hrat_mul x (hrat_inv y)) hrat_1 = hrat_lt x y"
  1.3184 -  by (import hreal HRAT_LT_R1)
  1.3185 -
  1.3186 -lemma HRAT_GT_L1: "ALL (x::hrat) y::hrat.
  1.3187 -   hrat_lt hrat_1 (hrat_mul (hrat_inv x) y) = hrat_lt x y"
  1.3188 -  by (import hreal HRAT_GT_L1)
  1.3189 -
  1.3190 -lemma HRAT_INV_MUL: "ALL (x::hrat) y::hrat.
  1.3191 -   hrat_inv (hrat_mul x y) = hrat_mul (hrat_inv x) (hrat_inv y)"
  1.3192 -  by (import hreal HRAT_INV_MUL)
  1.3193 -
  1.3194 -lemma HRAT_UP: "ALL x::hrat. Ex (hrat_lt x)"
  1.3195 -  by (import hreal HRAT_UP)
  1.3196 -
  1.3197 -lemma HRAT_DOWN: "ALL x::hrat. EX xa::hrat. hrat_lt xa x"
  1.3198 -  by (import hreal HRAT_DOWN)
  1.3199 -
  1.3200 -lemma HRAT_DOWN2: "ALL (x::hrat) y::hrat. EX xa::hrat. hrat_lt xa x & hrat_lt xa y"
  1.3201 -  by (import hreal HRAT_DOWN2)
  1.3202 -
  1.3203 -lemma HRAT_MEAN: "ALL (x::hrat) y::hrat.
  1.3204 -   hrat_lt x y --> (EX xa::hrat. hrat_lt x xa & hrat_lt xa y)"
  1.3205 -  by (import hreal HRAT_MEAN)
  1.3206 -
  1.3207 -definition isacut :: "(hrat => bool) => bool" where 
  1.3208 +definition
  1.3209 +  hrat_lt :: "hrat => hrat => bool"  where
  1.3210 +  "hrat_lt == %x y. EX d. y = hrat_add x d"
  1.3211 +
  1.3212 +lemma hrat_lt: "hrat_lt x y = (EX d. y = hrat_add x d)"
  1.3213 +  sorry
  1.3214 +
  1.3215 +lemma HRAT_LT_REFL: "~ hrat_lt x x"
  1.3216 +  sorry
  1.3217 +
  1.3218 +lemma HRAT_LT_TRANS: "hrat_lt x y & hrat_lt y z ==> hrat_lt x z"
  1.3219 +  sorry
  1.3220 +
  1.3221 +lemma HRAT_LT_ANTISYM: "~ (hrat_lt x y & hrat_lt y x)"
  1.3222 +  sorry
  1.3223 +
  1.3224 +lemma HRAT_LT_TOTAL: "x = y | hrat_lt x y | hrat_lt y x"
  1.3225 +  sorry
  1.3226 +
  1.3227 +lemma HRAT_MUL_RID: "hrat_mul x hrat_1 = x"
  1.3228 +  sorry
  1.3229 +
  1.3230 +lemma HRAT_MUL_RINV: "hrat_mul x (hrat_inv x) = hrat_1"
  1.3231 +  sorry
  1.3232 +
  1.3233 +lemma HRAT_RDISTRIB: "hrat_mul (hrat_add x y) z = hrat_add (hrat_mul x z) (hrat_mul y z)"
  1.3234 +  sorry
  1.3235 +
  1.3236 +lemma HRAT_LT_ADDL: "hrat_lt x (hrat_add x y)"
  1.3237 +  sorry
  1.3238 +
  1.3239 +lemma HRAT_LT_ADDR: "hrat_lt xa (hrat_add x xa)"
  1.3240 +  sorry
  1.3241 +
  1.3242 +lemma HRAT_LT_GT: "hrat_lt x y ==> ~ hrat_lt y x"
  1.3243 +  sorry
  1.3244 +
  1.3245 +lemma HRAT_LT_NE: "hrat_lt x y ==> x ~= y"
  1.3246 +  sorry
  1.3247 +
  1.3248 +lemma HRAT_EQ_LADD: "(hrat_add x y = hrat_add x z) = (y = z)"
  1.3249 +  sorry
  1.3250 +
  1.3251 +lemma HRAT_EQ_LMUL: "(hrat_mul x y = hrat_mul x z) = (y = z)"
  1.3252 +  sorry
  1.3253 +
  1.3254 +lemma HRAT_LT_ADD2: "hrat_lt u x & hrat_lt v y ==> hrat_lt (hrat_add u v) (hrat_add x y)"
  1.3255 +  sorry
  1.3256 +
  1.3257 +lemma HRAT_LT_LADD: "hrat_lt (hrat_add z x) (hrat_add z y) = hrat_lt x y"
  1.3258 +  sorry
  1.3259 +
  1.3260 +lemma HRAT_LT_RADD: "hrat_lt (hrat_add x z) (hrat_add y z) = hrat_lt x y"
  1.3261 +  sorry
  1.3262 +
  1.3263 +lemma HRAT_LT_MUL2: "hrat_lt u x & hrat_lt v y ==> hrat_lt (hrat_mul u v) (hrat_mul x y)"
  1.3264 +  sorry
  1.3265 +
  1.3266 +lemma HRAT_LT_LMUL: "hrat_lt (hrat_mul z x) (hrat_mul z y) = hrat_lt x y"
  1.3267 +  sorry
  1.3268 +
  1.3269 +lemma HRAT_LT_RMUL: "hrat_lt (hrat_mul x z) (hrat_mul y z) = hrat_lt x y"
  1.3270 +  sorry
  1.3271 +
  1.3272 +lemma HRAT_LT_LMUL1: "hrat_lt (hrat_mul x y) y = hrat_lt x hrat_1"
  1.3273 +  sorry
  1.3274 +
  1.3275 +lemma HRAT_LT_RMUL1: "hrat_lt (hrat_mul x y) x = hrat_lt y hrat_1"
  1.3276 +  sorry
  1.3277 +
  1.3278 +lemma HRAT_GT_LMUL1: "hrat_lt y (hrat_mul x y) = hrat_lt hrat_1 x"
  1.3279 +  sorry
  1.3280 +
  1.3281 +lemma HRAT_LT_L1: "hrat_lt (hrat_mul (hrat_inv x) y) hrat_1 = hrat_lt y x"
  1.3282 +  sorry
  1.3283 +
  1.3284 +lemma HRAT_LT_R1: "hrat_lt (hrat_mul x (hrat_inv y)) hrat_1 = hrat_lt x y"
  1.3285 +  sorry
  1.3286 +
  1.3287 +lemma HRAT_GT_L1: "hrat_lt hrat_1 (hrat_mul (hrat_inv x) y) = hrat_lt x y"
  1.3288 +  sorry
  1.3289 +
  1.3290 +lemma HRAT_INV_MUL: "hrat_inv (hrat_mul x y) = hrat_mul (hrat_inv x) (hrat_inv y)"
  1.3291 +  sorry
  1.3292 +
  1.3293 +lemma HRAT_UP: "Ex (hrat_lt x)"
  1.3294 +  sorry
  1.3295 +
  1.3296 +lemma HRAT_DOWN: "EX xa. hrat_lt xa x"
  1.3297 +  sorry
  1.3298 +
  1.3299 +lemma HRAT_DOWN2: "EX xa. hrat_lt xa x & hrat_lt xa y"
  1.3300 +  sorry
  1.3301 +
  1.3302 +lemma HRAT_MEAN: "hrat_lt x y ==> EX xa. hrat_lt x xa & hrat_lt xa y"
  1.3303 +  sorry
  1.3304 +
  1.3305 +definition
  1.3306 +  isacut :: "(hrat => bool) => bool"  where
  1.3307    "isacut ==
  1.3308 -%C::hrat => bool.
  1.3309 -   Ex C &
  1.3310 -   (EX x::hrat. ~ C x) &
  1.3311 -   (ALL (x::hrat) y::hrat. C x & hrat_lt y x --> C y) &
  1.3312 -   (ALL x::hrat. C x --> (EX y::hrat. C y & hrat_lt x y))"
  1.3313 -
  1.3314 -lemma isacut: "ALL C::hrat => bool.
  1.3315 -   isacut C =
  1.3316 -   (Ex C &
  1.3317 -    (EX x::hrat. ~ C x) &
  1.3318 -    (ALL (x::hrat) y::hrat. C x & hrat_lt y x --> C y) &
  1.3319 -    (ALL x::hrat. C x --> (EX y::hrat. C y & hrat_lt x y)))"
  1.3320 -  by (import hreal isacut)
  1.3321 -
  1.3322 -definition cut_of_hrat :: "hrat => hrat => bool" where 
  1.3323 -  "cut_of_hrat == %(x::hrat) y::hrat. hrat_lt y x"
  1.3324 -
  1.3325 -lemma cut_of_hrat: "ALL x::hrat. cut_of_hrat x = (%y::hrat. hrat_lt y x)"
  1.3326 -  by (import hreal cut_of_hrat)
  1.3327 -
  1.3328 -lemma ISACUT_HRAT: "ALL h::hrat. isacut (cut_of_hrat h)"
  1.3329 -  by (import hreal ISACUT_HRAT)
  1.3330 +%C. Ex C &
  1.3331 +    (EX x. ~ C x) &
  1.3332 +    (ALL x y. C x & hrat_lt y x --> C y) &
  1.3333 +    (ALL x. C x --> (EX y. C y & hrat_lt x y))"
  1.3334 +
  1.3335 +lemma isacut: "isacut (CC::hrat => bool) =
  1.3336 +(Ex CC &
  1.3337 + (EX x::hrat. ~ CC x) &
  1.3338 + (ALL (x::hrat) y::hrat. CC x & hrat_lt y x --> CC y) &
  1.3339 + (ALL x::hrat. CC x --> (EX y::hrat. CC y & hrat_lt x y)))"
  1.3340 +  sorry
  1.3341 +
  1.3342 +definition
  1.3343 +  cut_of_hrat :: "hrat => hrat => bool"  where
  1.3344 +  "cut_of_hrat == %x y. hrat_lt y x"
  1.3345 +
  1.3346 +lemma cut_of_hrat: "cut_of_hrat x = (%y. hrat_lt y x)"
  1.3347 +  sorry
  1.3348 +
  1.3349 +lemma ISACUT_HRAT: "isacut (cut_of_hrat h)"
  1.3350 +  sorry
  1.3351  
  1.3352  typedef (open) hreal = "Collect isacut" 
  1.3353 -  by (rule typedef_helper,import hreal hreal_TY_DEF)
  1.3354 +  sorry
  1.3355  
  1.3356  lemmas hreal_TY_DEF = typedef_hol2hol4 [OF type_definition_hreal]
  1.3357  
  1.3358 @@ -2094,795 +1691,506 @@
  1.3359    hreal :: "(hrat => bool) => hreal" 
  1.3360    cut :: "hreal => hrat => bool" 
  1.3361  
  1.3362 -specification (cut hreal) hreal_tybij: "(ALL a::hreal. hreal (hreal.cut a) = a) &
  1.3363 -(ALL r::hrat => bool. isacut r = (hreal.cut (hreal r) = r))"
  1.3364 -  by (import hreal hreal_tybij)
  1.3365 -
  1.3366 -lemma EQUAL_CUTS: "ALL (X::hreal) Y::hreal. hreal.cut X = hreal.cut Y --> X = Y"
  1.3367 -  by (import hreal EQUAL_CUTS)
  1.3368 -
  1.3369 -lemma CUT_ISACUT: "ALL x::hreal. isacut (hreal.cut x)"
  1.3370 -  by (import hreal CUT_ISACUT)
  1.3371 -
  1.3372 -lemma CUT_NONEMPTY: "ALL x::hreal. Ex (hreal.cut x)"
  1.3373 -  by (import hreal CUT_NONEMPTY)
  1.3374 -
  1.3375 -lemma CUT_BOUNDED: "ALL x::hreal. EX xa::hrat. ~ hreal.cut x xa"
  1.3376 -  by (import hreal CUT_BOUNDED)
  1.3377 -
  1.3378 -lemma CUT_DOWN: "ALL (x::hreal) (xa::hrat) xb::hrat.
  1.3379 -   hreal.cut x xa & hrat_lt xb xa --> hreal.cut x xb"
  1.3380 -  by (import hreal CUT_DOWN)
  1.3381 -
  1.3382 -lemma CUT_UP: "ALL (x::hreal) xa::hrat.
  1.3383 -   hreal.cut x xa --> (EX y::hrat. hreal.cut x y & hrat_lt xa y)"
  1.3384 -  by (import hreal CUT_UP)
  1.3385 -
  1.3386 -lemma CUT_UBOUND: "ALL (x::hreal) (xa::hrat) xb::hrat.
  1.3387 -   ~ hreal.cut x xa & hrat_lt xa xb --> ~ hreal.cut x xb"
  1.3388 -  by (import hreal CUT_UBOUND)
  1.3389 -
  1.3390 -lemma CUT_STRADDLE: "ALL (X::hreal) (x::hrat) y::hrat.
  1.3391 -   hreal.cut X x & ~ hreal.cut X y --> hrat_lt x y"
  1.3392 -  by (import hreal CUT_STRADDLE)
  1.3393 -
  1.3394 -lemma CUT_NEARTOP_ADD: "ALL (X::hreal) e::hrat.
  1.3395 -   EX x::hrat. hreal.cut X x & ~ hreal.cut X (hrat_add x e)"
  1.3396 -  by (import hreal CUT_NEARTOP_ADD)
  1.3397 -
  1.3398 -lemma CUT_NEARTOP_MUL: "ALL (X::hreal) u::hrat.
  1.3399 -   hrat_lt hrat_1 u -->
  1.3400 -   (EX x::hrat. hreal.cut X x & ~ hreal.cut X (hrat_mul u x))"
  1.3401 -  by (import hreal CUT_NEARTOP_MUL)
  1.3402 -
  1.3403 -definition hreal_1 :: "hreal" where 
  1.3404 +specification (cut hreal) hreal_tybij: "(ALL a. hreal (cut a) = a) & (ALL r. isacut r = (cut (hreal r) = r))"
  1.3405 +  sorry
  1.3406 +
  1.3407 +lemma EQUAL_CUTS: "cut X = cut Y ==> X = Y"
  1.3408 +  sorry
  1.3409 +
  1.3410 +lemma CUT_ISACUT: "isacut (cut x)"
  1.3411 +  sorry
  1.3412 +
  1.3413 +lemma CUT_NONEMPTY: "Ex (cut x)"
  1.3414 +  sorry
  1.3415 +
  1.3416 +lemma CUT_BOUNDED: "EX xa. ~ cut x xa"
  1.3417 +  sorry
  1.3418 +
  1.3419 +lemma CUT_DOWN: "cut x xa & hrat_lt xb xa ==> cut x xb"
  1.3420 +  sorry
  1.3421 +
  1.3422 +lemma CUT_UP: "cut x xa ==> EX y. cut x y & hrat_lt xa y"
  1.3423 +  sorry
  1.3424 +
  1.3425 +lemma CUT_UBOUND: "~ cut x xa & hrat_lt xa xb ==> ~ cut x xb"
  1.3426 +  sorry
  1.3427 +
  1.3428 +lemma CUT_STRADDLE: "cut X x & ~ cut X y ==> hrat_lt x y"
  1.3429 +  sorry
  1.3430 +
  1.3431 +lemma CUT_NEARTOP_ADD: "EX x. cut X x & ~ cut X (hrat_add x e)"
  1.3432 +  sorry
  1.3433 +
  1.3434 +lemma CUT_NEARTOP_MUL: "hrat_lt hrat_1 u ==> EX x. cut X x & ~ cut X (hrat_mul u x)"
  1.3435 +  sorry
  1.3436 +
  1.3437 +definition
  1.3438 +  hreal_1 :: "hreal"  where
  1.3439    "hreal_1 == hreal (cut_of_hrat hrat_1)"
  1.3440  
  1.3441  lemma hreal_1: "hreal_1 = hreal (cut_of_hrat hrat_1)"
  1.3442 -  by (import hreal hreal_1)
  1.3443 -
  1.3444 -definition hreal_add :: "hreal => hreal => hreal" where 
  1.3445 -  "hreal_add ==
  1.3446 -%(X::hreal) Y::hreal.
  1.3447 -   hreal
  1.3448 -    (%w::hrat.
  1.3449 -        EX (x::hrat) y::hrat.
  1.3450 -           w = hrat_add x y & hreal.cut X x & hreal.cut Y y)"
  1.3451 -
  1.3452 -lemma hreal_add: "ALL (X::hreal) Y::hreal.
  1.3453 -   hreal_add X Y =
  1.3454 -   hreal
  1.3455 -    (%w::hrat.
  1.3456 -        EX (x::hrat) y::hrat.
  1.3457 -           w = hrat_add x y & hreal.cut X x & hreal.cut Y y)"
  1.3458 -  by (import hreal hreal_add)
  1.3459 -
  1.3460 -definition hreal_mul :: "hreal => hreal => hreal" where 
  1.3461 -  "hreal_mul ==
  1.3462 -%(X::hreal) Y::hreal.
  1.3463 -   hreal
  1.3464 -    (%w::hrat.
  1.3465 -        EX (x::hrat) y::hrat.
  1.3466 -           w = hrat_mul x y & hreal.cut X x & hreal.cut Y y)"
  1.3467 -
  1.3468 -lemma hreal_mul: "ALL (X::hreal) Y::hreal.
  1.3469 -   hreal_mul X Y =
  1.3470 -   hreal
  1.3471 -    (%w::hrat.
  1.3472 -        EX (x::hrat) y::hrat.
  1.3473 -           w = hrat_mul x y & hreal.cut X x & hreal.cut Y y)"
  1.3474 -  by (import hreal hreal_mul)
  1.3475 -
  1.3476 -definition hreal_inv :: "hreal => hreal" where 
  1.3477 +  sorry
  1.3478 +
  1.3479 +definition
  1.3480 +  hreal_add :: "hreal => hreal => hreal"  where
  1.3481 +  "hreal_add == %X Y. hreal (%w. EX x y. w = hrat_add x y & cut X x & cut Y y)"
  1.3482 +
  1.3483 +lemma hreal_add: "hreal_add X Y = hreal (%w. EX x y. w = hrat_add x y & cut X x & cut Y y)"
  1.3484 +  sorry
  1.3485 +
  1.3486 +definition
  1.3487 +  hreal_mul :: "hreal => hreal => hreal"  where
  1.3488 +  "hreal_mul == %X Y. hreal (%w. EX x y. w = hrat_mul x y & cut X x & cut Y y)"
  1.3489 +
  1.3490 +lemma hreal_mul: "hreal_mul X Y = hreal (%w. EX x y. w = hrat_mul x y & cut X x & cut Y y)"
  1.3491 +  sorry
  1.3492 +
  1.3493 +definition
  1.3494 +  hreal_inv :: "hreal => hreal"  where
  1.3495    "hreal_inv ==
  1.3496 -%X::hreal.
  1.3497 -   hreal
  1.3498 -    (%w::hrat.
  1.3499 -        EX d::hrat.
  1.3500 -           hrat_lt d hrat_1 &
  1.3501 -           (ALL x::hrat. hreal.cut X x --> hrat_lt (hrat_mul w x) d))"
  1.3502 -
  1.3503 -lemma hreal_inv: "ALL X::hreal.
  1.3504 -   hreal_inv X =
  1.3505 -   hreal
  1.3506 -    (%w::hrat.
  1.3507 -        EX d::hrat.
  1.3508 -           hrat_lt d hrat_1 &
  1.3509 -           (ALL x::hrat. hreal.cut X x --> hrat_lt (hrat_mul w x) d))"
  1.3510 -  by (import hreal hreal_inv)
  1.3511 -
  1.3512 -definition hreal_sup :: "(hreal => bool) => hreal" where 
  1.3513 -  "hreal_sup ==
  1.3514 -%P::hreal => bool. hreal (%w::hrat. EX X::hreal. P X & hreal.cut X w)"
  1.3515 -
  1.3516 -lemma hreal_sup: "ALL P::hreal => bool.
  1.3517 -   hreal_sup P = hreal (%w::hrat. EX X::hreal. P X & hreal.cut X w)"
  1.3518 -  by (import hreal hreal_sup)
  1.3519 -
  1.3520 -definition hreal_lt :: "hreal => hreal => bool" where 
  1.3521 -  "hreal_lt ==
  1.3522 -%(X::hreal) Y::hreal.
  1.3523 -   X ~= Y & (ALL x::hrat. hreal.cut X x --> hreal.cut Y x)"
  1.3524 -
  1.3525 -lemma hreal_lt: "ALL (X::hreal) Y::hreal.
  1.3526 -   hreal_lt X Y = (X ~= Y & (ALL x::hrat. hreal.cut X x --> hreal.cut Y x))"
  1.3527 -  by (import hreal hreal_lt)
  1.3528 -
  1.3529 -lemma HREAL_INV_ISACUT: "ALL X::hreal.
  1.3530 -   isacut
  1.3531 -    (%w::hrat.
  1.3532 -        EX d::hrat.
  1.3533 -           hrat_lt d hrat_1 &
  1.3534 -           (ALL x::hrat. hreal.cut X x --> hrat_lt (hrat_mul w x) d))"
  1.3535 -  by (import hreal HREAL_INV_ISACUT)
  1.3536 -
  1.3537 -lemma HREAL_ADD_ISACUT: "ALL (X::hreal) Y::hreal.
  1.3538 -   isacut
  1.3539 -    (%w::hrat.
  1.3540 -        EX (x::hrat) y::hrat.
  1.3541 -           w = hrat_add x y & hreal.cut X x & hreal.cut Y y)"
  1.3542 -  by (import hreal HREAL_ADD_ISACUT)
  1.3543 -
  1.3544 -lemma HREAL_MUL_ISACUT: "ALL (X::hreal) Y::hreal.
  1.3545 -   isacut
  1.3546 -    (%w::hrat.
  1.3547 -        EX (x::hrat) y::hrat.
  1.3548 -           w = hrat_mul x y & hreal.cut X x & hreal.cut Y y)"
  1.3549 -  by (import hreal HREAL_MUL_ISACUT)
  1.3550 -
  1.3551 -lemma HREAL_ADD_SYM: "ALL (X::hreal) Y::hreal. hreal_add X Y = hreal_add Y X"
  1.3552 -  by (import hreal HREAL_ADD_SYM)
  1.3553 -
  1.3554 -lemma HREAL_MUL_SYM: "ALL (X::hreal) Y::hreal. hreal_mul X Y = hreal_mul Y X"
  1.3555 -  by (import hreal HREAL_MUL_SYM)
  1.3556 -
  1.3557 -lemma HREAL_ADD_ASSOC: "ALL (X::hreal) (Y::hreal) Z::hreal.
  1.3558 -   hreal_add X (hreal_add Y Z) = hreal_add (hreal_add X Y) Z"
  1.3559 -  by (import hreal HREAL_ADD_ASSOC)
  1.3560 -
  1.3561 -lemma HREAL_MUL_ASSOC: "ALL (X::hreal) (Y::hreal) Z::hreal.
  1.3562 -   hreal_mul X (hreal_mul Y Z) = hreal_mul (hreal_mul X Y) Z"
  1.3563 -  by (import hreal HREAL_MUL_ASSOC)
  1.3564 -
  1.3565 -lemma HREAL_LDISTRIB: "ALL (X::hreal) (Y::hreal) Z::hreal.
  1.3566 -   hreal_mul X (hreal_add Y Z) = hreal_add (hreal_mul X Y) (hreal_mul X Z)"
  1.3567 -  by (import hreal HREAL_LDISTRIB)
  1.3568 -
  1.3569 -lemma HREAL_MUL_LID: "ALL X::hreal. hreal_mul hreal_1 X = X"
  1.3570 -  by (import hreal HREAL_MUL_LID)
  1.3571 -
  1.3572 -lemma HREAL_MUL_LINV: "ALL X::hreal. hreal_mul (hreal_inv X) X = hreal_1"
  1.3573 -  by (import hreal HREAL_MUL_LINV)
  1.3574 -
  1.3575 -lemma HREAL_NOZERO: "ALL (X::hreal) Y::hreal. hreal_add X Y ~= X"
  1.3576 -  by (import hreal HREAL_NOZERO)
  1.3577 -
  1.3578 -definition hreal_sub :: "hreal => hreal => hreal" where 
  1.3579 -  "hreal_sub ==
  1.3580 -%(Y::hreal) X::hreal.
  1.3581 -   hreal
  1.3582 -    (%w::hrat. EX x::hrat. ~ hreal.cut X x & hreal.cut Y (hrat_add x w))"
  1.3583 -
  1.3584 -lemma hreal_sub: "ALL (Y::hreal) X::hreal.
  1.3585 -   hreal_sub Y X =
  1.3586 -   hreal
  1.3587 -    (%w::hrat. EX x::hrat. ~ hreal.cut X x & hreal.cut Y (hrat_add x w))"
  1.3588 -  by (import hreal hreal_sub)
  1.3589 -
  1.3590 -lemma HREAL_LT_LEMMA: "ALL (X::hreal) Y::hreal.
  1.3591 -   hreal_lt X Y --> (EX x::hrat. ~ hreal.cut X x & hreal.cut Y x)"
  1.3592 -  by (import hreal HREAL_LT_LEMMA)
  1.3593 -
  1.3594 -lemma HREAL_SUB_ISACUT: "ALL (X::hreal) Y::hreal.
  1.3595 -   hreal_lt X Y -->
  1.3596 -   isacut
  1.3597 -    (%w::hrat. EX x::hrat. ~ hreal.cut X x & hreal.cut Y (hrat_add x w))"
  1.3598 -  by (import hreal HREAL_SUB_ISACUT)
  1.3599 -
  1.3600 -lemma HREAL_SUB_ADD: "ALL (X::hreal) Y::hreal. hreal_lt X Y --> hreal_add (hreal_sub Y X) X = Y"
  1.3601 -  by (import hreal HREAL_SUB_ADD)
  1.3602 -
  1.3603 -lemma HREAL_LT_TOTAL: "ALL (X::hreal) Y::hreal. X = Y | hreal_lt X Y | hreal_lt Y X"
  1.3604 -  by (import hreal HREAL_LT_TOTAL)
  1.3605 -
  1.3606 -lemma HREAL_LT: "ALL (X::hreal) Y::hreal. hreal_lt X Y = (EX D::hreal. Y = hreal_add X D)"
  1.3607 -  by (import hreal HREAL_LT)
  1.3608 -
  1.3609 -lemma HREAL_ADD_TOTAL: "ALL (X::hreal) Y::hreal.
  1.3610 -   X = Y |
  1.3611 -   (EX D::hreal. Y = hreal_add X D) | (EX D::hreal. X = hreal_add Y D)"
  1.3612 -  by (import hreal HREAL_ADD_TOTAL)
  1.3613 -
  1.3614 -lemma HREAL_SUP_ISACUT: "ALL P::hreal => bool.
  1.3615 -   Ex P & (EX Y::hreal. ALL X::hreal. P X --> hreal_lt X Y) -->
  1.3616 -   isacut (%w::hrat. EX X::hreal. P X & hreal.cut X w)"
  1.3617 -  by (import hreal HREAL_SUP_ISACUT)
  1.3618 -
  1.3619 -lemma HREAL_SUP: "ALL P::hreal => bool.
  1.3620 -   Ex P & (EX Y::hreal. ALL X::hreal. P X --> hreal_lt X Y) -->
  1.3621 -   (ALL Y::hreal.
  1.3622 -       (EX X::hreal. P X & hreal_lt Y X) = hreal_lt Y (hreal_sup P))"
  1.3623 -  by (import hreal HREAL_SUP)
  1.3624 +%X. hreal
  1.3625 +     (%w. EX d. hrat_lt d hrat_1 &
  1.3626 +                (ALL x. cut X x --> hrat_lt (hrat_mul w x) d))"
  1.3627 +
  1.3628 +lemma hreal_inv: "hreal_inv X =
  1.3629 +hreal
  1.3630 + (%w. EX d. hrat_lt d hrat_1 &
  1.3631 +            (ALL x. cut X x --> hrat_lt (hrat_mul w x) d))"
  1.3632 +  sorry
  1.3633 +
  1.3634 +definition
  1.3635 +  hreal_sup :: "(hreal => bool) => hreal"  where
  1.3636 +  "hreal_sup == %P. hreal (%w. EX X. P X & cut X w)"
  1.3637 +
  1.3638 +lemma hreal_sup: "hreal_sup P = hreal (%w. EX X. P X & cut X w)"
  1.3639 +  sorry
  1.3640 +
  1.3641 +definition
  1.3642 +  hreal_lt :: "hreal => hreal => bool"  where
  1.3643 +  "hreal_lt == %X Y. X ~= Y & (ALL x. cut X x --> cut Y x)"
  1.3644 +
  1.3645 +lemma hreal_lt: "hreal_lt X Y = (X ~= Y & (ALL x. cut X x --> cut Y x))"
  1.3646 +  sorry
  1.3647 +
  1.3648 +lemma HREAL_INV_ISACUT: "isacut
  1.3649 + (%w. EX d. hrat_lt d hrat_1 &
  1.3650 +            (ALL x. cut X x --> hrat_lt (hrat_mul w x) d))"
  1.3651 +  sorry
  1.3652 +
  1.3653 +lemma HREAL_ADD_ISACUT: "isacut (%w. EX x y. w = hrat_add x y & cut X x & cut Y y)"
  1.3654 +  sorry
  1.3655 +
  1.3656 +lemma HREAL_MUL_ISACUT: "isacut (%w. EX x y. w = hrat_mul x y & cut X x & cut Y y)"
  1.3657 +  sorry
  1.3658 +
  1.3659 +lemma HREAL_ADD_SYM: "hreal_add X Y = hreal_add Y X"
  1.3660 +  sorry
  1.3661 +
  1.3662 +lemma HREAL_MUL_SYM: "hreal_mul X Y = hreal_mul Y X"
  1.3663 +  sorry
  1.3664 +
  1.3665 +lemma HREAL_ADD_ASSOC: "hreal_add X (hreal_add Y Z) = hreal_add (hreal_add X Y) Z"
  1.3666 +  sorry
  1.3667 +
  1.3668 +lemma HREAL_MUL_ASSOC: "hreal_mul X (hreal_mul Y Z) = hreal_mul (hreal_mul X Y) Z"
  1.3669 +  sorry
  1.3670 +
  1.3671 +lemma HREAL_LDISTRIB: "hreal_mul X (hreal_add Y Z) = hreal_add (hreal_mul X Y) (hreal_mul X Z)"
  1.3672 +  sorry
  1.3673 +
  1.3674 +lemma HREAL_MUL_LID: "hreal_mul hreal_1 X = X"
  1.3675 +  sorry
  1.3676 +
  1.3677 +lemma HREAL_MUL_LINV: "hreal_mul (hreal_inv X) X = hreal_1"
  1.3678 +  sorry
  1.3679 +
  1.3680 +lemma HREAL_NOZERO: "hreal_add X Y ~= X"
  1.3681 +  sorry
  1.3682 +
  1.3683 +definition
  1.3684 +  hreal_sub :: "hreal => hreal => hreal"  where
  1.3685 +  "hreal_sub == %Y X. hreal (%w. EX x. ~ cut X x & cut Y (hrat_add x w))"
  1.3686 +
  1.3687 +lemma hreal_sub: "hreal_sub Y X = hreal (%w. EX x. ~ cut X x & cut Y (hrat_add x w))"
  1.3688 +  sorry
  1.3689 +
  1.3690 +lemma HREAL_LT_LEMMA: "hreal_lt X Y ==> EX x. ~ cut X x & cut Y x"
  1.3691 +  sorry
  1.3692 +
  1.3693 +lemma HREAL_SUB_ISACUT: "hreal_lt X Y ==> isacut (%w. EX x. ~ cut X x & cut Y (hrat_add x w))"
  1.3694 +  sorry
  1.3695 +
  1.3696 +lemma HREAL_SUB_ADD: "hreal_lt X Y ==> hreal_add (hreal_sub Y X) X = Y"
  1.3697 +  sorry
  1.3698 +
  1.3699 +lemma HREAL_LT_TOTAL: "X = Y | hreal_lt X Y | hreal_lt Y X"
  1.3700 +  sorry
  1.3701 +
  1.3702 +lemma HREAL_LT: "hreal_lt X Y = (EX D. Y = hreal_add X D)"
  1.3703 +  sorry
  1.3704 +
  1.3705 +lemma HREAL_ADD_TOTAL: "X = Y | (EX D. Y = hreal_add X D) | (EX D. X = hreal_add Y D)"
  1.3706 +  sorry
  1.3707 +
  1.3708 +lemma HREAL_SUP_ISACUT: "Ex P & (EX Y. ALL X. P X --> hreal_lt X Y)
  1.3709 +==> isacut (%w. EX X. P X & cut X w)"
  1.3710 +  sorry
  1.3711 +
  1.3712 +lemma HREAL_SUP: "Ex P & (EX Y. ALL X. P X --> hreal_lt X Y)
  1.3713 +==> (EX X. P X & hreal_lt Y X) = hreal_lt Y (hreal_sup P)"
  1.3714 +  sorry
  1.3715  
  1.3716  ;end_setup
  1.3717  
  1.3718  ;setup_theory numeral
  1.3719  
  1.3720  lemma numeral_suc: "Suc ALT_ZERO = NUMERAL_BIT1 ALT_ZERO &
  1.3721 -(ALL x::nat. Suc (NUMERAL_BIT1 x) = NUMERAL_BIT2 x) &
  1.3722 -(ALL x::nat. Suc (NUMERAL_BIT2 x) = NUMERAL_BIT1 (Suc x))"
  1.3723 -  by (import numeral numeral_suc)
  1.3724 -
  1.3725 -definition iZ :: "nat => nat" where 
  1.3726 -  "iZ == %x::nat. x"
  1.3727 -
  1.3728 -lemma iZ: "ALL x::nat. iZ x = x"
  1.3729 -  by (import numeral iZ)
  1.3730 -
  1.3731 -definition iiSUC :: "nat => nat" where 
  1.3732 -  "iiSUC == %n::nat. Suc (Suc n)"
  1.3733 -
  1.3734 -lemma iiSUC: "ALL n::nat. iiSUC n = Suc (Suc n)"
  1.3735 -  by (import numeral iiSUC)
  1.3736 -
  1.3737 -lemma numeral_distrib: "(op &::bool => bool => bool)
  1.3738 - ((All::(nat => bool) => bool)
  1.3739 -   (%x::nat.
  1.3740 -       (op =::nat => nat => bool) ((op +::nat => nat => nat) (0::nat) x) x))
  1.3741 - ((op &::bool => bool => bool)
  1.3742 -   ((All::(nat => bool) => bool)
  1.3743 -     (%x::nat.
  1.3744 -         (op =::nat => nat => bool) ((op +::nat => nat => nat) x (0::nat))
  1.3745 -          x))
  1.3746 -   ((op &::bool => bool => bool)
  1.3747 -     ((All::(nat => bool) => bool)
  1.3748 -       (%x::nat.
  1.3749 -           (All::(nat => bool) => bool)
  1.3750 -            (%xa::nat.
  1.3751 -                (op =::nat => nat => bool)
  1.3752 -                 ((op +::nat => nat => nat) ((NUMERAL::nat => nat) x)
  1.3753 -                   ((NUMERAL::nat => nat) xa))
  1.3754 -                 ((NUMERAL::nat => nat)
  1.3755 -                   ((iZ::nat => nat) ((op +::nat => nat => nat) x xa))))))
  1.3756 -     ((op &::bool => bool => bool)
  1.3757 -       ((All::(nat => bool) => bool)
  1.3758 -         (%x::nat.
  1.3759 -             (op =::nat => nat => bool)
  1.3760 -              ((op *::nat => nat => nat) (0::nat) x) (0::nat)))
  1.3761 -       ((op &::bool => bool => bool)
  1.3762 -         ((All::(nat => bool) => bool)
  1.3763 -           (%x::nat.
  1.3764 -               (op =::nat => nat => bool)
  1.3765 -                ((op *::nat => nat => nat) x (0::nat)) (0::nat)))
  1.3766 -         ((op &::bool => bool => bool)
  1.3767 -           ((All::(nat => bool) => bool)
  1.3768 -             (%x::nat.
  1.3769 -                 (All::(nat => bool) => bool)
  1.3770 -                  (%xa::nat.
  1.3771 -                      (op =::nat => nat => bool)
  1.3772 -                       ((op *::nat => nat => nat) ((NUMERAL::nat => nat) x)
  1.3773 -                         ((NUMERAL::nat => nat) xa))
  1.3774 -                       ((NUMERAL::nat => nat)
  1.3775 -                         ((op *::nat => nat => nat) x xa)))))
  1.3776 -           ((op &::bool => bool => bool)
  1.3777 -             ((All::(nat => bool) => bool)
  1.3778 -               (%x::nat.
  1.3779 -                   (op =::nat => nat => bool)
  1.3780 -                    ((op -::nat => nat => nat) (0::nat) x) (0::nat)))
  1.3781 -             ((op &::bool => bool => bool)
  1.3782 -               ((All::(nat => bool) => bool)
  1.3783 -                 (%x::nat.
  1.3784 -                     (op =::nat => nat => bool)
  1.3785 -                      ((op -::nat => nat => nat) x (0::nat)) x))
  1.3786 -               ((op &::bool => bool => bool)
  1.3787 -                 ((All::(nat => bool) => bool)
  1.3788 -                   (%x::nat.
  1.3789 -                       (All::(nat => bool) => bool)
  1.3790 -                        (%xa::nat.
  1.3791 -                            (op =::nat => nat => bool)
  1.3792 -                             ((op -::nat => nat => nat)
  1.3793 -                               ((NUMERAL::nat => nat) x)
  1.3794 -                               ((NUMERAL::nat => nat) xa))
  1.3795 -                             ((NUMERAL::nat => nat)
  1.3796 -                               ((op -::nat => nat => nat) x xa)))))
  1.3797 -                 ((op &::bool => bool => bool)
  1.3798 -                   ((All::(nat => bool) => bool)
  1.3799 -                     (%x::nat.
  1.3800 -                         (op =::nat => nat => bool)
  1.3801 -                          ((op ^::nat => nat => nat) (0::nat)
  1.3802 -                            ((NUMERAL::nat => nat)
  1.3803 -                              ((NUMERAL_BIT1::nat => nat) x)))
  1.3804 -                          (0::nat)))
  1.3805 -                   ((op &::bool => bool => bool)
  1.3806 -                     ((All::(nat => bool) => bool)
  1.3807 -                       (%x::nat.
  1.3808 -                           (op =::nat => nat => bool)
  1.3809 -                            ((op ^::nat => nat => nat) (0::nat)
  1.3810 -                              ((NUMERAL::nat => nat)
  1.3811 -                                ((NUMERAL_BIT2::nat => nat) x)))
  1.3812 -                            (0::nat)))
  1.3813 -                     ((op &::bool => bool => bool)
  1.3814 -                       ((All::(nat => bool) => bool)
  1.3815 -                         (%x::nat.
  1.3816 -                             (op =::nat => nat => bool)
  1.3817 -                              ((op ^::nat => nat => nat) x (0::nat))
  1.3818 -                              (1::nat)))
  1.3819 -                       ((op &::bool => bool => bool)
  1.3820 -                         ((All::(nat => bool) => bool)
  1.3821 -                           (%x::nat.
  1.3822 -                               (All::(nat => bool) => bool)
  1.3823 -                                (%xa::nat.
  1.3824 -                                    (op =::nat => nat => bool)
  1.3825 -                                     ((op ^::nat => nat => nat)
  1.3826 - ((NUMERAL::nat => nat) x) ((NUMERAL::nat => nat) xa))
  1.3827 -                                     ((NUMERAL::nat => nat)
  1.3828 - ((op ^::nat => nat => nat) x xa)))))
  1.3829 -                         ((op &::bool => bool => bool)
  1.3830 -                           ((op =::nat => nat => bool)
  1.3831 -                             ((Suc::nat => nat) (0::nat)) (1::nat))
  1.3832 -                           ((op &::bool => bool => bool)
  1.3833 -                             ((All::(nat => bool) => bool)
  1.3834 -                               (%x::nat.
  1.3835 -                                   (op =::nat => nat => bool)
  1.3836 -                                    ((Suc::nat => nat)
  1.3837 -((NUMERAL::nat => nat) x))
  1.3838 -                                    ((NUMERAL::nat => nat)
  1.3839 -((Suc::nat => nat) x))))
  1.3840 -                             ((op &::bool => bool => bool)
  1.3841 -                               ((op =::nat => nat => bool)
  1.3842 -                                 ((PRE::nat => nat) (0::nat)) (0::nat))
  1.3843 -                               ((op &::bool => bool => bool)
  1.3844 -                                 ((All::(nat => bool) => bool)
  1.3845 -                                   (%x::nat.
  1.3846 - (op =::nat => nat => bool) ((PRE::nat => nat) ((NUMERAL::nat => nat) x))
  1.3847 -  ((NUMERAL::nat => nat) ((PRE::nat => nat) x))))
  1.3848 -                                 ((op &::bool => bool => bool)
  1.3849 -                                   ((All::(nat => bool) => bool)
  1.3850 -                                     (%x::nat.
  1.3851 -   (op =::bool => bool => bool)
  1.3852 -    ((op =::nat => nat => bool) ((NUMERAL::nat => nat) x) (0::nat))
  1.3853 -    ((op =::nat => nat => bool) x (ALT_ZERO::nat))))
  1.3854 -                                   ((op &::bool => bool => bool)
  1.3855 -                                     ((All::(nat => bool) => bool)
  1.3856 - (%x::nat.
  1.3857 -     (op =::bool => bool => bool)
  1.3858 -      ((op =::nat => nat => bool) (0::nat) ((NUMERAL::nat => nat) x))
  1.3859 -      ((op =::nat => nat => bool) x (ALT_ZERO::nat))))
  1.3860 -                                     ((op &::bool => bool => bool)
  1.3861 - ((All::(nat => bool) => bool)
  1.3862 -   (%x::nat.
  1.3863 -       (All::(nat => bool) => bool)
  1.3864 -        (%xa::nat.
  1.3865 -            (op =::bool => bool => bool)
  1.3866 -             ((op =::nat => nat => bool) ((NUMERAL::nat => nat) x)
  1.3867 -               ((NUMERAL::nat => nat) xa))
  1.3868 -             ((op =::nat => nat => bool) x xa))))
  1.3869 - ((op &::bool => bool => bool)
  1.3870 -   ((All::(nat => bool) => bool)
  1.3871 -     (%x::nat.
  1.3872 -         (op =::bool => bool => bool)
  1.3873 -          ((op <::nat => nat => bool) x (0::nat)) (False::bool)))
  1.3874 -   ((op &::bool => bool => bool)
  1.3875 -     ((All::(nat => bool) => bool)
  1.3876 -       (%x::nat.
  1.3877 -           (op =::bool => bool => bool)
  1.3878 -            ((op <::nat => nat => bool) (0::nat) ((NUMERAL::nat => nat) x))
  1.3879 -            ((op <::nat => nat => bool) (ALT_ZERO::nat) x)))
  1.3880 -     ((op &::bool => bool => bool)
  1.3881 -       ((All::(nat => bool) => bool)
  1.3882 -         (%x::nat.
  1.3883 -             (All::(nat => bool) => bool)
  1.3884 -              (%xa::nat.
  1.3885 -                  (op =::bool => bool => bool)
  1.3886 -                   ((op <::nat => nat => bool) ((NUMERAL::nat => nat) x)
  1.3887 -                     ((NUMERAL::nat => nat) xa))
  1.3888 -                   ((op <::nat => nat => bool) x xa))))
  1.3889 -       ((op &::bool => bool => bool)
  1.3890 -         ((All::(nat => bool) => bool)
  1.3891 -           (%x::nat.
  1.3892 -               (op =::bool => bool => bool)
  1.3893 -                ((op <::nat => nat => bool) x (0::nat)) (False::bool)))
  1.3894 -         ((op &::bool => bool => bool)
  1.3895 -           ((All::(nat => bool) => bool)
  1.3896 -             (%x::nat.
  1.3897 -                 (op =::bool => bool => bool)
  1.3898 -                  ((op <::nat => nat => bool) (0::nat)
  1.3899 -                    ((NUMERAL::nat => nat) x))
  1.3900 -                  ((op <::nat => nat => bool) (ALT_ZERO::nat) x)))
  1.3901 -           ((op &::bool => bool => bool)
  1.3902 -             ((All::(nat => bool) => bool)
  1.3903 -               (%x::nat.
  1.3904 -                   (All::(nat => bool) => bool)
  1.3905 -                    (%xa::nat.
  1.3906 -                        (op =::bool => bool => bool)
  1.3907 -                         ((op <::nat => nat => bool)
  1.3908 -                           ((NUMERAL::nat => nat) xa)
  1.3909 -                           ((NUMERAL::nat => nat) x))
  1.3910 -                         ((op <::nat => nat => bool) xa x))))
  1.3911 -             ((op &::bool => bool => bool)
  1.3912 -               ((All::(nat => bool) => bool)
  1.3913 -                 (%x::nat.
  1.3914 -                     (op =::bool => bool => bool)
  1.3915 -                      ((op <=::nat => nat => bool) (0::nat) x)
  1.3916 -                      (True::bool)))
  1.3917 -               ((op &::bool => bool => bool)
  1.3918 -                 ((All::(nat => bool) => bool)
  1.3919 -                   (%x::nat.
  1.3920 -                       (op =::bool => bool => bool)
  1.3921 -                        ((op <=::nat => nat => bool)
  1.3922 -                          ((NUMERAL::nat => nat) x) (0::nat))
  1.3923 -                        ((op <=::nat => nat => bool) x (ALT_ZERO::nat))))
  1.3924 -                 ((op &::bool => bool => bool)
  1.3925 -                   ((All::(nat => bool) => bool)
  1.3926 -                     (%x::nat.
  1.3927 -                         (All::(nat => bool) => bool)
  1.3928 -                          (%xa::nat.
  1.3929 -                              (op =::bool => bool => bool)
  1.3930 -                               ((op <=::nat => nat => bool)
  1.3931 -                                 ((NUMERAL::nat => nat) x)
  1.3932 -                                 ((NUMERAL::nat => nat) xa))
  1.3933 -                               ((op <=::nat => nat => bool) x xa))))
  1.3934 -                   ((op &::bool => bool => bool)
  1.3935 -                     ((All::(nat => bool) => bool)
  1.3936 -                       (%x::nat.
  1.3937 -                           (op =::bool => bool => bool)
  1.3938 -                            ((op <=::nat => nat => bool) (0::nat) x)
  1.3939 -                            (True::bool)))
  1.3940 -                     ((op &::bool => bool => bool)
  1.3941 -                       ((All::(nat => bool) => bool)
  1.3942 -                         (%x::nat.
  1.3943 -                             (op =::bool => bool => bool)
  1.3944 -                              ((op <=::nat => nat => bool) x (0::nat))
  1.3945 -                              ((op =::nat => nat => bool) x (0::nat))))
  1.3946 -                       ((op &::bool => bool => bool)
  1.3947 -                         ((All::(nat => bool) => bool)
  1.3948 -                           (%x::nat.
  1.3949 -                               (All::(nat => bool) => bool)
  1.3950 -                                (%xa::nat.
  1.3951 -                                    (op =::bool => bool => bool)
  1.3952 -                                     ((op <=::nat => nat => bool)
  1.3953 - ((NUMERAL::nat => nat) xa) ((NUMERAL::nat => nat) x))
  1.3954 -                                     ((op <=::nat => nat => bool) xa x))))
  1.3955 -                         ((op &::bool => bool => bool)
  1.3956 -                           ((All::(nat => bool) => bool)
  1.3957 -                             (%x::nat.
  1.3958 -                                 (op =::bool => bool => bool)
  1.3959 -                                  ((ODD::nat => bool)
  1.3960 -                                    ((NUMERAL::nat => nat) x))
  1.3961 -                                  ((ODD::nat => bool) x)))
  1.3962 -                           ((op &::bool => bool => bool)
  1.3963 -                             ((All::(nat => bool) => bool)
  1.3964 -                               (%x::nat.
  1.3965 -                                   (op =::bool => bool => bool)
  1.3966 -                                    ((EVEN::nat => bool)
  1.3967 -((NUMERAL::nat => nat) x))
  1.3968 -                                    ((EVEN::nat => bool) x)))
  1.3969 -                             ((op &::bool => bool => bool)
  1.3970 -                               ((Not::bool => bool)
  1.3971 -                                 ((ODD::nat => bool) (0::nat)))
  1.3972 -                               ((EVEN::nat => bool)
  1.3973 -                                 (0::nat))))))))))))))))))))))))))))))))))))"
  1.3974 -  by (import numeral numeral_distrib)
  1.3975 +(ALL x. Suc (NUMERAL_BIT1 x) = NUMERAL_BIT2 x) &
  1.3976 +(ALL x. Suc (NUMERAL_BIT2 x) = NUMERAL_BIT1 (Suc x))"
  1.3977 +  sorry
  1.3978 +
  1.3979 +definition
  1.3980 +  iZ :: "nat => nat"  where
  1.3981 +  "iZ == %x. x"
  1.3982 +
  1.3983 +lemma iZ: "iZ x = x"
  1.3984 +  sorry
  1.3985 +
  1.3986 +definition
  1.3987 +  iiSUC :: "nat => nat"  where
  1.3988 +  "iiSUC == %n. Suc (Suc n)"
  1.3989 +
  1.3990 +lemma iiSUC: "iiSUC n = Suc (Suc n)"
  1.3991 +  sorry
  1.3992 +
  1.3993 +lemma numeral_distrib: "(ALL x::nat. (0::nat) + x = x) &
  1.3994 +(ALL x::nat. x + (0::nat) = x) &
  1.3995 +(ALL (x::nat) xa::nat. NUMERAL x + NUMERAL xa = NUMERAL (iZ (x + xa))) &
  1.3996 +(ALL x::nat. (0::nat) * x = (0::nat)) &
  1.3997 +(ALL x::nat. x * (0::nat) = (0::nat)) &
  1.3998 +(ALL (x::nat) xa::nat. NUMERAL x * NUMERAL xa = NUMERAL (x * xa)) &
  1.3999 +(ALL x::nat. (0::nat) - x = (0::nat)) &
  1.4000 +(ALL x::nat. x - (0::nat) = x) &
  1.4001 +(ALL (x::nat) xa::nat. NUMERAL x - NUMERAL xa = NUMERAL (x - xa)) &
  1.4002 +(ALL x::nat. (0::nat) ^ NUMERAL (NUMERAL_BIT1 x) = (0::nat)) &
  1.4003 +(ALL x::nat. (0::nat) ^ NUMERAL (NUMERAL_BIT2 x) = (0::nat)) &
  1.4004 +(ALL x::nat. x ^ (0::nat) = (1::nat)) &
  1.4005 +(ALL (x::nat) xa::nat. NUMERAL x ^ NUMERAL xa = NUMERAL (x ^ xa)) &
  1.4006 +Suc (0::nat) = (1::nat) &
  1.4007 +(ALL x::nat. Suc (NUMERAL x) = NUMERAL (Suc x)) &
  1.4008 +PRE (0::nat) = (0::nat) &
  1.4009 +(ALL x::nat. PRE (NUMERAL x) = NUMERAL (PRE x)) &
  1.4010 +(ALL x::nat. (NUMERAL x = (0::nat)) = (x = ALT_ZERO)) &
  1.4011 +(ALL x::nat. ((0::nat) = NUMERAL x) = (x = ALT_ZERO)) &
  1.4012 +(ALL (x::nat) xa::nat. (NUMERAL x = NUMERAL xa) = (x = xa)) &
  1.4013 +(ALL x::nat. (x < (0::nat)) = False) &
  1.4014 +(ALL x::nat. ((0::nat) < NUMERAL x) = (ALT_ZERO < x)) &
  1.4015 +(ALL (x::nat) xa::nat. (NUMERAL x < NUMERAL xa) = (x < xa)) &
  1.4016 +(ALL x::nat. (x < (0::nat)) = False) &
  1.4017 +(ALL x::nat. ((0::nat) < NUMERAL x) = (ALT_ZERO < x)) &
  1.4018 +(ALL (x::nat) xa::nat. (NUMERAL xa < NUMERAL x) = (xa < x)) &
  1.4019 +(ALL x::nat. ((0::nat) <= x) = True) &
  1.4020 +(ALL x::nat. (NUMERAL x <= (0::nat)) = (x <= ALT_ZERO)) &
  1.4021 +(ALL (x::nat) xa::nat. (NUMERAL x <= NUMERAL xa) = (x <= xa)) &
  1.4022 +(ALL x::nat. ((0::nat) <= x) = True) &
  1.4023 +(ALL x::nat. (x <= (0::nat)) = (x = (0::nat))) &
  1.4024 +(ALL (x::nat) xa::nat. (NUMERAL xa <= NUMERAL x) = (xa <= x)) &
  1.4025 +(ALL x::nat. ODD (NUMERAL x) = ODD x) &
  1.4026 +(ALL x::nat. EVEN (NUMERAL x) = EVEN x) & ~ ODD (0::nat) & EVEN (0::nat)"
  1.4027 +  sorry
  1.4028  
  1.4029  lemma numeral_iisuc: "iiSUC ALT_ZERO = NUMERAL_BIT2 ALT_ZERO &
  1.4030 -iiSUC (NUMERAL_BIT1 (n::nat)) = NUMERAL_BIT1 (Suc n) &
  1.4031 +iiSUC (NUMERAL_BIT1 n) = NUMERAL_BIT1 (Suc n) &
  1.4032  iiSUC (NUMERAL_BIT2 n) = NUMERAL_BIT2 (Suc n)"
  1.4033 -  by (import numeral numeral_iisuc)
  1.4034 -
  1.4035 -lemma numeral_add: "ALL (x::nat) xa::nat.
  1.4036 -   iZ (ALT_ZERO + x) = x &
  1.4037 -   iZ (x + ALT_ZERO) = x &
  1.4038 -   iZ (NUMERAL_BIT1 x + NUMERAL_BIT1 xa) = NUMERAL_BIT2 (iZ (x + xa)) &
  1.4039 -   iZ (NUMERAL_BIT1 x + NUMERAL_BIT2 xa) = NUMERAL_BIT1 (Suc (x + xa)) &
  1.4040 -   iZ (NUMERAL_BIT2 x + NUMERAL_BIT1 xa) = NUMERAL_BIT1 (Suc (x + xa)) &
  1.4041 -   iZ (NUMERAL_BIT2 x + NUMERAL_BIT2 xa) = NUMERAL_BIT2 (Suc (x + xa)) &
  1.4042 -   Suc (ALT_ZERO + x) = Suc x &
  1.4043 -   Suc (x + ALT_ZERO) = Suc x &
  1.4044 -   Suc (NUMERAL_BIT1 x + NUMERAL_BIT1 xa) = NUMERAL_BIT1 (Suc (x + xa)) &
  1.4045 -   Suc (NUMERAL_BIT1 x + NUMERAL_BIT2 xa) = NUMERAL_BIT2 (Suc (x + xa)) &
  1.4046 -   Suc (NUMERAL_BIT2 x + NUMERAL_BIT1 xa) = NUMERAL_BIT2 (Suc (x + xa)) &
  1.4047 -   Suc (NUMERAL_BIT2 x + NUMERAL_BIT2 xa) = NUMERAL_BIT1 (iiSUC (x + xa)) &
  1.4048 -   iiSUC (ALT_ZERO + x) = iiSUC x &
  1.4049 -   iiSUC (x + ALT_ZERO) = iiSUC x &
  1.4050 -   iiSUC (NUMERAL_BIT1 x + NUMERAL_BIT1 xa) = NUMERAL_BIT2 (Suc (x + xa)) &
  1.4051 -   iiSUC (NUMERAL_BIT1 x + NUMERAL_BIT2 xa) =
  1.4052 -   NUMERAL_BIT1 (iiSUC (x + xa)) &
  1.4053 -   iiSUC (NUMERAL_BIT2 x + NUMERAL_BIT1 xa) =
  1.4054 -   NUMERAL_BIT1 (iiSUC (x + xa)) &
  1.4055 -   iiSUC (NUMERAL_BIT2 x + NUMERAL_BIT2 xa) = NUMERAL_BIT2 (iiSUC (x + xa))"
  1.4056 -  by (import numeral numeral_add)
  1.4057 -
  1.4058 -lemma numeral_eq: "ALL (x::nat) xa::nat.
  1.4059 -   (ALT_ZERO = NUMERAL_BIT1 x) = False &
  1.4060 -   (NUMERAL_BIT1 x = ALT_ZERO) = False &
  1.4061 -   (ALT_ZERO = NUMERAL_BIT2 x) = False &
  1.4062 -   (NUMERAL_BIT2 x = ALT_ZERO) = False &
  1.4063 -   (NUMERAL_BIT1 x = NUMERAL_BIT2 xa) = False &
  1.4064 -   (NUMERAL_BIT2 x = NUMERAL_BIT1 xa) = False &
  1.4065 -   (NUMERAL_BIT1 x = NUMERAL_BIT1 xa) = (x = xa) &
  1.4066 -   (NUMERAL_BIT2 x = NUMERAL_BIT2 xa) = (x = xa)"
  1.4067 -  by (import numeral numeral_eq)
  1.4068 -
  1.4069 -lemma numeral_lt: "ALL (x::nat) xa::nat.
  1.4070 -   (ALT_ZERO < NUMERAL_BIT1 x) = True &
  1.4071 -   (ALT_ZERO < NUMERAL_BIT2 x) = True &
  1.4072 -   (x < ALT_ZERO) = False &
  1.4073 -   (NUMERAL_BIT1 x < NUMERAL_BIT1 xa) = (x < xa) &
  1.4074 -   (NUMERAL_BIT2 x < NUMERAL_BIT2 xa) = (x < xa) &
  1.4075 -   (NUMERAL_BIT1 x < NUMERAL_BIT2 xa) = (~ xa < x) &
  1.4076 -   (NUMERAL_BIT2 x < NUMERAL_BIT1 xa) = (x < xa)"
  1.4077 -  by (import numeral numeral_lt)
  1.4078 -
  1.4079 -lemma numeral_lte: "ALL (x::nat) xa::nat.
  1.4080 -   (ALT_ZERO <= x) = True &
  1.4081 -   (NUMERAL_BIT1 x <= ALT_ZERO) = False &
  1.4082 -   (NUMERAL_BIT2 x <= ALT_ZERO) = False &
  1.4083 -   (NUMERAL_BIT1 x <= NUMERAL_BIT1 xa) = (x <= xa) &
  1.4084 -   (NUMERAL_BIT1 x <= NUMERAL_BIT2 xa) = (x <= xa) &
  1.4085 -   (NUMERAL_BIT2 x <= NUMERAL_BIT1 xa) = (~ xa <= x) &
  1.4086 -   (NUMERAL_BIT2 x <= NUMERAL_BIT2 xa) = (x <= xa)"
  1.4087 -  by (import numeral numeral_lte)
  1.4088 +  sorry
  1.4089 +
  1.4090 +lemma numeral_add: "iZ (ALT_ZERO + x) = x &
  1.4091 +iZ (x + ALT_ZERO) = x &
  1.4092 +iZ (NUMERAL_BIT1 x + NUMERAL_BIT1 xa) = NUMERAL_BIT2 (iZ (x + xa)) &
  1.4093 +iZ (NUMERAL_BIT1 x + NUMERAL_BIT2 xa) = NUMERAL_BIT1 (Suc (x + xa)) &
  1.4094 +iZ (NUMERAL_BIT2 x + NUMERAL_BIT1 xa) = NUMERAL_BIT1 (Suc (x + xa)) &
  1.4095 +iZ (NUMERAL_BIT2 x + NUMERAL_BIT2 xa) = NUMERAL_BIT2 (Suc (x + xa)) &
  1.4096 +Suc (ALT_ZERO + x) = Suc x &
  1.4097 +Suc (x + ALT_ZERO) = Suc x &
  1.4098 +Suc (NUMERAL_BIT1 x + NUMERAL_BIT1 xa) = NUMERAL_BIT1 (Suc (x + xa)) &
  1.4099 +Suc (NUMERAL_BIT1 x + NUMERAL_BIT2 xa) = NUMERAL_BIT2 (Suc (x + xa)) &
  1.4100 +Suc (NUMERAL_BIT2 x + NUMERAL_BIT1 xa) = NUMERAL_BIT2 (Suc (x + xa)) &
  1.4101 +Suc (NUMERAL_BIT2 x + NUMERAL_BIT2 xa) = NUMERAL_BIT1 (iiSUC (x + xa)) &
  1.4102 +iiSUC (ALT_ZERO + x) = iiSUC x &
  1.4103 +iiSUC (x + ALT_ZERO) = iiSUC x &
  1.4104 +iiSUC (NUMERAL_BIT1 x + NUMERAL_BIT1 xa) = NUMERAL_BIT2 (Suc (x + xa)) &
  1.4105 +iiSUC (NUMERAL_BIT1 x + NUMERAL_BIT2 xa) = NUMERAL_BIT1 (iiSUC (x + xa)) &
  1.4106 +iiSUC (NUMERAL_BIT2 x + NUMERAL_BIT1 xa) = NUMERAL_BIT1 (iiSUC (x + xa)) &
  1.4107 +iiSUC (NUMERAL_BIT2 x + NUMERAL_BIT2 xa) = NUMERAL_BIT2 (iiSUC (x + xa))"
  1.4108 +  sorry
  1.4109 +
  1.4110 +lemma numeral_eq: "(ALT_ZERO = NUMERAL_BIT1 x) = False &
  1.4111 +(NUMERAL_BIT1 x = ALT_ZERO) = False &
  1.4112 +(ALT_ZERO = NUMERAL_BIT2 x) = False &
  1.4113 +(NUMERAL_BIT2 x = ALT_ZERO) = False &
  1.4114 +(NUMERAL_BIT1 x = NUMERAL_BIT2 xa) = False &
  1.4115 +(NUMERAL_BIT2 x = NUMERAL_BIT1 xa) = False &
  1.4116 +(NUMERAL_BIT1 x = NUMERAL_BIT1 xa) = (x = xa) &
  1.4117 +(NUMERAL_BIT2 x = NUMERAL_BIT2 xa) = (x = xa)"
  1.4118 +  sorry
  1.4119 +
  1.4120 +lemma numeral_lt: "(ALT_ZERO < NUMERAL_BIT1 x) = True &
  1.4121 +(ALT_ZERO < NUMERAL_BIT2 x) = True &
  1.4122 +(x < ALT_ZERO) = False &
  1.4123 +(NUMERAL_BIT1 x < NUMERAL_BIT1 xa) = (x < xa) &
  1.4124 +(NUMERAL_BIT2 x < NUMERAL_BIT2 xa) = (x < xa) &
  1.4125 +(NUMERAL_BIT1 x < NUMERAL_BIT2 xa) = (~ xa < x) &
  1.4126 +(NUMERAL_BIT2 x < NUMERAL_BIT1 xa) = (x < xa)"
  1.4127 +  sorry
  1.4128 +
  1.4129 +lemma numeral_lte: "(ALT_ZERO <= x) = True &
  1.4130 +(NUMERAL_BIT1 x <= ALT_ZERO) = False &
  1.4131 +(NUMERAL_BIT2 x <= ALT_ZERO) = False &
  1.4132 +(NUMERAL_BIT1 x <= NUMERAL_BIT1 xa) = (x <= xa) &
  1.4133 +(NUMERAL_BIT1 x <= NUMERAL_BIT2 xa) = (x <= xa) &
  1.4134 +(NUMERAL_BIT2 x <= NUMERAL_BIT1 xa) = (~ xa <= x) &
  1.4135 +(NUMERAL_BIT2 x <= NUMERAL_BIT2 xa) = (x <= xa)"
  1.4136 +  sorry
  1.4137  
  1.4138  lemma numeral_pre: "PRE ALT_ZERO = ALT_ZERO &
  1.4139  PRE (NUMERAL_BIT1 ALT_ZERO) = ALT_ZERO &
  1.4140 -(ALL x::nat.
  1.4141 +(ALL x.
  1.4142      PRE (NUMERAL_BIT1 (NUMERAL_BIT1 x)) =
  1.4143      NUMERAL_BIT2 (PRE (NUMERAL_BIT1 x))) &
  1.4144 -(ALL x::nat.
  1.4145 +(ALL x.
  1.4146      PRE (NUMERAL_BIT1 (NUMERAL_BIT2 x)) = NUMERAL_BIT2 (NUMERAL_BIT1 x)) &
  1.4147 -(ALL x::nat. PRE (NUMERAL_BIT2 x) = NUMERAL_BIT1 x)"
  1.4148 -  by (import numeral numeral_pre)
  1.4149 -
  1.4150 -lemma bit_initiality: "ALL (zf::'a::type) (b1f::nat => 'a::type => 'a::type)
  1.4151 -   b2f::nat => 'a::type => 'a::type.
  1.4152 -   EX x::nat => 'a::type.
  1.4153 -      x ALT_ZERO = zf &
  1.4154 -      (ALL n::nat. x (NUMERAL_BIT1 n) = b1f n (x n)) &
  1.4155 -      (ALL n::nat. x (NUMERAL_BIT2 n) = b2f n (x n))"
  1.4156 -  by (import numeral bit_initiality)
  1.4157 +(ALL x. PRE (NUMERAL_BIT2 x) = NUMERAL_BIT1 x)"
  1.4158 +  sorry
  1.4159 +
  1.4160 +lemma bit_initiality: "EX x. x ALT_ZERO = zf &
  1.4161 +      (ALL n. x (NUMERAL_BIT1 n) = b1f n (x n)) &
  1.4162 +      (ALL n. x (NUMERAL_BIT2 n) = b2f n (x n))"
  1.4163 +  sorry
  1.4164  
  1.4165  consts
  1.4166    iBIT_cases :: "nat => 'a => (nat => 'a) => (nat => 'a) => 'a" 
  1.4167  
  1.4168 -specification (iBIT_cases) iBIT_cases: "(ALL (zf::'a::type) (bf1::nat => 'a::type) bf2::nat => 'a::type.
  1.4169 +specification (iBIT_cases) iBIT_cases: "(ALL (zf::'a) (bf1::nat => 'a) bf2::nat => 'a.
  1.4170      iBIT_cases ALT_ZERO zf bf1 bf2 = zf) &
  1.4171 -(ALL (n::nat) (zf::'a::type) (bf1::nat => 'a::type) bf2::nat => 'a::type.
  1.4172 +(ALL (n::nat) (zf::'a) (bf1::nat => 'a) bf2::nat => 'a.
  1.4173      iBIT_cases (NUMERAL_BIT1 n) zf bf1 bf2 = bf1 n) &
  1.4174 -(ALL (n::nat) (zf::'a::type) (bf1::nat => 'a::type) bf2::nat => 'a::type.
  1.4175 +(ALL (n::nat) (zf::'a) (bf1::nat => 'a) bf2::nat => 'a.
  1.4176      iBIT_cases (NUMERAL_BIT2 n) zf bf1 bf2 = bf2 n)"
  1.4177 -  by (import numeral iBIT_cases)
  1.4178 -
  1.4179 -definition iDUB :: "nat => nat" where 
  1.4180 -  "iDUB == %x::nat. x + x"
  1.4181 -
  1.4182 -lemma iDUB: "ALL x::nat. iDUB x = x + x"
  1.4183 -  by (import numeral iDUB)
  1.4184 +  sorry
  1.4185 +
  1.4186 +definition
  1.4187 +  iDUB :: "nat => nat"  where
  1.4188 +  "iDUB == %x. x + x"
  1.4189 +
  1.4190 +lemma iDUB: "iDUB x = x + x"
  1.4191 +  sorry
  1.4192  
  1.4193  consts
  1.4194    iSUB :: "bool => nat => nat => nat" 
  1.4195  
  1.4196 -specification (iSUB) iSUB_DEF: "(ALL (b::bool) x::nat. iSUB b ALT_ZERO x = ALT_ZERO) &
  1.4197 -(ALL (b::bool) (n::nat) x::nat.
  1.4198 +specification (iSUB) iSUB_DEF: "(ALL b x. iSUB b ALT_ZERO x = ALT_ZERO) &
  1.4199 +(ALL b n x.
  1.4200      iSUB b (NUMERAL_BIT1 n) x =
  1.4201      (if b
  1.4202 -     then iBIT_cases x (NUMERAL_BIT1 n) (%m::nat. iDUB (iSUB True n m))
  1.4203 -           (%m::nat. NUMERAL_BIT1 (iSUB False n m))
  1.4204 -     else iBIT_cases x (iDUB n) (%m::nat. NUMERAL_BIT1 (iSUB False n m))
  1.4205 -           (%m::nat. iDUB (iSUB False n m)))) &
  1.4206 -(ALL (b::bool) (n::nat) x::nat.
  1.4207 +     then iBIT_cases x (NUMERAL_BIT1 n) (%m. iDUB (iSUB True n m))
  1.4208 +           (%m. NUMERAL_BIT1 (iSUB False n m))
  1.4209 +     else iBIT_cases x (iDUB n) (%m. NUMERAL_BIT1 (iSUB False n m))
  1.4210 +           (%m. iDUB (iSUB False n m)))) &
  1.4211 +(ALL b n x.
  1.4212      iSUB b (NUMERAL_BIT2 n) x =
  1.4213      (if b
  1.4214 -     then iBIT_cases x (NUMERAL_BIT2 n)
  1.4215 -           (%m::nat. NUMERAL_BIT1 (iSUB True n m))
  1.4216 -           (%m::nat. iDUB (iSUB True n m))
  1.4217 -     else iBIT_cases x (NUMERAL_BIT1 n) (%m::nat. iDUB (iSUB True n m))
  1.4218 -           (%m::nat. NUMERAL_BIT1 (iSUB False n m))))"
  1.4219 -  by (import numeral iSUB_DEF)
  1.4220 -
  1.4221 -lemma bit_induction: "ALL P::nat => bool.
  1.4222 -   P ALT_ZERO &
  1.4223 -   (ALL n::nat. P n --> P (NUMERAL_BIT1 n)) &
  1.4224 -   (ALL n::nat. P n --> P (NUMERAL_BIT2 n)) -->
  1.4225 -   All P"
  1.4226 -  by (import numeral bit_induction)
  1.4227 -
  1.4228 -lemma iSUB_THM: "ALL (xa::bool) (xb::nat) xc::nat.
  1.4229 -   iSUB xa ALT_ZERO (x::nat) = ALT_ZERO &
  1.4230 -   iSUB True xb ALT_ZERO = xb &
  1.4231 -   iSUB False (NUMERAL_BIT1 xb) ALT_ZERO = iDUB xb &
  1.4232 -   iSUB True (NUMERAL_BIT1 xb) (NUMERAL_BIT1 xc) = iDUB (iSUB True xb xc) &
  1.4233 -   iSUB False (NUMERAL_BIT1 xb) (NUMERAL_BIT1 xc) =
  1.4234 -   NUMERAL_BIT1 (iSUB False xb xc) &
  1.4235 -   iSUB True (NUMERAL_BIT1 xb) (NUMERAL_BIT2 xc) =
  1.4236 -   NUMERAL_BIT1 (iSUB False xb xc) &
  1.4237 -   iSUB False (NUMERAL_BIT1 xb) (NUMERAL_BIT2 xc) =
  1.4238 -   iDUB (iSUB False xb xc) &
  1.4239 -   iSUB False (NUMERAL_BIT2 xb) ALT_ZERO = NUMERAL_BIT1 xb &
  1.4240 -   iSUB True (NUMERAL_BIT2 xb) (NUMERAL_BIT1 xc) =
  1.4241 -   NUMERAL_BIT1 (iSUB True xb xc) &
  1.4242 -   iSUB False (NUMERAL_BIT2 xb) (NUMERAL_BIT1 xc) = iDUB (iSUB True xb xc) &
  1.4243 -   iSUB True (NUMERAL_BIT2 xb) (NUMERAL_BIT2 xc) = iDUB (iSUB True xb xc) &
  1.4244 -   iSUB False (NUMERAL_BIT2 xb) (NUMERAL_BIT2 xc) =
  1.4245 -   NUMERAL_BIT1 (iSUB False xb xc)"
  1.4246 -  by (import numeral iSUB_THM)
  1.4247 -
  1.4248 -lemma numeral_sub: "ALL (x::nat) xa::nat.
  1.4249 -   NUMERAL (x - xa) = (if xa < x then NUMERAL (iSUB True x xa) else 0)"
  1.4250 -  by (import numeral numeral_sub)
  1.4251 -
  1.4252 -lemma iDUB_removal: "ALL x::nat.
  1.4253 -   iDUB (NUMERAL_BIT1 x) = NUMERAL_BIT2 (iDUB x) &
  1.4254 -   iDUB (NUMERAL_BIT2 x) = NUMERAL_BIT2 (NUMERAL_BIT1 x) &
  1.4255 -   iDUB ALT_ZERO = ALT_ZERO"
  1.4256 -  by (import numeral iDUB_removal)
  1.4257 -
  1.4258 -lemma numeral_mult: "ALL (x::nat) xa::nat.
  1.4259 -   ALT_ZERO * x = ALT_ZERO &
  1.4260 -   x * ALT_ZERO = ALT_ZERO &
  1.4261 -   NUMERAL_BIT1 x * xa = iZ (iDUB (x * xa) + xa) &
  1.4262 -   NUMERAL_BIT2 x * xa = iDUB (iZ (x * xa + xa))"
  1.4263 -  by (import numeral numeral_mult)
  1.4264 -
  1.4265 -definition iSQR :: "nat => nat" where 
  1.4266 -  "iSQR == %x::nat. x * x"
  1.4267 -
  1.4268 -lemma iSQR: "ALL x::nat. iSQR x = x * x"
  1.4269 -  by (import numeral iSQR)
  1.4270 -
  1.4271 -lemma numeral_exp: "(ALL x::nat. x ^ ALT_ZERO = NUMERAL_BIT1 ALT_ZERO) &
  1.4272 -(ALL (x::nat) xa::nat. x ^ NUMERAL_BIT1 xa = x * iSQR (x ^ xa)) &
  1.4273 -(ALL (x::nat) xa::nat. x ^ NUMERAL_BIT2 xa = iSQR x * iSQR (x ^ xa))"
  1.4274 -  by (import numeral numeral_exp)
  1.4275 -
  1.4276 -lemma numeral_evenodd: "ALL x::nat.
  1.4277 -   EVEN ALT_ZERO &
  1.4278 -   EVEN (NUMERAL_BIT2 x) &
  1.4279 -   ~ EVEN (NUMERAL_BIT1 x) &
  1.4280 -   ~ ODD ALT_ZERO & ~ ODD (NUMERAL_BIT2 x) & ODD (NUMERAL_BIT1 x)"
  1.4281 -  by (import numeral numeral_evenodd)
  1.4282 -
  1.4283 -lemma numeral_fact: "ALL n::nat. FACT n = (if n = 0 then 1 else n * FACT (PRE n))"
  1.4284 -  by (import numeral numeral_fact)
  1.4285 -
  1.4286 -lemma numeral_funpow: "ALL n::nat.
  1.4287 -   ((f::'a::type => 'a::type) ^^ n) (x::'a::type) =
  1.4288 -   (if n = 0 then x else (f ^^ (n - 1)) (f x))"
  1.4289 -  by (import numeral numeral_funpow)
  1.4290 +     then iBIT_cases x (NUMERAL_BIT2 n) (%m. NUMERAL_BIT1 (iSUB True n m))
  1.4291 +           (%m. iDUB (iSUB True n m))
  1.4292 +     else iBIT_cases x (NUMERAL_BIT1 n) (%m. iDUB (iSUB True n m))
  1.4293 +           (%m. NUMERAL_BIT1 (iSUB False n m))))"
  1.4294 +  sorry
  1.4295 +
  1.4296 +lemma bit_induction: "P ALT_ZERO &
  1.4297 +(ALL n. P n --> P (NUMERAL_BIT1 n)) & (ALL n. P n --> P (NUMERAL_BIT2 n))
  1.4298 +==> P x"
  1.4299 +  sorry
  1.4300 +
  1.4301 +lemma iSUB_THM: "iSUB (x::bool) ALT_ZERO (xn::nat) = ALT_ZERO &
  1.4302 +iSUB True (xa::nat) ALT_ZERO = xa &
  1.4303 +iSUB False (NUMERAL_BIT1 xa) ALT_ZERO = iDUB xa &
  1.4304 +iSUB True (NUMERAL_BIT1 xa) (NUMERAL_BIT1 (xb::nat)) =
  1.4305 +iDUB (iSUB True xa xb) &
  1.4306 +iSUB False (NUMERAL_BIT1 xa) (NUMERAL_BIT1 xb) =
  1.4307 +NUMERAL_BIT1 (iSUB False xa xb) &
  1.4308 +iSUB True (NUMERAL_BIT1 xa) (NUMERAL_BIT2 xb) =
  1.4309 +NUMERAL_BIT1 (iSUB False xa xb) &
  1.4310 +iSUB False (NUMERAL_BIT1 xa) (NUMERAL_BIT2 xb) = iDUB (iSUB False xa xb) &
  1.4311 +iSUB False (NUMERAL_BIT2 xa) ALT_ZERO = NUMERAL_BIT1 xa &
  1.4312 +iSUB True (NUMERAL_BIT2 xa) (NUMERAL_BIT1 xb) =
  1.4313 +NUMERAL_BIT1 (iSUB True xa xb) &
  1.4314 +iSUB False (NUMERAL_BIT2 xa) (NUMERAL_BIT1 xb) = iDUB (iSUB True xa xb) &
  1.4315 +iSUB True (NUMERAL_BIT2 xa) (NUMERAL_BIT2 xb) = iDUB (iSUB True xa xb) &
  1.4316 +iSUB False (NUMERAL_BIT2 xa) (NUMERAL_BIT2 xb) =
  1.4317 +NUMERAL_BIT1 (iSUB False xa xb)"
  1.4318 +  sorry
  1.4319 +
  1.4320 +lemma numeral_sub: "NUMERAL (x - xa) = (if xa < x then NUMERAL (iSUB True x xa) else 0)"
  1.4321 +  sorry
  1.4322 +
  1.4323 +lemma iDUB_removal: "iDUB (NUMERAL_BIT1 x) = NUMERAL_BIT2 (iDUB x) &
  1.4324 +iDUB (NUMERAL_BIT2 x) = NUMERAL_BIT2 (NUMERAL_BIT1 x) &
  1.4325 +iDUB ALT_ZERO = ALT_ZERO"
  1.4326 +  sorry
  1.4327 +
  1.4328 +lemma numeral_mult: "ALT_ZERO * x = ALT_ZERO &
  1.4329 +x * ALT_ZERO = ALT_ZERO &
  1.4330 +NUMERAL_BIT1 x * xa = iZ (iDUB (x * xa) + xa) &
  1.4331 +NUMERAL_BIT2 x * xa = iDUB (iZ (x * xa + xa))"
  1.4332 +  sorry
  1.4333 +
  1.4334 +definition
  1.4335 +  iSQR :: "nat => nat"  where
  1.4336 +  "iSQR == %x. x * x"
  1.4337 +
  1.4338 +lemma iSQR: "iSQR x = x * x"
  1.4339 +  sorry
  1.4340 +
  1.4341 +lemma numeral_exp: "(ALL x. x ^ ALT_ZERO = NUMERAL_BIT1 ALT_ZERO) &
  1.4342 +(ALL x xa. x ^ NUMERAL_BIT1 xa = x * iSQR (x ^ xa)) &
  1.4343 +(ALL x xa. x ^ NUMERAL_BIT2 xa = iSQR x * iSQR (x ^ xa))"
  1.4344 +  sorry
  1.4345 +
  1.4346 +lemma numeral_evenodd: "EVEN ALT_ZERO &
  1.4347 +EVEN (NUMERAL_BIT2 x) &
  1.4348 +~ EVEN (NUMERAL_BIT1 x) &
  1.4349 +~ ODD ALT_ZERO & ~ ODD (NUMERAL_BIT2 x) & ODD (NUMERAL_BIT1 x)"
  1.4350 +  sorry
  1.4351 +
  1.4352 +lemma numeral_fact: "FACT n = (if n = 0 then 1 else n * FACT (PRE n))"
  1.4353 +  sorry
  1.4354 +
  1.4355 +lemma numeral_funpow: "(f ^^ n) x = (if n = 0 then x else (f ^^ (n - 1)) (f x))"
  1.4356 +  sorry
  1.4357  
  1.4358  ;end_setup
  1.4359  
  1.4360  ;setup_theory ind_type
  1.4361  
  1.4362 -lemma INJ_INVERSE2: "ALL P::'A::type => 'B::type => 'C::type.
  1.4363 -   (ALL (x1::'A::type) (y1::'B::type) (x2::'A::type) y2::'B::type.
  1.4364 -       (P x1 y1 = P x2 y2) = (x1 = x2 & y1 = y2)) -->
  1.4365 -   (EX (x::'C::type => 'A::type) Y::'C::type => 'B::type.
  1.4366 -       ALL (xa::'A::type) y::'B::type. x (P xa y) = xa & Y (P xa y) = y)"
  1.4367 -  by (import ind_type INJ_INVERSE2)
  1.4368 -
  1.4369 -definition NUMPAIR :: "nat => nat => nat" where 
  1.4370 -  "NUMPAIR == %(x::nat) y::nat. 2 ^ x * (2 * y + 1)"
  1.4371 -
  1.4372 -lemma NUMPAIR: "ALL (x::nat) y::nat. NUMPAIR x y = 2 ^ x * (2 * y + 1)"
  1.4373 -  by (import ind_type NUMPAIR)
  1.4374 -
  1.4375 -lemma NUMPAIR_INJ_LEMMA: "ALL (x::nat) (xa::nat) (xb::nat) xc::nat.
  1.4376 -   NUMPAIR x xa = NUMPAIR xb xc --> x = xb"
  1.4377 -  by (import ind_type NUMPAIR_INJ_LEMMA)
  1.4378 -
  1.4379 -lemma NUMPAIR_INJ: "ALL (x1::nat) (y1::nat) (x2::nat) y2::nat.
  1.4380 -   (NUMPAIR x1 y1 = NUMPAIR x2 y2) = (x1 = x2 & y1 = y2)"
  1.4381 -  by (import ind_type NUMPAIR_INJ)
  1.4382 +lemma INJ_INVERSE2: "(!!(x1::'A) (y1::'B) (x2::'A) y2::'B.
  1.4383 +    ((P::'A => 'B => 'C) x1 y1 = P x2 y2) = (x1 = x2 & y1 = y2))
  1.4384 +==> EX (x::'C => 'A) Y::'C => 'B.
  1.4385 +       ALL (xa::'A) y::'B. x (P xa y) = xa & Y (P xa y) = y"
  1.4386 +  sorry
  1.4387 +
  1.4388 +definition
  1.4389 +  NUMPAIR :: "nat => nat => nat"  where
  1.4390 +  "NUMPAIR == %x y. 2 ^ x * (2 * y + 1)"
  1.4391 +
  1.4392 +lemma NUMPAIR: "NUMPAIR x y = 2 ^ x * (2 * y + 1)"
  1.4393 +  sorry
  1.4394 +
  1.4395 +lemma NUMPAIR_INJ_LEMMA: "NUMPAIR x xa = NUMPAIR xb xc ==> x = xb"
  1.4396 +  sorry
  1.4397 +
  1.4398 +lemma NUMPAIR_INJ: "(NUMPAIR x1 y1 = NUMPAIR x2 y2) = (x1 = x2 & y1 = y2)"
  1.4399 +  sorry
  1.4400  
  1.4401  consts
  1.4402    NUMSND :: "nat => nat" 
  1.4403    NUMFST :: "nat => nat" 
  1.4404  
  1.4405 -specification (NUMFST NUMSND) NUMPAIR_DEST: "ALL (x::nat) y::nat. NUMFST (NUMPAIR x y) = x & NUMSND (NUMPAIR x y) = y"
  1.4406 -  by (import ind_type NUMPAIR_DEST)
  1.4407 -
  1.4408 -definition NUMSUM :: "bool => nat => nat" where 
  1.4409 -  "NUMSUM == %(b::bool) x::nat. if b then Suc (2 * x) else 2 * x"
  1.4410 -
  1.4411 -lemma NUMSUM: "ALL (b::bool) x::nat. NUMSUM b x = (if b then Suc (2 * x) else 2 * x)"
  1.4412 -  by (import ind_type NUMSUM)
  1.4413 -
  1.4414 -lemma NUMSUM_INJ: "ALL (b1::bool) (x1::nat) (b2::bool) x2::nat.
  1.4415 -   (NUMSUM b1 x1 = NUMSUM b2 x2) = (b1 = b2 & x1 = x2)"
  1.4416 -  by (import ind_type NUMSUM_INJ)
  1.4417 +specification (NUMFST NUMSND) NUMPAIR_DEST: "ALL x y. NUMFST (NUMPAIR x y) = x & NUMSND (NUMPAIR x y) = y"
  1.4418 +  sorry
  1.4419 +
  1.4420 +definition
  1.4421 +  NUMSUM :: "bool => nat => nat"  where
  1.4422 +  "NUMSUM == %b x. if b then Suc (2 * x) else 2 * x"
  1.4423 +
  1.4424 +lemma NUMSUM: "NUMSUM b x = (if b then Suc (2 * x) else 2 * x)"
  1.4425 +  sorry
  1.4426 +
  1.4427 +lemma NUMSUM_INJ: "(NUMSUM b1 x1 = NUMSUM b2 x2) = (b1 = b2 & x1 = x2)"
  1.4428 +  sorry
  1.4429  
  1.4430  consts
  1.4431    NUMRIGHT :: "nat => nat" 
  1.4432    NUMLEFT :: "nat => bool" 
  1.4433  
  1.4434 -specification (NUMLEFT NUMRIGHT) NUMSUM_DEST: "ALL (x::bool) y::nat. NUMLEFT (NUMSUM x y) = x & NUMRIGHT (NUMSUM x y) = y"
  1.4435 -  by (import ind_type NUMSUM_DEST)
  1.4436 -
  1.4437 -definition INJN :: "nat => nat => 'a => bool" where 
  1.4438 -  "INJN == %(m::nat) (n::nat) a::'a::type. n = m"
  1.4439 -
  1.4440 -lemma INJN: "ALL m::nat. INJN m = (%(n::nat) a::'a::type. n = m)"
  1.4441 -  by (import ind_type INJN)
  1.4442 -
  1.4443 -lemma INJN_INJ: "ALL (n1::nat) n2::nat. (INJN n1 = INJN n2) = (n1 = n2)"
  1.4444 -  by (import ind_type INJN_INJ)
  1.4445 -
  1.4446 -definition INJA :: "'a => nat => 'a => bool" where 
  1.4447 -  "INJA == %(a::'a::type) (n::nat) b::'a::type. b = a"
  1.4448 -
  1.4449 -lemma INJA: "ALL a::'a::type. INJA a = (%(n::nat) b::'a::type. b = a)"
  1.4450 -  by (import ind_type INJA)
  1.4451 -
  1.4452 -lemma INJA_INJ: "ALL (a1::'a::type) a2::'a::type. (INJA a1 = INJA a2) = (a1 = a2)"
  1.4453 -  by (import ind_type INJA_INJ)
  1.4454 -
  1.4455 -definition INJF :: "(nat => nat => 'a => bool) => nat => 'a => bool" where 
  1.4456 -  "INJF == %(f::nat => nat => 'a::type => bool) n::nat. f (NUMFST n) (NUMSND n)"
  1.4457 -
  1.4458 -lemma INJF: "ALL f::nat => nat => 'a::type => bool.
  1.4459 -   INJF f = (%n::nat. f (NUMFST n) (NUMSND n))"
  1.4460 -  by (import ind_type INJF)
  1.4461 -
  1.4462 -lemma INJF_INJ: "ALL (f1::nat => nat => 'a::type => bool) f2::nat => nat => 'a::type => bool.
  1.4463 -   (INJF f1 = INJF f2) = (f1 = f2)"
  1.4464 -  by (import ind_type INJF_INJ)
  1.4465 -
  1.4466 -definition INJP :: "(nat => 'a => bool) => (nat => 'a => bool) => nat => 'a => bool" where 
  1.4467 +specification (NUMLEFT NUMRIGHT) NUMSUM_DEST: "ALL x y. NUMLEFT (NUMSUM x y) = x & NUMRIGHT (NUMSUM x y) = y"
  1.4468 +  sorry
  1.4469 +
  1.4470 +definition
  1.4471 +  INJN :: "nat => nat => 'a => bool"  where
  1.4472 +  "INJN == %m n a. n = m"
  1.4473 +
  1.4474 +lemma INJN: "INJN m = (%n a. n = m)"
  1.4475 +  sorry
  1.4476 +
  1.4477 +lemma INJN_INJ: "(INJN n1 = INJN n2) = (n1 = n2)"
  1.4478 +  sorry
  1.4479 +
  1.4480 +definition
  1.4481 +  INJA :: "'a => nat => 'a => bool"  where
  1.4482 +  "INJA == %a n b. b = a"
  1.4483 +
  1.4484 +lemma INJA: "INJA a = (%n b. b = a)"
  1.4485 +  sorry
  1.4486 +
  1.4487 +lemma INJA_INJ: "(INJA a1 = INJA a2) = (a1 = a2)"
  1.4488 +  sorry
  1.4489 +
  1.4490 +definition
  1.4491 +  INJF :: "(nat => nat => 'a => bool) => nat => 'a => bool"  where
  1.4492 +  "INJF == %f n. f (NUMFST n) (NUMSND n)"
  1.4493 +
  1.4494 +lemma INJF: "INJF f = (%n. f (NUMFST n) (NUMSND n))"
  1.4495 +  sorry
  1.4496 +
  1.4497 +lemma INJF_INJ: "(INJF f1 = INJF f2) = (f1 = f2)"
  1.4498 +  sorry
  1.4499 +
  1.4500 +definition
  1.4501 +  INJP :: "(nat => 'a => bool) => (nat => 'a => bool) => nat => 'a => bool"  where
  1.4502    "INJP ==
  1.4503 -%(f1::nat => 'a::type => bool) (f2::nat => 'a::type => bool) (n::nat)
  1.4504 -   a::'a::type. if NUMLEFT n then f1 (NUMRIGHT n) a else f2 (NUMRIGHT n) a"
  1.4505 -
  1.4506 -lemma INJP: "ALL (f1::nat => 'a::type => bool) f2::nat => 'a::type => bool.
  1.4507 -   INJP f1 f2 =
  1.4508 -   (%(n::nat) a::'a::type.
  1.4509 -       if NUMLEFT n then f1 (NUMRIGHT n) a else f2 (NUMRIGHT n) a)"
  1.4510 -  by (import ind_type INJP)
  1.4511 -
  1.4512 -lemma INJP_INJ: "ALL (f1::nat => 'a::type => bool) (f1'::nat => 'a::type => bool)
  1.4513 -   (f2::nat => 'a::type => bool) f2'::nat => 'a::type => bool.
  1.4514 -   (INJP f1 f2 = INJP f1' f2') = (f1 = f1' & f2 = f2')"
  1.4515 -  by (import ind_type INJP_INJ)
  1.4516 -
  1.4517 -definition ZCONSTR :: "nat => 'a => (nat => nat => 'a => bool) => nat => 'a => bool" where 
  1.4518 -  "ZCONSTR ==
  1.4519 -%(c::nat) (i::'a::type) r::nat => nat => 'a::type => bool.
  1.4520 -   INJP (INJN (Suc c)) (INJP (INJA i) (INJF r))"
  1.4521 -
  1.4522 -lemma ZCONSTR: "ALL (c::nat) (i::'a::type) r::nat => nat => 'a::type => bool.
  1.4523 -   ZCONSTR c i r = INJP (INJN (Suc c)) (INJP (INJA i) (INJF r))"
  1.4524 -  by (import ind_type ZCONSTR)
  1.4525 -
  1.4526 -definition ZBOT :: "nat => 'a => bool" where 
  1.4527 -  "ZBOT == INJP (INJN 0) (SOME z::nat => 'a::type => bool. True)"
  1.4528 -
  1.4529 -lemma ZBOT: "ZBOT = INJP (INJN 0) (SOME z::nat => 'a::type => bool. True)"
  1.4530 -  by (import ind_type ZBOT)
  1.4531 -
  1.4532 -lemma ZCONSTR_ZBOT: "ALL (x::nat) (xa::'a::type) xb::nat => nat => 'a::type => bool.
  1.4533 -   ZCONSTR x xa xb ~= ZBOT"
  1.4534 -  by (import ind_type ZCONSTR_ZBOT)
  1.4535 -
  1.4536 -definition ZRECSPACE :: "(nat => 'a => bool) => bool" where 
  1.4537 +%f1 f2 n a. if NUMLEFT n then f1 (NUMRIGHT n) a else f2 (NUMRIGHT n) a"
  1.4538 +
  1.4539 +lemma INJP: "INJP f1 f2 =
  1.4540 +(%n a. if NUMLEFT n then f1 (NUMRIGHT n) a else f2 (NUMRIGHT n) a)"
  1.4541 +  sorry
  1.4542 +
  1.4543 +lemma INJP_INJ: "(INJP f1 f2 = INJP f1' f2') = (f1 = f1' & f2 = f2')"
  1.4544 +  sorry
  1.4545 +
  1.4546 +definition
  1.4547 +  ZCONSTR :: "nat => 'a => (nat => nat => 'a => bool) => nat => 'a => bool"  where
  1.4548 +  "ZCONSTR == %c i r. INJP (INJN (Suc c)) (INJP (INJA i) (INJF r))"
  1.4549 +
  1.4550 +lemma ZCONSTR: "ZCONSTR c i r = INJP (INJN (Suc c)) (INJP (INJA i) (INJF r))"
  1.4551 +  sorry
  1.4552 +
  1.4553 +definition
  1.4554 +  ZBOT :: "nat => 'a => bool"  where
  1.4555 +  "ZBOT == INJP (INJN 0) (SOME z. True)"
  1.4556 +
  1.4557 +lemma ZBOT: "ZBOT = INJP (INJN 0) (SOME z. True)"
  1.4558 +  sorry
  1.4559 +
  1.4560 +lemma ZCONSTR_ZBOT: "ZCONSTR x xa xb ~= ZBOT"
  1.4561 +  sorry
  1.4562 +
  1.4563 +definition
  1.4564 +  ZRECSPACE :: "(nat => 'a => bool) => bool"  where
  1.4565    "ZRECSPACE ==
  1.4566 -%a0::nat => 'a::type => bool.
  1.4567 -   ALL ZRECSPACE'::(nat => 'a::type => bool) => bool.
  1.4568 -      (ALL a0::nat => 'a::type => bool.
  1.4569 -          a0 = ZBOT |
  1.4570 -          (EX (c::nat) (i::'a::type) r::nat => nat => 'a::type => bool.
  1.4571 -              a0 = ZCONSTR c i r & (ALL n::nat. ZRECSPACE' (r n))) -->
  1.4572 -          ZRECSPACE' a0) -->
  1.4573 -      ZRECSPACE' a0"
  1.4574 +%a0. ALL ZRECSPACE'.
  1.4575 +        (ALL a0.
  1.4576 +            a0 = ZBOT |
  1.4577 +            (EX c i r. a0 = ZCONSTR c i r & (ALL n. ZRECSPACE' (r n))) -->
  1.4578 +            ZRECSPACE' a0) -->
  1.4579 +        ZRECSPACE' a0"
  1.4580  
  1.4581  lemma ZRECSPACE: "ZRECSPACE =
  1.4582 -(%a0::nat => 'a::type => bool.
  1.4583 -    ALL ZRECSPACE'::(nat => 'a::type => bool) => bool.
  1.4584 -       (ALL a0::nat => 'a::type => bool.
  1.4585 -           a0 = ZBOT |
  1.4586 -           (EX (c::nat) (i::'a::type) r::nat => nat => 'a::type => bool.
  1.4587 -               a0 = ZCONSTR c i r & (ALL n::nat. ZRECSPACE' (r n))) -->
  1.4588 -           ZRECSPACE' a0) -->
  1.4589 -       ZRECSPACE' a0)"
  1.4590 -  by (import ind_type ZRECSPACE)
  1.4591 +(%a0. ALL ZRECSPACE'.
  1.4592 +         (ALL a0.
  1.4593 +             a0 = ZBOT |
  1.4594 +             (EX c i r. a0 = ZCONSTR c i r & (ALL n. ZRECSPACE' (r n))) -->
  1.4595 +             ZRECSPACE' a0) -->
  1.4596 +         ZRECSPACE' a0)"
  1.4597 +  sorry
  1.4598  
  1.4599  lemma ZRECSPACE_rules: "(op &::bool => bool => bool)
  1.4600   ((ZRECSPACE::(nat => 'a::type => bool) => bool)
  1.4601 @@ -2904,26 +2212,19 @@
  1.4602                                    => (nat => nat => 'a::type => bool)
  1.4603                                       => nat => 'a::type => bool)
  1.4604                        c i r))))))"
  1.4605 -  by (import ind_type ZRECSPACE_rules)
  1.4606 -
  1.4607 -lemma ZRECSPACE_ind: "ALL x::(nat => 'a::type => bool) => bool.
  1.4608 -   x ZBOT &
  1.4609 -   (ALL (c::nat) (i::'a::type) r::nat => nat => 'a::type => bool.
  1.4610 -       (ALL n::nat. x (r n)) --> x (ZCONSTR c i r)) -->
  1.4611 -   (ALL a0::nat => 'a::type => bool. ZRECSPACE a0 --> x a0)"
  1.4612 -  by (import ind_type ZRECSPACE_ind)
  1.4613 -
  1.4614 -lemma ZRECSPACE_cases: "ALL a0::nat => 'a::type => bool.
  1.4615 -   ZRECSPACE a0 =
  1.4616 -   (a0 = ZBOT |
  1.4617 -    (EX (c::nat) (i::'a::type) r::nat => nat => 'a::type => bool.
  1.4618 -        a0 = ZCONSTR c i r & (ALL n::nat. ZRECSPACE (r n))))"
  1.4619 -  by (import ind_type ZRECSPACE_cases)
  1.4620 -
  1.4621 -typedef (open) ('a) recspace = "(Collect::((nat => 'a::type => bool) => bool)
  1.4622 -          => (nat => 'a::type => bool) set)
  1.4623 - (ZRECSPACE::(nat => 'a::type => bool) => bool)" 
  1.4624 -  by (rule typedef_helper,import ind_type recspace_TY_DEF)
  1.4625 +  sorry
  1.4626 +
  1.4627 +lemma ZRECSPACE_ind: "[| x ZBOT & (ALL c i r. (ALL n. x (r n)) --> x (ZCONSTR c i r));
  1.4628 +   ZRECSPACE a0 |]
  1.4629 +==> x a0"
  1.4630 +  sorry
  1.4631 +
  1.4632 +lemma ZRECSPACE_cases: "ZRECSPACE a0 =
  1.4633 +(a0 = ZBOT | (EX c i r. a0 = ZCONSTR c i r & (ALL n. ZRECSPACE (r n))))"
  1.4634 +  sorry
  1.4635 +
  1.4636 +typedef (open) ('a) recspace = "Collect ZRECSPACE :: (nat \<Rightarrow> 'a\<Colon>type \<Rightarrow> bool) set"
  1.4637 +  sorry
  1.4638  
  1.4639  lemmas recspace_TY_DEF = typedef_hol2hol4 [OF type_definition_recspace]
  1.4640  
  1.4641 @@ -2931,110 +2232,85 @@
  1.4642    mk_rec :: "(nat => 'a => bool) => 'a recspace" 
  1.4643    dest_rec :: "'a recspace => nat => 'a => bool" 
  1.4644  
  1.4645 -specification (dest_rec mk_rec) recspace_repfns: "(ALL a::'a::type recspace. mk_rec (dest_rec a) = a) &
  1.4646 -(ALL r::nat => 'a::type => bool. ZRECSPACE r = (dest_rec (mk_rec r) = r))"
  1.4647 -  by (import ind_type recspace_repfns)
  1.4648 -
  1.4649 -definition BOTTOM :: "'a recspace" where 
  1.4650 +specification (dest_rec mk_rec) recspace_repfns: "(ALL a::'a recspace. mk_rec (dest_rec a) = a) &
  1.4651 +(ALL r::nat => 'a => bool. ZRECSPACE r = (dest_rec (mk_rec r) = r))"
  1.4652 +  sorry
  1.4653 +
  1.4654 +definition
  1.4655 +  BOTTOM :: "'a recspace"  where
  1.4656    "BOTTOM == mk_rec ZBOT"
  1.4657  
  1.4658  lemma BOTTOM: "BOTTOM = mk_rec ZBOT"
  1.4659 -  by (import ind_type BOTTOM)
  1.4660 -
  1.4661 -definition CONSTR :: "nat => 'a => (nat => 'a recspace) => 'a recspace" where 
  1.4662 -  "CONSTR ==
  1.4663 -%(c::nat) (i::'a::type) r::nat => 'a::type recspace.
  1.4664 -   mk_rec (ZCONSTR c i (%n::nat. dest_rec (r n)))"
  1.4665 -
  1.4666 -lemma CONSTR: "ALL (c::nat) (i::'a::type) r::nat => 'a::type recspace.
  1.4667 -   CONSTR c i r = mk_rec (ZCONSTR c i (%n::nat. dest_rec (r n)))"
  1.4668 -  by (import ind_type CONSTR)
  1.4669 -
  1.4670 -lemma MK_REC_INJ: "ALL (x::nat => 'a::type => bool) y::nat => 'a::type => bool.
  1.4671 -   mk_rec x = mk_rec y --> ZRECSPACE x & ZRECSPACE y --> x = y"
  1.4672 -  by (import ind_type MK_REC_INJ)
  1.4673 -
  1.4674 -lemma DEST_REC_INJ: "ALL (x::'a::type recspace) y::'a::type recspace.
  1.4675 -   (dest_rec x = dest_rec y) = (x = y)"
  1.4676 -  by (import ind_type DEST_REC_INJ)
  1.4677 -
  1.4678 -lemma CONSTR_BOT: "ALL (c::nat) (i::'a::type) r::nat => 'a::type recspace.
  1.4679 -   CONSTR c i r ~= BOTTOM"
  1.4680 -  by (import ind_type CONSTR_BOT)
  1.4681 -
  1.4682 -lemma CONSTR_INJ: "ALL (c1::nat) (i1::'a::type) (r1::nat => 'a::type recspace) (c2::nat)
  1.4683 -   (i2::'a::type) r2::nat => 'a::type recspace.
  1.4684 -   (CONSTR c1 i1 r1 = CONSTR c2 i2 r2) = (c1 = c2 & i1 = i2 & r1 = r2)"
  1.4685 -  by (import ind_type CONSTR_INJ)
  1.4686 -
  1.4687 -lemma CONSTR_IND: "ALL P::'a::type recspace => bool.
  1.4688 -   P BOTTOM &
  1.4689 -   (ALL (c::nat) (i::'a::type) r::nat => 'a::type recspace.
  1.4690 -       (ALL n::nat. P (r n)) --> P (CONSTR c i r)) -->
  1.4691 -   All P"
  1.4692 -  by (import ind_type CONSTR_IND)
  1.4693 -
  1.4694 -lemma CONSTR_REC: "ALL Fn::nat
  1.4695 -        => 'a::type
  1.4696 -           => (nat => 'a::type recspace) => (nat => 'b::type) => 'b::type.
  1.4697 -   EX f::'a::type recspace => 'b::type.
  1.4698 -      ALL (c::nat) (i::'a::type) r::nat => 'a::type recspace.
  1.4699 -         f (CONSTR c i r) = Fn c i r (%n::nat. f (r n))"
  1.4700 -  by (import ind_type CONSTR_REC)
  1.4701 +  sorry
  1.4702 +
  1.4703 +definition
  1.4704 +  CONSTR :: "nat => 'a => (nat => 'a recspace) => 'a recspace"  where
  1.4705 +  "CONSTR == %c i r. mk_rec (ZCONSTR c i (%n. dest_rec (r n)))"
  1.4706 +
  1.4707 +lemma CONSTR: "CONSTR c i r = mk_rec (ZCONSTR c i (%n. dest_rec (r n)))"
  1.4708 +  sorry
  1.4709 +
  1.4710 +lemma MK_REC_INJ: "[| mk_rec x = mk_rec y; ZRECSPACE x & ZRECSPACE y |] ==> x = y"
  1.4711 +  sorry
  1.4712 +
  1.4713 +lemma DEST_REC_INJ: "(dest_rec x = dest_rec y) = (x = y)"
  1.4714 +  sorry
  1.4715 +
  1.4716 +lemma CONSTR_BOT: "CONSTR c i r ~= BOTTOM"
  1.4717 +  sorry
  1.4718 +
  1.4719 +lemma CONSTR_INJ: "(CONSTR c1 i1 r1 = CONSTR c2 i2 r2) = (c1 = c2 & i1 = i2 & r1 = r2)"
  1.4720 +  sorry
  1.4721 +
  1.4722 +lemma CONSTR_IND: "P BOTTOM & (ALL c i r. (ALL n. P (r n)) --> P (CONSTR c i r)) ==> P x"
  1.4723 +  sorry
  1.4724 +
  1.4725 +lemma CONSTR_REC: "EX f. ALL c i r. f (CONSTR c i r) = Fn c i r (%n. f (r n))"
  1.4726 +  sorry
  1.4727  
  1.4728  consts
  1.4729    FCONS :: "'a => (nat => 'a) => nat => 'a" 
  1.4730  
  1.4731 -specification (FCONS) FCONS: "(ALL (a::'a::type) f::nat => 'a::type. FCONS a f 0 = a) &
  1.4732 -(ALL (a::'a::type) (f::nat => 'a::type) n::nat. FCONS a f (Suc n) = f n)"
  1.4733 -  by (import ind_type FCONS)
  1.4734 -
  1.4735 -definition FNIL :: "nat => 'a" where 
  1.4736 -  "FNIL == %n::nat. SOME x::'a::type. True"
  1.4737 -
  1.4738 -lemma FNIL: "ALL n::nat. FNIL n = (SOME x::'a::type. True)"
  1.4739 -  by (import ind_type FNIL)
  1.4740 -
  1.4741 -definition ISO :: "('a => 'b) => ('b => 'a) => bool" where 
  1.4742 -  "ISO ==
  1.4743 -%(f::'a::type => 'b::type) g::'b::type => 'a::type.
  1.4744 -   (ALL x::'b::type. f (g x) = x) & (ALL y::'a::type. g (f y) = y)"
  1.4745 -
  1.4746 -lemma ISO: "ALL (f::'a::type => 'b::type) g::'b::type => 'a::type.
  1.4747 -   ISO f g =
  1.4748 -   ((ALL x::'b::type. f (g x) = x) & (ALL y::'a::type. g (f y) = y))"
  1.4749 -  by (import ind_type ISO)
  1.4750 -
  1.4751 -lemma ISO_REFL: "ISO (%x::'a::type. x) (%x::'a::type. x)"
  1.4752 -  by (import ind_type ISO_REFL)
  1.4753 -
  1.4754 -lemma ISO_FUN: "ISO (f::'a::type => 'c::type) (f'::'c::type => 'a::type) &
  1.4755 -ISO (g::'b::type => 'd::type) (g'::'d::type => 'b::type) -->
  1.4756 -ISO (%(h::'a::type => 'b::type) a'::'c::type. g (h (f' a')))
  1.4757 - (%(h::'c::type => 'd::type) a::'a::type. g' (h (f a)))"
  1.4758 -  by (import ind_type ISO_FUN)
  1.4759 -
  1.4760 -lemma ISO_USAGE: "ISO (f::'a::type => 'b::type) (g::'b::type => 'a::type) -->
  1.4761 -(ALL P::'a::type => bool. All P = (ALL x::'b::type. P (g x))) &
  1.4762 -(ALL P::'a::type => bool. Ex P = (EX x::'b::type. P (g x))) &
  1.4763 -(ALL (a::'a::type) b::'b::type. (a = g b) = (f a = b))"
  1.4764 -  by (import ind_type ISO_USAGE)
  1.4765 +specification (FCONS) FCONS: "(ALL (a::'a) f::nat => 'a. FCONS a f (0::nat) = a) &
  1.4766 +(ALL (a::'a) (f::nat => 'a) n::nat. FCONS a f (Suc n) = f n)"
  1.4767 +  sorry
  1.4768 +
  1.4769 +definition
  1.4770 +  FNIL :: "nat => 'a"  where
  1.4771 +  "FNIL == %n. SOME x. True"
  1.4772 +
  1.4773 +lemma FNIL: "FNIL n = (SOME x. True)"
  1.4774 +  sorry
  1.4775 +
  1.4776 +definition
  1.4777 +  ISO :: "('a => 'b) => ('b => 'a) => bool"  where
  1.4778 +  "ISO == %f g. (ALL x. f (g x) = x) & (ALL y. g (f y) = y)"
  1.4779 +
  1.4780 +lemma ISO: "ISO f g = ((ALL x. f (g x) = x) & (ALL y. g (f y) = y))"
  1.4781 +  sorry
  1.4782 +
  1.4783 +lemma ISO_REFL: "ISO (%x. x) (%x. x)"
  1.4784 +  sorry
  1.4785 +
  1.4786 +lemma ISO_FUN: "ISO (f::'a => 'c) (f'::'c => 'a) & ISO (g::'b => 'd) (g'::'d => 'b)
  1.4787 +==> ISO (%(h::'a => 'b) a'::'c. g (h (f' a')))
  1.4788 +     (%(h::'c => 'd) a::'a. g' (h (f a)))"
  1.4789 +  sorry
  1.4790 +
  1.4791 +lemma ISO_USAGE: "ISO f g
  1.4792 +==> (ALL P. All P = (ALL x. P (g x))) &
  1.4793 +    (ALL P. Ex P = (EX x. P (g x))) & (ALL a b. (a = g b) = (f a = b))"
  1.4794 +  sorry
  1.4795  
  1.4796  ;end_setup
  1.4797  
  1.4798  ;setup_theory divides
  1.4799  
  1.4800 -lemma ONE_DIVIDES_ALL: "(All::(nat => bool) => bool) ((op dvd::nat => nat => bool) (1::nat))"
  1.4801 -  by (import divides ONE_DIVIDES_ALL)
  1.4802 -
  1.4803 -lemma DIVIDES_ADD_2: "ALL (a::nat) (b::nat) c::nat. a dvd b & a dvd b + c --> a dvd c"
  1.4804 -  by (import divides DIVIDES_ADD_2)
  1.4805 -
  1.4806 -lemma DIVIDES_FACT: "ALL b>0. b dvd FACT b"
  1.4807 -  by (import divides DIVIDES_FACT)
  1.4808 -
  1.4809 -lemma DIVIDES_MULT_LEFT: "ALL (x::nat) xa::nat. (x * xa dvd xa) = (xa = 0 | x = 1)"
  1.4810 -  by (import divides DIVIDES_MULT_LEFT)
  1.4811 +lemma DIVIDES_FACT: "0 < b ==> b dvd FACT b"
  1.4812 +  sorry
  1.4813 +
  1.4814 +lemma DIVIDES_MULT_LEFT: "((x::nat) * (xa::nat) dvd xa) = (xa = (0::nat) | x = (1::nat))"
  1.4815 +  sorry
  1.4816  
  1.4817  ;end_setup
  1.4818  
  1.4819 @@ -3044,17 +2320,16 @@
  1.4820    prime :: "nat => bool" 
  1.4821  
  1.4822  defs
  1.4823 -  prime_primdef: "prime.prime == %a::nat. a ~= 1 & (ALL b::nat. b dvd a --> b = a | b = 1)"
  1.4824 -
  1.4825 -lemma prime_def: "ALL a::nat.
  1.4826 -   prime.prime a = (a ~= 1 & (ALL b::nat. b dvd a --> b = a | b = 1))"
  1.4827 -  by (import prime prime_def)
  1.4828 +  prime_primdef: "prime.prime == %a. a ~= 1 & (ALL b. b dvd a --> b = a | b = 1)"
  1.4829 +
  1.4830 +lemma prime_def: "prime.prime a = (a ~= 1 & (ALL b. b dvd a --> b = a | b = 1))"
  1.4831 +  sorry
  1.4832  
  1.4833  lemma NOT_PRIME_0: "~ prime.prime 0"
  1.4834 -  by (import prime NOT_PRIME_0)
  1.4835 +  sorry
  1.4836  
  1.4837  lemma NOT_PRIME_1: "~ prime.prime 1"
  1.4838 -  by (import prime NOT_PRIME_1)
  1.4839 +  sorry
  1.4840  
  1.4841  ;end_setup
  1.4842  
  1.4843 @@ -3063,997 +2338,758 @@
  1.4844  consts
  1.4845    EL :: "nat => 'a list => 'a" 
  1.4846  
  1.4847 -specification (EL) EL: "(ALL l::'a::type list. EL 0 l = hd l) &
  1.4848 -(ALL (l::'a::type list) n::nat. EL (Suc n) l = EL n (tl l))"
  1.4849 -  by (import list EL)
  1.4850 +specification (EL) EL: "(ALL l::'a list. EL (0::nat) l = hd l) &
  1.4851 +(ALL (l::'a list) n::nat. EL (Suc n) l = EL n (tl l))"
  1.4852 +  sorry
  1.4853  
  1.4854  lemma NULL: "(op &::bool => bool => bool)
  1.4855 - ((null::'a::type list => bool) ([]::'a::type list))
  1.4856 + ((List.null::'a::type list => bool) ([]::'a::type list))
  1.4857   ((All::('a::type => bool) => bool)
  1.4858     (%x::'a::type.
  1.4859         (All::('a::type list => bool) => bool)
  1.4860          (%xa::'a::type list.
  1.4861              (Not::bool => bool)
  1.4862 -             ((null::'a::type list => bool)
  1.4863 +             ((List.null::'a::type list => bool)
  1.4864                 ((op #::'a::type => 'a::type list => 'a::type list) x xa)))))"
  1.4865 -  by (import list NULL)
  1.4866 -
  1.4867 -lemma list_case_compute: "ALL l::'a::type list.
  1.4868 -   list_case (b::'b::type) (f::'a::type => 'a::type list => 'b::type) l =
  1.4869 -   (if null l then b else f (hd l) (tl l))"
  1.4870 -  by (import list list_case_compute)
  1.4871 -
  1.4872 -lemma LIST_NOT_EQ: "ALL (l1::'a::type list) l2::'a::type list.
  1.4873 -   l1 ~= l2 --> (ALL (x::'a::type) xa::'a::type. x # l1 ~= xa # l2)"
  1.4874 -  by (import list LIST_NOT_EQ)
  1.4875 -
  1.4876 -lemma NOT_EQ_LIST: "ALL (h1::'a::type) h2::'a::type.
  1.4877 -   h1 ~= h2 -->
  1.4878 -   (ALL (x::'a::type list) xa::'a::type list. h1 # x ~= h2 # xa)"
  1.4879 -  by (import list NOT_EQ_LIST)
  1.4880 -
  1.4881 -lemma EQ_LIST: "ALL (h1::'a::type) h2::'a::type.
  1.4882 -   h1 = h2 -->
  1.4883 -   (ALL (l1::'a::type list) l2::'a::type list.
  1.4884 -       l1 = l2 --> h1 # l1 = h2 # l2)"
  1.4885 -  by (import list EQ_LIST)
  1.4886 -
  1.4887 -lemma CONS: "ALL l::'a::type list. ~ null l --> hd l # tl l = l"
  1.4888 -  by (import list CONS)
  1.4889 -
  1.4890 -lemma MAP_EQ_NIL: "ALL (l::'a::type list) f::'a::type => 'b::type.
  1.4891 -   (map f l = []) = (l = []) & ([] = map f l) = (l = [])"
  1.4892 -  by (import list MAP_EQ_NIL)
  1.4893 -
  1.4894 -lemma EVERY_EL: "(All::('a::type list => bool) => bool)
  1.4895 - (%l::'a::type list.
  1.4896 -     (All::(('a::type => bool) => bool) => bool)
  1.4897 -      (%P::'a::type => bool.
  1.4898 -          (op =::bool => bool => bool)
  1.4899 -           ((list_all::('a::type => bool) => 'a::type list => bool) P l)
  1.4900 -           ((All::(nat => bool) => bool)
  1.4901 -             (%n::nat.
  1.4902 -                 (op -->::bool => bool => bool)
  1.4903 -                  ((op <::nat => nat => bool) n
  1.4904 -                    ((size::'a::type list => nat) l))
  1.4905 -                  (P ((EL::nat => 'a::type list => 'a::type) n l))))))"
  1.4906 -  by (import list EVERY_EL)
  1.4907 -
  1.4908 -lemma EVERY_CONJ: "ALL l::'a::type list.
  1.4909 -   list_all
  1.4910 -    (%x::'a::type. (P::'a::type => bool) x & (Q::'a::type => bool) x) l =
  1.4911 -   (list_all P l & list_all Q l)"
  1.4912 -  by (import list EVERY_CONJ)
  1.4913 -
  1.4914 -lemma EVERY_MEM: "ALL (P::'a::type => bool) l::'a::type list.
  1.4915 -   list_all P l = (ALL e::'a::type. e mem l --> P e)"
  1.4916 -  by (import list EVERY_MEM)
  1.4917 -
  1.4918 -lemma EXISTS_MEM: "ALL (P::'a::type => bool) l::'a::type list.
  1.4919 -   list_ex P l = (EX e::'a::type. e mem l & P e)"
  1.4920 -  by (import list EXISTS_MEM)
  1.4921 -
  1.4922 -lemma MEM_APPEND: "ALL (e::'a::type) (l1::'a::type list) l2::'a::type list.
  1.4923 -   e mem l1 @ l2 = (e mem l1 | e mem l2)"
  1.4924 -  by (import list MEM_APPEND)
  1.4925 -
  1.4926 -lemma EXISTS_APPEND: "ALL (P::'a::type => bool) (l1::'a::type list) l2::'a::type list.
  1.4927 -   list_ex P (l1 @ l2) = (list_ex P l1 | list_ex P l2)"
  1.4928 -  by (import list EXISTS_APPEND)
  1.4929 -
  1.4930 -lemma NOT_EVERY: "ALL (P::'a::type => bool) l::'a::type list.
  1.4931 -   (~ list_all P l) = list_ex (Not o P) l"
  1.4932 -  by (import list NOT_EVERY)
  1.4933 -
  1.4934 -lemma NOT_EXISTS: "ALL (P::'a::type => bool) l::'a::type list.
  1.4935 -   (~ list_ex P l) = list_all (Not o P) l"
  1.4936 -  by (import list NOT_EXISTS)
  1.4937 -
  1.4938 -lemma MEM_MAP: "ALL (l::'a::type list) (f::'a::type => 'b::type) x::'b::type.
  1.4939 -   x mem map f l = (EX y::'a::type. x = f y & y mem l)"
  1.4940 -  by (import list MEM_MAP)
  1.4941 -
  1.4942 -lemma LENGTH_CONS: "ALL (l::'a::type list) n::nat.
  1.4943 -   (length l = Suc n) =
  1.4944 -   (EX (h::'a::type) l'::'a::type list. length l' = n & l = h # l')"
  1.4945 -  by (import list LENGTH_CONS)
  1.4946 -
  1.4947 -lemma LENGTH_EQ_CONS: "ALL (P::'a::type list => bool) n::nat.
  1.4948 -   (ALL l::'a::type list. length l = Suc n --> P l) =
  1.4949 -   (ALL l::'a::type list. length l = n --> (ALL x::'a::type. P (x # l)))"
  1.4950 -  by (import list LENGTH_EQ_CONS)
  1.4951 -
  1.4952 -lemma LENGTH_EQ_NIL: "ALL P::'a::type list => bool.
  1.4953 -   (ALL l::'a::type list. length l = 0 --> P l) = P []"
  1.4954 -  by (import list LENGTH_EQ_NIL)
  1.4955 -
  1.4956 -lemma CONS_ACYCLIC: "ALL (l::'a::type list) x::'a::type. l ~= x # l & x # l ~= l"
  1.4957 -  by (import list CONS_ACYCLIC)
  1.4958 -
  1.4959 -lemma APPEND_eq_NIL: "(ALL (l1::'a::type list) l2::'a::type list.
  1.4960 -    ([] = l1 @ l2) = (l1 = [] & l2 = [])) &
  1.4961 -(ALL (l1::'a::type list) l2::'a::type list.
  1.4962 -    (l1 @ l2 = []) = (l1 = [] & l2 = []))"
  1.4963 -  by (import list APPEND_eq_NIL)
  1.4964 -
  1.4965 -lemma APPEND_11: "(ALL (l1::'a::type list) (l2::'a::type list) l3::'a::type list.
  1.4966 +  sorry
  1.4967 +
  1.4968 +lemma list_case_compute: "list_case (b::'b) (f::'a => 'a list => 'b) (l::'a list) =
  1.4969 +(if List.null l then b else f (hd l) (tl l))"
  1.4970 +  sorry
  1.4971 +
  1.4972 +lemma LIST_NOT_EQ: "l1 ~= l2 ==> x # l1 ~= xa # l2"
  1.4973 +  sorry
  1.4974 +
  1.4975 +lemma NOT_EQ_LIST: "h1 ~= h2 ==> h1 # x ~= h2 # xa"
  1.4976 +  sorry
  1.4977 +
  1.4978 +lemma EQ_LIST: "[| h1 = h2; l1 = l2 |] ==> h1 # l1 = h2 # l2"
  1.4979 +  sorry
  1.4980 +
  1.4981 +lemma CONS: "~ List.null l ==> hd l # tl l = l"
  1.4982 +  sorry
  1.4983 +
  1.4984 +lemma MAP_EQ_NIL: "(map (f::'a => 'b) (l::'a list) = []) = (l = []) & ([] = map f l) = (l = [])"
  1.4985 +  sorry
  1.4986 +
  1.4987 +lemma EVERY_EL: "list_all P l = (ALL n<length l. P (EL n l))"
  1.4988 +  sorry
  1.4989 +
  1.4990 +lemma EVERY_CONJ: "list_all (%x. P x & Q x) l = (list_all P l & list_all Q l)"
  1.4991 +  sorry
  1.4992 +
  1.4993 +lemma EVERY_MEM: "list_all P l = (ALL e. List.member l e --> P e)"
  1.4994 +  sorry
  1.4995 +
  1.4996 +lemma EXISTS_MEM: "list_ex P l = (EX e. List.member l e & P e)"
  1.4997 +  sorry
  1.4998 +
  1.4999 +lemma MEM_APPEND: "List.member (l1 @ l2) e = (List.member l1 e | List.member l2 e)"
  1.5000 +  sorry
  1.5001 +
  1.5002 +lemma NOT_EVERY: "(~ list_all P l) = list_ex (Not o P) l"
  1.5003 +  sorry
  1.5004 +
  1.5005 +lemma NOT_EXISTS: "(~ list_ex P l) = list_all (Not o P) l"
  1.5006 +  sorry
  1.5007 +
  1.5008 +lemma MEM_MAP: "List.member (map (f::'a => 'b) (l::'a list)) (x::'b) =
  1.5009 +(EX y::'a. x = f y & List.member l y)"
  1.5010 +  sorry
  1.5011 +
  1.5012 +lemma LENGTH_CONS: "(length l = Suc n) = (EX h l'. length l' = n & l = h # l')"
  1.5013 +  sorry
  1.5014 +
  1.5015 +lemma LENGTH_EQ_CONS: "(ALL l. length l = Suc n --> P l) =
  1.5016 +(ALL l. length l = n --> (ALL x. P (x # l)))"
  1.5017 +  sorry
  1.5018 +
  1.5019 +lemma LENGTH_EQ_NIL: "(ALL l. length l = 0 --> P l) = P []"
  1.5020 +  sorry
  1.5021 +
  1.5022 +lemma CONS_ACYCLIC: "l ~= x # l & x # l ~= l"
  1.5023 +  sorry
  1.5024 +
  1.5025 +lemma APPEND_eq_NIL: "(ALL (l1::'a list) l2::'a list. ([] = l1 @ l2) = (l1 = [] & l2 = [])) &
  1.5026 +(ALL (l1::'a list) l2::'a list. (l1 @ l2 = []) = (l1 = [] & l2 = []))"
  1.5027 +  sorry
  1.5028 +
  1.5029 +lemma APPEND_11: "(ALL (l1::'a list) (l2::'a list) l3::'a list.
  1.5030      (l1 @ l2 = l1 @ l3) = (l2 = l3)) &
  1.5031 -(ALL (l1::'a::type list) (l2::'a::type list) l3::'a::type list.
  1.5032 +(ALL (l1::'a list) (l2::'a list) l3::'a list.
  1.5033      (l2 @ l1 = l3 @ l1) = (l2 = l3))"
  1.5034 -  by (import list APPEND_11)
  1.5035 -
  1.5036 -lemma EL_compute: "ALL n::nat.
  1.5037 -   EL n (l::'a::type list) = (if n = 0 then hd l else EL (PRE n) (tl l))"
  1.5038 -  by (import list EL_compute)
  1.5039 -
  1.5040 -lemma WF_LIST_PRED: "WF (%(L1::'a::type list) L2::'a::type list. EX h::'a::type. L2 = h # L1)"
  1.5041 -  by (import list WF_LIST_PRED)
  1.5042 -
  1.5043 -lemma list_size_cong: "ALL (M::'a::type list) (N::'a::type list) (f::'a::type => nat)
  1.5044 -   f'::'a::type => nat.
  1.5045 -   M = N & (ALL x::'a::type. x mem N --> f x = f' x) -->
  1.5046 -   list_size f M = list_size f' N"
  1.5047 -  by (import list list_size_cong)
  1.5048 -
  1.5049 -lemma FOLDR_CONG: "ALL (l::'a::type list) (l'::'a::type list) (b::'b::type) (b'::'b::type)
  1.5050 -   (f::'a::type => 'b::type => 'b::type)
  1.5051 -   f'::'a::type => 'b::type => 'b::type.
  1.5052 -   l = l' &
  1.5053 -   b = b' & (ALL (x::'a::type) a::'b::type. x mem l' --> f x a = f' x a) -->
  1.5054 -   foldr f l b = foldr f' l' b'"
  1.5055 -  by (import list FOLDR_CONG)
  1.5056 -
  1.5057 -lemma FOLDL_CONG: "ALL (l::'a::type list) (l'::'a::type list) (b::'b::type) (b'::'b::type)
  1.5058 -   (f::'b::type => 'a::type => 'b::type)
  1.5059 -   f'::'b::type => 'a::type => 'b::type.
  1.5060 -   l = l' &
  1.5061 -   b = b' & (ALL (x::'a::type) a::'b::type. x mem l' --> f a x = f' a x) -->
  1.5062 -   foldl f b l = foldl f' b' l'"
  1.5063 -  by (import list FOLDL_CONG)
  1.5064 -
  1.5065 -lemma MAP_CONG: "ALL (l1::'a::type list) (l2::'a::type list) (f::'a::type => 'b::type)
  1.5066 -   f'::'a::type => 'b::type.
  1.5067 -   l1 = l2 & (ALL x::'a::type. x mem l2 --> f x = f' x) -->
  1.5068 -   map f l1 = map f' l2"
  1.5069 -  by (import list MAP_CONG)
  1.5070 -
  1.5071 -lemma EXISTS_CONG: "ALL (l1::'a::type list) (l2::'a::type list) (P::'a::type => bool)
  1.5072 -   P'::'a::type => bool.
  1.5073 -   l1 = l2 & (ALL x::'a::type. x mem l2 --> P x = P' x) -->
  1.5074 -   list_ex P l1 = list_ex P' l2"
  1.5075 -  by (import list EXISTS_CONG)
  1.5076 -
  1.5077 -lemma EVERY_CONG: "ALL (l1::'a::type list) (l2::'a::type list) (P::'a::type => bool)
  1.5078 -   P'::'a::type => bool.
  1.5079 -   l1 = l2 & (ALL x::'a::type. x mem l2 --> P x = P' x) -->
  1.5080 -   list_all P l1 = list_all P' l2"
  1.5081 -  by (import list EVERY_CONG)
  1.5082 -
  1.5083 -lemma EVERY_MONOTONIC: "ALL (P::'a::type => bool) Q::'a::type => bool.
  1.5084 -   (ALL x::'a::type. P x --> Q x) -->
  1.5085 -   (ALL l::'a::type list. list_all P l --> list_all Q l)"
  1.5086 -  by (import list EVERY_MONOTONIC)
  1.5087 -
  1.5088 -lemma LENGTH_ZIP: "ALL (l1::'a::type list) l2::'b::type list.
  1.5089 -   length l1 = length l2 -->
  1.5090 -   length (zip l1 l2) = length l1 & length (zip l1 l2) = length l2"
  1.5091 -  by (import list LENGTH_ZIP)
  1.5092 -
  1.5093 -lemma LENGTH_UNZIP: "ALL pl::('a::type * 'b::type) list.
  1.5094 -   length (fst (unzip pl)) = length pl & length (snd (unzip pl)) = length pl"
  1.5095 -  by (import list LENGTH_UNZIP)
  1.5096 -
  1.5097 -lemma ZIP_UNZIP: "ALL l::('a::type * 'b::type) list. ZIP (unzip l) = l"
  1.5098 -  by (import list ZIP_UNZIP)
  1.5099 -
  1.5100 -lemma UNZIP_ZIP: "ALL (l1::'a::type list) l2::'b::type list.
  1.5101 -   length l1 = length l2 --> unzip (zip l1 l2) = (l1, l2)"
  1.5102 -  by (import list UNZIP_ZIP)
  1.5103 -
  1.5104 -lemma ZIP_MAP: "ALL (l1::'a::type list) (l2::'b::type list) (f1::'a::type => 'c::type)
  1.5105 -   f2::'b::type => 'd::type.
  1.5106 -   length l1 = length l2 -->
  1.5107 -   zip (map f1 l1) l2 =
  1.5108 -   map (%p::'a::type * 'b::type. (f1 (fst p), snd p)) (zip l1 l2) &
  1.5109 -   zip l1 (map f2 l2) =
  1.5110 -   map (%p::'a::type * 'b::type. (fst p, f2 (snd p))) (zip l1 l2)"
  1.5111 -  by (import list ZIP_MAP)
  1.5112 -
  1.5113 -lemma MEM_ZIP: "(All::('a::type list => bool) => bool)
  1.5114 - (%l1::'a::type list.
  1.5115 -     (All::('b::type list => bool) => bool)
  1.5116 -      (%l2::'b::type list.
  1.5117 -          (All::('a::type * 'b::type => bool) => bool)
  1.5118 -           (%p::'a::type * 'b::type.
  1.5119 -               (op -->::bool => bool => bool)
  1.5120 -                ((op =::nat => nat => bool)
  1.5121 -                  ((size::'a::type list => nat) l1)
  1.5122 -                  ((size::'b::type list => nat) l2))
  1.5123 -                ((op =::bool => bool => bool)
  1.5124 -                  ((op mem::'a::type * 'b::type
  1.5125 -                            => ('a::type * 'b::type) list => bool)
  1.5126 -                    p ((zip::'a::type list
  1.5127 -                             => 'b::type list => ('a::type * 'b::type) list)
  1.5128 -                        l1 l2))
  1.5129 -                  ((Ex::(nat => bool) => bool)
  1.5130 -                    (%n::nat.
  1.5131 -                        (op &::bool => bool => bool)
  1.5132 -                         ((op <::nat => nat => bool) n
  1.5133 -                           ((size::'a::type list => nat) l1))
  1.5134 -                         ((op =::'a::type * 'b::type
  1.5135 -                                 => 'a::type * 'b::type => bool)
  1.5136 -                           p ((Pair::'a::type
  1.5137 -                                     => 'b::type => 'a::type * 'b::type)
  1.5138 -                               ((EL::nat => 'a::type list => 'a::type) n l1)
  1.5139 -                               ((EL::nat => 'b::type list => 'b::type) n
  1.5140 -                                 l2)))))))))"
  1.5141 -  by (import list MEM_ZIP)
  1.5142 -
  1.5143 -lemma EL_ZIP: "ALL (l1::'a::type list) (l2::'b::type list) n::nat.
  1.5144 -   length l1 = length l2 & n < length l1 -->
  1.5145 -   EL n (zip l1 l2) = (EL n l1, EL n l2)"
  1.5146 -  by (import list EL_ZIP)
  1.5147 -
  1.5148 -lemma MAP2_ZIP: "(All::('a::type list => bool) => bool)
  1.5149 - (%l1::'a::type list.
  1.5150 -     (All::('b::type list => bool) => bool)
  1.5151 -      (%l2::'b::type list.
  1.5152 -          (op -->::bool => bool => bool)
  1.5153 -           ((op =::nat => nat => bool) ((size::'a::type list => nat) l1)
  1.5154 -             ((size::'b::type list => nat) l2))
  1.5155 -           ((All::(('a::type => 'b::type => 'c::type) => bool) => bool)
  1.5156 -             (%f::'a::type => 'b::type => 'c::type.
  1.5157 -                 (op =::'c::type list => 'c::type list => bool)
  1.5158 -                  ((map2::('a::type => 'b::type => 'c::type)
  1.5159 -                          => 'a::type list
  1.5160 -                             => 'b::type list => 'c::type list)
  1.5161 -                    f l1 l2)
  1.5162 -                  ((map::('a::type * 'b::type => 'c::type)
  1.5163 -                         => ('a::type * 'b::type) list => 'c::type list)
  1.5164 -                    ((split::('a::type => 'b::type => 'c::type)
  1.5165 -                             => 'a::type * 'b::type => 'c::type)
  1.5166 -                      f)
  1.5167 -                    ((zip::'a::type list
  1.5168 -                           => 'b::type list => ('a::type * 'b::type) list)
  1.5169 -                      l1 l2))))))"
  1.5170 -  by (import list MAP2_ZIP)
  1.5171 -
  1.5172 -lemma MEM_EL: "(All::('a::type list => bool) => bool)
  1.5173 - (%l::'a::type list.
  1.5174 -     (All::('a::type => bool) => bool)
  1.5175 -      (%x::'a::type.
  1.5176 -          (op =::bool => bool => bool)
  1.5177 -           ((op mem::'a::type => 'a::type list => bool) x l)
  1.5178 -           ((Ex::(nat => bool) => bool)
  1.5179 -             (%n::nat.
  1.5180 -                 (op &::bool => bool => bool)
  1.5181 -                  ((op <::nat => nat => bool) n
  1.5182 -                    ((size::'a::type list => nat) l))
  1.5183 -                  ((op =::'a::type => 'a::type => bool) x
  1.5184 -                    ((EL::nat => 'a::type list => 'a::type) n l))))))"
  1.5185 -  by (import list MEM_EL)
  1.5186 -
  1.5187 -lemma LAST_CONS: "(ALL x::'a::type. last [x] = x) &
  1.5188 -(ALL (x::'a::type) (xa::'a::type) xb::'a::type list.
  1.5189 -    last (x # xa # xb) = last (xa # xb))"
  1.5190 -  by (import list LAST_CONS)
  1.5191 -
  1.5192 -lemma FRONT_CONS: "(ALL x::'a::type. butlast [x] = []) &
  1.5193 -(ALL (x::'a::type) (xa::'a::type) xb::'a::type list.
  1.5194 +  sorry
  1.5195 +
  1.5196 +lemma EL_compute: "EL n l = (if n = 0 then hd l else EL (PRE n) (tl l))"
  1.5197 +  sorry
  1.5198 +
  1.5199 +lemma WF_LIST_PRED: "WF (%L1 L2. EX h. L2 = h # L1)"
  1.5200 +  sorry
  1.5201 +
  1.5202 +lemma list_size_cong: "M = N & (ALL x. List.member N x --> f x = f' x)
  1.5203 +==> HOL4Compat.list_size f M = HOL4Compat.list_size f' N"
  1.5204 +  sorry
  1.5205 +
  1.5206 +lemma FOLDR_CONG: "l = l' & b = b' & (ALL x a. List.member l' x --> f x a = f' x a)
  1.5207 +==> foldr f l b = foldr f' l' b'"
  1.5208 +  sorry
  1.5209 +
  1.5210 +lemma FOLDL_CONG: "l = l' & b = b' & (ALL x a. List.member l' x --> f a x = f' a x)
  1.5211 +==> foldl f b l = foldl f' b' l'"
  1.5212 +  sorry
  1.5213 +
  1.5214 +lemma MAP_CONG: "l1 = l2 & (ALL x. List.member l2 x --> f x = f' x) ==> map f l1 = map f' l2"
  1.5215 +  sorry
  1.5216 +
  1.5217 +lemma EXISTS_CONG: "l1 = l2 & (ALL x. List.member l2 x --> P x = P' x)
  1.5218 +==> list_ex P l1 = list_ex P' l2"
  1.5219 +  sorry
  1.5220 +
  1.5221 +lemma EVERY_CONG: "l1 = l2 & (ALL x. List.member l2 x --> P x = P' x)
  1.5222 +==> list_all P l1 = list_all P' l2"
  1.5223 +  sorry
  1.5224 +
  1.5225 +lemma EVERY_MONOTONIC: "[| !!x. P x ==> Q x; list_all P l |] ==> list_all Q l"
  1.5226 +  sorry
  1.5227 +
  1.5228 +lemma LENGTH_ZIP: "length l1 = length l2
  1.5229 +==> length (zip l1 l2) = length l1 & length (zip l1 l2) = length l2"
  1.5230 +  sorry
  1.5231 +
  1.5232 +lemma LENGTH_UNZIP: "length (fst (unzip pl)) = length pl & length (snd (unzip pl)) = length pl"
  1.5233 +  sorry
  1.5234 +
  1.5235 +lemma ZIP_UNZIP: "ZIP (unzip l) = l"
  1.5236 +  sorry
  1.5237 +
  1.5238 +lemma UNZIP_ZIP: "length l1 = length l2 ==> unzip (zip l1 l2) = (l1, l2)"
  1.5239 +  sorry
  1.5240 +
  1.5241 +lemma ZIP_MAP: "length l1 = length l2
  1.5242 +==> zip (map f1 l1) l2 = map (%p. (f1 (fst p), snd p)) (zip l1 l2) &
  1.5243 +    zip l1 (map f2 l2) = map (%p. (fst p, f2 (snd p))) (zip l1 l2)"
  1.5244 +  sorry
  1.5245 +
  1.5246 +lemma MEM_ZIP: "length l1 = length l2
  1.5247 +==> List.member (zip l1 l2) p = (EX n<length l1. p = (EL n l1, EL n l2))"
  1.5248 +  sorry
  1.5249 +
  1.5250 +lemma EL_ZIP: "length l1 = length l2 & n < length l1
  1.5251 +==> EL n (zip l1 l2) = (EL n l1, EL n l2)"
  1.5252 +  sorry
  1.5253 +
  1.5254 +lemma MAP2_ZIP: "length l1 = length l2 ==> map2 f l1 l2 = map (%(x, y). f x y) (zip l1 l2)"
  1.5255 +  sorry
  1.5256 +
  1.5257 +lemma MEM_EL: "List.member l x = (EX n<length l. x = EL n l)"
  1.5258 +  sorry
  1.5259 +
  1.5260 +lemma LAST_CONS: "(ALL x::'a. last [x] = x) &
  1.5261 +(ALL (x::'a) (xa::'a) xb::'a list. last (x # xa # xb) = last (xa # xb))"
  1.5262 +  sorry
  1.5263 +
  1.5264 +lemma FRONT_CONS: "(ALL x::'a. butlast [x] = []) &
  1.5265 +(ALL (x::'a) (xa::'a) xb::'a list.
  1.5266      butlast (x # xa # xb) = x # butlast (xa # xb))"
  1.5267 -  by (import list FRONT_CONS)
  1.5268 +  sorry
  1.5269  
  1.5270  ;end_setup
  1.5271  
  1.5272  ;setup_theory pred_set
  1.5273  
  1.5274 -lemma EXTENSION: "ALL (s::'a::type => bool) t::'a::type => bool.
  1.5275 -   (s = t) = (ALL x::'a::type. IN x s = IN x t)"
  1.5276 -  by (import pred_set EXTENSION)
  1.5277 -
  1.5278 -lemma NOT_EQUAL_SETS: "ALL (x::'a::type => bool) xa::'a::type => bool.
  1.5279 -   (x ~= xa) = (EX xb::'a::type. IN xb xa = (~ IN xb x))"
  1.5280 -  by (import pred_set NOT_EQUAL_SETS)
  1.5281 -
  1.5282 -lemma NUM_SET_WOP: "ALL s::nat => bool.
  1.5283 -   (EX n::nat. IN n s) =
  1.5284 -   (EX n::nat. IN n s & (ALL m::nat. IN m s --> n <= m))"
  1.5285 -  by (import pred_set NUM_SET_WOP)
  1.5286 +lemma EXTENSION: "(s = t) = (ALL x. IN x s = IN x t)"
  1.5287 +  sorry
  1.5288 +
  1.5289 +lemma NOT_EQUAL_SETS: "(x ~= xa) = (EX xb. IN xb xa = (~ IN xb x))"
  1.5290 +  sorry
  1.5291 +
  1.5292 +lemma NUM_SET_WOP: "(EX n::nat. IN n (s::nat => bool)) =
  1.5293 +(EX n::nat. IN n s & (ALL m::nat. IN m s --> n <= m))"
  1.5294 +  sorry
  1.5295  
  1.5296  consts
  1.5297    GSPEC :: "('b => 'a * bool) => 'a => bool" 
  1.5298  
  1.5299 -specification (GSPEC) GSPECIFICATION: "ALL (f::'b::type => 'a::type * bool) v::'a::type.
  1.5300 -   IN v (GSPEC f) = (EX x::'b::type. (v, True) = f x)"
  1.5301 -  by (import pred_set GSPECIFICATION)
  1.5302 -
  1.5303 -lemma SET_MINIMUM: "ALL (s::'a::type => bool) M::'a::type => nat.
  1.5304 -   (EX x::'a::type. IN x s) =
  1.5305 -   (EX x::'a::type. IN x s & (ALL y::'a::type. IN y s --> M x <= M y))"
  1.5306 -  by (import pred_set SET_MINIMUM)
  1.5307 -
  1.5308 -definition EMPTY :: "'a => bool" where 
  1.5309 -  "EMPTY == %x::'a::type. False"
  1.5310 -
  1.5311 -lemma EMPTY_DEF: "EMPTY = (%x::'a::type. False)"
  1.5312 -  by (import pred_set EMPTY_DEF)
  1.5313 -
  1.5314 -lemma NOT_IN_EMPTY: "ALL x::'a::type. ~ IN x EMPTY"
  1.5315 -  by (import pred_set NOT_IN_EMPTY)
  1.5316 -
  1.5317 -lemma MEMBER_NOT_EMPTY: "ALL x::'a::type => bool. (EX xa::'a::type. IN xa x) = (x ~= EMPTY)"
  1.5318 -  by (import pred_set MEMBER_NOT_EMPTY)
  1.5319 -
  1.5320 -consts
  1.5321 -  UNIV :: "'a => bool" 
  1.5322 -
  1.5323 -defs
  1.5324 -  UNIV_def: "pred_set.UNIV == %x::'a::type. True"
  1.5325 -
  1.5326 -lemma UNIV_DEF: "pred_set.UNIV = (%x::'a::type. True)"
  1.5327 -  by (import pred_set UNIV_DEF)
  1.5328 -
  1.5329 -lemma IN_UNIV: "ALL x::'a::type. IN x pred_set.UNIV"
  1.5330 -  by (import pred_set IN_UNIV)
  1.5331 +specification (GSPEC) GSPECIFICATION: "ALL (f::'b => 'a * bool) v::'a. IN v (GSPEC f) = (EX x::'b. (v, True) = f x)"
  1.5332 +  sorry
  1.5333 +
  1.5334 +lemma SET_MINIMUM: "(EX x::'a. IN x (s::'a => bool)) =
  1.5335 +(EX x::'a. IN x s & (ALL y::'a. IN y s --> (M::'a => nat) x <= M y))"
  1.5336 +  sorry
  1.5337 +
  1.5338 +definition
  1.5339 +  EMPTY :: "'a => bool"  where
  1.5340 +  "EMPTY == %x. False"
  1.5341 +
  1.5342 +lemma EMPTY_DEF: "EMPTY = (%x. False)"
  1.5343 +  sorry
  1.5344 +
  1.5345 +lemma NOT_IN_EMPTY: "~ IN x EMPTY"
  1.5346 +  sorry
  1.5347 +
  1.5348 +lemma MEMBER_NOT_EMPTY: "(EX xa. IN xa x) = (x ~= EMPTY)"
  1.5349 +  sorry
  1.5350 +
  1.5351 +definition
  1.5352 +  UNIV :: "'a => bool"  where
  1.5353 +  "UNIV == %x. True"
  1.5354 +
  1.5355 +lemma UNIV_DEF: "pred_set.UNIV = (%x. True)"
  1.5356 +  sorry
  1.5357 +
  1.5358 +lemma IN_UNIV: "IN x pred_set.UNIV"
  1.5359 +  sorry
  1.5360  
  1.5361  lemma UNIV_NOT_EMPTY: "pred_set.UNIV ~= EMPTY"
  1.5362 -  by (import pred_set UNIV_NOT_EMPTY)
  1.5363 +  sorry
  1.5364  
  1.5365  lemma EMPTY_NOT_UNIV: "EMPTY ~= pred_set.UNIV"
  1.5366 -  by (import pred_set EMPTY_NOT_UNIV)
  1.5367 -
  1.5368 -lemma EQ_UNIV: "(ALL x::'a::type. IN x (s::'a::type => bool)) = (s = pred_set.UNIV)"
  1.5369 -  by (import pred_set EQ_UNIV)
  1.5370 -
  1.5371 -definition SUBSET :: "('a => bool) => ('a => bool) => bool" where 
  1.5372 -  "SUBSET ==
  1.5373 -%(s::'a::type => bool) t::'a::type => bool.
  1.5374 -   ALL x::'a::type. IN x s --> IN x t"
  1.5375 -
  1.5376 -lemma SUBSET_DEF: "ALL (s::'a::type => bool) t::'a::type => bool.
  1.5377 -   SUBSET s t = (ALL x::'a::type. IN x s --> IN x t)"
  1.5378 -  by (import pred_set SUBSET_DEF)
  1.5379 -
  1.5380 -lemma SUBSET_TRANS: "ALL (x::'a::type => bool) (xa::'a::type => bool) xb::'a::type => bool.
  1.5381 -   SUBSET x xa & SUBSET xa xb --> SUBSET x xb"
  1.5382 -  by (import pred_set SUBSET_TRANS)
  1.5383 -
  1.5384 -lemma SUBSET_REFL: "ALL x::'a::type => bool. SUBSET x x"
  1.5385 -  by (import pred_set SUBSET_REFL)
  1.5386 -
  1.5387 -lemma SUBSET_ANTISYM: "ALL (x::'a::type => bool) xa::'a::type => bool.
  1.5388 -   SUBSET x xa & SUBSET xa x --> x = xa"
  1.5389 -  by (import pred_set SUBSET_ANTISYM)
  1.5390 -
  1.5391 -lemma EMPTY_SUBSET: "All (SUBSET EMPTY)"
  1.5392 -  by (import pred_set EMPTY_SUBSET)
  1.5393 -
  1.5394 -lemma SUBSET_EMPTY: "ALL x::'a::type => bool. SUBSET x EMPTY = (x = EMPTY)"
  1.5395 -  by (import pred_set SUBSET_EMPTY)
  1.5396 -
  1.5397 -lemma SUBSET_UNIV: "ALL x::'a::type => bool. SUBSET x pred_set.UNIV"
  1.5398 -  by (import pred_set SUBSET_UNIV)
  1.5399 -
  1.5400 -lemma UNIV_SUBSET: "ALL x::'a::type => bool. SUBSET pred_set.UNIV x = (x = pred_set.UNIV)"
  1.5401 -  by (import pred_set UNIV_SUBSET)
  1.5402 -
  1.5403 -definition PSUBSET :: "('a => bool) => ('a => bool) => bool" where 
  1.5404 -  "PSUBSET == %(s::'a::type => bool) t::'a::type => bool. SUBSET s t & s ~= t"
  1.5405 -
  1.5406 -lemma PSUBSET_DEF: "ALL (s::'a::type => bool) t::'a::type => bool.
  1.5407 -   PSUBSET s t = (SUBSET s t & s ~= t)"
  1.5408 -  by (import pred_set PSUBSET_DEF)
  1.5409 -
  1.5410 -lemma PSUBSET_TRANS: "ALL (x::'a::type => bool) (xa::'a::type => bool) xb::'a::type => bool.
  1.5411 -   PSUBSET x xa & PSUBSET xa xb --> PSUBSET x xb"
  1.5412 -  by (import pred_set PSUBSET_TRANS)
  1.5413 -
  1.5414 -lemma PSUBSET_IRREFL: "ALL x::'a::type => bool. ~ PSUBSET x x"
  1.5415 -  by (import pred_set PSUBSET_IRREFL)
  1.5416 -
  1.5417 -lemma NOT_PSUBSET_EMPTY: "ALL x::'a::type => bool. ~ PSUBSET x EMPTY"
  1.5418 -  by (import pred_set NOT_PSUBSET_EMPTY)
  1.5419 -
  1.5420 -lemma NOT_UNIV_PSUBSET: "ALL x::'a::type => bool. ~ PSUBSET pred_set.UNIV x"
  1.5421 -  by (import pred_set NOT_UNIV_PSUBSET)
  1.5422 -
  1.5423 -lemma PSUBSET_UNIV: "ALL x::'a::type => bool.
  1.5424 -   PSUBSET x pred_set.UNIV = (EX xa::'a::type. ~ IN xa x)"
  1.5425 -  by (import pred_set PSUBSET_UNIV)
  1.5426 -
  1.5427 -consts
  1.5428 -  UNION :: "('a => bool) => ('a => bool) => 'a => bool" 
  1.5429 -
  1.5430 -defs
  1.5431 -  UNION_def: "pred_set.UNION ==
  1.5432 -%(s::'a::type => bool) t::'a::type => bool.
  1.5433 -   GSPEC (%x::'a::type. (x, IN x s | IN x t))"
  1.5434 -
  1.5435 -lemma UNION_DEF: "ALL (s::'a::type => bool) t::'a::type => bool.
  1.5436 -   pred_set.UNION s t = GSPEC (%x::'a::type. (x, IN x s | IN x t))"
  1.5437 -  by (import pred_set UNION_DEF)
  1.5438 -
  1.5439 -lemma IN_UNION: "ALL (x::'a::type => bool) (xa::'a::type => bool) xb::'a::type.
  1.5440 -   IN xb (pred_set.UNION x xa) = (IN xb x | IN xb xa)"
  1.5441 -  by (import pred_set IN_UNION)
  1.5442 -
  1.5443 -lemma UNION_ASSOC: "ALL (x::'a::type => bool) (xa::'a::type => bool) xb::'a::type => bool.
  1.5444 -   pred_set.UNION x (pred_set.UNION xa xb) =
  1.5445 -   pred_set.UNION (pred_set.UNION x xa) xb"
  1.5446 -  by (import pred_set UNION_ASSOC)
  1.5447 -
  1.5448 -lemma UNION_IDEMPOT: "ALL x::'a::type => bool. pred_set.UNION x x = x"
  1.5449 -  by (import pred_set UNION_IDEMPOT)
  1.5450 -
  1.5451 -lemma UNION_COMM: "ALL (x::'a::type => bool) xa::'a::type => bool.
  1.5452 -   pred_set.UNION x xa = pred_set.UNION xa x"
  1.5453 -  by (import pred_set UNION_COMM)
  1.5454 -
  1.5455 -lemma SUBSET_UNION: "(ALL (x::'a::type => bool) xa::'a::type => bool.
  1.5456 -    SUBSET x (pred_set.UNION x xa)) &
  1.5457 -(ALL (x::'a::type => bool) xa::'a::type => bool.
  1.5458 -    SUBSET x (pred_set.UNION xa x))"
  1.5459 -  by (import pred_set SUBSET_UNION)
  1.5460 -
  1.5461 -lemma UNION_SUBSET: "ALL (s::'a::type => bool) (t::'a::type => bool) u::'a::type => bool.
  1.5462 -   SUBSET (pred_set.UNION s t) u = (SUBSET s u & SUBSET t u)"
  1.5463 -  by (import pred_set UNION_SUBSET)
  1.5464 -
  1.5465 -lemma SUBSET_UNION_ABSORPTION: "ALL (x::'a::type => bool) xa::'a::type => bool.
  1.5466 -   SUBSET x xa = (pred_set.UNION x xa = xa)"
  1.5467 -  by (import pred_set SUBSET_UNION_ABSORPTION)
  1.5468 -
  1.5469 -lemma UNION_EMPTY: "(ALL x::'a::type => bool. pred_set.UNION EMPTY x = x) &
  1.5470 -(ALL x::'a::type => bool. pred_set.UNION x EMPTY = x)"
  1.5471 -  by (import pred_set UNION_EMPTY)
  1.5472 -
  1.5473 -lemma UNION_UNIV: "(ALL x::'a::type => bool. pred_set.UNION pred_set.UNIV x = pred_set.UNIV) &
  1.5474 -(ALL x::'a::type => bool. pred_set.UNION x pred_set.UNIV = pred_set.UNIV)"
  1.5475 -  by (import pred_set UNION_UNIV)
  1.5476 -
  1.5477 -lemma EMPTY_UNION: "ALL (x::'a::type => bool) xa::'a::type => bool.
  1.5478 -   (pred_set.UNION x xa = EMPTY) = (x = EMPTY & xa = EMPTY)"
  1.5479 -  by (import pred_set EMPTY_UNION)
  1.5480 -
  1.5481 -consts
  1.5482 -  INTER :: "('a => bool) => ('a => bool) => 'a => bool" 
  1.5483 -
  1.5484 -defs
  1.5485 -  INTER_def: "pred_set.INTER ==
  1.5486 -%(s::'a::type => bool) t::'a::type => bool.
  1.5487 -   GSPEC (%x::'a::type. (x, IN x s & IN x t))"
  1.5488 -
  1.5489 -lemma INTER_DEF: "ALL (s::'a::type => bool) t::'a::type => bool.
  1.5490 -   pred_set.INTER s t = GSPEC (%x::'a::type. (x, IN x s & IN x t))"
  1.5491 -  by (import pred_set INTER_DEF)
  1.5492 -
  1.5493 -lemma IN_INTER: "ALL (x::'a::type => bool) (xa::'a::type => bool) xb::'a::type.
  1.5494 -   IN xb (pred_set.INTER x xa) = (IN xb x & IN xb xa)"
  1.5495 -  by (import pred_set IN_INTER)
  1.5496 -
  1.5497 -lemma INTER_ASSOC: "ALL (x::'a::type => bool) (xa::'a::type => bool) xb::'a::type => bool.
  1.5498 -   pred_set.INTER x (pred_set.INTER xa xb) =
  1.5499 -   pred_set.INTER (pred_set.INTER x xa) xb"
  1.5500 -  by (import pred_set INTER_ASSOC)
  1.5501 -
  1.5502 -lemma INTER_IDEMPOT: "ALL x::'a::type => bool. pred_set.INTER x x = x"
  1.5503 -  by (import pred_set INTER_IDEMPOT)
  1.5504 -
  1.5505 -lemma INTER_COMM: "ALL (x::'a::type => bool) xa::'a::type => bool.
  1.5506 -   pred_set.INTER x xa = pred_set.INTER xa x"
  1.5507 -  by (import pred_set INTER_COMM)
  1.5508 -
  1.5509 -lemma INTER_SUBSET: "(ALL (x::'a::type => bool) xa::'a::type => bool.
  1.5510 -    SUBSET (pred_set.INTER x xa) x) &
  1.5511 -(ALL (x::'a::type => bool) xa::'a::type => bool.
  1.5512 -    SUBSET (pred_set.INTER xa x) x)"
  1.5513 -  by (import pred_set INTER_SUBSET)
  1.5514 -
  1.5515 -lemma SUBSET_INTER: "ALL (s::'a::type => bool) (t::'a::type => bool) u::'a::type => bool.
  1.5516 -   SUBSET s (pred_set.INTER t u) = (SUBSET s t & SUBSET s u)"
  1.5517 -  by (import pred_set SUBSET_INTER)
  1.5518 -
  1.5519 -lemma SUBSET_INTER_ABSORPTION: "ALL (x::'a::type => bool) xa::'a::type => bool.
  1.5520 -   SUBSET x xa = (pred_set.INTER x xa = x)"
  1.5521 -  by (import pred_set SUBSET_INTER_ABSORPTION)
  1.5522 -
  1.5523 -lemma INTER_EMPTY: "(ALL x::'a::type => bool. pred_set.INTER EMPTY x = EMPTY) &
  1.5524 -(ALL x::'a::type => bool. pred_set.INTER x EMPTY = EMPTY)"
  1.5525 -  by (import pred_set INTER_EMPTY)
  1.5526 -
  1.5527 -lemma INTER_UNIV: "(ALL x::'a::type => bool. pred_set.INTER pred_set.UNIV x = x) &
  1.5528 -(ALL x::'a::type => bool. pred_set.INTER x pred_set.UNIV = x)"
  1.5529 -  by (import pred_set INTER_UNIV)
  1.5530 -
  1.5531 -lemma UNION_OVER_INTER: "ALL (x::'a::type => bool) (xa::'a::type => bool) xb::'a::type => bool.
  1.5532 -   pred_set.INTER x (pred_set.UNION xa xb) =
  1.5533 -   pred_set.UNION (pred_set.INTER x xa) (pred_set.INTER x xb)"
  1.5534 -  by (import pred_set UNION_OVER_INTER)
  1.5535 -
  1.5536 -lemma INTER_OVER_UNION: "ALL (x::'a::type => bool) (xa::'a::type => bool) xb::'a::type => bool.
  1.5537 -   pred_set.UNION x (pred_set.INTER xa xb) =
  1.5538 -   pred_set.INTER (pred_set.UNION x xa) (pred_set.UNION x xb)"
  1.5539 -  by (import pred_set INTER_OVER_UNION)
  1.5540 -
  1.5541 -definition DISJOINT :: "('a => bool) => ('a => bool) => bool" where 
  1.5542 -  "DISJOINT ==
  1.5543 -%(s::'a::type => bool) t::'a::type => bool. pred_set.INTER s t = EMPTY"
  1.5544 -
  1.5545 -lemma DISJOINT_DEF: "ALL (s::'a::type => bool) t::'a::type => bool.
  1.5546 -   DISJOINT s t = (pred_set.INTER s t = EMPTY)"
  1.5547 -  by (import pred_set DISJOINT_DEF)
  1.5548 -
  1.5549 -lemma IN_DISJOINT: "ALL (x::'a::type => bool) xa::'a::type => bool.
  1.5550 -   DISJOINT x xa = (~ (EX xb::'a::type. IN xb x & IN xb xa))"
  1.5551 -  by (import pred_set IN_DISJOINT)
  1.5552 -
  1.5553 -lemma DISJOINT_SYM: "ALL (x::'a::type => bool) xa::'a::type => bool.
  1.5554 -   DISJOINT x xa = DISJOINT xa x"
  1.5555 -  by (import pred_set DISJOINT_SYM)
  1.5556 -
  1.5557 -lemma DISJOINT_EMPTY: "ALL x::'a::type => bool. DISJOINT EMPTY x & DISJOINT x EMPTY"
  1.5558 -  by (import pred_set DISJOINT_EMPTY)
  1.5559 -
  1.5560 -lemma DISJOINT_EMPTY_REFL: "ALL x::'a::type => bool. (x = EMPTY) = DISJOINT x x"
  1.5561 -  by (import pred_set DISJOINT_EMPTY_REFL)
  1.5562 -
  1.5563 -lemma DISJOINT_UNION: "ALL (x::'a::type => bool) (xa::'a::type => bool) xb::'a::type => bool.
  1.5564 -   DISJOINT (pred_set.UNION x xa) xb = (DISJOINT x xb & DISJOINT xa xb)"
  1.5565 -  by (import pred_set DISJOINT_UNION)
  1.5566 -
  1.5567 -lemma DISJOINT_UNION_BOTH: "ALL (s::'a::type => bool) (t::'a::type => bool) u::'a::type => bool.
  1.5568 -   DISJOINT (pred_set.UNION s t) u = (DISJOINT s u & DISJOINT t u) &
  1.5569 -   DISJOINT u (pred_set.UNION s t) = (DISJOINT s u & DISJOINT t u)"
  1.5570 -  by (import pred_set DISJOINT_UNION_BOTH)
  1.5571 -
  1.5572 -definition DIFF :: "('a => bool) => ('a => bool) => 'a => bool" where 
  1.5573 -  "DIFF ==
  1.5574 -%(s::'a::type => bool) t::'a::type => bool.
  1.5575 -   GSPEC (%x::'a::type. (x, IN x s & ~ IN x t))"
  1.5576 -
  1.5577 -lemma DIFF_DEF: "ALL (s::'a::type => bool) t::'a::type => bool.
  1.5578 -   DIFF s t = GSPEC (%x::'a::type. (x, IN x s & ~ IN x t))"
  1.5579 -  by (import pred_set DIFF_DEF)
  1.5580 -
  1.5581 -lemma IN_DIFF: "ALL (s::'a::type => bool) (t::'a::type => bool) x::'a::type.
  1.5582 -   IN x (DIFF s t) = (IN x s & ~ IN x t)"
  1.5583 -  by (import pred_set IN_DIFF)
  1.5584 -
  1.5585 -lemma DIFF_EMPTY: "ALL s::'a::type => bool. DIFF s EMPTY = s"
  1.5586 -  by (import pred_set DIFF_EMPTY)
  1.5587 -
  1.5588 -lemma EMPTY_DIFF: "ALL s::'a::type => bool. DIFF EMPTY s = EMPTY"
  1.5589 -  by (import pred_set EMPTY_DIFF)
  1.5590 -
  1.5591 -lemma DIFF_UNIV: "ALL s::'a::type => bool. DIFF s pred_set.UNIV = EMPTY"
  1.5592 -  by (import pred_set DIFF_UNIV)
  1.5593 -
  1.5594 -lemma DIFF_DIFF: "ALL (x::'a::type => bool) xa::'a::type => bool.
  1.5595 -   DIFF (DIFF x xa) xa = DIFF x xa"
  1.5596 -  by (import pred_set DIFF_DIFF)
  1.5597 -
  1.5598 -lemma DIFF_EQ_EMPTY: "ALL x::'a::type => bool. DIFF x x = EMPTY"
  1.5599 -  by (import pred_set DIFF_EQ_EMPTY)
  1.5600 -
  1.5601 -definition INSERT :: "'a => ('a => bool) => 'a => bool" where 
  1.5602 -  "INSERT ==
  1.5603 -%(x::'a::type) s::'a::type => bool.
  1.5604 -   GSPEC (%y::'a::type. (y, y = x | IN y s))"
  1.5605 -
  1.5606 -lemma INSERT_DEF: "ALL (x::'a::type) s::'a::type => bool.
  1.5607 -   INSERT x s = GSPEC (%y::'a::type. (y, y = x | IN y s))"
  1.5608 -  by (import pred_set INSERT_DEF)
  1.5609 -
  1.5610 -lemma IN_INSERT: "ALL (x::'a::type) (xa::'a::type) xb::'a::type => bool.
  1.5611 -   IN x (INSERT xa xb) = (x = xa | IN x xb)"
  1.5612 -  by (import pred_set IN_INSERT)
  1.5613 -
  1.5614 -lemma COMPONENT: "ALL (x::'a::type) xa::'a::type => bool. IN x (INSERT x xa)"
  1.5615 -  by (import pred_set COMPONENT)
  1.5616 -
  1.5617 -lemma SET_CASES: "ALL x::'a::type => bool.
  1.5618 -   x = EMPTY |
  1.5619 -   (EX (xa::'a::type) xb::'a::type => bool. x = INSERT xa xb & ~ IN xa xb)"
  1.5620 -  by (import pred_set SET_CASES)
  1.5621 -
  1.5622 -lemma DECOMPOSITION: "ALL (s::'a::type => bool) x::'a::type.
  1.5623 -   IN x s = (EX t::'a::type => bool. s = INSERT x t & ~ IN x t)"
  1.5624 -  by (import pred_set DECOMPOSITION)
  1.5625 -
  1.5626 -lemma ABSORPTION: "ALL (x::'a::type) xa::'a::type => bool. IN x xa = (INSERT x xa = xa)"
  1.5627 -  by (import pred_set ABSORPTION)
  1.5628 -
  1.5629 -lemma INSERT_INSERT: "ALL (x::'a::type) xa::'a::type => bool. INSERT x (INSERT x xa) = INSERT x xa"
  1.5630 -  by (import pred_set INSERT_INSERT)
  1.5631 -
  1.5632 -lemma INSERT_COMM: "ALL (x::'a::type) (xa::'a::type) xb::'a::type => bool.
  1.5633 -   INSERT x (INSERT xa xb) = INSERT xa (INSERT x xb)"
  1.5634 -  by (import pred_set INSERT_COMM)
  1.5635 -
  1.5636 -lemma INSERT_UNIV: "ALL x::'a::type. INSERT x pred_set.UNIV = pred_set.UNIV"
  1.5637 -  by (import pred_set INSERT_UNIV)
  1.5638 -
  1.5639 -lemma NOT_INSERT_EMPTY: "ALL (x::'a::type) xa::'a::type => bool. INSERT x xa ~= EMPTY"
  1.5640 -  by (import pred_set NOT_INSERT_EMPTY)
  1.5641 -
  1.5642 -lemma NOT_EMPTY_INSERT: "ALL (x::'a::type) xa::'a::type => bool. EMPTY ~= INSERT x xa"
  1.5643 -  by (import pred_set NOT_EMPTY_INSERT)
  1.5644 -
  1.5645 -lemma INSERT_UNION: "ALL (x::'a::type) (s::'a::type => bool) t::'a::type => bool.
  1.5646 -   pred_set.UNION (INSERT x s) t =
  1.5647 -   (if IN x t then pred_set.UNION s t else INSERT x (pred_set.UNION s t))"
  1.5648 -  by (import pred_set INSERT_UNION)
  1.5649 -
  1.5650 -lemma INSERT_UNION_EQ: "ALL (x::'a::type) (s::'a::type => bool) t::'a::type => bool.
  1.5651 -   pred_set.UNION (INSERT x s) t = INSERT x (pred_set.UNION s t)"
  1.5652 -  by (import pred_set INSERT_UNION_EQ)
  1.5653 -
  1.5654 -lemma INSERT_INTER: "ALL (x::'a::type) (s::'a::type => bool) t::'a::type => bool.
  1.5655 -   pred_set.INTER (INSERT x s) t =
  1.5656 -   (if IN x t then INSERT x (pred_set.INTER s t) else pred_set.INTER s t)"
  1.5657 -  by (import pred_set INSERT_INTER)
  1.5658 -
  1.5659 -lemma DISJOINT_INSERT: "ALL (x::'a::type) (xa::'a::type => bool) xb::'a::type => bool.
  1.5660 -   DISJOINT (INSERT x xa) xb = (DISJOINT xa xb & ~ IN x xb)"
  1.5661 -  by (import pred_set DISJOINT_INSERT)
  1.5662 -
  1.5663 -lemma INSERT_SUBSET: "ALL (x::'a::type) (xa::'a::type => bool) xb::'a::type => bool.
  1.5664 -   SUBSET (INSERT x xa) xb = (IN x xb & SUBSET xa xb)"
  1.5665 -  by (import pred_set INSERT_SUBSET)
  1.5666 -
  1.5667 -lemma SUBSET_INSERT: "ALL (x::'a::type) xa::'a::type => bool.
  1.5668 -   ~ IN x xa -->
  1.5669 -   (ALL xb::'a::type => bool. SUBSET xa (INSERT x xb) = SUBSET xa xb)"
  1.5670 -  by (import pred_set SUBSET_INSERT)
  1.5671 -
  1.5672 -lemma INSERT_DIFF: "ALL (s::'a::type => bool) (t::'a::type => bool) x::'a::type.
  1.5673 -   DIFF (INSERT x s) t = (if IN x t then DIFF s t else INSERT x (DIFF s t))"
  1.5674 -  by (import pred_set INSERT_DIFF)
  1.5675 -
  1.5676 -definition DELETE :: "('a => bool) => 'a => 'a => bool" where 
  1.5677 -  "DELETE == %(s::'a::type => bool) x::'a::type. DIFF s (INSERT x EMPTY)"
  1.5678 -
  1.5679 -lemma DELETE_DEF: "ALL (s::'a::type => bool) x::'a::type. DELETE s x = DIFF s (INSERT x EMPTY)"
  1.5680 -  by (import pred_set DELETE_DEF)
  1.5681 -
  1.5682 -lemma IN_DELETE: "ALL (x::'a::type => bool) (xa::'a::type) xb::'a::type.
  1.5683 -   IN xa (DELETE x xb) = (IN xa x & xa ~= xb)"
  1.5684 -  by (import pred_set IN_DELETE)
  1.5685 -
  1.5686 -lemma DELETE_NON_ELEMENT: "ALL (x::'a::type) xa::'a::type => bool. (~ IN x xa) = (DELETE xa x = xa)"
  1.5687 -  by (import pred_set DELETE_NON_ELEMENT)
  1.5688 -
  1.5689 -lemma IN_DELETE_EQ: "ALL (s::'a::type => bool) (x::'a::type) x'::'a::type.
  1.5690 -   (IN x s = IN x' s) = (IN x (DELETE s x') = IN x' (DELETE s x))"
  1.5691 -  by (import pred_set IN_DELETE_EQ)
  1.5692 -
  1.5693 -lemma EMPTY_DELETE: "ALL x::'a::type. DELETE EMPTY x = EMPTY"
  1.5694 -  by (import pred_set EMPTY_DELETE)
  1.5695 -
  1.5696 -lemma DELETE_DELETE: "ALL (x::'a::type) xa::'a::type => bool. DELETE (DELETE xa x) x = DELETE xa x"
  1.5697 -  by (import pred_set DELETE_DELETE)
  1.5698 -
  1.5699 -lemma DELETE_COMM: "ALL (x::'a::type) (xa::'a::type) xb::'a::type => bool.
  1.5700 -   DELETE (DELETE xb x) xa = DELETE (DELETE xb xa) x"
  1.5701 -  by (import pred_set DELETE_COMM)
  1.5702 -
  1.5703 -lemma DELETE_SUBSET: "ALL (x::'a::type) xa::'a::type => bool. SUBSET (DELETE xa x) xa"
  1.5704 -  by (import pred_set DELETE_SUBSET)
  1.5705 -
  1.5706 -lemma SUBSET_DELETE: "ALL (x::'a::type) (xa::'a::type => bool) xb::'a::type => bool.
  1.5707 -   SUBSET xa (DELETE xb x) = (~ IN x xa & SUBSET xa xb)"
  1.5708 -  by (import pred_set SUBSET_DELETE)
  1.5709 -
  1.5710 -lemma SUBSET_INSERT_DELETE: "ALL (x::'a::type) (s::'a::type => bool) t::'a::type => bool.
  1.5711 -   SUBSET s (INSERT x t) = SUBSET (DELETE s x) t"
  1.5712 -  by (import pred_set SUBSET_INSERT_DELETE)
  1.5713 -
  1.5714 -lemma DIFF_INSERT: "ALL (x::'a::type => bool) (xa::'a::type => bool) xb::'a::type.
  1.5715 -   DIFF x (INSERT xb xa) = DIFF (DELETE x xb) xa"
  1.5716 -  by (import pred_set DIFF_INSERT)
  1.5717 -
  1.5718 -lemma PSUBSET_INSERT_SUBSET: "ALL (x::'a::type => bool) xa::'a::type => bool.
  1.5719 -   PSUBSET x xa = (EX xb::'a::type. ~ IN xb x & SUBSET (INSERT xb x) xa)"
  1.5720 -  by (import pred_set PSUBSET_INSERT_SUBSET)
  1.5721 -
  1.5722 -lemma PSUBSET_MEMBER: "ALL (s::'a::type => bool) t::'a::type => bool.
  1.5723 -   PSUBSET s t = (SUBSET s t & (EX y::'a::type. IN y t & ~ IN y s))"
  1.5724 -  by (import pred_set PSUBSET_MEMBER)
  1.5725 -
  1.5726 -lemma DELETE_INSERT: "ALL (x::'a::type) (xa::'a::type) xb::'a::type => bool.
  1.5727 -   DELETE (INSERT x xb) xa =
  1.5728 -   (if x = xa then DELETE xb xa else INSERT x (DELETE xb xa))"
  1.5729 -  by (import pred_set DELETE_INSERT)
  1.5730 -
  1.5731 -lemma INSERT_DELETE: "ALL (x::'a::type) xa::'a::type => bool.
  1.5732 -   IN x xa --> INSERT x (DELETE xa x) = xa"
  1.5733 -  by (import pred_set INSERT_DELETE)
  1.5734 -
  1.5735 -lemma DELETE_INTER: "ALL (x::'a::type => bool) (xa::'a::type => bool) xb::'a::type.
  1.5736 -   pred_set.INTER (DELETE x xb) xa = DELETE (pred_set.INTER x xa) xb"
  1.5737 -  by (import pred_set DELETE_INTER)
  1.5738 -
  1.5739 -lemma DISJOINT_DELETE_SYM: "ALL (x::'a::type => bool) (xa::'a::type => bool) xb::'a::type.
  1.5740 -   DISJOINT (DELETE x xb) xa = DISJOINT (DELETE xa xb) x"
  1.5741 -  by (import pred_set DISJOINT_DELETE_SYM)
  1.5742 +  sorry
  1.5743 +
  1.5744 +lemma EQ_UNIV: "(ALL x. IN x s) = (s = pred_set.UNIV)"
  1.5745 +  sorry
  1.5746 +
  1.5747 +definition
  1.5748 +  SUBSET :: "('a => bool) => ('a => bool) => bool"  where
  1.5749 +  "SUBSET == %s t. ALL x. IN x s --> IN x t"
  1.5750 +
  1.5751 +lemma SUBSET_DEF: "SUBSET s t = (ALL x. IN x s --> IN x t)"
  1.5752 +  sorry
  1.5753 +
  1.5754 +lemma SUBSET_TRANS: "SUBSET x xa & SUBSET xa xb ==> SUBSET x xb"
  1.5755 +  sorry
  1.5756 +
  1.5757 +lemma SUBSET_REFL: "SUBSET x x"
  1.5758 +  sorry
  1.5759 +
  1.5760 +lemma SUBSET_ANTISYM: "SUBSET x xa & SUBSET xa x ==> x = xa"
  1.5761 +  sorry
  1.5762 +
  1.5763 +lemma EMPTY_SUBSET: "SUBSET EMPTY x"
  1.5764 +  sorry
  1.5765 +
  1.5766 +lemma SUBSET_EMPTY: "SUBSET x EMPTY = (x = EMPTY)"
  1.5767 +  sorry
  1.5768 +
  1.5769 +lemma SUBSET_UNIV: "SUBSET x pred_set.UNIV"
  1.5770 +  sorry
  1.5771 +
  1.5772 +lemma UNIV_SUBSET: "SUBSET pred_set.UNIV x = (x = pred_set.UNIV)"
  1.5773 +  sorry
  1.5774 +
  1.5775 +definition
  1.5776 +  PSUBSET :: "('a => bool) => ('a => bool) => bool"  where
  1.5777 +  "PSUBSET == %s t. SUBSET s t & s ~= t"
  1.5778 +
  1.5779 +lemma PSUBSET_DEF: "PSUBSET s t = (SUBSET s t & s ~= t)"
  1.5780 +  sorry
  1.5781 +
  1.5782 +lemma PSUBSET_TRANS: "PSUBSET x xa & PSUBSET xa xb ==> PSUBSET x xb"
  1.5783 +  sorry
  1.5784 +
  1.5785 +lemma PSUBSET_IRREFL: "~ PSUBSET x x"
  1.5786 +  sorry
  1.5787 +
  1.5788 +lemma NOT_PSUBSET_EMPTY: "~ PSUBSET x EMPTY"
  1.5789 +  sorry
  1.5790 +
  1.5791 +lemma NOT_UNIV_PSUBSET: "~ PSUBSET pred_set.UNIV x"
  1.5792 +  sorry
  1.5793 +
  1.5794 +lemma PSUBSET_UNIV: "PSUBSET x pred_set.UNIV = (EX xa. ~ IN xa x)"
  1.5795 +  sorry
  1.5796 +
  1.5797 +definition
  1.5798 +  UNION :: "('a => bool) => ('a => bool) => 'a => bool"  where
  1.5799 +  "UNION == %s t. GSPEC (%x. (x, IN x s | IN x t))"
  1.5800 +
  1.5801 +lemma UNION_DEF: "pred_set.UNION s t = GSPEC (%x. (x, IN x s | IN x t))"
  1.5802 +  sorry
  1.5803 +
  1.5804 +lemma IN_UNION: "IN xb (pred_set.UNION x xa) = (IN xb x | IN xb xa)"
  1.5805 +  sorry
  1.5806 +
  1.5807 +lemma UNION_ASSOC: "pred_set.UNION x (pred_set.UNION xa xb) =
  1.5808 +pred_set.UNION (pred_set.UNION x xa) xb"
  1.5809 +  sorry
  1.5810 +
  1.5811 +lemma UNION_IDEMPOT: "pred_set.UNION x x = x"
  1.5812 +  sorry
  1.5813 +
  1.5814 +lemma UNION_COMM: "pred_set.UNION x xa = pred_set.UNION xa x"
  1.5815 +  sorry
  1.5816 +
  1.5817 +lemma SUBSET_UNION: "(ALL (x::'a => bool) xa::'a => bool. SUBSET x (pred_set.UNION x xa)) &
  1.5818 +(ALL (x::'a => bool) xa::'a => bool. SUBSET x (pred_set.UNION xa x))"
  1.5819 +  sorry
  1.5820 +
  1.5821 +lemma UNION_SUBSET: "SUBSET (pred_set.UNION s t) u = (SUBSET s u & SUBSET t u)"
  1.5822 +  sorry
  1.5823 +
  1.5824 +lemma SUBSET_UNION_ABSORPTION: "SUBSET x xa = (pred_set.UNION x xa = xa)"
  1.5825 +  sorry
  1.5826 +
  1.5827 +lemma UNION_EMPTY: "(ALL x::'a => bool. pred_set.UNION EMPTY x = x) &
  1.5828 +(ALL x::'a => bool. pred_set.UNION x EMPTY = x)"
  1.5829 +  sorry
  1.5830 +
  1.5831 +lemma UNION_UNIV: "(ALL x::'a => bool. pred_set.UNION pred_set.UNIV x = pred_set.UNIV) &
  1.5832 +(ALL x::'a => bool. pred_set.UNION x pred_set.UNIV = pred_set.UNIV)"
  1.5833 +  sorry
  1.5834 +
  1.5835 +lemma EMPTY_UNION: "(pred_set.UNION x xa = EMPTY) = (x = EMPTY & xa = EMPTY)"
  1.5836 +  sorry
  1.5837 +
  1.5838 +definition
  1.5839 +  INTER :: "('a => bool) => ('a => bool) => 'a => bool"  where
  1.5840 +  "INTER == %s t. GSPEC (%x. (x, IN x s & IN x t))"
  1.5841 +
  1.5842 +lemma INTER_DEF: "pred_set.INTER s t = GSPEC (%x. (x, IN x s & IN x t))"
  1.5843 +  sorry
  1.5844 +
  1.5845 +lemma IN_INTER: "IN xb (pred_set.INTER x xa) = (IN xb x & IN xb xa)"
  1.5846 +  sorry
  1.5847 +
  1.5848 +lemma INTER_ASSOC: "pred_set.INTER x (pred_set.INTER xa xb) =
  1.5849 +pred_set.INTER (pred_set.INTER x xa) xb"
  1.5850 +  sorry
  1.5851 +
  1.5852 +lemma INTER_IDEMPOT: "pred_set.INTER x x = x"
  1.5853 +  sorry
  1.5854 +
  1.5855 +lemma INTER_COMM: "pred_set.INTER x xa = pred_set.INTER xa x"
  1.5856 +  sorry
  1.5857 +
  1.5858 +lemma INTER_SUBSET: "(ALL (x::'a => bool) xa::'a => bool. SUBSET (pred_set.INTER x xa) x) &
  1.5859 +(ALL (x::'a => bool) xa::'a => bool. SUBSET (pred_set.INTER xa x) x)"
  1.5860 +  sorry
  1.5861 +
  1.5862 +lemma SUBSET_INTER: "SUBSET s (pred_set.INTER t u) = (SUBSET s t & SUBSET s u)"
  1.5863 +  sorry
  1.5864 +
  1.5865 +lemma SUBSET_INTER_ABSORPTION: "SUBSET x xa = (pred_set.INTER x xa = x)"
  1.5866 +  sorry
  1.5867 +
  1.5868 +lemma INTER_EMPTY: "(ALL x::'a => bool. pred_set.INTER EMPTY x = EMPTY) &
  1.5869 +(ALL x::'a => bool. pred_set.INTER x EMPTY = EMPTY)"
  1.5870 +  sorry
  1.5871 +
  1.5872 +lemma INTER_UNIV: "(ALL x::'a => bool. pred_set.INTER pred_set.UNIV x = x) &
  1.5873 +(ALL x::'a => bool. pred_set.INTER x pred_set.UNIV = x)"
  1.5874 +  sorry
  1.5875 +
  1.5876 +lemma UNION_OVER_INTER: "pred_set.INTER x (pred_set.UNION xa xb) =
  1.5877 +pred_set.UNION (pred_set.INTER x xa) (pred_set.INTER x xb)"
  1.5878 +  sorry
  1.5879 +
  1.5880 +lemma INTER_OVER_UNION: "pred_set.UNION x (pred_set.INTER xa xb) =
  1.5881 +pred_set.INTER (pred_set.UNION x xa) (pred_set.UNION x xb)"
  1.5882 +  sorry
  1.5883 +
  1.5884 +definition
  1.5885 +  DISJOINT :: "('a => bool) => ('a => bool) => bool"  where
  1.5886 +  "DISJOINT == %s t. pred_set.INTER s t = EMPTY"
  1.5887 +
  1.5888 +lemma DISJOINT_DEF: "DISJOINT s t = (pred_set.INTER s t = EMPTY)"
  1.5889 +  sorry
  1.5890 +
  1.5891 +lemma IN_DISJOINT: "DISJOINT x xa = (~ (EX xb. IN xb x & IN xb xa))"
  1.5892 +  sorry
  1.5893 +
  1.5894 +lemma DISJOINT_SYM: "DISJOINT x xa = DISJOINT xa x"
  1.5895 +  sorry
  1.5896 +
  1.5897 +lemma DISJOINT_EMPTY: "DISJOINT EMPTY x & DISJOINT x EMPTY"
  1.5898 +  sorry
  1.5899 +
  1.5900 +lemma DISJOINT_EMPTY_REFL: "(x = EMPTY) = DISJOINT x x"
  1.5901 +  sorry
  1.5902 +
  1.5903 +lemma DISJOINT_UNION: "DISJOINT (pred_set.UNION x xa) xb = (DISJOINT x xb & DISJOINT xa xb)"
  1.5904 +  sorry
  1.5905 +
  1.5906 +lemma DISJOINT_UNION_BOTH: "DISJOINT (pred_set.UNION s t) u = (DISJOINT s u & DISJOINT t u) &
  1.5907 +DISJOINT u (pred_set.UNION s t) = (DISJOINT s u & DISJOINT t u)"
  1.5908 +  sorry
  1.5909 +
  1.5910 +definition
  1.5911 +  DIFF :: "('a => bool) => ('a => bool) => 'a => bool"  where
  1.5912 +  "DIFF == %s t. GSPEC (%x. (x, IN x s & ~ IN x t))"
  1.5913 +
  1.5914 +lemma DIFF_DEF: "DIFF s t = GSPEC (%x. (x, IN x s & ~ IN x t))"
  1.5915 +  sorry
  1.5916 +
  1.5917 +lemma IN_DIFF: "IN x (DIFF s t) = (IN x s & ~ IN x t)"
  1.5918 +  sorry
  1.5919 +
  1.5920 +lemma DIFF_EMPTY: "DIFF s EMPTY = s"
  1.5921 +  sorry
  1.5922 +
  1.5923 +lemma EMPTY_DIFF: "DIFF EMPTY s = EMPTY"
  1.5924 +  sorry
  1.5925 +
  1.5926 +lemma DIFF_UNIV: "DIFF s pred_set.UNIV = EMPTY"
  1.5927 +  sorry
  1.5928 +
  1.5929 +lemma DIFF_DIFF: "DIFF (DIFF x xa) xa = DIFF x xa"
  1.5930 +  sorry
  1.5931 +
  1.5932 +lemma DIFF_EQ_EMPTY: "DIFF x x = EMPTY"
  1.5933 +  sorry
  1.5934 +
  1.5935 +definition
  1.5936 +  INSERT :: "'a => ('a => bool) => 'a => bool"  where
  1.5937 +  "INSERT == %x s. GSPEC (%y. (y, y = x | IN y s))"
  1.5938 +
  1.5939 +lemma INSERT_DEF: "INSERT x s = GSPEC (%y. (y, y = x | IN y s))"
  1.5940 +  sorry
  1.5941 +
  1.5942 +lemma IN_INSERT: "IN x (INSERT xa xb) = (x = xa | IN x xb)"
  1.5943 +  sorry
  1.5944 +
  1.5945 +lemma COMPONENT: "IN x (INSERT x xa)"
  1.5946 +  sorry
  1.5947 +
  1.5948 +lemma SET_CASES: "x = EMPTY | (EX xa xb. x = INSERT xa xb & ~ IN xa xb)"
  1.5949 +  sorry
  1.5950 +
  1.5951 +lemma DECOMPOSITION: "IN x s = (EX t. s = INSERT x t & ~ IN x t)"
  1.5952 +  sorry
  1.5953 +
  1.5954 +lemma ABSORPTION: "IN x xa = (INSERT x xa = xa)"
  1.5955 +  sorry
  1.5956 +
  1.5957 +lemma INSERT_INSERT: "INSERT x (INSERT x xa) = INSERT x xa"
  1.5958 +  sorry
  1.5959 +
  1.5960 +lemma INSERT_COMM: "INSERT x (INSERT xa xb) = INSERT xa (INSERT x xb)"
  1.5961 +  sorry
  1.5962 +
  1.5963 +lemma INSERT_UNIV: "INSERT x pred_set.UNIV = pred_set.UNIV"
  1.5964 +  sorry
  1.5965 +
  1.5966 +lemma NOT_INSERT_EMPTY: "INSERT x xa ~= EMPTY"
  1.5967 +  sorry
  1.5968 +
  1.5969 +lemma NOT_EMPTY_INSERT: "EMPTY ~= INSERT x xa"
  1.5970 +  sorry
  1.5971 +
  1.5972 +lemma INSERT_UNION: "pred_set.UNION (INSERT x s) t =
  1.5973 +(if IN x t then pred_set.UNION s t else INSERT x (pred_set.UNION s t))"
  1.5974 +  sorry
  1.5975 +
  1.5976 +lemma INSERT_UNION_EQ: "pred_set.UNION (INSERT x s) t = INSERT x (pred_set.UNION s t)"
  1.5977 +  sorry
  1.5978 +
  1.5979 +lemma INSERT_INTER: "pred_set.INTER (INSERT x s) t =
  1.5980 +(if IN x t then INSERT x (pred_set.INTER s t) else pred_set.INTER s t)"
  1.5981 +  sorry
  1.5982 +
  1.5983 +lemma DISJOINT_INSERT: "DISJOINT (INSERT x xa) xb = (DISJOINT xa xb & ~ IN x xb)"
  1.5984 +  sorry
  1.5985 +
  1.5986 +lemma INSERT_SUBSET: "SUBSET (INSERT x xa) xb = (IN x xb & SUBSET xa xb)"
  1.5987 +  sorry
  1.5988 +
  1.5989 +lemma SUBSET_INSERT: "~ IN x xa ==> SUBSET xa (INSERT x xb) = SUBSET xa xb"
  1.5990 +  sorry
  1.5991 +
  1.5992 +lemma INSERT_DIFF: "DIFF (INSERT x s) t = (if IN x t then DIFF s t else INSERT x (DIFF s t))"
  1.5993 +  sorry
  1.5994 +
  1.5995 +definition
  1.5996 +  DELETE :: "('a => bool) => 'a => 'a => bool"  where
  1.5997 +  "DELETE == %s x. DIFF s (INSERT x EMPTY)"
  1.5998 +
  1.5999 +lemma DELETE_DEF: "DELETE s x = DIFF s (INSERT x EMPTY)"
  1.6000 +  sorry
  1.6001 +
  1.6002 +lemma IN_DELETE: "IN xa (DELETE x xb) = (IN xa x & xa ~= xb)"
  1.6003 +  sorry
  1.6004 +
  1.6005 +lemma DELETE_NON_ELEMENT: "(~ IN x xa) = (DELETE xa x = xa)"
  1.6006 +  sorry
  1.6007 +
  1.6008 +lemma IN_DELETE_EQ: "(IN x s = IN x' s) = (IN x (DELETE s x') = IN x' (DELETE s x))"
  1.6009 +  sorry
  1.6010 +
  1.6011 +lemma EMPTY_DELETE: "DELETE EMPTY x = EMPTY"
  1.6012 +  sorry
  1.6013 +
  1.6014 +lemma DELETE_DELETE: "DELETE (DELETE xa x) x = DELETE xa x"
  1.6015 +  sorry
  1.6016 +
  1.6017 +lemma DELETE_COMM: "DELETE (DELETE xb x) xa = DELETE (DELETE xb xa) x"
  1.6018 +  sorry
  1.6019 +
  1.6020 +lemma DELETE_SUBSET: "SUBSET (DELETE xa x) xa"
  1.6021 +  sorry
  1.6022 +
  1.6023 +lemma SUBSET_DELETE: "SUBSET xa (DELETE xb x) = (~ IN x xa & SUBSET xa xb)"
  1.6024 +  sorry
  1.6025 +
  1.6026 +lemma SUBSET_INSERT_DELETE: "SUBSET s (INSERT x t) = SUBSET (DELETE s x) t"
  1.6027 +  sorry
  1.6028 +
  1.6029 +lemma DIFF_INSERT: "DIFF x (INSERT xb xa) = DIFF (DELETE x xb) xa"
  1.6030 +  sorry
  1.6031 +
  1.6032 +lemma PSUBSET_INSERT_SUBSET: "PSUBSET x xa = (EX xb. ~ IN xb x & SUBSET (INSERT xb x) xa)"
  1.6033 +  sorry
  1.6034 +
  1.6035 +lemma PSUBSET_MEMBER: "PSUBSET s t = (SUBSET s t & (EX y. IN y t & ~ IN y s))"
  1.6036 +  sorry
  1.6037 +
  1.6038 +lemma DELETE_INSERT: "DELETE (INSERT x xb) xa =
  1.6039 +(if x = xa then DELETE xb xa else INSERT x (DELETE xb xa))"
  1.6040 +  sorry
  1.6041 +
  1.6042 +lemma INSERT_DELETE: "IN x xa ==> INSERT x (DELETE xa x) = xa"
  1.6043 +  sorry
  1.6044 +
  1.6045 +lemma DELETE_INTER: "pred_set.INTER (DELETE x xb) xa = DELETE (pred_set.INTER x xa) xb"
  1.6046 +  sorry
  1.6047 +
  1.6048 +lemma DISJOINT_DELETE_SYM: "DISJOINT (DELETE x xb) xa = DISJOINT (DELETE xa xb) x"
  1.6049 +  sorry
  1.6050  
  1.6051  consts
  1.6052    CHOICE :: "('a => bool) => 'a" 
  1.6053  
  1.6054 -specification (CHOICE) CHOICE_DEF: "ALL x::'a::type => bool. x ~= EMPTY --> IN (CHOICE x) x"
  1.6055 -  by (import pred_set CHOICE_DEF)
  1.6056 -
  1.6057 -definition REST :: "('a => bool) => 'a => bool" where 
  1.6058 -  "REST == %s::'a::type => bool. DELETE s (CHOICE s)"
  1.6059 -
  1.6060 -lemma REST_DEF: "ALL s::'a::type => bool. REST s = DELETE s (CHOICE s)"
  1.6061 -  by (import pred_set REST_DEF)
  1.6062 -
  1.6063 -lemma CHOICE_NOT_IN_REST: "ALL x::'a::type => bool. ~ IN (CHOICE x) (REST x)"
  1.6064 -  by (import pred_set CHOICE_NOT_IN_REST)
  1.6065 -
  1.6066 -lemma CHOICE_INSERT_REST: "ALL s::'a::type => bool. s ~= EMPTY --> INSERT (CHOICE s) (REST s) = s"
  1.6067 -  by (import pred_set CHOICE_INSERT_REST)
  1.6068 -
  1.6069 -lemma REST_SUBSET: "ALL x::'a::type => bool. SUBSET (REST x) x"
  1.6070 -  by (import pred_set REST_SUBSET)
  1.6071 -
  1.6072 -lemma REST_PSUBSET: "ALL x::'a::type => bool. x ~= EMPTY --> PSUBSET (REST x) x"
  1.6073 -  by (import pred_set REST_PSUBSET)
  1.6074 -
  1.6075 -definition SING :: "('a => bool) => bool" where 
  1.6076 -  "SING == %s::'a::type => bool. EX x::'a::type. s = INSERT x EMPTY"
  1.6077 -
  1.6078 -lemma SING_DEF: "ALL s::'a::type => bool. SING s = (EX x::'a::type. s = INSERT x EMPTY)"
  1.6079 -  by (import pred_set SING_DEF)
  1.6080 -
  1.6081 -lemma SING: "ALL x::'a::type. SING (INSERT x EMPTY)"
  1.6082 -  by (import pred_set SING)
  1.6083 -
  1.6084 -lemma IN_SING: "ALL (x::'a::type) xa::'a::type. IN x (INSERT xa EMPTY) = (x = xa)"
  1.6085 -  by (import pred_set IN_SING)
  1.6086 -
  1.6087 -lemma NOT_SING_EMPTY: "ALL x::'a::type. INSERT x EMPTY ~= EMPTY"
  1.6088 -  by (import pred_set NOT_SING_EMPTY)
  1.6089 -
  1.6090 -lemma NOT_EMPTY_SING: "ALL x::'a::type. EMPTY ~= INSERT x EMPTY"
  1.6091 -  by (import pred_set NOT_EMPTY_SING)
  1.6092 -
  1.6093 -lemma EQUAL_SING: "ALL (x::'a::type) xa::'a::type.
  1.6094 -   (INSERT x EMPTY = INSERT xa EMPTY) = (x = xa)"
  1.6095 -  by (import pred_set EQUAL_SING)
  1.6096 -
  1.6097 -lemma DISJOINT_SING_EMPTY: "ALL x::'a::type. DISJOINT (INSERT x EMPTY) EMPTY"
  1.6098 -  by (import pred_set DISJOINT_SING_EMPTY)
  1.6099 -
  1.6100 -lemma INSERT_SING_UNION: "ALL (x::'a::type => bool) xa::'a::type.
  1.6101 -   INSERT xa x = pred_set.UNION (INSERT xa EMPTY) x"
  1.6102 -  by (import pred_set INSERT_SING_UNION)
  1.6103 -
  1.6104 -lemma SING_DELETE: "ALL x::'a::type. DELETE (INSERT x EMPTY) x = EMPTY"
  1.6105 -  by (import pred_set SING_DELETE)
  1.6106 -
  1.6107 -lemma DELETE_EQ_SING: "ALL (x::'a::type => bool) xa::'a::type.
  1.6108 -   IN xa x --> (DELETE x xa = EMPTY) = (x = INSERT xa EMPTY)"
  1.6109 -  by (import pred_set DELETE_EQ_SING)
  1.6110 -
  1.6111 -lemma CHOICE_SING: "ALL x::'a::type. CHOICE (INSERT x EMPTY) = x"
  1.6112 -  by (import pred_set CHOICE_SING)
  1.6113 -
  1.6114 -lemma REST_SING: "ALL x::'a::type. REST (INSERT x EMPTY) = EMPTY"
  1.6115 -  by (import pred_set REST_SING)
  1.6116 -
  1.6117 -lemma SING_IFF_EMPTY_REST: "ALL x::'a::type => bool. SING x = (x ~= EMPTY & REST x = EMPTY)"
  1.6118 -  by (import pred_set SING_IFF_EMPTY_REST)
  1.6119 -
  1.6120 -definition IMAGE :: "('a => 'b) => ('a => bool) => 'b => bool" where 
  1.6121 -  "IMAGE ==
  1.6122 -%(f::'a::type => 'b::type) s::'a::type => bool.
  1.6123 -   GSPEC (%x::'a::type. (f x, IN x s))"
  1.6124 -
  1.6125 -lemma IMAGE_DEF: "ALL (f::'a::type => 'b::type) s::'a::type => bool.
  1.6126 -   IMAGE f s = GSPEC (%x::'a::type. (f x, IN x s))"
  1.6127 -  by (import pred_set IMAGE_DEF)
  1.6128 -
  1.6129 -lemma IN_IMAGE: "ALL (x::'b::type) (xa::'a::type => bool) xb::'a::type => 'b::type.
  1.6130 -   IN x (IMAGE xb xa) = (EX xc::'a::type. x = xb xc & IN xc xa)"
  1.6131 -  by (import pred_set IN_IMAGE)
  1.6132 -
  1.6133 -lemma IMAGE_IN: "ALL (x::'a::type) xa::'a::type => bool.
  1.6134 -   IN x xa --> (ALL xb::'a::type => 'b::type. IN (xb x) (IMAGE xb xa))"
  1.6135 -  by (import pred_set IMAGE_IN)
  1.6136 -
  1.6137 -lemma IMAGE_EMPTY: "ALL x::'a::type => 'b::type. IMAGE x EMPTY = EMPTY"
  1.6138 -  by (import pred_set IMAGE_EMPTY)
  1.6139 -
  1.6140 -lemma IMAGE_ID: "ALL x::'a::type => bool. IMAGE (%x::'a::type. x) x = x"
  1.6141 -  by (import pred_set IMAGE_ID)
  1.6142 -
  1.6143 -lemma IMAGE_COMPOSE: "ALL (x::'b::type => 'c::type) (xa::'a::type => 'b::type)
  1.6144 -   xb::'a::type => bool. IMAGE (x o xa) xb = IMAGE x (IMAGE xa xb)"
  1.6145 -  by (import pred_set IMAGE_COMPOSE)
  1.6146 -
  1.6147 -lemma IMAGE_INSERT: "ALL (x::'a::type => 'b::type) (xa::'a::type) xb::'a::type => bool.
  1.6148 -   IMAGE x (INSERT xa xb) = INSERT (x xa) (IMAGE x xb)"
  1.6149 -  by (import pred_set IMAGE_INSERT)
  1.6150 -
  1.6151 -lemma IMAGE_EQ_EMPTY: "ALL (s::'a::type => bool) x::'a::type => 'b::type.
  1.6152 -   (IMAGE x s = EMPTY) = (s = EMPTY)"
  1.6153 -  by (import pred_set IMAGE_EQ_EMPTY)
  1.6154 -
  1.6155 -lemma IMAGE_DELETE: "ALL (f::'a::type => 'b::type) (x::'a::type) s::'a::type => bool.
  1.6156 -   ~ IN x s --> IMAGE f (DELETE s x) = IMAGE f s"
  1.6157 -  by (import pred_set IMAGE_DELETE)
  1.6158 -
  1.6159 -lemma IMAGE_UNION: "ALL (x::'a::type => 'b::type) (xa::'a::type => bool) xb::'a::type => bool.
  1.6160 -   IMAGE x (pred_set.UNION xa xb) = pred_set.UNION (IMAGE x xa) (IMAGE x xb)"
  1.6161 -  by (import pred_set IMAGE_UNION)
  1.6162 -
  1.6163 -lemma IMAGE_SUBSET: "ALL (x::'a::type => bool) xa::'a::type => bool.
  1.6164 -   SUBSET x xa -->
  1.6165 -   (ALL xb::'a::type => 'b::type. SUBSET (IMAGE xb x) (IMAGE xb xa))"
  1.6166 -  by (import pred_set IMAGE_SUBSET)
  1.6167 -
  1.6168 -lemma IMAGE_INTER: "ALL (f::'a::type => 'b::type) (s::'a::type => bool) t::'a::type => bool.
  1.6169 -   SUBSET (IMAGE f (pred_set.INTER s t))
  1.6170 -    (pred_set.INTER (IMAGE f s) (IMAGE f t))"
  1.6171 -  by (import pred_set IMAGE_INTER)
  1.6172 -
  1.6173 -definition INJ :: "('a => 'b) => ('a => bool) => ('b => bool) => bool" where 
  1.6174 +specification (CHOICE) CHOICE_DEF: "ALL x. x ~= EMPTY --> IN (CHOICE x) x"
  1.6175 +  sorry
  1.6176 +
  1.6177 +definition
  1.6178 +  REST :: "('a => bool) => 'a => bool"  where
  1.6179 +  "REST == %s. DELETE s (CHOICE s)"
  1.6180 +
  1.6181 +lemma REST_DEF: "REST s = DELETE s (CHOICE s)"
  1.6182 +  sorry
  1.6183 +
  1.6184 +lemma CHOICE_NOT_IN_REST: "~ IN (CHOICE x) (REST x)"
  1.6185 +  sorry
  1.6186 +
  1.6187 +lemma CHOICE_INSERT_REST: "s ~= EMPTY ==> INSERT (CHOICE s) (REST s) = s"
  1.6188 +  sorry
  1.6189 +
  1.6190 +lemma REST_SUBSET: "SUBSET (REST x) x"
  1.6191 +  sorry
  1.6192 +
  1.6193 +lemma REST_PSUBSET: "x ~= EMPTY ==> PSUBSET (REST x) x"
  1.6194 +  sorry
  1.6195 +
  1.6196 +definition
  1.6197 +  SING :: "('a => bool) => bool"  where
  1.6198 +  "SING == %s. EX x. s = INSERT x EMPTY"
  1.6199 +
  1.6200 +lemma SING_DEF: "SING s = (EX x. s = INSERT x EMPTY)"
  1.6201 +  sorry
  1.6202 +
  1.6203 +lemma SING: "SING (INSERT x EMPTY)"
  1.6204 +  sorry
  1.6205 +
  1.6206 +lemma IN_SING: "IN x (INSERT xa EMPTY) = (x = xa)"
  1.6207 +  sorry
  1.6208 +
  1.6209 +lemma NOT_SING_EMPTY: "INSERT x EMPTY ~= EMPTY"
  1.6210 +  sorry
  1.6211 +
  1.6212 +lemma NOT_EMPTY_SING: "EMPTY ~= INSERT x EMPTY"
  1.6213 +  sorry
  1.6214 +
  1.6215 +lemma EQUAL_SING: "(INSERT x EMPTY = INSERT xa EMPTY) = (x = xa)"
  1.6216 +  sorry
  1.6217 +
  1.6218 +lemma DISJOINT_SING_EMPTY: "DISJOINT (INSERT x EMPTY) EMPTY"
  1.6219 +  sorry
  1.6220 +
  1.6221 +lemma INSERT_SING_UNION: "INSERT xa x = pred_set.UNION (INSERT xa EMPTY) x"
  1.6222 +  sorry
  1.6223 +
  1.6224 +lemma SING_DELETE: "DELETE (INSERT x EMPTY) x = EMPTY"
  1.6225 +  sorry
  1.6226 +
  1.6227 +lemma DELETE_EQ_SING: "IN xa x ==> (DELETE x xa = EMPTY) = (x = INSERT xa EMPTY)"
  1.6228 +  sorry
  1.6229 +
  1.6230 +lemma CHOICE_SING: "CHOICE (INSERT x EMPTY) = x"
  1.6231 +  sorry
  1.6232 +
  1.6233 +lemma REST_SING: "REST (INSERT x EMPTY) = EMPTY"
  1.6234 +  sorry
  1.6235 +
  1.6236 +lemma SING_IFF_EMPTY_REST: "SING x = (x ~= EMPTY & REST x = EMPTY)"
  1.6237 +  sorry
  1.6238 +
  1.6239 +definition
  1.6240 +  IMAGE :: "('a => 'b) => ('a => bool) => 'b => bool"  where
  1.6241 +  "IMAGE == %f s. GSPEC (%x. (f x, IN x s))"
  1.6242 +
  1.6243 +lemma IMAGE_DEF: "IMAGE (f::'a => 'b) (s::'a => bool) = GSPEC (%x::'a. (f x, IN x s))"
  1.6244 +  sorry
  1.6245 +
  1.6246 +lemma IN_IMAGE: "IN (x::'b) (IMAGE (xb::'a => 'b) (xa::'a => bool)) =
  1.6247 +(EX xc::'a. x = xb xc & IN xc xa)"
  1.6248 +  sorry
  1.6249 +
  1.6250 +lemma IMAGE_IN: "IN x xa ==> IN (xb x) (IMAGE xb xa)"
  1.6251 +  sorry
  1.6252 +
  1.6253 +lemma IMAGE_EMPTY: "IMAGE (x::'a => 'b) EMPTY = EMPTY"
  1.6254 +  sorry
  1.6255 +
  1.6256 +lemma IMAGE_ID: "IMAGE (%x. x) x = x"
  1.6257 +  sorry
  1.6258 +
  1.6259 +lemma IMAGE_COMPOSE: "IMAGE ((x::'b => 'c) o (xa::'a => 'b)) (xb::'a => bool) =
  1.6260 +IMAGE x (IMAGE xa xb)"
  1.6261 +  sorry
  1.6262 +
  1.6263 +lemma IMAGE_INSERT: "IMAGE (x::'a => 'b) (INSERT (xa::'a) (xb::'a => bool)) =
  1.6264 +INSERT (x xa) (IMAGE x xb)"
  1.6265 +  sorry
  1.6266 +
  1.6267 +lemma IMAGE_EQ_EMPTY: "(IMAGE (x::'a => 'b) (s::'a => bool) = EMPTY) = (s = EMPTY)"
  1.6268 +  sorry
  1.6269 +
  1.6270 +lemma IMAGE_DELETE: "~ IN x s ==> IMAGE f (DELETE s x) = IMAGE f s"
  1.6271 +  sorry
  1.6272 +
  1.6273 +lemma IMAGE_UNION: "IMAGE (x::'a => 'b) (pred_set.UNION (xa::'a => bool) (xb::'a => bool)) =
  1.6274 +pred_set.UNION (IMAGE x xa) (IMAGE x xb)"
  1.6275 +  sorry
  1.6276 +
  1.6277 +lemma IMAGE_SUBSET: "SUBSET x xa ==> SUBSET (IMAGE xb x) (IMAGE xb xa)"
  1.6278 +  sorry
  1.6279 +
  1.6280 +lemma IMAGE_INTER: "SUBSET
  1.6281 + (IMAGE (f::'a => 'b) (pred_set.INTER (s::'a => bool) (t::'a => bool)))
  1.6282 + (pred_set.INTER (IMAGE f s) (IMAGE f t))"
  1.6283 +  sorry
  1.6284 +
  1.6285 +definition
  1.6286 +  INJ :: "('a => 'b) => ('a => bool) => ('b => bool) => bool"  where
  1.6287    "INJ ==
  1.6288 -%(f::'a::type => 'b::type) (s::'a::type => bool) t::'b::type => bool.
  1.6289 -   (ALL x::'a::type. IN x s --> IN (f x) t) &
  1.6290 -   (ALL (x::'a::type) y::'a::type. IN x s & IN y s --> f x = f y --> x = y)"
  1.6291 -
  1.6292 -lemma INJ_DEF: "ALL (f::'a::type => 'b::type) (s::'a::type => bool) t::'b::type => bool.
  1.6293 -   INJ f s t =
  1.6294 -   ((ALL x::'a::type. IN x s --> IN (f x) t) &
  1.6295 -    (ALL (x::'a::type) y::'a::type.
  1.6296 -        IN x s & IN y s --> f x = f y --> x = y))"
  1.6297 -  by (import pred_set INJ_DEF)
  1.6298 -
  1.6299 -lemma INJ_ID: "ALL x::'a::type => bool. INJ (%x::'a::type. x) x x"
  1.6300 -  by (import pred_set INJ_ID)
  1.6301 -
  1.6302 -lemma INJ_COMPOSE: "ALL (x::'a::type => 'b::type) (xa::'b::type => 'c::type)
  1.6303 -   (xb::'a::type => bool) (xc::'b::type => bool) xd::'c::type => bool.
  1.6304 -   INJ x xb xc & INJ xa xc xd --> INJ (xa o x) xb xd"
  1.6305 -  by (import pred_set INJ_COMPOSE)
  1.6306 -
  1.6307 -lemma INJ_EMPTY: "ALL x::'a::type => 'b::type.
  1.6308 -   All (INJ x EMPTY) &
  1.6309 -   (ALL xa::'a::type => bool. INJ x xa EMPTY = (xa = EMPTY))"
  1.6310 -  by (import pred_set INJ_EMPTY)
  1.6311 -
  1.6312 -definition SURJ :: "('a => 'b) => ('a => bool) => ('b => bool) => bool" where 
  1.6313 +%f s t.
  1.6314 +   (ALL x. IN x s --> IN (f x) t) &
  1.6315 +   (ALL x y. IN x s & IN y s --> f x = f y --> x = y)"
  1.6316 +
  1.6317 +lemma INJ_DEF: "INJ f s t =
  1.6318 +((ALL x. IN x s --> IN (f x) t) &
  1.6319 + (ALL x y. IN x s & IN y s --> f x = f y --> x = y))"
  1.6320 +  sorry
  1.6321 +
  1.6322 +lemma INJ_ID: "INJ (%x. x) x x"
  1.6323 +  sorry
  1.6324 +
  1.6325 +lemma INJ_COMPOSE: "INJ x xb xc & INJ xa xc xd ==> INJ (xa o x) xb xd"
  1.6326 +  sorry
  1.6327 +
  1.6328 +lemma INJ_EMPTY: "All (INJ (x::'a => 'b) EMPTY) &
  1.6329 +(ALL xa::'a => bool. INJ x xa EMPTY = (xa = EMPTY))"
  1.6330 +  sorry
  1.6331 +
  1.6332 +definition
  1.6333 +  SURJ :: "('a => 'b) => ('a => bool) => ('b => bool) => bool"  where
  1.6334    "SURJ ==
  1.6335 -%(f::'a::type => 'b::type) (s::'a::type => bool) t::'b::type => bool.
  1.6336 -   (ALL x::'a::type. IN x s --> IN (f x) t) &
  1.6337 -   (ALL x::'b::type. IN x t --> (EX y::'a::type. IN y s & f y = x))"
  1.6338 -
  1.6339 -lemma SURJ_DEF: "ALL (f::'a::type => 'b::type) (s::'a::type => bool) t::'b::type => bool.
  1.6340 -   SURJ f s t =
  1.6341 -   ((ALL x::'a::type. IN x s --> IN (f x) t) &
  1.6342 -    (ALL x::'b::type. IN x t --> (EX y::'a::type. IN y s & f y = x)))"
  1.6343 -  by (import pred_set SURJ_DEF)
  1.6344 -
  1.6345 -lemma SURJ_ID: "ALL x::'a::type => bool. SURJ (%x::'a::type. x) x x"
  1.6346 -  by (import pred_set SURJ_ID)
  1.6347 -
  1.6348 -lemma SURJ_COMPOSE: "ALL (x::'a::type => 'b::type) (xa::'b::type => 'c::type)
  1.6349 -   (xb::'a::type => bool) (xc::'b::type => bool) xd::'c::type => bool.
  1.6350 -   SURJ x xb xc & SURJ xa xc xd --> SURJ (xa o x) xb xd"
  1.6351 -  by (import pred_set SURJ_COMPOSE)
  1.6352 -
  1.6353 -lemma SURJ_EMPTY: "ALL x::'a::type => 'b::type.
  1.6354 -   (ALL xa::'b::type => bool. SURJ x EMPTY xa = (xa = EMPTY)) &
  1.6355 -   (ALL xa::'a::type => bool. SURJ x xa EMPTY = (xa = EMPTY))"
  1.6356 -  by (import pred_set SURJ_EMPTY)
  1.6357 -
  1.6358 -lemma IMAGE_SURJ: "ALL (x::'a::type => 'b::type) (xa::'a::type => bool) xb::'b::type => bool.
  1.6359 -   SURJ x xa xb = (IMAGE x xa = xb)"
  1.6360 -  by (import pred_set IMAGE_SURJ)
  1.6361 -
  1.6362 -definition BIJ :: "('a => 'b) => ('a => bool) => ('b => bool) => bool" where 
  1.6363 -  "BIJ ==
  1.6364 -%(f::'a::type => 'b::type) (s::'a::type => bool) t::'b::type => bool.
  1.6365 -   INJ f s t & SURJ f s t"
  1.6366 -
  1.6367 -lemma BIJ_DEF: "ALL (f::'a::type => 'b::type) (s::'a::type => bool) t::'b::type => bool.
  1.6368 -   BIJ f s t = (INJ f s t & SURJ f s t)"
  1.6369 -  by (import pred_set BIJ_DEF)
  1.6370 -
  1.6371 -lemma BIJ_ID: "ALL x::'a::type => bool. BIJ (%x::'a::type. x) x x"
  1.6372 -  by (import pred_set BIJ_ID)
  1.6373 -
  1.6374 -lemma BIJ_EMPTY: "ALL x::'a::type => 'b::type.
  1.6375 -   (ALL xa::'b::type => bool. BIJ x EMPTY xa = (xa = EMPTY)) &
  1.6376 -   (ALL xa::'a::type => bool. BIJ x xa EMPTY = (xa = EMPTY))"
  1.6377 -  by (import pred_set BIJ_EMPTY)
  1.6378 -
  1.6379 -lemma BIJ_COMPOSE: "ALL (x::'a::type => 'b::type) (xa::'b::type => 'c::type)
  1.6380 -   (xb::'a::type => bool) (xc::'b::type => bool) xd::'c::type => bool.
  1.6381 -   BIJ x xb xc & BIJ xa xc xd --> BIJ (xa o x) xb xd"
  1.6382 -  by (import pred_set BIJ_COMPOSE)
  1.6383 +%f s t.
  1.6384 +   (ALL x. IN x s --> IN (f x) t) &
  1.6385 +   (ALL x. IN x t --> (EX y. IN y s & f y = x))"
  1.6386 +
  1.6387 +lemma SURJ_DEF: "SURJ f s t =
  1.6388 +((ALL x. IN x s --> IN (f x) t) &
  1.6389 + (ALL x. IN x t --> (EX y. IN y s & f y = x)))"
  1.6390 +  sorry
  1.6391 +
  1.6392 +lemma SURJ_ID: "SURJ (%x. x) x x"
  1.6393 +  sorry
  1.6394 +
  1.6395 +lemma SURJ_COMPOSE: "SURJ x xb xc & SURJ xa xc xd ==> SURJ (xa o x) xb xd"
  1.6396 +  sorry
  1.6397 +
  1.6398 +lemma SURJ_EMPTY: "(ALL xa::'b => bool. SURJ (x::'a => 'b) EMPTY xa = (xa = EMPTY)) &
  1.6399 +(ALL xa::'a => bool. SURJ x xa EMPTY = (xa = EMPTY))"
  1.6400 +  sorry
  1.6401 +
  1.6402 +lemma IMAGE_SURJ: "SURJ x xa xb = (IMAGE x xa = xb)"
  1.6403 +  sorry
  1.6404 +
  1.6405 +definition
  1.6406 +  BIJ :: "('a => 'b) => ('a => bool) => ('b => bool) => bool"  where
  1.6407 +  "BIJ == %f s t. INJ f s t & SURJ f s t"
  1.6408 +
  1.6409 +lemma BIJ_DEF: "BIJ f s t = (INJ f s t & SURJ f s t)"
  1.6410 +  sorry
  1.6411 +
  1.6412 +lemma BIJ_ID: "BIJ (%x. x) x x"
  1.6413 +  sorry
  1.6414 +
  1.6415 +lemma BIJ_EMPTY: "(ALL xa::'b => bool. BIJ (x::'a => 'b) EMPTY xa = (xa = EMPTY)) &
  1.6416 +(ALL xa::'a => bool. BIJ x xa EMPTY = (xa = EMPTY))"
  1.6417 +  sorry
  1.6418 +
  1.6419 +lemma BIJ_COMPOSE: "BIJ x xb xc & BIJ xa xc xd ==> BIJ (xa o x) xb xd"
  1.6420 +  sorry
  1.6421  
  1.6422  consts
  1.6423    LINV :: "('a => 'b) => ('a => bool) => 'b => 'a" 
  1.6424  
  1.6425 -specification (LINV) LINV_DEF: "ALL (f::'a::type => 'b::type) (s::'a::type => bool) t::'b::type => bool.
  1.6426 -   INJ f s t --> (ALL x::'a::type. IN x s --> LINV f s (f x) = x)"
  1.6427 -  by (import pred_set LINV_DEF)
  1.6428 +specification (LINV) LINV_DEF: "ALL f s t. INJ f s t --> (ALL x. IN x s --> LINV f s (f x) = x)"
  1.6429 +  sorry
  1.6430  
  1.6431  consts
  1.6432    RINV :: "('a => 'b) => ('a => bool) => 'b => 'a" 
  1.6433  
  1.6434 -specification (RINV) RINV_DEF: "ALL (f::'a::type => 'b::type) (s::'a::type => bool) t::'b::type => bool.
  1.6435 -   SURJ f s t --> (ALL x::'b::type. IN x t --> f (RINV f s x) = x)"
  1.6436 -  by (import pred_set RINV_DEF)
  1.6437 -
  1.6438 -definition FINITE :: "('a => bool) => bool" where 
  1.6439 +specification (RINV) RINV_DEF: "ALL f s t. SURJ f s t --> (ALL x. IN x t --> f (RINV f s x) = x)"
  1.6440 +  sorry
  1.6441 +
  1.6442 +definition
  1.6443 +  FINITE :: "('a => bool) => bool"  where
  1.6444    "FINITE ==
  1.6445 -%s::'a::type => bool.
  1.6446 -   ALL P::('a::type => bool) => bool.
  1.6447 -      P EMPTY &
  1.6448 -      (ALL s::'a::type => bool.
  1.6449 -          P s --> (ALL e::'a::type. P (INSERT e s))) -->
  1.6450 -      P s"
  1.6451 -
  1.6452 -lemma FINITE_DEF: "ALL s::'a::type => bool.
  1.6453 -   FINITE s =
  1.6454 -   (ALL P::('a::type => bool) => bool.
  1.6455 -       P EMPTY &
  1.6456 -       (ALL s::'a::type => bool.
  1.6457 -           P s --> (ALL e::'a::type. P (INSERT e s))) -->
  1.6458 -       P s)"
  1.6459 -  by (import pred_set FINITE_DEF)
  1.6460 +%s. ALL P. P EMPTY & (ALL s. P s --> (ALL e. P (INSERT e s))) --> P s"
  1.6461 +
  1.6462 +lemma FINITE_DEF: "FINITE s =
  1.6463 +(ALL P. P EMPTY & (ALL s. P s --> (ALL e. P (INSERT e s))) --> P s)"
  1.6464 +  sorry
  1.6465  
  1.6466  lemma FINITE_EMPTY: "FINITE EMPTY"
  1.6467 -  by (import pred_set FINITE_EMPTY)
  1.6468 -
  1.6469 -lemma FINITE_INDUCT: "ALL P::('a::type => bool) => bool.
  1.6470 -   P EMPTY &
  1.6471 -   (ALL s::'a::type => bool.
  1.6472 -       FINITE s & P s -->
  1.6473 -       (ALL e::'a::type. ~ IN e s --> P (INSERT e s))) -->
  1.6474 -   (ALL s::'a::type => bool. FINITE s --> P s)"
  1.6475 -  by (import pred_set FINITE_INDUCT)
  1.6476 -
  1.6477 -lemma FINITE_INSERT: "ALL (x::'a::type) s::'a::type => bool. FINITE (INSERT x s) = FINITE s"
  1.6478 -  by (import pred_set FINITE_INSERT)
  1.6479 -
  1.6480 -lemma FINITE_DELETE: "ALL (x::'a::type) s::'a::type => bool. FINITE (DELETE s x) = FINITE s"
  1.6481 -  by (import pred_set FINITE_DELETE)
  1.6482 -
  1.6483 -lemma FINITE_UNION: "ALL (s::'a::type => bool) t::'a::type => bool.
  1.6484 -   FINITE (pred_set.UNION s t) = (FINITE s & FINITE t)"
  1.6485 -  by (import pred_set FINITE_UNION)
  1.6486 -
  1.6487 -lemma INTER_FINITE: "ALL s::'a::type => bool.
  1.6488 -   FINITE s --> (ALL t::'a::type => bool. FINITE (pred_set.INTER s t))"
  1.6489 -  by (import pred_set INTER_FINITE)
  1.6490 -
  1.6491 -lemma SUBSET_FINITE: "ALL s::'a::type => bool.
  1.6492 -   FINITE s --> (ALL t::'a::type => bool. SUBSET t s --> FINITE t)"
  1.6493 -  by (import pred_set SUBSET_FINITE)
  1.6494 -
  1.6495 -lemma PSUBSET_FINITE: "ALL x::'a::type => bool.
  1.6496 -   FINITE x --> (ALL xa::'a::type => bool. PSUBSET xa x --> FINITE xa)"
  1.6497 -  by (import pred_set PSUBSET_FINITE)
  1.6498 -
  1.6499 -lemma FINITE_DIFF: "ALL s::'a::type => bool.
  1.6500 -   FINITE s --> (ALL t::'a::type => bool. FINITE (DIFF s t))"
  1.6501 -  by (import pred_set FINITE_DIFF)
  1.6502 -
  1.6503 -lemma FINITE_SING: "ALL x::'a::type. FINITE (INSERT x EMPTY)"
  1.6504 -  by (import pred_set FINITE_SING)
  1.6505 -
  1.6506 -lemma SING_FINITE: "ALL x::'a::type => bool. SING x --> FINITE x"
  1.6507 -  by (import pred_set SING_FINITE)
  1.6508 -
  1.6509 -lemma IMAGE_FINITE: "ALL s::'a::type => bool.
  1.6510 -   FINITE s --> (ALL f::'a::type => 'b::type. FINITE (IMAGE f s))"
  1.6511 -  by (import pred_set IMAGE_FINITE)
  1.6512 +  sorry
  1.6513 +
  1.6514 +lemma FINITE_INDUCT: "[| P EMPTY &
  1.6515 +   (ALL s. FINITE s & P s --> (ALL e. ~ IN e s --> P (INSERT e s)));
  1.6516 +   FINITE s |]
  1.6517 +==> P s"
  1.6518 +  sorry
  1.6519 +
  1.6520 +lemma FINITE_INSERT: "FINITE (INSERT x s) = FINITE s"
  1.6521 +  sorry
  1.6522 +
  1.6523 +lemma FINITE_DELETE: "FINITE (DELETE s x) = FINITE s"
  1.6524 +  sorry
  1.6525 +
  1.6526 +lemma FINITE_UNION: "FINITE (pred_set.UNION s t) = (FINITE s & FINITE t)"
  1.6527 +  sorry
  1.6528 +
  1.6529 +lemma INTER_FINITE: "FINITE s ==> FINITE (pred_set.INTER s t)"
  1.6530 +  sorry
  1.6531 +
  1.6532 +lemma SUBSET_FINITE: "[| FINITE s; SUBSET t s |] ==> FINITE t"
  1.6533 +  sorry
  1.6534 +
  1.6535 +lemma PSUBSET_FINITE: "[| FINITE x; PSUBSET xa x |] ==> FINITE xa"
  1.6536 +  sorry
  1.6537 +
  1.6538 +lemma FINITE_DIFF: "FINITE s ==> FINITE (DIFF s t)"
  1.6539 +  sorry
  1.6540 +
  1.6541 +lemma FINITE_SING: "FINITE (INSERT x EMPTY)"
  1.6542 +  sorry
  1.6543 +
  1.6544 +lemma SING_FINITE: "SING x ==> FINITE x"
  1.6545 +  sorry
  1.6546 +
  1.6547 +lemma IMAGE_FINITE: "FINITE s ==> FINITE (IMAGE f s)"
  1.6548 +  sorry
  1.6549  
  1.6550  consts
  1.6551    CARD :: "('a => bool) => nat" 
  1.6552 @@ -4077,77 +3113,56 @@
  1.6553                   ((CARD::('a::type => bool) => nat) s)
  1.6554                   ((Suc::nat => nat)
  1.6555                     ((CARD::('a::type => bool) => nat) s)))))))"
  1.6556 -  by (import pred_set CARD_DEF)
  1.6557 +  sorry
  1.6558  
  1.6559  lemma CARD_EMPTY: "CARD EMPTY = 0"
  1.6560 -  by (import pred_set CARD_EMPTY)
  1.6561 -
  1.6562 -lemma CARD_INSERT: "ALL s::'a::type => bool.
  1.6563 -   FINITE s -->
  1.6564 -   (ALL x::'a::type.
  1.6565 -       CARD (INSERT x s) = (if IN x s then CARD s else Suc (CARD s)))"
  1.6566 -  by (import pred_set CARD_INSERT)
  1.6567 -
  1.6568 -lemma CARD_EQ_0: "ALL s::'a::type => bool. FINITE s --> (CARD s = 0) = (s = EMPTY)"
  1.6569 -  by (import pred_set CARD_EQ_0)
  1.6570 -
  1.6571 -lemma CARD_DELETE: "ALL s::'a::type => bool.
  1.6572 -   FINITE s -->
  1.6573 -   (ALL x::'a::type.
  1.6574 -       CARD (DELETE s x) = (if IN x s then CARD s - 1 else CARD s))"
  1.6575 -  by (import pred_set CARD_DELETE)
  1.6576 -
  1.6577 -lemma CARD_INTER_LESS_EQ: "ALL s::'a::type => bool.
  1.6578 -   FINITE s -->
  1.6579 -   (ALL t::'a::type => bool. CARD (pred_set.INTER s t) <= CARD s)"
  1.6580 -  by (import pred_set CARD_INTER_LESS_EQ)
  1.6581 -
  1.6582 -lemma CARD_UNION: "ALL s::'a::type => bool.
  1.6583 -   FINITE s -->
  1.6584 -   (ALL t::'a::type => bool.
  1.6585 -       FINITE t -->
  1.6586 -       CARD (pred_set.UNION s t) + CARD (pred_set.INTER s t) =
  1.6587 -       CARD s + CARD t)"
  1.6588 -  by (import pred_set CARD_UNION)
  1.6589 -
  1.6590 -lemma CARD_SUBSET: "ALL s::'a::type => bool.
  1.6591 -   FINITE s --> (ALL t::'a::type => bool. SUBSET t s --> CARD t <= CARD s)"
  1.6592 -  by (import pred_set CARD_SUBSET)
  1.6593 -
  1.6594 -lemma CARD_PSUBSET: "ALL s::'a::type => bool.
  1.6595 -   FINITE s --> (ALL t::'a::type => bool. PSUBSET t s --> CARD t < CARD s)"
  1.6596 -  by (import pred_set CARD_PSUBSET)
  1.6597 -
  1.6598 -lemma CARD_SING: "ALL x::'a::type. CARD (INSERT x EMPTY) = 1"
  1.6599 -  by (import pred_set CARD_SING)
  1.6600 -
  1.6601 -lemma SING_IFF_CARD1: "ALL x::'a::type => bool. SING x = (CARD x = 1 & FINITE x)"
  1.6602 -  by (import pred_set SING_IFF_CARD1)
  1.6603 -
  1.6604 -lemma CARD_DIFF: "ALL t::'a::type => bool.
  1.6605 -   FINITE t -->
  1.6606 -   (ALL s::'a::type => bool.
  1.6607 -       FINITE s --> CARD (DIFF s t) = CARD s - CARD (pred_set.INTER s t))"
  1.6608 -  by (import pred_set CARD_DIFF)
  1.6609 -
  1.6610 -lemma LESS_CARD_DIFF: "ALL t::'a::type => bool.
  1.6611 -   FINITE t -->
  1.6612 -   (ALL s::'a::type => bool.
  1.6613 -       FINITE s --> CARD t < CARD s --> 0 < CARD (DIFF s t))"
  1.6614 -  by (import pred_set LESS_CARD_DIFF)
  1.6615 -
  1.6616 -lemma FINITE_COMPLETE_INDUCTION: "ALL P::('a::type => bool) => bool.
  1.6617 -   (ALL x::'a::type => bool.
  1.6618 -       (ALL y::'a::type => bool. PSUBSET y x --> P y) -->
  1.6619 -       FINITE x --> P x) -->
  1.6620 -   (ALL x::'a::type => bool. FINITE x --> P x)"
  1.6621 -  by (import pred_set FINITE_COMPLETE_INDUCTION)
  1.6622 -
  1.6623 -definition INFINITE :: "('a => bool) => bool" where 
  1.6624 -  "INFINITE == %s::'a::type => bool. ~ FINITE s"
  1.6625 -
  1.6626 -lemma INFINITE_DEF: "ALL s::'a::type => bool. INFINITE s = (~ FINITE s)"
  1.6627 -  by (import pred_set INFINITE_DEF)
  1.6628 +  sorry
  1.6629 +
  1.6630 +lemma CARD_INSERT: "FINITE s ==> CARD (INSERT x s) = (if IN x s then CARD s else Suc (CARD s))"
  1.6631 +  sorry
  1.6632 +
  1.6633 +lemma CARD_EQ_0: "FINITE s ==> (CARD s = 0) = (s = EMPTY)"
  1.6634 +  sorry
  1.6635 +
  1.6636 +lemma CARD_DELETE: "FINITE s ==> CARD (DELETE s x) = (if IN x s then CARD s - 1 else CARD s)"
  1.6637 +  sorry
  1.6638 +
  1.6639 +lemma CARD_INTER_LESS_EQ: "FINITE s ==> CARD (pred_set.INTER s t) <= CARD s"
  1.6640 +  sorry
  1.6641 +
  1.6642 +lemma CARD_UNION: "[| FINITE s; FINITE t |]
  1.6643 +==> CARD (pred_set.UNION s t) + CARD (pred_set.INTER s t) = CARD s + CARD t"
  1.6644 +  sorry
  1.6645 +
  1.6646 +lemma CARD_SUBSET: "[| FINITE s; SUBSET t s |] ==> CARD t <= CARD s"
  1.6647 +  sorry
  1.6648 +
  1.6649 +lemma CARD_PSUBSET: "[| FINITE s; PSUBSET t s |] ==> CARD t < CARD s"
  1.6650 +  sorry
  1.6651 +
  1.6652 +lemma CARD_SING: "CARD (INSERT x EMPTY) = 1"
  1.6653 +  sorry
  1.6654 +
  1.6655 +lemma SING_IFF_CARD1: "SING x = (CARD x = 1 & FINITE x)"
  1.6656 +  sorry
  1.6657 +
  1.6658 +lemma CARD_DIFF: "[| FINITE t; FINITE s |]
  1.6659 +==> CARD (DIFF s t) = CARD s - CARD (pred_set.INTER s t)"
  1.6660 +  sorry
  1.6661 +
  1.6662 +lemma LESS_CARD_DIFF: "[| FINITE t; FINITE s; CARD t < CARD s |] ==> 0 < CARD (DIFF s t)"
  1.6663 +  sorry
  1.6664 +
  1.6665 +lemma FINITE_COMPLETE_INDUCTION: "[| !!x. [| !!y. PSUBSET y x ==> P y; FINITE x |] ==> P x; FINITE x |]
  1.6666 +==> P x"
  1.6667 +  sorry
  1.6668 +
  1.6669 +definition
  1.6670 +  INFINITE :: "('a => bool) => bool"  where
  1.6671 +  "INFINITE == %s. ~ FINITE s"
  1.6672 +
  1.6673 +lemma INFINITE_DEF: "INFINITE s = (~ FINITE s)"
  1.6674 +  sorry
  1.6675  
  1.6676  lemma NOT_IN_FINITE: "(op =::bool => bool => bool)
  1.6677   ((INFINITE::('a::type => bool) => bool) (pred_set.UNIV::'a::type => bool))
  1.6678 @@ -4159,23 +3174,19 @@
  1.6679            (%x::'a::type.
  1.6680                (Not::bool => bool)
  1.6681                 ((IN::'a::type => ('a::type => bool) => bool) x s)))))"
  1.6682 -  by (import pred_set NOT_IN_FINITE)
  1.6683 -
  1.6684 -lemma INFINITE_INHAB: "ALL x::'a::type => bool. INFINITE x --> (EX xa::'a::type. IN xa x)"
  1.6685 -  by (import pred_set INFINITE_INHAB)
  1.6686 -
  1.6687 -lemma IMAGE_11_INFINITE: "ALL f::'a::type => 'b::type.
  1.6688 -   (ALL (x::'a::type) y::'a::type. f x = f y --> x = y) -->
  1.6689 -   (ALL s::'a::type => bool. INFINITE s --> INFINITE (IMAGE f s))"
  1.6690 -  by (import pred_set IMAGE_11_INFINITE)
  1.6691 -
  1.6692 -lemma INFINITE_SUBSET: "ALL x::'a::type => bool.
  1.6693 -   INFINITE x --> (ALL xa::'a::type => bool. SUBSET x xa --> INFINITE xa)"
  1.6694 -  by (import pred_set INFINITE_SUBSET)
  1.6695 -
  1.6696 -lemma IN_INFINITE_NOT_FINITE: "ALL (x::'a::type => bool) xa::'a::type => bool.
  1.6697 -   INFINITE x & FINITE xa --> (EX xb::'a::type. IN xb x & ~ IN xb xa)"
  1.6698 -  by (import pred_set IN_INFINITE_NOT_FINITE)
  1.6699 +  sorry
  1.6700 +
  1.6701 +lemma INFINITE_INHAB: "INFINITE x ==> EX xa. IN xa x"
  1.6702 +  sorry
  1.6703 +
  1.6704 +lemma IMAGE_11_INFINITE: "[| !!x y. f x = f y ==> x = y; INFINITE s |] ==> INFINITE (IMAGE f s)"
  1.6705 +  sorry
  1.6706 +
  1.6707 +lemma INFINITE_SUBSET: "[| INFINITE x; SUBSET x xa |] ==> INFINITE xa"
  1.6708 +  sorry
  1.6709 +
  1.6710 +lemma IN_INFINITE_NOT_FINITE: "INFINITE x & FINITE xa ==> EX xb. IN xb x & ~ IN xb xa"
  1.6711 +  sorry
  1.6712  
  1.6713  lemma INFINITE_UNIV: "(op =::bool => bool => bool)
  1.6714   ((INFINITE::('a::type => bool) => bool) (pred_set.UNIV::'a::type => bool))
  1.6715 @@ -4193,14 +3204,11 @@
  1.6716            (%y::'a::type.
  1.6717                (All::('a::type => bool) => bool)
  1.6718                 (%x::'a::type.
  1.6719 -                   (Not::bool => bool)
  1.6720 -                    ((op =::'a::type => 'a::type => bool) (f x) y))))))"
  1.6721 -  by (import pred_set INFINITE_UNIV)
  1.6722 -
  1.6723 -lemma FINITE_PSUBSET_INFINITE: "ALL x::'a::type => bool.
  1.6724 -   INFINITE x =
  1.6725 -   (ALL xa::'a::type => bool. FINITE xa --> SUBSET xa x --> PSUBSET xa x)"
  1.6726 -  by (import pred_set FINITE_PSUBSET_INFINITE)
  1.6727 +                   (op ~=::'a::type => 'a::type => bool) (f x) y)))))"
  1.6728 +  sorry
  1.6729 +
  1.6730 +lemma FINITE_PSUBSET_INFINITE: "INFINITE x = (ALL xa. FINITE xa --> SUBSET xa x --> PSUBSET xa x)"
  1.6731 +  sorry
  1.6732  
  1.6733  lemma FINITE_PSUBSET_UNIV: "(op =::bool => bool => bool)
  1.6734   ((INFINITE::('a::type => bool) => bool) (pred_set.UNIV::'a::type => bool))
  1.6735 @@ -4210,362 +3218,283 @@
  1.6736          ((FINITE::('a::type => bool) => bool) s)
  1.6737          ((PSUBSET::('a::type => bool) => ('a::type => bool) => bool) s
  1.6738            (pred_set.UNIV::'a::type => bool))))"
  1.6739 -  by (import pred_set FINITE_PSUBSET_UNIV)
  1.6740 -
  1.6741 -lemma INFINITE_DIFF_FINITE: "ALL (s::'a::type => bool) t::'a::type => bool.
  1.6742 -   INFINITE s & FINITE t --> DIFF s t ~= EMPTY"
  1.6743 -  by (import pred_set INFINITE_DIFF_FINITE)
  1.6744 -
  1.6745 -lemma FINITE_ISO_NUM: "ALL s::'a::type => bool.
  1.6746 -   FINITE s -->
  1.6747 -   (EX f::nat => 'a::type.
  1.6748 -       (ALL (n::nat) m::nat.
  1.6749 -           n < CARD s & m < CARD s --> f n = f m --> n = m) &
  1.6750 -       s = GSPEC (%n::nat. (f n, n < CARD s)))"
  1.6751 -  by (import pred_set FINITE_ISO_NUM)
  1.6752 -
  1.6753 -lemma FINITE_WEAK_ENUMERATE: "(All::(('a::type => bool) => bool) => bool)
  1.6754 - (%x::'a::type => bool.
  1.6755 -     (op =::bool => bool => bool) ((FINITE::('a::type => bool) => bool) x)
  1.6756 -      ((Ex::((nat => 'a::type) => bool) => bool)
  1.6757 -        (%f::nat => 'a::type.
  1.6758 -            (Ex::(nat => bool) => bool)
  1.6759 -             (%b::nat.
  1.6760 -                 (All::('a::type => bool) => bool)
  1.6761 -                  (%e::'a::type.
  1.6762 -                      (op =::bool => bool => bool)
  1.6763 -                       ((IN::'a::type => ('a::type => bool) => bool) e x)
  1.6764 -                       ((Ex::(nat => bool) => bool)
  1.6765 -                         (%n::nat.
  1.6766 -                             (op &::bool => bool => bool)
  1.6767 -                              ((op <::nat => nat => bool) n b)
  1.6768 -                              ((op =::'a::type => 'a::type => bool) e
  1.6769 -                                (f n)))))))))"
  1.6770 -  by (import pred_set FINITE_WEAK_ENUMERATE)
  1.6771 -
  1.6772 -definition BIGUNION :: "(('a => bool) => bool) => 'a => bool" where 
  1.6773 -  "BIGUNION ==
  1.6774 -%P::('a::type => bool) => bool.
  1.6775 -   GSPEC (%x::'a::type. (x, EX p::'a::type => bool. IN p P & IN x p))"
  1.6776 -
  1.6777 -lemma BIGUNION: "ALL P::('a::type => bool) => bool.
  1.6778 -   BIGUNION P =
  1.6779 -   GSPEC (%x::'a::type. (x, EX p::'a::type => bool. IN p P & IN x p))"
  1.6780 -  by (import pred_set BIGUNION)
  1.6781 -
  1.6782 -lemma IN_BIGUNION: "ALL (x::'a::type) xa::('a::type => bool) => bool.
  1.6783 -   IN x (BIGUNION xa) = (EX s::'a::type => bool. IN x s & IN s xa)"
  1.6784 -  by (import pred_set IN_BIGUNION)
  1.6785 +  sorry
  1.6786 +
  1.6787 +lemma INFINITE_DIFF_FINITE: "INFINITE s & FINITE t ==> DIFF s t ~= EMPTY"
  1.6788 +  sorry
  1.6789 +
  1.6790 +lemma FINITE_ISO_NUM: "FINITE s
  1.6791 +==> EX f. (ALL n m. n < CARD s & m < CARD s --> f n = f m --> n = m) &
  1.6792 +          s = GSPEC (%n. (f n, n < CARD s))"
  1.6793 +  sorry
  1.6794 +
  1.6795 +lemma FINITE_WEAK_ENUMERATE: "FINITE (x::'a => bool) =
  1.6796 +(EX (f::nat => 'a) b::nat. ALL e::'a. IN e x = (EX n<b. e = f n))"
  1.6797 +  sorry
  1.6798 +
  1.6799 +definition
  1.6800 +  BIGUNION :: "(('a => bool) => bool) => 'a => bool"  where
  1.6801 +  "BIGUNION == %P. GSPEC (%x. (x, EX p. IN p P & IN x p))"
  1.6802 +
  1.6803 +lemma BIGUNION: "BIGUNION P = GSPEC (%x. (x, EX p. IN p P & IN x p))"
  1.6804 +  sorry
  1.6805 +
  1.6806 +lemma IN_BIGUNION: "IN x (BIGUNION xa) = (EX s. IN x s & IN s xa)"
  1.6807 +  sorry
  1.6808  
  1.6809  lemma BIGUNION_EMPTY: "BIGUNION EMPTY = EMPTY"
  1.6810 -  by (import pred_set BIGUNION_EMPTY)
  1.6811 -
  1.6812 -lemma BIGUNION_SING: "ALL x::'a::type => bool. BIGUNION (INSERT x EMPTY) = x"
  1.6813 -  by (import pred_set BIGUNION_SING)
  1.6814 -
  1.6815 -lemma BIGUNION_UNION: "ALL (x::('a::type => bool) => bool) xa::('a::type => bool) => bool.
  1.6816 -   BIGUNION (pred_set.UNION x xa) =
  1.6817 -   pred_set.UNION (BIGUNION x) (BIGUNION xa)"
  1.6818 -  by (import pred_set BIGUNION_UNION)
  1.6819 -
  1.6820 -lemma DISJOINT_BIGUNION: "(ALL (s::('a::type => bool) => bool) t::'a::type => bool.
  1.6821 +  sorry
  1.6822 +
  1.6823 +lemma BIGUNION_SING: "BIGUNION (INSERT x EMPTY) = x"
  1.6824 +  sorry
  1.6825 +
  1.6826 +lemma BIGUNION_UNION: "BIGUNION (pred_set.UNION x xa) = pred_set.UNION (BIGUNION x) (BIGUNION xa)"
  1.6827 +  sorry
  1.6828 +
  1.6829 +lemma DISJOINT_BIGUNION: "(ALL (s::('a => bool) => bool) t::'a => bool.
  1.6830      DISJOINT (BIGUNION s) t =
  1.6831 -    (ALL s'::'a::type => bool. IN s' s --> DISJOINT s' t)) &
  1.6832 -(ALL (x::('a::type => bool) => bool) xa::'a::type => bool.
  1.6833 +    (ALL s'::'a => bool. IN s' s --> DISJOINT s' t)) &
  1.6834 +(ALL (x::('a => bool) => bool) xa::'a => bool.
  1.6835      DISJOINT xa (BIGUNION x) =
  1.6836 -    (ALL xb::'a::type => bool. IN xb x --> DISJOINT xa xb))"
  1.6837 -  by (import pred_set DISJOINT_BIGUNION)
  1.6838 -
  1.6839 -lemma BIGUNION_INSERT: "ALL (x::'a::type => bool) xa::('a::type => bool) => bool.
  1.6840 -   BIGUNION (INSERT x xa) = pred_set.UNION x (BIGUNION xa)"
  1.6841 -  by (import pred_set BIGUNION_INSERT)
  1.6842 -
  1.6843 -lemma BIGUNION_SUBSET: "ALL (X::'a::type => bool) P::('a::type => bool) => bool.
  1.6844 -   SUBSET (BIGUNION P) X = (ALL Y::'a::type => bool. IN Y P --> SUBSET Y X)"
  1.6845 -  by (import pred_set BIGUNION_SUBSET)
  1.6846 -
  1.6847 -lemma FINITE_BIGUNION: "ALL x::('a::type => bool) => bool.
  1.6848 -   FINITE x & (ALL s::'a::type => bool. IN s x --> FINITE s) -->
  1.6849 -   FINITE (BIGUNION x)"
  1.6850 -  by (import pred_set FINITE_BIGUNION)
  1.6851 -
  1.6852 -definition BIGINTER :: "(('a => bool) => bool) => 'a => bool" where 
  1.6853 -  "BIGINTER ==
  1.6854 -%B::('a::type => bool) => bool.
  1.6855 -   GSPEC (%x::'a::type. (x, ALL P::'a::type => bool. IN P B --> IN x P))"
  1.6856 -
  1.6857 -lemma BIGINTER: "ALL B::('a::type => bool) => bool.
  1.6858 -   BIGINTER B =
  1.6859 -   GSPEC (%x::'a::type. (x, ALL P::'a::type => bool. IN P B --> IN x P))"
  1.6860 -  by (import pred_set BIGINTER)
  1.6861 -
  1.6862 -lemma IN_BIGINTER: "IN (x::'a::type) (BIGINTER (B::('a::type => bool) => bool)) =
  1.6863 -(ALL P::'a::type => bool. IN P B --> IN x P)"
  1.6864 -  by (import pred_set IN_BIGINTER)
  1.6865 -
  1.6866 -lemma BIGINTER_INSERT: "ALL (P::'a::type => bool) B::('a::type => bool) => bool.
  1.6867 -   BIGINTER (INSERT P B) = pred_set.INTER P (BIGINTER B)"
  1.6868 -  by (import pred_set BIGINTER_INSERT)
  1.6869 +    (ALL xb::'a => bool. IN xb x --> DISJOINT xa xb))"
  1.6870 +  sorry
  1.6871 +
  1.6872 +lemma BIGUNION_INSERT: "BIGUNION (INSERT x xa) = pred_set.UNION x (BIGUNION xa)"
  1.6873 +  sorry
  1.6874 +
  1.6875 +lemma BIGUNION_SUBSET: "SUBSET (BIGUNION P) X = (ALL Y. IN Y P --> SUBSET Y X)"
  1.6876 +  sorry
  1.6877 +
  1.6878 +lemma FINITE_BIGUNION: "FINITE x & (ALL s. IN s x --> FINITE s) ==> FINITE (BIGUNION x)"
  1.6879 +  sorry
  1.6880 +
  1.6881 +definition
  1.6882 +  BIGINTER :: "(('a => bool) => bool) => 'a => bool"  where
  1.6883 +  "BIGINTER == %B. GSPEC (%x. (x, ALL P. IN P B --> IN x P))"
  1.6884 +
  1.6885 +lemma BIGINTER: "BIGINTER B = GSPEC (%x. (x, ALL P. IN P B --> IN x P))"
  1.6886 +  sorry
  1.6887 +
  1.6888 +lemma IN_BIGINTER: "IN x (BIGINTER B) = (ALL P. IN P B --> IN x P)"
  1.6889 +  sorry
  1.6890 +
  1.6891 +lemma BIGINTER_INSERT: "BIGINTER (INSERT P B) = pred_set.INTER P (BIGINTER B)"
  1.6892 +  sorry
  1.6893  
  1.6894  lemma BIGINTER_EMPTY: "BIGINTER EMPTY = pred_set.UNIV"
  1.6895 -  by (import pred_set BIGINTER_EMPTY)
  1.6896 -
  1.6897 -lemma BIGINTER_INTER: "ALL (x::'a::type => bool) xa::'a::type => bool.
  1.6898 -   BIGINTER (INSERT x (INSERT xa EMPTY)) = pred_set.INTER x xa"
  1.6899 -  by (import pred_set BIGINTER_INTER)
  1.6900 -
  1.6901 -lemma BIGINTER_SING: "ALL x::'a::type => bool. BIGINTER (INSERT x EMPTY) = x"
  1.6902 -  by (import pred_set BIGINTER_SING)
  1.6903 -
  1.6904 -lemma SUBSET_BIGINTER: "ALL (X::'a::type => bool) P::('a::type => bool) => bool.
  1.6905 -   SUBSET X (BIGINTER P) = (ALL x::'a::type => bool. IN x P --> SUBSET X x)"
  1.6906 -  by (import pred_set SUBSET_BIGINTER)
  1.6907 -
  1.6908 -lemma DISJOINT_BIGINTER: "ALL (x::'a::type => bool) (xa::'a::type => bool)
  1.6909 -   xb::('a::type => bool) => bool.
  1.6910 -   IN xa xb & DISJOINT xa x -->
  1.6911 -   DISJOINT x (BIGINTER xb) & DISJOINT (BIGINTER xb) x"
  1.6912 -  by (import pred_set DISJOINT_BIGINTER)
  1.6913 -
  1.6914 -definition CROSS :: "('a => bool) => ('b => bool) => 'a * 'b => bool" where 
  1.6915 -  "CROSS ==
  1.6916 -%(P::'a::type => bool) Q::'b::type => bool.
  1.6917 -   GSPEC (%p::'a::type * 'b::type. (p, IN (fst p) P & IN (snd p) Q))"
  1.6918 -
  1.6919 -lemma CROSS_DEF: "ALL (P::'a::type => bool) Q::'b::type => bool.
  1.6920 -   CROSS P Q =
  1.6921 -   GSPEC (%p::'a::type * 'b::type. (p, IN (fst p) P & IN (snd p) Q))"
  1.6922 -  by (import pred_set CROSS_DEF)
  1.6923 -
  1.6924 -lemma IN_CROSS: "ALL (x::'a::type => bool) (xa::'b::type => bool) xb::'a::type * 'b::type.
  1.6925 -   IN xb (CROSS x xa) = (IN (fst xb) x & IN (snd xb) xa)"
  1.6926 -  by (import pred_set IN_CROSS)
  1.6927 -
  1.6928 -lemma CROSS_EMPTY: "ALL x::'a::type => bool. CROSS x EMPTY = EMPTY & CROSS EMPTY x = EMPTY"
  1.6929 -  by (import pred_set CROSS_EMPTY)
  1.6930 -
  1.6931 -lemma CROSS_INSERT_LEFT: "ALL (x::'a::type => bool) (xa::'b::type => bool) xb::'a::type.
  1.6932 -   CROSS (INSERT xb x) xa =
  1.6933 -   pred_set.UNION (CROSS (INSERT xb EMPTY) xa) (CROSS x xa)"
  1.6934 -  by (import pred_set CROSS_INSERT_LEFT)
  1.6935 -
  1.6936 -lemma CROSS_INSERT_RIGHT: "ALL (x::'a::type => bool) (xa::'b::type => bool) xb::'b::type.
  1.6937 -   CROSS x (INSERT xb xa) =
  1.6938 -   pred_set.UNION (CROSS x (INSERT xb EMPTY)) (CROSS x xa)"
  1.6939 -  by (import pred_set CROSS_INSERT_RIGHT)
  1.6940 -
  1.6941 -lemma FINITE_CROSS: "ALL (x::'a::type => bool) xa::'b::type => bool.
  1.6942 -   FINITE x & FINITE xa --> FINITE (CROSS x xa)"
  1.6943 -  by (import pred_set FINITE_CROSS)
  1.6944 -
  1.6945 -lemma CROSS_SINGS: "ALL (x::'a::type) xa::'b::type.
  1.6946 -   CROSS (INSERT x EMPTY) (INSERT xa EMPTY) = INSERT (x, xa) EMPTY"
  1.6947 -  by (import pred_set CROSS_SINGS)
  1.6948 -
  1.6949 -lemma CARD_SING_CROSS: "ALL (x::'a::type) s::'b::type => bool.
  1.6950 -   FINITE s --> CARD (CROSS (INSERT x EMPTY) s) = CARD s"
  1.6951 -  by (import pred_set CARD_SING_CROSS)
  1.6952 -
  1.6953 -lemma CARD_CROSS: "ALL (x::'a::type => bool) xa::'b::type => bool.
  1.6954 -   FINITE x & FINITE xa --> CARD (CROSS x xa) = CARD x * CARD xa"
  1.6955 -  by (import pred_set CARD_CROSS)
  1.6956 -
  1.6957 -lemma CROSS_SUBSET: "ALL (x::'a::type => bool) (xa::'b::type => bool) (xb::'a::type => bool)
  1.6958 -   xc::'b::type => bool.
  1.6959 -   SUBSET (CROSS xb xc) (CROSS x xa) =
  1.6960 -   (xb = EMPTY | xc = EMPTY | SUBSET xb x & SUBSET xc xa)"
  1.6961 -  by (import pred_set CROSS_SUBSET)
  1.6962 -
  1.6963 -lemma FINITE_CROSS_EQ: "ALL (P::'a::type => bool) Q::'b::type => bool.
  1.6964 -   FINITE (CROSS P Q) = (P = EMPTY | Q = EMPTY | FINITE P & FINITE Q)"
  1.6965 -  by (import pred_set FINITE_CROSS_EQ)
  1.6966 -
  1.6967 -definition COMPL :: "('a => bool) => 'a => bool" where 
  1.6968 +  sorry
  1.6969 +
  1.6970 +lemma BIGINTER_INTER: "BIGINTER (INSERT x (INSERT xa EMPTY)) = pred_set.INTER x xa"
  1.6971 +  sorry
  1.6972 +
  1.6973 +lemma BIGINTER_SING: "BIGINTER (INSERT x EMPTY) = x"
  1.6974 +  sorry
  1.6975 +
  1.6976 +lemma SUBSET_BIGINTER: "SUBSET X (BIGINTER P) = (ALL x. IN x P --> SUBSET X x)"
  1.6977 +  sorry
  1.6978 +
  1.6979 +lemma DISJOINT_BIGINTER: "IN xa xb & DISJOINT xa x
  1.6980 +==> DISJOINT x (BIGINTER xb) & DISJOINT (BIGINTER xb) x"
  1.6981 +  sorry
  1.6982 +
  1.6983 +definition
  1.6984 +  CROSS :: "('a => bool) => ('b => bool) => 'a * 'b => bool"  where
  1.6985 +  "CROSS == %P Q. GSPEC (%p. (p, IN (fst p) P & IN (snd p) Q))"
  1.6986 +
  1.6987 +lemma CROSS_DEF: "CROSS P Q = GSPEC (%p. (p, IN (fst p) P & IN (snd p) Q))"
  1.6988 +  sorry
  1.6989 +
  1.6990 +lemma IN_CROSS: "IN xb (CROSS x xa) = (IN (fst xb) x & IN (snd xb) xa)"
  1.6991 +  sorry
  1.6992 +
  1.6993 +lemma CROSS_EMPTY: "CROSS x EMPTY = EMPTY & CROSS EMPTY x = EMPTY"
  1.6994 +  sorry
  1.6995 +
  1.6996 +lemma CROSS_INSERT_LEFT: "CROSS (INSERT xb x) xa =
  1.6997 +pred_set.UNION (CROSS (INSERT xb EMPTY) xa) (CROSS x xa)"
  1.6998 +  sorry
  1.6999 +
  1.7000 +lemma CROSS_INSERT_RIGHT: "CROSS x (INSERT xb xa) =
  1.7001 +pred_set.UNION (CROSS x (INSERT xb EMPTY)) (CROSS x xa)"
  1.7002 +  sorry
  1.7003 +
  1.7004 +lemma FINITE_CROSS: "FINITE x & FINITE xa ==> FINITE (CROSS x xa)"
  1.7005 +  sorry
  1.7006 +
  1.7007 +lemma CROSS_SINGS: "CROSS (INSERT x EMPTY) (INSERT xa EMPTY) = INSERT (x, xa) EMPTY"
  1.7008 +  sorry
  1.7009 +
  1.7010 +lemma CARD_SING_CROSS: "FINITE (s::'b => bool) ==> CARD (CROSS (INSERT (x::'a) EMPTY) s) = CARD s"
  1.7011 +  sorry
  1.7012 +
  1.7013 +lemma CARD_CROSS: "FINITE x & FINITE xa ==> CARD (CROSS x xa) = CARD x * CARD xa"
  1.7014 +  sorry
  1.7015 +
  1.7016 +lemma CROSS_SUBSET: "SUBSET (CROSS xb xc) (CROSS x xa) =
  1.7017 +(xb = EMPTY | xc = EMPTY | SUBSET xb x & SUBSET xc xa)"
  1.7018 +  sorry
  1.7019 +
  1.7020 +lemma FINITE_CROSS_EQ: "FINITE (CROSS P Q) = (P = EMPTY | Q = EMPTY | FINITE P & FINITE Q)"
  1.7021 +  sorry
  1.7022 +
  1.7023 +definition
  1.7024 +  COMPL :: "('a => bool) => 'a => bool"  where
  1.7025    "COMPL == DIFF pred_set.UNIV"
  1.7026  
  1.7027 -lemma COMPL_DEF: "ALL P::'a::type => bool. COMPL P = DIFF pred_set.UNIV P"
  1.7028 -  by (import pred_set COMPL_DEF)
  1.7029 -
  1.7030 -lemma IN_COMPL: "ALL (x::'a::type) xa::'a::type => bool. IN x (COMPL xa) = (~ IN x xa)"
  1.7031 -  by (import pred_set IN_COMPL)
  1.7032 -
  1.7033 -lemma COMPL_COMPL: "ALL x::'a::type => bool. COMPL (COMPL x) = x"
  1.7034 -  by (import pred_set COMPL_COMPL)
  1.7035 -
  1.7036 -lemma COMPL_CLAUSES: "ALL x::'a::type => bool.
  1.7037 -   pred_set.INTER (COMPL x) x = EMPTY &
  1.7038 -   pred_set.UNION (COMPL x) x = pred_set.UNIV"
  1.7039 -  by (import pred_set COMPL_CLAUSES)
  1.7040 -
  1.7041 -lemma COMPL_SPLITS: "ALL (x::'a::type => bool) xa::'a::type => bool.
  1.7042 -   pred_set.UNION (pred_set.INTER x xa) (pred_set.INTER (COMPL x) xa) = xa"
  1.7043 -  by (import pred_set COMPL_SPLITS)
  1.7044 -
  1.7045 -lemma INTER_UNION_COMPL: "ALL (x::'a::type => bool) xa::'a::type => bool.
  1.7046 -   pred_set.INTER x xa = COMPL (pred_set.UNION (COMPL x) (COMPL xa))"
  1.7047 -  by (import pred_set INTER_UNION_COMPL)
  1.7048 +lemma COMPL_DEF: "COMPL P = DIFF pred_set.UNIV P"
  1.7049 +  sorry
  1.7050 +
  1.7051 +lemma IN_COMPL: "IN x (COMPL xa) = (~ IN x xa)"
  1.7052 +  sorry
  1.7053 +
  1.7054 +lemma COMPL_COMPL: "COMPL (COMPL x) = x"
  1.7055 +  sorry
  1.7056 +
  1.7057 +lemma COMPL_CLAUSES: "pred_set.INTER (COMPL x) x = EMPTY &
  1.7058 +pred_set.UNION (COMPL x) x = pred_set.UNIV"
  1.7059 +  sorry
  1.7060 +
  1.7061 +lemma COMPL_SPLITS: "pred_set.UNION (pred_set.INTER x xa) (pred_set.INTER (COMPL x) xa) = xa"
  1.7062 +  sorry
  1.7063 +
  1.7064 +lemma INTER_UNION_COMPL: "pred_set.INTER x xa = COMPL (pred_set.UNION (COMPL x) (COMPL xa))"
  1.7065 +  sorry
  1.7066  
  1.7067  lemma COMPL_EMPTY: "COMPL EMPTY = pred_set.UNIV"
  1.7068 -  by (import pred_set COMPL_EMPTY)
  1.7069 +  sorry
  1.7070  
  1.7071  consts
  1.7072    count :: "nat => nat => bool" 
  1.7073  
  1.7074  defs
  1.7075 -  count_primdef: "count == %n::nat. GSPEC (%m::nat. (m, m < n))"
  1.7076 -
  1.7077 -lemma count_def: "ALL n::nat. count n = GSPEC (%m::nat. (m, m < n))"
  1.7078 -  by (import pred_set count_def)
  1.7079 -
  1.7080 -lemma IN_COUNT: "ALL (m::nat) n::nat. IN m (count n) = (m < n)"
  1.7081 -  by (import pred_set IN_COUNT)
  1.7082 +  count_primdef: "count == %n. GSPEC (%m. (m, m < n))"
  1.7083 +
  1.7084 +lemma count_def: "count n = GSPEC (%m. (m, m < n))"
  1.7085 +  sorry
  1.7086 +
  1.7087 +lemma IN_COUNT: "IN m (count n) = (m < n)"
  1.7088 +  sorry
  1.7089  
  1.7090  lemma COUNT_ZERO: "count 0 = EMPTY"
  1.7091 -  by (import pred_set COUNT_ZERO)
  1.7092 -
  1.7093 -lemma COUNT_SUC: "ALL n::nat. count (Suc n) = INSERT n (count n)"
  1.7094 -  by (import pred_set COUNT_SUC)
  1.7095 -
  1.7096 -lemma FINITE_COUNT: "ALL n::nat. FINITE (count n)"
  1.7097 -  by (import pred_set FINITE_COUNT)
  1.7098 -
  1.7099 -lemma CARD_COUNT: "ALL n::nat. CARD (count n) = n"
  1.7100 -  by (import pred_set CARD_COUNT)
  1.7101 -
  1.7102 -definition ITSET_tupled :: "('a => 'b => 'b) => ('a => bool) * 'b => 'b" where 
  1.7103 +  sorry
  1.7104 +
  1.7105 +lemma COUNT_SUC: "count (Suc n) = INSERT n (count n)"
  1.7106 +  sorry
  1.7107 +
  1.7108 +lemma FINITE_COUNT: "FINITE (count n)"
  1.7109 +  sorry
  1.7110 +
  1.7111 +lemma CARD_COUNT: "CARD (count n) = n"
  1.7112 +  sorry
  1.7113 +
  1.7114 +definition
  1.7115 +  ITSET_tupled :: "('a => 'b => 'b) => ('a => bool) * 'b => 'b"  where
  1.7116    "ITSET_tupled ==
  1.7117 -%f::'a::type => 'b::type => 'b::type.
  1.7118 -   WFREC
  1.7119 -    (SOME R::('a::type => bool) * 'b::type
  1.7120 -             => ('a::type => bool) * 'b::type => bool.
  1.7121 -        WF R &
  1.7122 -        (ALL (b::'b::type) s::'a::type => bool.
  1.7123 -            FINITE s & s ~= EMPTY --> R (REST s, f (CHOICE s) b) (s, b)))
  1.7124 -    (%(ITSET_tupled::('a::type => bool) * 'b::type => 'b::type)
  1.7125 -        (v::'a::type => bool, v1::'b::type).
  1.7126 -        if FINITE v
  1.7127 -        then if v = EMPTY then v1
  1.7128 -             else ITSET_tupled (REST v, f (CHOICE v) v1)
  1.7129 -        else ARB)"
  1.7130 -
  1.7131 -lemma ITSET_tupled_primitive_def: "ALL f::'a::type => 'b::type => 'b::type.
  1.7132 -   ITSET_tupled f =
  1.7133 -   WFREC
  1.7134 -    (SOME R::('a::type => bool) * 'b::type
  1.7135 -             => ('a::type => bool) * 'b::type => bool.
  1.7136 -        WF R &
  1.7137 -        (ALL (b::'b::type) s::'a::type => bool.
  1.7138 -            FINITE s & s ~= EMPTY --> R (REST s, f (CHOICE s) b) (s, b)))
  1.7139 -    (%(ITSET_tupled::('a::type => bool) * 'b::type => 'b::type)
  1.7140 -        (v::'a::type => bool, v1::'b::type).
  1.7141 -        if FINITE v
  1.7142 -        then if v = EMPTY then v1
  1.7143 -             else ITSET_tupled (REST v, f (CHOICE v) v1)
  1.7144 -        else ARB)"
  1.7145 -  by (import pred_set ITSET_tupled_primitive_def)
  1.7146 -
  1.7147 -definition ITSET :: "('a => 'b => 'b) => ('a => bool) => 'b => 'b" where 
  1.7148 -  "ITSET ==
  1.7149 -%(f::'a::type => 'b::type => 'b::type) (x::'a::type => bool) x1::'b::type.
  1.7150 -   ITSET_tupled f (x, x1)"
  1.7151 -
  1.7152 -lemma ITSET_curried_def: "ALL (f::'a::type => 'b::type => 'b::type) (x::'a::type => bool)
  1.7153 -   x1::'b::type. ITSET f x x1 = ITSET_tupled f (x, x1)"
  1.7154 -  by (import pred_set ITSET_curried_def)
  1.7155 -
  1.7156 -lemma ITSET_IND: "ALL P::('a::type => bool) => 'b::type => bool.
  1.7157 -   (ALL (s::'a::type => bool) b::'b::type.
  1.7158 -       (FINITE s & s ~= EMPTY -->
  1.7159 -        P (REST s) ((f::'a::type => 'b::type => 'b::type) (CHOICE s) b)) -->
  1.7160 -       P s b) -->
  1.7161 -   (ALL v::'a::type => bool. All (P v))"
  1.7162 -  by (import pred_set ITSET_IND)
  1.7163 -
  1.7164 -lemma ITSET_THM: "ALL (s::'a::type => bool) (f::'a::type => 'b::type => 'b::type) b::'b::type.
  1.7165 -   FINITE s -->
  1.7166 -   ITSET f s b =
  1.7167 -   (if s = EMPTY then b else ITSET f (REST s) (f (CHOICE s) b))"
  1.7168 -  by (import pred_set ITSET_THM)
  1.7169 -
  1.7170 -lemma ITSET_EMPTY: "ALL (x::'a::type => 'b::type => 'b::type) xa::'b::type.
  1.7171 -   ITSET x EMPTY xa = xa"
  1.7172 -  by (import pred_set ITSET_EMPTY)
  1.7173 +%f. WFREC
  1.7174 +     (SOME R.
  1.7175 +         WF R &
  1.7176 +         (ALL b s.
  1.7177 +             FINITE s & s ~= EMPTY --> R (REST s, f (CHOICE s) b) (s, b)))
  1.7178 +     (%ITSET_tupled (v, v1).
  1.7179 +         if FINITE v
  1.7180 +         then if v = EMPTY then v1
  1.7181 +              else ITSET_tupled (REST v, f (CHOICE v) v1)
  1.7182 +         else ARB)"
  1.7183 +
  1.7184 +lemma ITSET_tupled_primitive_def: "ITSET_tupled f =
  1.7185 +WFREC
  1.7186 + (SOME R.
  1.7187 +     WF R &
  1.7188 +     (ALL b s. FINITE s & s ~= EMPTY --> R (REST s, f (CHOICE s) b) (s, b)))
  1.7189 + (%ITSET_tupled (v, v1).
  1.7190 +     if FINITE v
  1.7191 +     then if v = EMPTY then v1 else ITSET_tupled (REST v, f (CHOICE v) v1)
  1.7192 +     else ARB)"
  1.7193 +  sorry
  1.7194 +
  1.7195 +definition
  1.7196 +  ITSET :: "('a => 'b => 'b) => ('a => bool) => 'b => 'b"  where
  1.7197 +  "ITSET == %f x x1. ITSET_tupled f (x, x1)"
  1.7198 +
  1.7199 +lemma ITSET_curried_def: "ITSET (f::'a => 'b => 'b) (x::'a => bool) (x1::'b) = ITSET_tupled f (x, x1)"
  1.7200 +  sorry
  1.7201 +
  1.7202 +lemma ITSET_IND: "(!!(s::'a => bool) b::'b.
  1.7203 +    (FINITE s & s ~= EMPTY
  1.7204 +     ==> (P::('a => bool) => 'b => bool) (REST s)
  1.7205 +          ((f::'a => 'b => 'b) (CHOICE s) b))
  1.7206 +    ==> P s b)
  1.7207 +==> P (v::'a => bool) (x::'b)"
  1.7208 +  sorry
  1.7209 +
  1.7210 +lemma ITSET_THM: "FINITE s
  1.7211 +==> ITSET f s b =
  1.7212 +    (if s = EMPTY then b else ITSET f (REST s) (f (CHOICE s) b))"
  1.7213 +  sorry
  1.7214 +
  1.7215 +lemma ITSET_EMPTY: "ITSET (x::'a => 'b => 'b) EMPTY (xa::'b) = xa"
  1.7216 +  sorry
  1.7217  
  1.7218  ;end_setup
  1.7219  
  1.7220  ;setup_theory operator
  1.7221  
  1.7222 -definition ASSOC :: "('a => 'a => 'a) => bool" where 
  1.7223 -  "ASSOC ==
  1.7224 -%f::'a::type => 'a::type => 'a::type.
  1.7225 -   ALL (x::'a::type) (y::'a::type) z::'a::type. f x (f y z) = f (f x y) z"
  1.7226 -
  1.7227 -lemma ASSOC_DEF: "ALL f::'a::type => 'a::type => 'a::type.
  1.7228 -   ASSOC f =
  1.7229 -   (ALL (x::'a::type) (y::'a::type) z::'a::type. f x (f y z) = f (f x y) z)"
  1.7230 -  by (import operator ASSOC_DEF)
  1.7231 -
  1.7232 -definition COMM :: "('a => 'a => 'b) => bool" where 
  1.7233 -  "COMM ==
  1.7234 -%f::'a::type => 'a::type => 'b::type.
  1.7235 -   ALL (x::'a::type) y::'a::type. f x y = f y x"
  1.7236 -
  1.7237 -lemma COMM_DEF: "ALL f::'a::type => 'a::type => 'b::type.
  1.7238 -   COMM f = (ALL (x::'a::type) y::'a::type. f x y = f y x)"
  1.7239 -  by (import operator COMM_DEF)
  1.7240 -
  1.7241 -definition FCOMM :: "('a => 'b => 'a) => ('c => 'a => 'a) => bool" where 
  1.7242 -  "FCOMM ==
  1.7243 -%(f::'a::type => 'b::type => 'a::type) g::'c::type => 'a::type => 'a::type.
  1.7244 -   ALL (x::'c::type) (y::'a::type) z::'b::type. g x (f y z) = f (g x y) z"
  1.7245 -
  1.7246 -lemma FCOMM_DEF: "ALL (f::'a::type => 'b::type => 'a::type)
  1.7247 -   g::'c::type => 'a::type => 'a::type.
  1.7248 -   FCOMM f g =
  1.7249 -   (ALL (x::'c::type) (y::'a::type) z::'b::type. g x (f y z) = f (g x y) z)"
  1.7250 -  by (import operator FCOMM_DEF)
  1.7251 -
  1.7252 -definition RIGHT_ID :: "('a => 'b => 'a) => 'b => bool" where 
  1.7253 -  "RIGHT_ID ==
  1.7254 -%(f::'a::type => 'b::type => 'a::type) e::'b::type.
  1.7255 -   ALL x::'a::type. f x e = x"
  1.7256 -
  1.7257 -lemma RIGHT_ID_DEF: "ALL (f::'a::type => 'b::type => 'a::type) e::'b::type.
  1.7258 -   RIGHT_ID f e = (ALL x::'a::type. f x e = x)"
  1.7259 -  by (import operator RIGHT_ID_DEF)
  1.7260 -
  1.7261 -definition LEFT_ID :: "('a => 'b => 'b) => 'a => bool" where 
  1.7262 -  "LEFT_ID ==
  1.7263 -%(f::'a::type => 'b::type => 'b::type) e::'a::type.
  1.7264 -   ALL x::'b::type. f e x = x"
  1.7265 -
  1.7266 -lemma LEFT_ID_DEF: "ALL (f::'a::type => 'b::type => 'b::type) e::'a::type.
  1.7267 -   LEFT_ID f e = (ALL x::'b::type. f e x = x)"
  1.7268 -  by (import operator LEFT_ID_DEF)
  1.7269 -
  1.7270 -definition MONOID :: "('a => 'a => 'a) => 'a => bool" where 
  1.7271 -  "MONOID ==
  1.7272 -%(f::'a::type => 'a::type => 'a::type) e::'a::type.
  1.7273 -   ASSOC f & RIGHT_ID f e & LEFT_ID f e"
  1.7274 -
  1.7275 -lemma MONOID_DEF: "ALL (f::'a::type => 'a::type => 'a::type) e::'a::type.
  1.7276 -   MONOID f e = (ASSOC f & RIGHT_ID f e & LEFT_ID f e)"
  1.7277 -  by (import operator MONOID_DEF)
  1.7278 +definition
  1.7279 +  ASSOC :: "('a => 'a => 'a) => bool"  where
  1.7280 +  "ASSOC == %f. ALL x y z. f x (f y z) = f (f x y) z"
  1.7281 +
  1.7282 +lemma ASSOC_DEF: "ASSOC f = (ALL x y z. f x (f y z) = f (f x y) z)"
  1.7283 +  sorry
  1.7284 +
  1.7285 +definition
  1.7286 +  COMM :: "('a => 'a => 'b) => bool"  where
  1.7287 +  "COMM == %f. ALL x y. f x y = f y x"
  1.7288 +
  1.7289 +lemma COMM_DEF: "COMM f = (ALL x y. f x y = f y x)"
  1.7290 +  sorry
  1.7291 +
  1.7292 +definition
  1.7293 +  FCOMM :: "('a => 'b => 'a) => ('c => 'a => 'a) => bool"  where
  1.7294 +  "FCOMM == %f g. ALL x y z. g x (f y z) = f (g x y) z"
  1.7295 +
  1.7296 +lemma FCOMM_DEF: "FCOMM f g = (ALL x y z. g x (f y z) = f (g x y) z)"
  1.7297 +  sorry
  1.7298 +
  1.7299 +definition
  1.7300 +  RIGHT_ID :: "('a => 'b => 'a) => 'b => bool"  where
  1.7301 +  "RIGHT_ID == %f e. ALL x. f x e = x"
  1.7302 +
  1.7303 +lemma RIGHT_ID_DEF: "RIGHT_ID f e = (ALL x. f x e = x)"
  1.7304 +  sorry
  1.7305 +
  1.7306 +definition
  1.7307 +  LEFT_ID :: "('a => 'b => 'b) => 'a => bool"  where
  1.7308 +  "LEFT_ID == %f e. ALL x. f e x = x"
  1.7309 +
  1.7310 +lemma LEFT_ID_DEF: "LEFT_ID f e = (ALL x. f e x = x)"
  1.7311 +  sorry
  1.7312 +
  1.7313 +definition
  1.7314 +  MONOID :: "('a => 'a => 'a) => 'a => bool"  where
  1.7315 +  "MONOID == %f e. ASSOC f & RIGHT_ID f e & LEFT_ID f e"
  1.7316 +
  1.7317 +lemma MONOID_DEF: "MONOID f e = (ASSOC f & RIGHT_ID f e & LEFT_ID f e)"
  1.7318 +  sorry
  1.7319  
  1.7320  lemma ASSOC_CONJ: "ASSOC op &"
  1.7321 -  by (import operator ASSOC_CONJ)
  1.7322 +  sorry
  1.7323  
  1.7324  lemma ASSOC_DISJ: "ASSOC op |"
  1.7325 -  by (import operator ASSOC_DISJ)
  1.7326 -
  1.7327 -lemma FCOMM_ASSOC: "ALL x::'a::type => 'a::type => 'a::type. FCOMM x x = ASSOC x"
  1.7328 -  by (import operator FCOMM_ASSOC)
  1.7329 +  sorry
  1.7330 +
  1.7331 +lemma FCOMM_ASSOC: "FCOMM x x = ASSOC x"
  1.7332 +  sorry
  1.7333  
  1.7334  lemma MONOID_CONJ_T: "MONOID op & True"
  1.7335 -  by (import operator MONOID_CONJ_T)
  1.7336 +  sorry
  1.7337  
  1.7338  lemma MONOID_DISJ_F: "MONOID op | False"
  1.7339 -  by (import operator MONOID_DISJ_F)
  1.7340 +  sorry
  1.7341  
  1.7342  ;end_setup
  1.7343  
  1.7344 @@ -4574,1371 +3503,995 @@
  1.7345  consts
  1.7346    SNOC :: "'a => 'a list => 'a list" 
  1.7347  
  1.7348 -specification (SNOC) SNOC: "(ALL x::'a::type. SNOC x [] = [x]) &
  1.7349 -(ALL (x::'a::type) (x'::'a::type) l::'a::type list.
  1.7350 -    SNOC x (x' # l) = x' # SNOC x l)"
  1.7351 -  by (import rich_list SNOC)
  1.7352 +specification (SNOC) SNOC: "(ALL x::'a. SNOC x [] = [x]) &
  1.7353 +(ALL (x::'a) (x'::'a) l::'a list. SNOC x (x' # l) = x' # SNOC x l)"
  1.7354 +  sorry
  1.7355  
  1.7356  consts
  1.7357    SCANL :: "('b => 'a => 'b) => 'b => 'a list => 'b list" 
  1.7358  
  1.7359 -specification (SCANL) SCANL: "(ALL (f::'b::type => 'a::type => 'b::type) e::'b::type.
  1.7360 -    SCANL f e [] = [e]) &
  1.7361 -(ALL (f::'b::type => 'a::type => 'b::type) (e::'b::type) (x::'a::type)
  1.7362 -    l::'a::type list. SCANL f e (x # l) = e # SCANL f (f e x) l)"
  1.7363 -  by (import rich_list SCANL)
  1.7364 +specification (SCANL) SCANL: "(ALL (f::'b => 'a => 'b) e::'b. SCANL f e [] = [e]) &
  1.7365 +(ALL (f::'b => 'a => 'b) (e::'b) (x::'a) l::'a list.
  1.7366 +    SCANL f e (x # l) = e # SCANL f (f e x) l)"
  1.7367 +  sorry
  1.7368  
  1.7369  consts
  1.7370    SCANR :: "('a => 'b => 'b) => 'b => 'a list => 'b list" 
  1.7371  
  1.7372 -specification (SCANR) SCANR: "(ALL (f::'a::type => 'b::type => 'b::type) e::'b::type.
  1.7373 -    SCANR f e [] = [e]) &
  1.7374 -(ALL (f::'a::type => 'b::type => 'b::type) (e::'b::type) (x::'a::type)
  1.7375 -    l::'a::type list.
  1.7376 +specification (SCANR) SCANR: "(ALL (f::'a => 'b => 'b) e::'b. SCANR f e [] = [e]) &
  1.7377 +(ALL (f::'a => 'b => 'b) (e::'b) (x::'a) l::'a list.
  1.7378      SCANR f e (x # l) = f x (hd (SCANR f e l)) # SCANR f e l)"
  1.7379 -  by (import rich_list SCANR)
  1.7380 -
  1.7381 -lemma IS_EL_DEF: "ALL (x::'a::type) l::'a::type list. x mem l = list_ex (op = x) l"
  1.7382 -  by (import rich_list IS_EL_DEF)
  1.7383 -
  1.7384 -definition AND_EL :: "bool list => bool" where 
  1.7385 +  sorry
  1.7386 +
  1.7387 +lemma IS_EL_DEF: "List.member l x = list_ex (op = x) l"
  1.7388 +  sorry
  1.7389 +
  1.7390 +definition
  1.7391 +  AND_EL :: "bool list => bool"  where
  1.7392    "AND_EL == list_all I"
  1.7393  
  1.7394  lemma AND_EL_DEF: "AND_EL = list_all I"
  1.7395 -  by (import rich_list AND_EL_DEF)
  1.7396 -
  1.7397 -definition OR_EL :: "bool list => bool" where 
  1.7398 +  sorry
  1.7399 +
  1.7400 +definition
  1.7401 +  OR_EL :: "bool list => bool"  where
  1.7402    "OR_EL == list_ex I"
  1.7403  
  1.7404  lemma OR_EL_DEF: "OR_EL = list_ex I"
  1.7405 -  by (import rich_list OR_EL_DEF)
  1.7406 +  sorry
  1.7407  
  1.7408  consts
  1.7409    FIRSTN :: "nat => 'a list => 'a list" 
  1.7410  
  1.7411 -specification (FIRSTN) FIRSTN: "(ALL l::'a::type list. FIRSTN 0 l = []) &
  1.7412 -(ALL (n::nat) (x::'a::type) l::'a::type list.
  1.7413 -    FIRSTN (Suc n) (x # l) = x # FIRSTN n l)"
  1.7414 -  by (import rich_list FIRSTN)
  1.7415 +specification (FIRSTN) FIRSTN: "(ALL l::'a list. FIRSTN (0::nat) l = []) &
  1.7416 +(ALL (n::nat) (x::'a) l::'a list. FIRSTN (Suc n) (x # l) = x # FIRSTN n l)"
  1.7417 +  sorry
  1.7418  
  1.7419  consts
  1.7420    BUTFIRSTN :: "nat => 'a list => 'a list" 
  1.7421  
  1.7422 -specification (BUTFIRSTN) BUTFIRSTN: "(ALL l::'a::type list. BUTFIRSTN 0 l = l) &
  1.7423 -(ALL (n::nat) (x::'a::type) l::'a::type list.
  1.7424 -    BUTFIRSTN (Suc n) (x # l) = BUTFIRSTN n l)"
  1.7425 -  by (import rich_list BUTFIRSTN)
  1.7426 +specification (BUTFIRSTN) BUTFIRSTN: "(ALL l::'a list. BUTFIRSTN (0::nat) l = l) &
  1.7427 +(ALL (n::nat) (x::'a) l::'a list. BUTFIRSTN (Suc n) (x # l) = BUTFIRSTN n l)"
  1.7428 +  sorry
  1.7429  
  1.7430  consts
  1.7431    SEG :: "nat => nat => 'a list => 'a list" 
  1.7432  
  1.7433 -specification (SEG) SEG: "(ALL (k::nat) l::'a::type list. SEG 0 k l = []) &
  1.7434 -(ALL (m::nat) (x::'a::type) l::'a::type list.
  1.7435 -    SEG (Suc m) 0 (x # l) = x # SEG m 0 l) &
  1.7436 -(ALL (m::nat) (k::nat) (x::'a::type) l::'a::type list.
  1.7437 +specification (SEG) SEG: "(ALL (k::nat) l::'a list. SEG (0::nat) k l = []) &
  1.7438 +(ALL (m::nat) (x::'a) l::'a list.
  1.7439 +    SEG (Suc m) (0::nat) (x # l) = x # SEG m (0::nat) l) &
  1.7440 +(ALL (m::nat) (k::nat) (x::'a) l::'a list.
  1.7441      SEG (Suc m) (Suc k) (x # l) = SEG (Suc m) k l)"
  1.7442 -  by (import rich_list SEG)
  1.7443 -
  1.7444 -lemma LAST: "ALL (x::'a::type) l::'a::type list. last (SNOC x l) = x"
  1.7445 -  by (import rich_list LAST)
  1.7446 -
  1.7447 -lemma BUTLAST: "ALL (x::'a::type) l::'a::type list. butlast (SNOC x l) = l"
  1.7448 -  by (import rich_list BUTLAST)
  1.7449 +  sorry
  1.7450 +
  1.7451 +lemma LAST: "last (SNOC x l) = x"
  1.7452 +  sorry
  1.7453 +
  1.7454 +lemma BUTLAST: "butlast (SNOC x l) = l"
  1.7455 +  sorry
  1.7456  
  1.7457  consts
  1.7458    LASTN :: "nat => 'a list => 'a list" 
  1.7459  
  1.7460 -specification (LASTN) LASTN: "(ALL l::'a::type list. LASTN 0 l = []) &
  1.7461 -(ALL (n::nat) (x::'a::type) l::'a::type list.
  1.7462 +specification (LASTN) LASTN: "(ALL l::'a list. LASTN (0::nat) l = []) &
  1.7463 +(ALL (n::nat) (x::'a) l::'a list.
  1.7464      LASTN (Suc n) (SNOC x l) = SNOC x (LASTN n l))"
  1.7465 -  by (import rich_list LASTN)
  1.7466 +  sorry
  1.7467  
  1.7468  consts
  1.7469    BUTLASTN :: "nat => 'a list => 'a list" 
  1.7470  
  1.7471 -specification (BUTLASTN) BUTLASTN: "(ALL l::'a::type list. BUTLASTN 0 l = l) &
  1.7472 -(ALL (n::nat) (x::'a::type) l::'a::type list.
  1.7473 +specification (BUTLASTN) BUTLASTN: "(ALL l::'a list. BUTLASTN (0::nat) l = l) &
  1.7474 +(ALL (n::nat) (x::'a) l::'a list.
  1.7475      BUTLASTN (Suc n) (SNOC x l) = BUTLASTN n l)"
  1.7476 -  by (import rich_list BUTLASTN)
  1.7477 -
  1.7478 -lemma EL: "(ALL x::'a::type list. EL 0 x = hd x) &
  1.7479 -(ALL (x::nat) xa::'a::type list. EL (Suc x) xa = EL x (tl xa))"
  1.7480 -  by (import rich_list EL)
  1.7481 +  sorry
  1.7482 +
  1.7483 +lemma EL: "(ALL x::'a list. EL (0::nat) x = hd x) &
  1.7484 +(ALL (x::nat) xa::'a list. EL (Suc x) xa = EL x (tl xa))"
  1.7485 +  sorry
  1.7486  
  1.7487  consts
  1.7488    ELL :: "nat => 'a list => 'a" 
  1.7489  
  1.7490 -specification (ELL) ELL: "(ALL l::'a::type list. ELL 0 l = last l) &
  1.7491 -(ALL (n::nat) l::'a::type list. ELL (Suc n) l = ELL n (butlast l))"
  1.7492 -  by (import rich_list ELL)
  1.7493 +specification (ELL) ELL: "(ALL l::'a list. ELL (0::nat) l = last l) &
  1.7494 +(ALL (n::nat) l::'a list. ELL (Suc n) l = ELL n (butlast l))"
  1.7495 +  sorry
  1.7496  
  1.7497  consts
  1.7498    IS_PREFIX :: "'a list => 'a list => bool" 
  1.7499  
  1.7500 -specification (IS_PREFIX) IS_PREFIX: "(ALL l::'a::type list. IS_PREFIX l [] = True) &
  1.7501 -(ALL (x::'a::type) l::'a::type list. IS_PREFIX [] (x # l) = False) &
  1.7502 -(ALL (x1::'a::type) (l1::'a::type list) (x2::'a::type) l2::'a::type list.
  1.7503 +specification (IS_PREFIX) IS_PREFIX: "(ALL l::'a list. IS_PREFIX l [] = True) &
  1.7504 +(ALL (x::'a) l::'a list. IS_PREFIX [] (x # l) = False) &
  1.7505 +(ALL (x1::'a) (l1::'a list) (x2::'a) l2::'a list.
  1.7506      IS_PREFIX (x1 # l1) (x2 # l2) = (x1 = x2 & IS_PREFIX l1 l2))"
  1.7507 -  by (import rich_list IS_PREFIX)
  1.7508 -
  1.7509 -lemma SNOC_APPEND: "ALL (x::'a::type) l::'a::type list. SNOC x l = l @ [x]"
  1.7510 -  by (import rich_list SNOC_APPEND)
  1.7511 -
  1.7512 -lemma REVERSE: "rev [] = [] &
  1.7513 -(ALL (x::'a::type) xa::'a::type list. rev (x # xa) = SNOC x (rev xa))"
  1.7514 -  by (import rich_list REVERSE)
  1.7515 -
  1.7516 -lemma REVERSE_SNOC: "ALL (x::'a::type) l::'a::type list. rev (SNOC x l) = x # rev l"
  1.7517 -  by (import rich_list REVERSE_SNOC)
  1.7518 -
  1.7519 -lemma SNOC_Axiom: "ALL (e::'b::type) f::'a::type => 'a::type list => 'b::type => 'b::type.
  1.7520 -   EX x::'a::type list => 'b::type.
  1.7521 -      x [] = e &
  1.7522 -      (ALL (xa::'a::type) l::'a::type list. x (SNOC xa l) = f xa l (x l))"
  1.7523 -  by (import rich_list SNOC_Axiom)
  1.7524 +  sorry
  1.7525 +
  1.7526 +lemma SNOC_APPEND: "SNOC x l = l @ [x]"
  1.7527 +  sorry
  1.7528 +
  1.7529 +lemma REVERSE: "rev [] = [] & (ALL (x::'a) xa::'a list. rev (x # xa) = SNOC x (rev xa))"
  1.7530 +  sorry
  1.7531 +
  1.7532 +lemma REVERSE_SNOC: "rev (SNOC x l) = x # rev l"
  1.7533 +  sorry
  1.7534 +
  1.7535 +lemma SNOC_Axiom: "EX x. x [] = e & (ALL xa l. x (SNOC xa l) = f xa l (x l))"
  1.7536 +  sorry
  1.7537  
  1.7538  consts
  1.7539    IS_SUFFIX :: "'a list => 'a list => bool" 
  1.7540  
  1.7541 -specification (IS_SUFFIX) IS_SUFFIX: "(ALL l::'a::type list. IS_SUFFIX l [] = True) &
  1.7542 -(ALL (x::'a::type) l::'a::type list. IS_SUFFIX [] (SNOC x l) = False) &
  1.7543 -(ALL (x1::'a::type) (l1::'a::type list) (x2::'a::type) l2::'a::type list.
  1.7544 +specification (IS_SUFFIX) IS_SUFFIX: "(ALL l::'a list. IS_SUFFIX l [] = True) &
  1.7545 +(ALL (x::'a) l::'a list. IS_SUFFIX [] (SNOC x l) = False) &
  1.7546 +(ALL (x1::'a) (l1::'a list) (x2::'a) l2::'a list.
  1.7547      IS_SUFFIX (SNOC x1 l1) (SNOC x2 l2) = (x1 = x2 & IS_SUFFIX l1 l2))"
  1.7548 -  by (import rich_list IS_SUFFIX)
  1.7549 +  sorry
  1.7550  
  1.7551  consts
  1.7552    IS_SUBLIST :: "'a list => 'a list => bool" 
  1.7553  
  1.7554 -specification (IS_SUBLIST) IS_SUBLIST: "(ALL l::'a::type list. IS_SUBLIST l [] = True) &
  1.7555 -(ALL (x::'a::type) l::'a::type list. IS_SUBLIST [] (x # l) = False) &
  1.7556 -(ALL (x1::'a::type) (l1::'a::type list) (x2::'a::type) l2::'a::type list.
  1.7557 +specification (IS_SUBLIST) IS_SUBLIST: "(ALL l::'a list. IS_SUBLIST l [] = True) &
  1.7558 +(ALL (x::'a) l::'a list. IS_SUBLIST [] (x # l) = False) &
  1.7559 +(ALL (x1::'a) (l1::'a list) (x2::'a) l2::'a list.
  1.7560      IS_SUBLIST (x1 # l1) (x2 # l2) =
  1.7561      (x1 = x2 & IS_PREFIX l1 l2 | IS_SUBLIST l1 (x2 # l2)))"
  1.7562 -  by (import rich_list IS_SUBLIST)
  1.7563 +  sorry
  1.7564  
  1.7565  consts
  1.7566    SPLITP :: "('a => bool) => 'a list => 'a list * 'a list" 
  1.7567  
  1.7568 -specification (SPLITP) SPLITP: "(ALL P::'a::type => bool. SPLITP P [] = ([], [])) &
  1.7569 -(ALL (P::'a::type => bool) (x::'a::type) l::'a::type list.
  1.7570 +specification (SPLITP) SPLITP: "(ALL P::'a => bool. SPLITP P [] = ([], [])) &
  1.7571 +(ALL (P::'a => bool) (x::'a) l::'a list.
  1.7572      SPLITP P (x # l) =
  1.7573      (if P x then ([], x # l) else (x # fst (SPLITP P l), snd (SPLITP P l))))"
  1.7574 -  by (import rich_list SPLITP)
  1.7575 -
  1.7576 -definition PREFIX :: "('a => bool) => 'a list => 'a list" where 
  1.7577 -  "PREFIX == %(P::'a::type => bool) l::'a::type list. fst (SPLITP (Not o P) l)"
  1.7578 -
  1.7579 -lemma PREFIX_DEF: "ALL (P::'a::type => bool) l::'a::type list.
  1.7580 -   PREFIX P l = fst (SPLITP (Not o P) l)"
  1.7581 -  by (import rich_list PREFIX_DEF)
  1.7582 -
  1.7583 -definition SUFFIX :: "('a => bool) => 'a list => 'a list" where 
  1.7584 -  "SUFFIX ==
  1.7585 -%P::'a::type => bool.
  1.7586 -   foldl (%(l'::'a::type list) x::'a::type. if P x then SNOC x l' else [])
  1.7587 -    []"
  1.7588 -
  1.7589 -lemma SUFFIX_DEF: "ALL (P::'a::type => bool) l::'a::type list.
  1.7590 -   SUFFIX P l =
  1.7591 -   foldl (%(l'::'a::type list) x::'a::type. if P x then SNOC x l' else [])
  1.7592 -    [] l"
  1.7593 -  by (import rich_list SUFFIX_DEF)
  1.7594 -
  1.7595 -definition UNZIP_FST :: "('a * 'b) list => 'a list" where 
  1.7596 -  "UNZIP_FST == %l::('a::type * 'b::type) list. fst (unzip l)"
  1.7597 -
  1.7598 -lemma UNZIP_FST_DEF: "ALL l::('a::type * 'b::type) list. UNZIP_FST l = fst (unzip l)"
  1.7599 -  by (import rich_list UNZIP_FST_DEF)
  1.7600 -
  1.7601 -definition UNZIP_SND :: "('a * 'b) list => 'b list" where 
  1.7602 -  "UNZIP_SND == %l::('a::type * 'b::type) list. snd (unzip l)"
  1.7603 -
  1.7604 -lemma UNZIP_SND_DEF: "ALL l::('a::type * 'b::type) list. UNZIP_SND l = snd (unzip l)"
  1.7605 -  by (import rich_list UNZIP_SND_DEF)
  1.7606 +  sorry
  1.7607 +
  1.7608 +definition
  1.7609 +  PREFIX :: "('a => bool) => 'a list => 'a list"  where
  1.7610 +  "PREFIX == %P l. fst (SPLITP (Not o P) l)"
  1.7611 +
  1.7612 +lemma PREFIX_DEF: "PREFIX P l = fst (SPLITP (Not o P) l)"
  1.7613 +  sorry
  1.7614 +
  1.7615 +definition
  1.7616 +  SUFFIX :: "('a => bool) => 'a list => 'a list"  where
  1.7617 +  "SUFFIX == %P. foldl (%l' x. if P x then SNOC x l' else []) []"
  1.7618 +
  1.7619 +lemma SUFFIX_DEF: "SUFFIX P l = foldl (%l' x. if P x then SNOC x l' else []) [] l"
  1.7620 +  sorry
  1.7621 +
  1.7622 +definition
  1.7623 +  UNZIP_FST :: "('a * 'b) list => 'a list"  where
  1.7624 +  "UNZIP_FST == %l. fst (unzip l)"
  1.7625 +
  1.7626 +lemma UNZIP_FST_DEF: "UNZIP_FST l = fst (unzip l)"
  1.7627 +  sorry
  1.7628 +
  1.7629 +definition
  1.7630 +  UNZIP_SND :: "('a * 'b) list => 'b list"  where
  1.7631 +  "UNZIP_SND == %l. snd (unzip l)"
  1.7632 +
  1.7633 +lemma UNZIP_SND_DEF: "UNZIP_SND (l::('a * 'b) list) = snd (unzip l)"
  1.7634 +  sorry
  1.7635  
  1.7636  consts
  1.7637    GENLIST :: "(nat => 'a) => nat => 'a list" 
  1.7638  
  1.7639 -specification (GENLIST) GENLIST: "(ALL f::nat => 'a::type. GENLIST f 0 = []) &
  1.7640 -(ALL (f::nat => 'a::type) n::nat.
  1.7641 -    GENLIST f (Suc n) = SNOC (f n) (GENLIST f n))"
  1.7642 -  by (import rich_list GENLIST)
  1.7643 +specification (GENLIST) GENLIST: "(ALL f::nat => 'a. GENLIST f (0::nat) = []) &
  1.7644 +(ALL (f::nat => 'a) n::nat. GENLIST f (Suc n) = SNOC (f n) (GENLIST f n))"
  1.7645 +  sorry
  1.7646  
  1.7647  consts
  1.7648    REPLICATE :: "nat => 'a => 'a list" 
  1.7649  
  1.7650 -specification (REPLICATE) REPLICATE: "(ALL x::'a::type. REPLICATE 0 x = []) &
  1.7651 -(ALL (n::nat) x::'a::type. REPLICATE (Suc n) x = x # REPLICATE n x)"
  1.7652 -  by (import rich_list REPLICATE)
  1.7653 -
  1.7654 -lemma LENGTH_MAP2: "ALL (l1::'a::type list) l2::'b::type list.
  1.7655 -   length l1 = length l2 -->
  1.7656 -   (ALL f::'a::type => 'b::type => 'c::type.
  1.7657 -       length (map2 f l1 l2) = length l1 &
  1.7658 -       length (map2 f l1 l2) = length l2)"
  1.7659 -  by (import rich_list LENGTH_MAP2)
  1.7660 -
  1.7661 -lemma NULL_EQ_NIL: "ALL l::'a::type list. null l = (l = [])"
  1.7662 -  by (import rich_list NULL_EQ_NIL)
  1.7663 -
  1.7664 -lemma LENGTH_EQ: "ALL (x::'a::type list) y::'a::type list. x = y --> length x = length y"
  1.7665 -  by (import rich_list LENGTH_EQ)
  1.7666 -
  1.7667 -lemma LENGTH_NOT_NULL: "ALL l::'a::type list. (0 < length l) = (~ null l)"
  1.7668 -  by (import rich_list LENGTH_NOT_NULL)
  1.7669 -
  1.7670 -lemma SNOC_INDUCT: "ALL P::'a::type list => bool.
  1.7671 -   P [] &
  1.7672 -   (ALL l::'a::type list. P l --> (ALL x::'a::type. P (SNOC x l))) -->
  1.7673 -   All P"
  1.7674 -  by (import rich_list SNOC_INDUCT)
  1.7675 -
  1.7676 -lemma SNOC_CASES: "ALL x'::'a::type list.
  1.7677 -   x' = [] | (EX (x::'a::type) l::'a::type list. x' = SNOC x l)"
  1.7678 -  by (import rich_list SNOC_CASES)
  1.7679 -
  1.7680 -lemma LENGTH_SNOC: "ALL (x::'a::type) l::'a::type list. length (SNOC x l) = Suc (length l)"
  1.7681 -  by (import rich_list LENGTH_SNOC)
  1.7682 -
  1.7683 -lemma NOT_NIL_SNOC: "ALL (x::'a::type) xa::'a::type list. [] ~= SNOC x xa"
  1.7684 -  by (import rich_list NOT_NIL_SNOC)
  1.7685 -
  1.7686 -lemma NOT_SNOC_NIL: "ALL (x::'a::type) xa::'a::type list. SNOC x xa ~= []"
  1.7687 -  by (import rich_list NOT_SNOC_NIL)
  1.7688 -
  1.7689 -lemma SNOC_11: "ALL (x::'a::type) (l::'a::type list) (x'::'a::type) l'::'a::type list.
  1.7690 -   (SNOC x l = SNOC x' l') = (x = x' & l = l')"
  1.7691 -  by (import rich_list SNOC_11)
  1.7692 -
  1.7693 -lemma SNOC_EQ_LENGTH_EQ: "ALL (x1::'a::type) (l1::'a::type list) (x2::'a::type) l2::'a::type list.
  1.7694 -   SNOC x1 l1 = SNOC x2 l2 --> length l1 = length l2"
  1.7695 -  by (import rich_list SNOC_EQ_LENGTH_EQ)
  1.7696 -
  1.7697 -lemma SNOC_REVERSE_CONS: "ALL (x::'a::type) xa::'a::type list. SNOC x xa = rev (x # rev xa)"
  1.7698 -  by (import rich_list SNOC_REVERSE_CONS)
  1.7699 -
  1.7700 -lemma MAP_SNOC: "ALL (x::'a::type => 'b::type) (xa::'a::type) xb::'a::type list.
  1.7701 -   map x (SNOC xa xb) = SNOC (x xa) (map x xb)"
  1.7702 -  by (import rich_list MAP_SNOC)
  1.7703 -
  1.7704 -lemma FOLDR_SNOC: "ALL (f::'a::type => 'b::type => 'b::type) (e::'b::type) (x::'a::type)
  1.7705 -   l::'a::type list. foldr f (SNOC x l) e = foldr f l (f x e)"
  1.7706 -  by (import rich_list FOLDR_SNOC)
  1.7707 -
  1.7708 -lemma FOLDL_SNOC: "ALL (f::'b::type => 'a::type => 'b::type) (e::'b::type) (x::'a::type)
  1.7709 -   l::'a::type list. fol