mathematical symbols instead of ASCII
authorpaulson
Tue Mar 06 15:15:49 2012 +0000 (2012-03-06)
changeset 46820c656222c4dc1
parent 46819 9b38f8527510
child 46821 ff6b0c1087f2
mathematical symbols instead of ASCII
src/ZF/AC.thy
src/ZF/Arith.thy
src/ZF/ArithSimp.thy
src/ZF/Bin.thy
src/ZF/Bool.thy
src/ZF/Cardinal.thy
src/ZF/CardinalArith.thy
src/ZF/Cardinal_AC.thy
src/ZF/Epsilon.thy
src/ZF/EquivClass.thy
src/ZF/Finite.thy
src/ZF/Fixedpt.thy
src/ZF/InfDatatype.thy
src/ZF/IntDiv_ZF.thy
src/ZF/Int_ZF.thy
src/ZF/List_ZF.thy
src/ZF/Main_ZF.thy
src/ZF/Nat_ZF.thy
src/ZF/OrdQuant.thy
src/ZF/Order.thy
src/ZF/OrderArith.thy
src/ZF/OrderType.thy
src/ZF/Ordinal.thy
src/ZF/Perm.thy
src/ZF/QPair.thy
src/ZF/QUniv.thy
src/ZF/Sum.thy
src/ZF/Trancl.thy
src/ZF/Univ.thy
src/ZF/WF.thy
src/ZF/ZF.thy
src/ZF/Zorn.thy
src/ZF/equalities.thy
src/ZF/ex/Group.thy
src/ZF/func.thy
src/ZF/pair.thy
src/ZF/upair.thy
     1.1 --- a/src/ZF/AC.thy	Sun Mar 04 23:20:43 2012 +0100
     1.2 +++ b/src/ZF/AC.thy	Tue Mar 06 15:15:49 2012 +0000
     1.3 @@ -9,9 +9,9 @@
     1.4  
     1.5  text{*This definition comes from Halmos (1960), page 59.*}
     1.6  axiomatization where
     1.7 -  AC: "[| a: A;  !!x. x:A ==> (EX y. y:B(x)) |] ==> EX z. z : Pi(A,B)"
     1.8 +  AC: "[| a: A;  !!x. x:A ==> (\<exists>y. y:B(x)) |] ==> \<exists>z. z \<in> Pi(A,B)"
     1.9  
    1.10 -(*The same as AC, but no premise a \<in> A*)
    1.11 +(*The same as AC, but no premise @{term"a \<in> A"}*)
    1.12  lemma AC_Pi: "[| !!x. x \<in> A ==> (\<exists>y. y \<in> B(x)) |] ==> \<exists>z. z \<in> Pi(A,B)"
    1.13  apply (case_tac "A=0")
    1.14  apply (simp add: Pi_empty1)
    1.15 @@ -31,17 +31,17 @@
    1.16  done
    1.17  
    1.18  lemma AC_func:
    1.19 -     "[| !!x. x \<in> A ==> (\<exists>y. y \<in> x) |] ==> \<exists>f \<in> A->Union(A). \<forall>x \<in> A. f`x \<in> x"
    1.20 +     "[| !!x. x \<in> A ==> (\<exists>y. y \<in> x) |] ==> \<exists>f \<in> A->\<Union>(A). \<forall>x \<in> A. f`x \<in> x"
    1.21  apply (rule_tac B1 = "%x. x" in AC_Pi [THEN exE])
    1.22 -prefer 2 apply (blast dest: apply_type intro: Pi_type, blast) 
    1.23 +prefer 2 apply (blast dest: apply_type intro: Pi_type, blast)
    1.24  done
    1.25  
    1.26  lemma non_empty_family: "[| 0 \<notin> A;  x \<in> A |] ==> \<exists>y. y \<in> x"
    1.27  by (subgoal_tac "x \<noteq> 0", blast+)
    1.28  
    1.29 -lemma AC_func0: "0 \<notin> A ==> \<exists>f \<in> A->Union(A). \<forall>x \<in> A. f`x \<in> x"
    1.30 +lemma AC_func0: "0 \<notin> A ==> \<exists>f \<in> A->\<Union>(A). \<forall>x \<in> A. f`x \<in> x"
    1.31  apply (rule AC_func)
    1.32 -apply (simp_all add: non_empty_family) 
    1.33 +apply (simp_all add: non_empty_family)
    1.34  done
    1.35  
    1.36  lemma AC_func_Pow: "\<exists>f \<in> (Pow(C)-{0}) -> C. \<forall>x \<in> Pow(C)-{0}. f`x \<in> x"
    1.37 @@ -53,7 +53,7 @@
    1.38  
    1.39  lemma AC_Pi0: "0 \<notin> A ==> \<exists>f. f \<in> (\<Pi> x \<in> A. x)"
    1.40  apply (rule AC_Pi)
    1.41 -apply (simp_all add: non_empty_family) 
    1.42 +apply (simp_all add: non_empty_family)
    1.43  done
    1.44  
    1.45  end
     2.1 --- a/src/ZF/Arith.thy	Sun Mar 04 23:20:43 2012 +0100
     2.2 +++ b/src/ZF/Arith.thy	Tue Mar 06 15:15:49 2012 +0000
     2.3 @@ -6,10 +6,10 @@
     2.4  (*"Difference" is subtraction of natural numbers.
     2.5    There are no negative numbers; we have
     2.6       m #- n = 0  iff  m<=n   and     m #- n = succ(k) iff m>n.
     2.7 -  Also, rec(m, 0, %z w.z) is pred(m).   
     2.8 +  Also, rec(m, 0, %z w.z) is pred(m).
     2.9  *)
    2.10  
    2.11 -header{*Arithmetic Operators and Their Definitions*} 
    2.12 +header{*Arithmetic Operators and Their Definitions*}
    2.13  
    2.14  theory Arith imports Univ begin
    2.15  
    2.16 @@ -87,7 +87,7 @@
    2.17  apply (induct_tac "k", auto)
    2.18  done
    2.19  
    2.20 -(* [| 0 < k; k \<in> nat; !!j. [| j \<in> nat; k = succ(j) |] ==> Q |] ==> Q *)
    2.21 +(* @{term"[| 0 < k; k \<in> nat; !!j. [| j \<in> nat; k = succ(j) |] ==> Q |] ==> Q"} *)
    2.22  lemmas zero_lt_natE = zero_lt_lemma [THEN bexE]
    2.23  
    2.24  
    2.25 @@ -102,7 +102,7 @@
    2.26  lemma natify_0 [simp]: "natify(0) = 0"
    2.27  by (rule natify_def [THEN def_Vrecursor, THEN trans], auto)
    2.28  
    2.29 -lemma natify_non_succ: "\<forall>z. x ~= succ(z) ==> natify(x) = 0"
    2.30 +lemma natify_non_succ: "\<forall>z. x \<noteq> succ(z) ==> natify(x) = 0"
    2.31  by (rule natify_def [THEN def_Vrecursor, THEN trans], auto)
    2.32  
    2.33  lemma natify_in_nat [iff,TC]: "natify(x) \<in> nat"
    2.34 @@ -214,8 +214,8 @@
    2.35  lemma diff_0 [simp]: "m #- 0 = natify(m)"
    2.36  by (simp add: diff_def)
    2.37  
    2.38 -lemma diff_le_self: "m\<in>nat ==> (m #- n) le m"
    2.39 -apply (subgoal_tac " (m #- natify (n)) le m")
    2.40 +lemma diff_le_self: "m\<in>nat ==> (m #- n) \<le> m"
    2.41 +apply (subgoal_tac " (m #- natify (n)) \<le> m")
    2.42  apply (rule_tac [2] m = m and n = "natify (n) " in diff_induct)
    2.43  apply (erule_tac [6] leE)
    2.44  apply (simp_all add: le_iff)
    2.45 @@ -293,13 +293,13 @@
    2.46  by (force dest!: add_left_cancel_natify)
    2.47  
    2.48  (*Thanks to Sten Agerholm*)
    2.49 -lemma add_le_elim1_natify: "k#+m le k#+n ==> natify(m) le natify(n)"
    2.50 -apply (rule_tac P = "natify(k) #+m le natify(k) #+n" in rev_mp)
    2.51 +lemma add_le_elim1_natify: "k#+m \<le> k#+n ==> natify(m) \<le> natify(n)"
    2.52 +apply (rule_tac P = "natify(k) #+m \<le> natify(k) #+n" in rev_mp)
    2.53  apply (rule_tac [2] n = "natify(k) " in nat_induct)
    2.54  apply auto
    2.55  done
    2.56  
    2.57 -lemma add_le_elim1: "[| k#+m le k#+n; m \<in> nat; n \<in> nat |] ==> m le n"
    2.58 +lemma add_le_elim1: "[| k#+m \<le> k#+n; m \<in> nat; n \<in> nat |] ==> m \<le> n"
    2.59  by (drule add_le_elim1_natify, auto)
    2.60  
    2.61  lemma add_lt_elim1_natify: "k#+m < k#+n ==> natify(m) < natify(n)"
    2.62 @@ -334,21 +334,21 @@
    2.63  lemma Ord_lt_mono_imp_le_mono:
    2.64    assumes lt_mono: "!!i j. [| i<j; j:k |] ==> f(i) < f(j)"
    2.65        and ford:    "!!i. i:k ==> Ord(f(i))"
    2.66 -      and leij:    "i le j"
    2.67 +      and leij:    "i \<le> j"
    2.68        and jink:    "j:k"
    2.69 -  shows "f(i) le f(j)"
    2.70 -apply (insert leij jink) 
    2.71 +  shows "f(i) \<le> f(j)"
    2.72 +apply (insert leij jink)
    2.73  apply (blast intro!: leCI lt_mono ford elim!: leE)
    2.74  done
    2.75  
    2.76  text{*@{text "\<le>"} monotonicity, 1st argument*}
    2.77 -lemma add_le_mono1: "[| i le j; j\<in>nat |] ==> i#+k le j#+k"
    2.78 -apply (rule_tac f = "%j. j#+k" in Ord_lt_mono_imp_le_mono, typecheck) 
    2.79 +lemma add_le_mono1: "[| i \<le> j; j\<in>nat |] ==> i#+k \<le> j#+k"
    2.80 +apply (rule_tac f = "%j. j#+k" in Ord_lt_mono_imp_le_mono, typecheck)
    2.81  apply (blast intro: add_lt_mono1 add_type [THEN nat_into_Ord])+
    2.82  done
    2.83  
    2.84  text{*@{text "\<le>"} monotonicity, both arguments*}
    2.85 -lemma add_le_mono: "[| i le j; k le l; j\<in>nat; l\<in>nat |] ==> i#+k le j#+l"
    2.86 +lemma add_le_mono: "[| i \<le> j; k \<le> l; j\<in>nat; l\<in>nat |] ==> i#+k \<le> j#+l"
    2.87  apply (rule add_le_mono1 [THEN le_trans], assumption+)
    2.88  apply (subst add_commute, subst add_commute, rule add_le_mono1, assumption+)
    2.89  done
    2.90 @@ -365,8 +365,8 @@
    2.91  
    2.92  text{*Less-than: in other words, strict in both arguments*}
    2.93  lemma add_lt_mono: "[| i<j; k<l; j\<in>nat; l\<in>nat |] ==> i#+k < j#+l"
    2.94 -apply (rule add_lt_le_mono) 
    2.95 -apply (auto intro: leI) 
    2.96 +apply (rule add_lt_le_mono)
    2.97 +apply (auto intro: leI)
    2.98  done
    2.99  
   2.100  (** Subtraction is the inverse of addition. **)
   2.101 @@ -400,12 +400,12 @@
   2.102  by (simp add: pred_def)
   2.103  
   2.104  lemma eq_succ_imp_eq_m1: "[|i = succ(j); i\<in>nat|] ==> j = i #- 1 & j \<in>nat"
   2.105 -by simp 
   2.106 +by simp
   2.107  
   2.108  lemma pred_Un_distrib:
   2.109 -    "[|i\<in>nat; j\<in>nat|] ==> pred(i Un j) = pred(i) Un pred(j)"
   2.110 -apply (erule_tac n=i in natE, simp) 
   2.111 -apply (erule_tac n=j in natE, simp) 
   2.112 +    "[|i\<in>nat; j\<in>nat|] ==> pred(i \<union> j) = pred(i) \<union> pred(j)"
   2.113 +apply (erule_tac n=i in natE, simp)
   2.114 +apply (erule_tac n=j in natE, simp)
   2.115  apply (simp add:  succ_Un_distrib [symmetric])
   2.116  done
   2.117  
   2.118 @@ -414,23 +414,23 @@
   2.119  by (simp add: pred_def split: split_nat_case)
   2.120  
   2.121  lemma nat_diff_pred: "[|i\<in>nat; j\<in>nat|] ==> i #- succ(j) = pred(i #- j)";
   2.122 -apply (rule_tac m=i and n=j in diff_induct) 
   2.123 +apply (rule_tac m=i and n=j in diff_induct)
   2.124  apply (auto simp add: pred_def nat_imp_quasinat split: split_nat_case)
   2.125  done
   2.126  
   2.127  lemma diff_succ_eq_pred: "i #- succ(j) = pred(i #- j)";
   2.128  apply (insert nat_diff_pred [of "natify(i)" "natify(j)"])
   2.129 -apply (simp add: natify_succ [symmetric]) 
   2.130 +apply (simp add: natify_succ [symmetric])
   2.131  done
   2.132  
   2.133  lemma nat_diff_Un_distrib:
   2.134 -    "[|i\<in>nat; j\<in>nat; k\<in>nat|] ==> (i Un j) #- k = (i#-k) Un (j#-k)"
   2.135 -apply (rule_tac n=k in nat_induct) 
   2.136 -apply (simp_all add: diff_succ_eq_pred pred_Un_distrib) 
   2.137 +    "[|i\<in>nat; j\<in>nat; k\<in>nat|] ==> (i \<union> j) #- k = (i#-k) \<union> (j#-k)"
   2.138 +apply (rule_tac n=k in nat_induct)
   2.139 +apply (simp_all add: diff_succ_eq_pred pred_Un_distrib)
   2.140  done
   2.141  
   2.142  lemma diff_Un_distrib:
   2.143 -    "[|i\<in>nat; j\<in>nat|] ==> (i Un j) #- k = (i#-k) Un (j#-k)"
   2.144 +    "[|i\<in>nat; j\<in>nat|] ==> (i \<union> j) #- k = (i#-k) \<union> (j#-k)"
   2.145  by (insert nat_diff_Un_distrib [of i j "natify(k)"], simp)
   2.146  
   2.147  text{*We actually prove @{term "i #- j #- k = i #- (j #+ k)"}*}
     3.1 --- a/src/ZF/ArithSimp.thy	Sun Mar 04 23:20:43 2012 +0100
     3.2 +++ b/src/ZF/ArithSimp.thy	Tue Mar 06 15:15:49 2012 +0000
     3.3 @@ -5,7 +5,7 @@
     3.4  
     3.5  header{*Arithmetic with simplification*}
     3.6  
     3.7 -theory ArithSimp 
     3.8 +theory ArithSimp
     3.9  imports Arith
    3.10  uses "~~/src/Provers/Arith/cancel_numerals.ML"
    3.11        "~~/src/Provers/Arith/combine_numerals.ML"
    3.12 @@ -22,20 +22,20 @@
    3.13  (**Addition is the inverse of subtraction**)
    3.14  
    3.15  (*We need m:nat even if we replace the RHS by natify(m), for consider e.g.
    3.16 -  n=2, m=omega; then n + (m-n) = 2 + (0-2) = 2 ~= 0 = natify(m).*)
    3.17 -lemma add_diff_inverse: "[| n le m;  m:nat |] ==> n #+ (m#-n) = m"
    3.18 +  n=2, m=omega; then n + (m-n) = 2 + (0-2) = 2 \<noteq> 0 = natify(m).*)
    3.19 +lemma add_diff_inverse: "[| n \<le> m;  m:nat |] ==> n #+ (m#-n) = m"
    3.20  apply (frule lt_nat_in_nat, erule nat_succI)
    3.21  apply (erule rev_mp)
    3.22  apply (rule_tac m = m and n = n in diff_induct, auto)
    3.23  done
    3.24  
    3.25 -lemma add_diff_inverse2: "[| n le m;  m:nat |] ==> (m#-n) #+ n = m"
    3.26 +lemma add_diff_inverse2: "[| n \<le> m;  m:nat |] ==> (m#-n) #+ n = m"
    3.27  apply (frule lt_nat_in_nat, erule nat_succI)
    3.28  apply (simp (no_asm_simp) add: add_commute add_diff_inverse)
    3.29  done
    3.30  
    3.31  (*Proof is IDENTICAL to that of add_diff_inverse*)
    3.32 -lemma diff_succ: "[| n le m;  m:nat |] ==> succ(m) #- n = succ(m#-n)"
    3.33 +lemma diff_succ: "[| n \<le> m;  m:nat |] ==> succ(m) #- n = succ(m#-n)"
    3.34  apply (frule lt_nat_in_nat, erule nat_succI)
    3.35  apply (erule rev_mp)
    3.36  apply (rule_tac m = m and n = n in diff_induct)
    3.37 @@ -65,7 +65,7 @@
    3.38  subsection{*Remainder*}
    3.39  
    3.40  (*We need m:nat even with natify*)
    3.41 -lemma div_termination: "[| 0<n;  n le m;  m:nat |] ==> m #- n < m"
    3.42 +lemma div_termination: "[| 0<n;  n \<le> m;  m:nat |] ==> m #- n < m"
    3.43  apply (frule lt_nat_in_nat, erule nat_succI)
    3.44  apply (erule rev_mp)
    3.45  apply (erule rev_mp)
    3.46 @@ -74,25 +74,25 @@
    3.47  done
    3.48  
    3.49  (*for mod and div*)
    3.50 -lemmas div_rls = 
    3.51 -    nat_typechecks Ord_transrec_type apply_funtype 
    3.52 +lemmas div_rls =
    3.53 +    nat_typechecks Ord_transrec_type apply_funtype
    3.54      div_termination [THEN ltD]
    3.55      nat_into_Ord not_lt_iff_le [THEN iffD1]
    3.56  
    3.57 -lemma raw_mod_type: "[| m:nat;  n:nat |] ==> raw_mod (m, n) : nat"
    3.58 +lemma raw_mod_type: "[| m:nat;  n:nat |] ==> raw_mod (m, n) \<in> nat"
    3.59  apply (unfold raw_mod_def)
    3.60  apply (rule Ord_transrec_type)
    3.61  apply (auto simp add: nat_into_Ord [THEN Ord_0_lt_iff])
    3.62 -apply (blast intro: div_rls) 
    3.63 +apply (blast intro: div_rls)
    3.64  done
    3.65  
    3.66 -lemma mod_type [TC,iff]: "m mod n : nat"
    3.67 +lemma mod_type [TC,iff]: "m mod n \<in> nat"
    3.68  apply (unfold mod_def)
    3.69  apply (simp (no_asm) add: mod_def raw_mod_type)
    3.70  done
    3.71  
    3.72  
    3.73 -(** Aribtrary definitions for division by zero.  Useful to simplify 
    3.74 +(** Aribtrary definitions for division by zero.  Useful to simplify
    3.75      certain equations **)
    3.76  
    3.77  lemma DIVISION_BY_ZERO_DIV: "a div 0 = 0"
    3.78 @@ -112,20 +112,20 @@
    3.79  apply (simp (no_asm_simp) add: div_termination [THEN ltD])
    3.80  done
    3.81  
    3.82 -lemma mod_less [simp]: "[| m<n; n : nat |] ==> m mod n = m"
    3.83 +lemma mod_less [simp]: "[| m<n; n \<in> nat |] ==> m mod n = m"
    3.84  apply (frule lt_nat_in_nat, assumption)
    3.85  apply (simp (no_asm_simp) add: mod_def raw_mod_less)
    3.86  done
    3.87  
    3.88  lemma raw_mod_geq:
    3.89 -     "[| 0<n; n le m;  m:nat |] ==> raw_mod (m, n) = raw_mod (m#-n, n)"
    3.90 +     "[| 0<n; n \<le> m;  m:nat |] ==> raw_mod (m, n) = raw_mod (m#-n, n)"
    3.91  apply (frule lt_nat_in_nat, erule nat_succI)
    3.92  apply (rule raw_mod_def [THEN def_transrec, THEN trans])
    3.93  apply (simp (no_asm_simp) add: div_termination [THEN ltD] not_lt_iff_le [THEN iffD2], blast)
    3.94  done
    3.95  
    3.96  
    3.97 -lemma mod_geq: "[| n le m;  m:nat |] ==> m mod n = (m#-n) mod n"
    3.98 +lemma mod_geq: "[| n \<le> m;  m:nat |] ==> m mod n = (m#-n) mod n"
    3.99  apply (frule lt_nat_in_nat, erule nat_succI)
   3.100  apply (case_tac "n=0")
   3.101   apply (simp add: DIVISION_BY_ZERO_MOD)
   3.102 @@ -135,14 +135,14 @@
   3.103  
   3.104  subsection{*Division*}
   3.105  
   3.106 -lemma raw_div_type: "[| m:nat;  n:nat |] ==> raw_div (m, n) : nat"
   3.107 +lemma raw_div_type: "[| m:nat;  n:nat |] ==> raw_div (m, n) \<in> nat"
   3.108  apply (unfold raw_div_def)
   3.109  apply (rule Ord_transrec_type)
   3.110  apply (auto simp add: nat_into_Ord [THEN Ord_0_lt_iff])
   3.111 -apply (blast intro: div_rls) 
   3.112 +apply (blast intro: div_rls)
   3.113  done
   3.114  
   3.115 -lemma div_type [TC,iff]: "m div n : nat"
   3.116 +lemma div_type [TC,iff]: "m div n \<in> nat"
   3.117  apply (unfold div_def)
   3.118  apply (simp (no_asm) add: div_def raw_div_type)
   3.119  done
   3.120 @@ -152,21 +152,21 @@
   3.121  apply (simp (no_asm_simp) add: div_termination [THEN ltD])
   3.122  done
   3.123  
   3.124 -lemma div_less [simp]: "[| m<n; n : nat |] ==> m div n = 0"
   3.125 +lemma div_less [simp]: "[| m<n; n \<in> nat |] ==> m div n = 0"
   3.126  apply (frule lt_nat_in_nat, assumption)
   3.127  apply (simp (no_asm_simp) add: div_def raw_div_less)
   3.128  done
   3.129  
   3.130 -lemma raw_div_geq: "[| 0<n;  n le m;  m:nat |] ==> raw_div(m,n) = succ(raw_div(m#-n, n))"
   3.131 -apply (subgoal_tac "n ~= 0")
   3.132 +lemma raw_div_geq: "[| 0<n;  n \<le> m;  m:nat |] ==> raw_div(m,n) = succ(raw_div(m#-n, n))"
   3.133 +apply (subgoal_tac "n \<noteq> 0")
   3.134  prefer 2 apply blast
   3.135  apply (frule lt_nat_in_nat, erule nat_succI)
   3.136  apply (rule raw_div_def [THEN def_transrec, THEN trans])
   3.137 -apply (simp (no_asm_simp) add: div_termination [THEN ltD] not_lt_iff_le [THEN iffD2] ) 
   3.138 +apply (simp (no_asm_simp) add: div_termination [THEN ltD] not_lt_iff_le [THEN iffD2] )
   3.139  done
   3.140  
   3.141  lemma div_geq [simp]:
   3.142 -     "[| 0<n;  n le m;  m:nat |] ==> m div n = succ ((m#-n) div n)"
   3.143 +     "[| 0<n;  n \<le> m;  m:nat |] ==> m div n = succ ((m#-n) div n)"
   3.144  apply (frule lt_nat_in_nat, erule nat_succI)
   3.145  apply (simp (no_asm_simp) add: div_def raw_div_geq)
   3.146  done
   3.147 @@ -183,13 +183,13 @@
   3.148  apply (case_tac "x<n")
   3.149  txt{*case x<n*}
   3.150  apply (simp (no_asm_simp))
   3.151 -txt{*case n le x*}
   3.152 +txt{*case @{term"n \<le> x"}*}
   3.153  apply (simp add: not_lt_iff_le add_assoc mod_geq div_termination [THEN ltD] add_diff_inverse)
   3.154  done
   3.155  
   3.156  lemma mod_div_equality_natify: "(m div n)#*n #+ m mod n = natify(m)"
   3.157  apply (subgoal_tac " (natify (m) div natify (n))#*natify (n) #+ natify (m) mod natify (n) = natify (m) ")
   3.158 -apply force 
   3.159 +apply force
   3.160  apply (subst mod_div_lemma, auto)
   3.161  done
   3.162  
   3.163 @@ -203,14 +203,14 @@
   3.164  text{*(mainly for mutilated chess board)*}
   3.165  
   3.166  lemma mod_succ_lemma:
   3.167 -     "[| 0<n;  m:nat;  n:nat |]  
   3.168 +     "[| 0<n;  m:nat;  n:nat |]
   3.169        ==> succ(m) mod n = (if succ(m mod n) = n then 0 else succ(m mod n))"
   3.170  apply (erule complete_induct)
   3.171  apply (case_tac "succ (x) <n")
   3.172  txt{* case succ(x) < n *}
   3.173   apply (simp (no_asm_simp) add: nat_le_refl [THEN lt_trans] succ_neq_self)
   3.174   apply (simp add: ltD [THEN mem_imp_not_eq])
   3.175 -txt{* case n le succ(x) *}
   3.176 +txt{* case @{term"n \<le> succ(x)"} *}
   3.177  apply (simp add: mod_geq not_lt_iff_le)
   3.178  apply (erule leE)
   3.179   apply (simp (no_asm_simp) add: mod_geq div_termination [THEN ltD] diff_succ)
   3.180 @@ -232,8 +232,8 @@
   3.181  lemma mod_less_divisor: "[| 0<n;  n:nat |] ==> m mod n < n"
   3.182  apply (subgoal_tac "natify (m) mod n < n")
   3.183  apply (rule_tac [2] i = "natify (m) " in complete_induct)
   3.184 -apply (case_tac [3] "x<n", auto) 
   3.185 -txt{* case n le x*}
   3.186 +apply (case_tac [3] "x<n", auto)
   3.187 +txt{* case @{term"n \<le> x"}*}
   3.188  apply (simp add: mod_geq not_lt_iff_le div_termination [THEN ltD])
   3.189  done
   3.190  
   3.191 @@ -264,25 +264,25 @@
   3.192  
   3.193  subsection{*Additional theorems about @{text "\<le>"}*}
   3.194  
   3.195 -lemma add_le_self: "m:nat ==> m le (m #+ n)"
   3.196 +lemma add_le_self: "m:nat ==> m \<le> (m #+ n)"
   3.197  apply (simp (no_asm_simp))
   3.198  done
   3.199  
   3.200 -lemma add_le_self2: "m:nat ==> m le (n #+ m)"
   3.201 +lemma add_le_self2: "m:nat ==> m \<le> (n #+ m)"
   3.202  apply (simp (no_asm_simp))
   3.203  done
   3.204  
   3.205  (*** Monotonicity of Multiplication ***)
   3.206  
   3.207 -lemma mult_le_mono1: "[| i le j; j:nat |] ==> (i#*k) le (j#*k)"
   3.208 -apply (subgoal_tac "natify (i) #*natify (k) le j#*natify (k) ")
   3.209 +lemma mult_le_mono1: "[| i \<le> j; j:nat |] ==> (i#*k) \<le> (j#*k)"
   3.210 +apply (subgoal_tac "natify (i) #*natify (k) \<le> j#*natify (k) ")
   3.211  apply (frule_tac [2] lt_nat_in_nat)
   3.212  apply (rule_tac [3] n = "natify (k) " in nat_induct)
   3.213  apply (simp_all add: add_le_mono)
   3.214  done
   3.215  
   3.216 -(* le monotonicity, BOTH arguments*)
   3.217 -lemma mult_le_mono: "[| i le j; k le l; j:nat; l:nat |] ==> i#*k le j#*l"
   3.218 +(* @{text"\<le>"} monotonicity, BOTH arguments*)
   3.219 +lemma mult_le_mono: "[| i \<le> j; k \<le> l; j:nat; l:nat |] ==> i#*k \<le> j#*l"
   3.220  apply (rule mult_le_mono1 [THEN le_trans], assumption+)
   3.221  apply (subst mult_commute, subst mult_commute, rule mult_le_mono1, assumption+)
   3.222  done
   3.223 @@ -359,20 +359,20 @@
   3.224  apply (simp (no_asm) add: mult_less_cancel2 mult_commute [of k])
   3.225  done
   3.226  
   3.227 -lemma mult_le_cancel2 [simp]: "(m#*k le n#*k) <-> (0 < natify(k) --> natify(m) le natify(n))"
   3.228 +lemma mult_le_cancel2 [simp]: "(m#*k \<le> n#*k) <-> (0 < natify(k) \<longrightarrow> natify(m) \<le> natify(n))"
   3.229  apply (simp (no_asm_simp) add: not_lt_iff_le [THEN iff_sym])
   3.230  apply auto
   3.231  done
   3.232  
   3.233 -lemma mult_le_cancel1 [simp]: "(k#*m le k#*n) <-> (0 < natify(k) --> natify(m) le natify(n))"
   3.234 +lemma mult_le_cancel1 [simp]: "(k#*m \<le> k#*n) <-> (0 < natify(k) \<longrightarrow> natify(m) \<le> natify(n))"
   3.235  apply (simp (no_asm_simp) add: not_lt_iff_le [THEN iff_sym])
   3.236  apply auto
   3.237  done
   3.238  
   3.239 -lemma mult_le_cancel_le1: "k : nat ==> k #* m le k \<longleftrightarrow> (0 < k \<longrightarrow> natify(m) le 1)"
   3.240 +lemma mult_le_cancel_le1: "k \<in> nat ==> k #* m \<le> k \<longleftrightarrow> (0 < k \<longrightarrow> natify(m) \<le> 1)"
   3.241  by (cut_tac k = k and m = m and n = 1 in mult_le_cancel1, auto)
   3.242  
   3.243 -lemma Ord_eq_iff_le: "[| Ord(m); Ord(n) |] ==> m=n <-> (m le n & n le m)"
   3.244 +lemma Ord_eq_iff_le: "[| Ord(m); Ord(n) |] ==> m=n <-> (m \<le> n & n \<le> m)"
   3.245  by (blast intro: le_anti_sym)
   3.246  
   3.247  lemma mult_cancel2_lemma:
   3.248 @@ -406,7 +406,7 @@
   3.249  
   3.250  lemma div_cancel:
   3.251       "[| 0 < natify(n);  0 < natify(k) |] ==> (k#*m) div (k#*n) = m div n"
   3.252 -apply (cut_tac k = "natify (k) " and m = "natify (m)" and n = "natify (n)" 
   3.253 +apply (cut_tac k = "natify (k) " and m = "natify (m)" and n = "natify (n)"
   3.254         in div_cancel_raw)
   3.255  apply auto
   3.256  done
   3.257 @@ -424,12 +424,12 @@
   3.258  apply (erule_tac i = m in complete_induct)
   3.259  apply (case_tac "x<n")
   3.260   apply (simp (no_asm_simp) add: mod_less zero_lt_mult_iff mult_lt_mono2)
   3.261 -apply (simp add: not_lt_iff_le zero_lt_mult_iff le_refl [THEN mult_le_mono] 
   3.262 +apply (simp add: not_lt_iff_le zero_lt_mult_iff le_refl [THEN mult_le_mono]
   3.263           mod_geq diff_mult_distrib2 [symmetric] div_termination [THEN ltD])
   3.264  done
   3.265  
   3.266  lemma mod_mult_distrib2: "k #* (m mod n) = (k#*m) mod (k#*n)"
   3.267 -apply (cut_tac k = "natify (k) " and m = "natify (m)" and n = "natify (n)" 
   3.268 +apply (cut_tac k = "natify (k) " and m = "natify (m)" and n = "natify (n)"
   3.269         in mult_mod_distrib_raw)
   3.270  apply auto
   3.271  done
   3.272 @@ -440,8 +440,8 @@
   3.273  
   3.274  lemma mod_add_self2_raw: "n \<in> nat ==> (m #+ n) mod n = m mod n"
   3.275  apply (subgoal_tac " (n #+ m) mod n = (n #+ m #- n) mod n")
   3.276 -apply (simp add: add_commute) 
   3.277 -apply (subst mod_geq [symmetric], auto) 
   3.278 +apply (simp add: add_commute)
   3.279 +apply (subst mod_geq [symmetric], auto)
   3.280  done
   3.281  
   3.282  lemma mod_add_self2 [simp]: "(m #+ n) mod n = m mod n"
   3.283 @@ -470,21 +470,21 @@
   3.284  (*Lemma for gcd*)
   3.285  lemma mult_eq_self_implies_10: "m = m#*n ==> natify(n)=1 | m=0"
   3.286  apply (subgoal_tac "m: nat")
   3.287 - prefer 2 
   3.288 + prefer 2
   3.289   apply (erule ssubst)
   3.290 - apply simp  
   3.291 + apply simp
   3.292  apply (rule disjCI)
   3.293  apply (drule sym)
   3.294  apply (rule Ord_linear_lt [of "natify(n)" 1])
   3.295 -apply simp_all  
   3.296 - apply (subgoal_tac "m #* n = 0", simp) 
   3.297 +apply simp_all
   3.298 + apply (subgoal_tac "m #* n = 0", simp)
   3.299   apply (subst mult_natify2 [symmetric])
   3.300   apply (simp del: mult_natify2)
   3.301  apply (drule nat_into_Ord [THEN Ord_0_lt, THEN [2] mult_lt_mono2], auto)
   3.302  done
   3.303  
   3.304  lemma less_imp_succ_add [rule_format]:
   3.305 -     "[| m<n; n: nat |] ==> EX k: nat. n = succ(m#+k)"
   3.306 +     "[| m<n; n: nat |] ==> \<exists>k\<in>nat. n = succ(m#+k)"
   3.307  apply (frule lt_nat_in_nat, assumption)
   3.308  apply (erule rev_mp)
   3.309  apply (induct_tac "n")
   3.310 @@ -493,45 +493,45 @@
   3.311  done
   3.312  
   3.313  lemma less_iff_succ_add:
   3.314 -     "[| m: nat; n: nat |] ==> (m<n) <-> (EX k: nat. n = succ(m#+k))"
   3.315 +     "[| m: nat; n: nat |] ==> (m<n) <-> (\<exists>k\<in>nat. n = succ(m#+k))"
   3.316  by (auto intro: less_imp_succ_add)
   3.317  
   3.318  lemma add_lt_elim2:
   3.319       "\<lbrakk>a #+ d = b #+ c; a < b; b \<in> nat; c \<in> nat; d \<in> nat\<rbrakk> \<Longrightarrow> c < d"
   3.320 -by (drule less_imp_succ_add, auto) 
   3.321 +by (drule less_imp_succ_add, auto)
   3.322  
   3.323  lemma add_le_elim2:
   3.324 -     "\<lbrakk>a #+ d = b #+ c; a le b; b \<in> nat; c \<in> nat; d \<in> nat\<rbrakk> \<Longrightarrow> c le d"
   3.325 -by (drule less_imp_succ_add, auto) 
   3.326 +     "\<lbrakk>a #+ d = b #+ c; a \<le> b; b \<in> nat; c \<in> nat; d \<in> nat\<rbrakk> \<Longrightarrow> c \<le> d"
   3.327 +by (drule less_imp_succ_add, auto)
   3.328  
   3.329  
   3.330  subsubsection{*More Lemmas About Difference*}
   3.331  
   3.332  lemma diff_is_0_lemma:
   3.333 -     "[| m: nat; n: nat |] ==> m #- n = 0 <-> m le n"
   3.334 +     "[| m: nat; n: nat |] ==> m #- n = 0 <-> m \<le> n"
   3.335  apply (rule_tac m = m and n = n in diff_induct, simp_all)
   3.336  done
   3.337  
   3.338 -lemma diff_is_0_iff: "m #- n = 0 <-> natify(m) le natify(n)"
   3.339 +lemma diff_is_0_iff: "m #- n = 0 <-> natify(m) \<le> natify(n)"
   3.340  by (simp add: diff_is_0_lemma [symmetric])
   3.341  
   3.342  lemma nat_lt_imp_diff_eq_0:
   3.343       "[| a:nat; b:nat; a<b |] ==> a #- b = 0"
   3.344 -by (simp add: diff_is_0_iff le_iff) 
   3.345 +by (simp add: diff_is_0_iff le_iff)
   3.346  
   3.347  lemma raw_nat_diff_split:
   3.348 -     "[| a:nat; b:nat |] ==>  
   3.349 -      (P(a #- b)) <-> ((a < b -->P(0)) & (ALL d:nat. a = b #+ d --> P(d)))"
   3.350 +     "[| a:nat; b:nat |] ==>
   3.351 +      (P(a #- b)) <-> ((a < b \<longrightarrow>P(0)) & (\<forall>d\<in>nat. a = b #+ d \<longrightarrow> P(d)))"
   3.352  apply (case_tac "a < b")
   3.353   apply (force simp add: nat_lt_imp_diff_eq_0)
   3.354 -apply (rule iffI, force, simp) 
   3.355 +apply (rule iffI, force, simp)
   3.356  apply (drule_tac x="a#-b" in bspec)
   3.357 -apply (simp_all add: Ordinal.not_lt_iff_le add_diff_inverse) 
   3.358 +apply (simp_all add: Ordinal.not_lt_iff_le add_diff_inverse)
   3.359  done
   3.360  
   3.361  lemma nat_diff_split:
   3.362 -   "(P(a #- b)) <-> 
   3.363 -    (natify(a) < natify(b) -->P(0)) & (ALL d:nat. natify(a) = b #+ d --> P(d))"
   3.364 +   "(P(a #- b)) <->
   3.365 +    (natify(a) < natify(b) \<longrightarrow>P(0)) & (\<forall>d\<in>nat. natify(a) = b #+ d \<longrightarrow> P(d))"
   3.366  apply (cut_tac P=P and a="natify(a)" and b="natify(b)" in raw_nat_diff_split)
   3.367  apply simp_all
   3.368  done
   3.369 @@ -544,10 +544,10 @@
   3.370   apply (blast intro: add_le_self lt_trans1)
   3.371  apply (rule not_le_iff_lt [THEN iffD1], auto)
   3.372  apply (subgoal_tac "i #+ da < j #+ d", force)
   3.373 -apply (blast intro: add_le_lt_mono) 
   3.374 +apply (blast intro: add_le_lt_mono)
   3.375  done
   3.376  
   3.377 -lemma lt_imp_diff_lt: "[|j<i; i\<le>k; k\<in>nat|] ==> (k#-i) < (k#-j)" 
   3.378 +lemma lt_imp_diff_lt: "[|j<i; i\<le>k; k\<in>nat|] ==> (k#-i) < (k#-j)"
   3.379  apply (frule le_in_nat, assumption)
   3.380  apply (frule lt_nat_in_nat, assumption)
   3.381  apply (simp split add: nat_diff_split, auto)
   3.382 @@ -555,13 +555,13 @@
   3.383   apply (blast intro: lt_irrefl lt_trans2)
   3.384  apply (rule not_le_iff_lt [THEN iffD1], auto)
   3.385  apply (subgoal_tac "j #+ d < i #+ da", force)
   3.386 -apply (blast intro: add_lt_le_mono) 
   3.387 +apply (blast intro: add_lt_le_mono)
   3.388  done
   3.389  
   3.390  
   3.391  lemma diff_lt_iff_lt: "[|i\<le>k; j\<in>nat; k\<in>nat|] ==> (k#-i) < (k#-j) <-> j<i"
   3.392  apply (frule le_in_nat, assumption)
   3.393 -apply (blast intro: lt_imp_diff_lt diff_lt_imp_lt) 
   3.394 +apply (blast intro: lt_imp_diff_lt diff_lt_imp_lt)
   3.395  done
   3.396  
   3.397  end
     4.1 --- a/src/ZF/Bin.thy	Sun Mar 04 23:20:43 2012 +0100
     4.2 +++ b/src/ZF/Bin.thy	Tue Mar 06 15:15:49 2012 +0000
     4.3 @@ -68,14 +68,14 @@
     4.4  
     4.5  primrec (*sum*)
     4.6    bin_adder_Pls:
     4.7 -    "bin_adder (Pls)     = (lam w:bin. w)"
     4.8 +    "bin_adder (Pls)     = (\<lambda>w\<in>bin. w)"
     4.9    bin_adder_Min:
    4.10 -    "bin_adder (Min)     = (lam w:bin. bin_pred(w))"
    4.11 +    "bin_adder (Min)     = (\<lambda>w\<in>bin. bin_pred(w))"
    4.12    bin_adder_BIT:
    4.13 -    "bin_adder (v BIT x) = 
    4.14 -       (lam w:bin. 
    4.15 -         bin_case (v BIT x, bin_pred(v BIT x), 
    4.16 -                   %w y. NCons(bin_adder (v) ` cond(x and y, bin_succ(w), w),  
    4.17 +    "bin_adder (v BIT x) =
    4.18 +       (\<lambda>w\<in>bin.
    4.19 +         bin_case (v BIT x, bin_pred(v BIT x),
    4.20 +                   %w y. NCons(bin_adder (v) ` cond(x and y, bin_succ(w), w),
    4.21                                 x xor y),
    4.22                     w))"
    4.23  
    4.24 @@ -83,7 +83,7 @@
    4.25  primrec
    4.26    "adding (v,x,Pls)     = v BIT x"
    4.27    "adding (v,x,Min)     = bin_pred(v BIT x)"
    4.28 -  "adding (v,x,w BIT y) = NCons(bin_adder (v, cond(x and y, bin_succ(w), w)), 
    4.29 +  "adding (v,x,w BIT y) = NCons(bin_adder (v, cond(x and y, bin_succ(w), w)),
    4.30                                  x xor y)"
    4.31  *)
    4.32  
    4.33 @@ -125,33 +125,33 @@
    4.34  lemma NCons_BIT: "NCons(w BIT x,b) = w BIT x BIT b"
    4.35  by (simp add: bin.case_eqns)
    4.36  
    4.37 -lemmas NCons_simps [simp] = 
    4.38 +lemmas NCons_simps [simp] =
    4.39      NCons_Pls_0 NCons_Pls_1 NCons_Min_0 NCons_Min_1 NCons_BIT
    4.40  
    4.41  
    4.42  
    4.43  (** Type checking **)
    4.44  
    4.45 -lemma integ_of_type [TC]: "w: bin ==> integ_of(w) : int"
    4.46 +lemma integ_of_type [TC]: "w: bin ==> integ_of(w) \<in> int"
    4.47  apply (induct_tac "w")
    4.48  apply (simp_all add: bool_into_nat)
    4.49  done
    4.50  
    4.51 -lemma NCons_type [TC]: "[| w: bin; b: bool |] ==> NCons(w,b) : bin"
    4.52 +lemma NCons_type [TC]: "[| w: bin; b: bool |] ==> NCons(w,b) \<in> bin"
    4.53  by (induct_tac "w", auto)
    4.54  
    4.55 -lemma bin_succ_type [TC]: "w: bin ==> bin_succ(w) : bin"
    4.56 +lemma bin_succ_type [TC]: "w: bin ==> bin_succ(w) \<in> bin"
    4.57  by (induct_tac "w", auto)
    4.58  
    4.59 -lemma bin_pred_type [TC]: "w: bin ==> bin_pred(w) : bin"
    4.60 +lemma bin_pred_type [TC]: "w: bin ==> bin_pred(w) \<in> bin"
    4.61  by (induct_tac "w", auto)
    4.62  
    4.63 -lemma bin_minus_type [TC]: "w: bin ==> bin_minus(w) : bin"
    4.64 +lemma bin_minus_type [TC]: "w: bin ==> bin_minus(w) \<in> bin"
    4.65  by (induct_tac "w", auto)
    4.66  
    4.67  (*This proof is complicated by the mutual recursion*)
    4.68  lemma bin_add_type [rule_format,TC]:
    4.69 -     "v: bin ==> ALL w: bin. bin_add(v,w) : bin"
    4.70 +     "v: bin ==> \<forall>w\<in>bin. bin_add(v,w) \<in> bin"
    4.71  apply (unfold bin_add_def)
    4.72  apply (induct_tac "v")
    4.73  apply (rule_tac [3] ballI)
    4.74 @@ -160,30 +160,30 @@
    4.75  apply (simp_all add: NCons_type)
    4.76  done
    4.77  
    4.78 -lemma bin_mult_type [TC]: "[| v: bin; w: bin |] ==> bin_mult(v,w) : bin"
    4.79 +lemma bin_mult_type [TC]: "[| v: bin; w: bin |] ==> bin_mult(v,w) \<in> bin"
    4.80  by (induct_tac "v", auto)
    4.81  
    4.82  
    4.83 -subsubsection{*The Carry and Borrow Functions, 
    4.84 +subsubsection{*The Carry and Borrow Functions,
    4.85              @{term bin_succ} and @{term bin_pred}*}
    4.86  
    4.87  (*NCons preserves the integer value of its argument*)
    4.88  lemma integ_of_NCons [simp]:
    4.89       "[| w: bin; b: bool |] ==> integ_of(NCons(w,b)) = integ_of(w BIT b)"
    4.90  apply (erule bin.cases)
    4.91 -apply (auto elim!: boolE) 
    4.92 +apply (auto elim!: boolE)
    4.93  done
    4.94  
    4.95  lemma integ_of_succ [simp]:
    4.96       "w: bin ==> integ_of(bin_succ(w)) = $#1 $+ integ_of(w)"
    4.97  apply (erule bin.induct)
    4.98 -apply (auto simp add: zadd_ac elim!: boolE) 
    4.99 +apply (auto simp add: zadd_ac elim!: boolE)
   4.100  done
   4.101  
   4.102  lemma integ_of_pred [simp]:
   4.103       "w: bin ==> integ_of(bin_pred(w)) = $- ($#1) $+ integ_of(w)"
   4.104  apply (erule bin.induct)
   4.105 -apply (auto simp add: zadd_ac elim!: boolE) 
   4.106 +apply (auto simp add: zadd_ac elim!: boolE)
   4.107  done
   4.108  
   4.109  
   4.110 @@ -191,7 +191,7 @@
   4.111  
   4.112  lemma integ_of_minus: "w: bin ==> integ_of(bin_minus(w)) = $- integ_of(w)"
   4.113  apply (erule bin.induct)
   4.114 -apply (auto simp add: zadd_ac zminus_zadd_distrib  elim!: boolE) 
   4.115 +apply (auto simp add: zadd_ac zminus_zadd_distrib  elim!: boolE)
   4.116  done
   4.117  
   4.118  
   4.119 @@ -220,23 +220,23 @@
   4.120  by (unfold bin_add_def, simp)
   4.121  
   4.122  lemma bin_add_BIT_BIT [simp]:
   4.123 -     "[| w: bin;  y: bool |]               
   4.124 -      ==> bin_add(v BIT x, w BIT y) =  
   4.125 +     "[| w: bin;  y: bool |]
   4.126 +      ==> bin_add(v BIT x, w BIT y) =
   4.127            NCons(bin_add(v, cond(x and y, bin_succ(w), w)), x xor y)"
   4.128  by (unfold bin_add_def, simp)
   4.129  
   4.130  lemma integ_of_add [rule_format]:
   4.131 -     "v: bin ==>  
   4.132 -          ALL w: bin. integ_of(bin_add(v,w)) = integ_of(v) $+ integ_of(w)"
   4.133 +     "v: bin ==>
   4.134 +          \<forall>w\<in>bin. integ_of(bin_add(v,w)) = integ_of(v) $+ integ_of(w)"
   4.135  apply (erule bin.induct, simp, simp)
   4.136  apply (rule ballI)
   4.137  apply (induct_tac "wa")
   4.138 -apply (auto simp add: zadd_ac elim!: boolE) 
   4.139 +apply (auto simp add: zadd_ac elim!: boolE)
   4.140  done
   4.141  
   4.142  (*Subtraction*)
   4.143 -lemma diff_integ_of_eq: 
   4.144 -     "[| v: bin;  w: bin |]    
   4.145 +lemma diff_integ_of_eq:
   4.146 +     "[| v: bin;  w: bin |]
   4.147        ==> integ_of(v) $- integ_of(w) = integ_of(bin_add (v, bin_minus(w)))"
   4.148  apply (unfold zdiff_def)
   4.149  apply (simp add: integ_of_add integ_of_minus)
   4.150 @@ -246,11 +246,11 @@
   4.151  subsubsection{*@{term bin_mult}: Binary Multiplication*}
   4.152  
   4.153  lemma integ_of_mult:
   4.154 -     "[| v: bin;  w: bin |]    
   4.155 +     "[| v: bin;  w: bin |]
   4.156        ==> integ_of(bin_mult(v,w)) = integ_of(v) $* integ_of(w)"
   4.157  apply (induct_tac "v", simp)
   4.158  apply (simp add: integ_of_minus)
   4.159 -apply (auto simp add: zadd_ac integ_of_add zadd_zmult_distrib  elim!: boolE) 
   4.160 +apply (auto simp add: zadd_ac integ_of_add zadd_zmult_distrib  elim!: boolE)
   4.161  done
   4.162  
   4.163  
   4.164 @@ -280,15 +280,15 @@
   4.165  
   4.166  (** extra rules for bin_add **)
   4.167  
   4.168 -lemma bin_add_BIT_11: "w: bin ==> bin_add(v BIT 1, w BIT 1) =  
   4.169 +lemma bin_add_BIT_11: "w: bin ==> bin_add(v BIT 1, w BIT 1) =
   4.170                       NCons(bin_add(v, bin_succ(w)), 0)"
   4.171  by simp
   4.172  
   4.173 -lemma bin_add_BIT_10: "w: bin ==> bin_add(v BIT 1, w BIT 0) =   
   4.174 +lemma bin_add_BIT_10: "w: bin ==> bin_add(v BIT 1, w BIT 0) =
   4.175                       NCons(bin_add(v,w), 1)"
   4.176  by simp
   4.177  
   4.178 -lemma bin_add_BIT_0: "[| w: bin;  y: bool |]  
   4.179 +lemma bin_add_BIT_0: "[| w: bin;  y: bool |]
   4.180        ==> bin_add(v BIT 0, w BIT y) = NCons(bin_add(v,w), y)"
   4.181  by simp
   4.182  
   4.183 @@ -344,9 +344,9 @@
   4.184  
   4.185  (** Equals (=) **)
   4.186  
   4.187 -lemma eq_integ_of_eq: 
   4.188 -     "[| v: bin;  w: bin |]    
   4.189 -      ==> ((integ_of(v)) = integ_of(w)) <->  
   4.190 +lemma eq_integ_of_eq:
   4.191 +     "[| v: bin;  w: bin |]
   4.192 +      ==> ((integ_of(v)) = integ_of(w)) <->
   4.193            iszero (integ_of (bin_add (v, bin_minus(w))))"
   4.194  apply (unfold iszero_def)
   4.195  apply (simp add: zcompare_rls integ_of_add integ_of_minus)
   4.196 @@ -361,11 +361,11 @@
   4.197  apply (simp add: zminus_equation)
   4.198  done
   4.199  
   4.200 -lemma iszero_integ_of_BIT: 
   4.201 -     "[| w: bin; x: bool |]  
   4.202 +lemma iszero_integ_of_BIT:
   4.203 +     "[| w: bin; x: bool |]
   4.204        ==> iszero (integ_of (w BIT x)) <-> (x=0 & iszero (integ_of(w)))"
   4.205  apply (unfold iszero_def, simp)
   4.206 -apply (subgoal_tac "integ_of (w) : int")
   4.207 +apply (subgoal_tac "integ_of (w) \<in> int")
   4.208  apply typecheck
   4.209  apply (drule int_cases)
   4.210  apply (safe elim!: boolE)
   4.211 @@ -375,7 +375,7 @@
   4.212  
   4.213  lemma iszero_integ_of_0:
   4.214       "w: bin ==> iszero (integ_of (w BIT 0)) <-> iszero (integ_of(w))"
   4.215 -by (simp only: iszero_integ_of_BIT, blast) 
   4.216 +by (simp only: iszero_integ_of_BIT, blast)
   4.217  
   4.218  lemma iszero_integ_of_1: "w: bin ==> ~ iszero (integ_of (w BIT 1))"
   4.219  by (simp only: iszero_integ_of_BIT, blast)
   4.220 @@ -384,9 +384,9 @@
   4.221  
   4.222  (** Less-than (<) **)
   4.223  
   4.224 -lemma less_integ_of_eq_neg: 
   4.225 -     "[| v: bin;  w: bin |]    
   4.226 -      ==> integ_of(v) $< integ_of(w)  
   4.227 +lemma less_integ_of_eq_neg:
   4.228 +     "[| v: bin;  w: bin |]
   4.229 +      ==> integ_of(v) $< integ_of(w)
   4.230            <-> znegative (integ_of (bin_add (v, bin_minus(w))))"
   4.231  apply (unfold zless_def zdiff_def)
   4.232  apply (simp add: integ_of_minus integ_of_add)
   4.233 @@ -399,14 +399,14 @@
   4.234  by simp
   4.235  
   4.236  lemma neg_integ_of_BIT:
   4.237 -     "[| w: bin; x: bool |]  
   4.238 +     "[| w: bin; x: bool |]
   4.239        ==> znegative (integ_of (w BIT x)) <-> znegative (integ_of(w))"
   4.240  apply simp
   4.241 -apply (subgoal_tac "integ_of (w) : int")
   4.242 +apply (subgoal_tac "integ_of (w) \<in> int")
   4.243  apply typecheck
   4.244  apply (drule int_cases)
   4.245  apply (auto elim!: boolE simp add: int_of_add [symmetric]  zcompare_rls)
   4.246 -apply (simp_all add: zminus_zadd_distrib [symmetric] zdiff_def 
   4.247 +apply (simp_all add: zminus_zadd_distrib [symmetric] zdiff_def
   4.248                       int_of_add [symmetric])
   4.249  apply (subgoal_tac "$#1 $- $# succ (succ (n #+ n)) = $- $# succ (n #+ n) ")
   4.250   apply (simp add: zdiff_def)
   4.251 @@ -421,8 +421,8 @@
   4.252  
   4.253  
   4.254  (*Delete the original rewrites, with their clumsy conditional expressions*)
   4.255 -declare bin_succ_BIT [simp del] 
   4.256 -        bin_pred_BIT [simp del] 
   4.257 +declare bin_succ_BIT [simp del]
   4.258 +        bin_pred_BIT [simp del]
   4.259          bin_minus_BIT [simp del]
   4.260          NCons_Pls [simp del]
   4.261          NCons_Min [simp del]
   4.262 @@ -434,12 +434,12 @@
   4.263  
   4.264  
   4.265  lemmas bin_arith_extra_simps =
   4.266 -     integ_of_add [symmetric]   
   4.267 -     integ_of_minus [symmetric] 
   4.268 -     integ_of_mult [symmetric]  
   4.269 -     bin_succ_1 bin_succ_0 
   4.270 -     bin_pred_1 bin_pred_0 
   4.271 -     bin_minus_1 bin_minus_0  
   4.272 +     integ_of_add [symmetric]
   4.273 +     integ_of_minus [symmetric]
   4.274 +     integ_of_mult [symmetric]
   4.275 +     bin_succ_1 bin_succ_0
   4.276 +     bin_pred_1 bin_pred_0
   4.277 +     bin_minus_1 bin_minus_0
   4.278       bin_add_Pls_right bin_add_Min_right
   4.279       bin_add_BIT_0 bin_add_BIT_10 bin_add_BIT_11
   4.280       diff_integ_of_eq
   4.281 @@ -453,7 +453,7 @@
   4.282       bin_succ_Pls bin_succ_Min
   4.283       bin_add_Pls bin_add_Min
   4.284       bin_minus_Pls bin_minus_Min
   4.285 -     bin_mult_Pls bin_mult_Min 
   4.286 +     bin_mult_Pls bin_mult_Min
   4.287       bin_arith_extra_simps
   4.288  
   4.289  (*Simplification of relational operations*)
   4.290 @@ -471,25 +471,25 @@
   4.291  (** Simplification of arithmetic when nested to the right **)
   4.292  
   4.293  lemma add_integ_of_left [simp]:
   4.294 -     "[| v: bin;  w: bin |]    
   4.295 +     "[| v: bin;  w: bin |]
   4.296        ==> integ_of(v) $+ (integ_of(w) $+ z) = (integ_of(bin_add(v,w)) $+ z)"
   4.297  by (simp add: zadd_assoc [symmetric])
   4.298  
   4.299  lemma mult_integ_of_left [simp]:
   4.300 -     "[| v: bin;  w: bin |]    
   4.301 +     "[| v: bin;  w: bin |]
   4.302        ==> integ_of(v) $* (integ_of(w) $* z) = (integ_of(bin_mult(v,w)) $* z)"
   4.303  by (simp add: zmult_assoc [symmetric])
   4.304  
   4.305 -lemma add_integ_of_diff1 [simp]: 
   4.306 -    "[| v: bin;  w: bin |]    
   4.307 +lemma add_integ_of_diff1 [simp]:
   4.308 +    "[| v: bin;  w: bin |]
   4.309        ==> integ_of(v) $+ (integ_of(w) $- c) = integ_of(bin_add(v,w)) $- (c)"
   4.310  apply (unfold zdiff_def)
   4.311  apply (rule add_integ_of_left, auto)
   4.312  done
   4.313  
   4.314  lemma add_integ_of_diff2 [simp]:
   4.315 -     "[| v: bin;  w: bin |]    
   4.316 -      ==> integ_of(v) $+ (c $- integ_of(w)) =  
   4.317 +     "[| v: bin;  w: bin |]
   4.318 +      ==> integ_of(v) $+ (c $- integ_of(w)) =
   4.319            integ_of (bin_add (v, bin_minus(w))) $+ (c)"
   4.320  apply (subst diff_integ_of_eq [symmetric])
   4.321  apply (simp_all add: zdiff_def zadd_ac)
   4.322 @@ -555,7 +555,7 @@
   4.323  
   4.324  (** nat_of and zless **)
   4.325  
   4.326 -(*An alternative condition is  $#0 <= w  *)
   4.327 +(*An alternative condition is  @{term"$#0 \<subseteq> w"}  *)
   4.328  lemma zless_nat_conj_lemma: "$#0 $< z ==> (nat_of(w) < nat_of(z)) <-> (w $< z)"
   4.329  apply (rule iff_trans)
   4.330  apply (rule zless_int_of [THEN iff_sym])
     5.1 --- a/src/ZF/Bool.thy	Sun Mar 04 23:20:43 2012 +0100
     5.2 +++ b/src/ZF/Bool.thy	Tue Mar 06 15:15:49 2012 +0000
     5.3 @@ -43,13 +43,13 @@
     5.4  
     5.5  (* Introduction rules *)
     5.6  
     5.7 -lemma bool_1I [simp,TC]: "1 : bool"
     5.8 +lemma bool_1I [simp,TC]: "1 \<in> bool"
     5.9  by (simp add: bool_defs )
    5.10  
    5.11 -lemma bool_0I [simp,TC]: "0 : bool"
    5.12 +lemma bool_0I [simp,TC]: "0 \<in> bool"
    5.13  by (simp add: bool_defs)
    5.14  
    5.15 -lemma one_not_0: "1~=0"
    5.16 +lemma one_not_0: "1\<noteq>0"
    5.17  by (simp add: bool_defs )
    5.18  
    5.19  (** 1=0 ==> R **)
    5.20 @@ -94,16 +94,16 @@
    5.21  lemmas xor_1 = xor_def [THEN def_cond_1, simp]
    5.22  lemmas xor_0 = xor_def [THEN def_cond_0, simp]
    5.23  
    5.24 -lemma not_type [TC]: "a:bool ==> not(a) : bool"
    5.25 +lemma not_type [TC]: "a:bool ==> not(a) \<in> bool"
    5.26  by (simp add: not_def)
    5.27  
    5.28 -lemma and_type [TC]: "[| a:bool;  b:bool |] ==> a and b : bool"
    5.29 +lemma and_type [TC]: "[| a:bool;  b:bool |] ==> a and b \<in> bool"
    5.30  by (simp add: and_def)
    5.31  
    5.32 -lemma or_type [TC]: "[| a:bool;  b:bool |] ==> a or b : bool"
    5.33 +lemma or_type [TC]: "[| a:bool;  b:bool |] ==> a or b \<in> bool"
    5.34  by (simp add: or_def)
    5.35  
    5.36 -lemma xor_type [TC]: "[| a:bool;  b:bool |] ==> a xor b : bool"
    5.37 +lemma xor_type [TC]: "[| a:bool;  b:bool |] ==> a xor b \<in> bool"
    5.38  by (simp add: xor_def)
    5.39  
    5.40  lemmas bool_typechecks = bool_1I bool_0I cond_type not_type and_type
     6.1 --- a/src/ZF/Cardinal.thy	Sun Mar 04 23:20:43 2012 +0100
     6.2 +++ b/src/ZF/Cardinal.thy	Tue Mar 06 15:15:49 2012 +0000
     6.3 @@ -10,15 +10,15 @@
     6.4  definition
     6.5    (*least ordinal operator*)
     6.6     Least    :: "(i=>o) => i"    (binder "LEAST " 10)  where
     6.7 -     "Least(P) == THE i. Ord(i) & P(i) & (ALL j. j<i --> ~P(j))"
     6.8 +     "Least(P) == THE i. Ord(i) & P(i) & (\<forall>j. j<i \<longrightarrow> ~P(j))"
     6.9  
    6.10  definition
    6.11    eqpoll   :: "[i,i] => o"     (infixl "eqpoll" 50)  where
    6.12 -    "A eqpoll B == EX f. f: bij(A,B)"
    6.13 +    "A eqpoll B == \<exists>f. f: bij(A,B)"
    6.14  
    6.15  definition
    6.16    lepoll   :: "[i,i] => o"     (infixl "lepoll" 50)  where
    6.17 -    "A lepoll B == EX f. f: inj(A,B)"
    6.18 +    "A lepoll B == \<exists>f. f: inj(A,B)"
    6.19  
    6.20  definition
    6.21    lesspoll :: "[i,i] => o"     (infixl "lesspoll" 50)  where
    6.22 @@ -30,7 +30,7 @@
    6.23  
    6.24  definition
    6.25    Finite   :: "i=>o"  where
    6.26 -    "Finite(A) == EX n:nat. A eqpoll n"
    6.27 +    "Finite(A) == \<exists>n\<in>nat. A eqpoll n"
    6.28  
    6.29  definition
    6.30    Card     :: "i=>o"  where
    6.31 @@ -57,31 +57,31 @@
    6.32  
    6.33  lemma Banach_last_equation:
    6.34      "g: Y->X
    6.35 -     ==> g``(Y - f`` lfp(X, %W. X - g``(Y - f``W))) =        
    6.36 -         X - lfp(X, %W. X - g``(Y - f``W))" 
    6.37 -apply (rule_tac P = "%u. ?v = X-u" 
    6.38 +     ==> g``(Y - f`` lfp(X, %W. X - g``(Y - f``W))) =
    6.39 +         X - lfp(X, %W. X - g``(Y - f``W))"
    6.40 +apply (rule_tac P = "%u. ?v = X-u"
    6.41         in decomp_bnd_mono [THEN lfp_unfold, THEN ssubst])
    6.42  apply (simp add: double_complement  fun_is_rel [THEN image_subset])
    6.43  done
    6.44  
    6.45  lemma decomposition:
    6.46 -     "[| f: X->Y;  g: Y->X |] ==>    
    6.47 -      EX XA XB YA YB. (XA Int XB = 0) & (XA Un XB = X) &     
    6.48 -                      (YA Int YB = 0) & (YA Un YB = Y) &     
    6.49 +     "[| f: X->Y;  g: Y->X |] ==>
    6.50 +      \<exists>XA XB YA YB. (XA \<inter> XB = 0) & (XA \<union> XB = X) &
    6.51 +                      (YA \<inter> YB = 0) & (YA \<union> YB = Y) &
    6.52                        f``XA=YA & g``YB=XB"
    6.53  apply (intro exI conjI)
    6.54  apply (rule_tac [6] Banach_last_equation)
    6.55  apply (rule_tac [5] refl)
    6.56 -apply (assumption | 
    6.57 +apply (assumption |
    6.58         rule  Diff_disjoint Diff_partition fun_is_rel image_subset lfp_subset)+
    6.59  done
    6.60  
    6.61  lemma schroeder_bernstein:
    6.62 -    "[| f: inj(X,Y);  g: inj(Y,X) |] ==> EX h. h: bij(X,Y)"
    6.63 -apply (insert decomposition [of f X Y g]) 
    6.64 +    "[| f: inj(X,Y);  g: inj(Y,X) |] ==> \<exists>h. h: bij(X,Y)"
    6.65 +apply (insert decomposition [of f X Y g])
    6.66  apply (simp add: inj_is_fun)
    6.67  apply (blast intro!: restrict_bij bij_disjoint_Un intro: bij_converse_bij)
    6.68 -(* The instantiation of exI to "restrict(f,XA) Un converse(restrict(g,YB))"
    6.69 +(* The instantiation of exI to @{term"restrict(f,XA) \<union> converse(restrict(g,YB))"}
    6.70     is forced by the context!! *)
    6.71  done
    6.72  
    6.73 @@ -101,7 +101,7 @@
    6.74  apply (blast intro: bij_converse_bij)
    6.75  done
    6.76  
    6.77 -lemma eqpoll_trans: 
    6.78 +lemma eqpoll_trans:
    6.79      "[| X \<approx> Y;  Y \<approx> Z |] ==> X \<approx> Z"
    6.80  apply (unfold eqpoll_def)
    6.81  apply (blast intro: comp_bij)
    6.82 @@ -136,7 +136,7 @@
    6.83  
    6.84  lemma eqpollE:
    6.85      "[| X \<approx> Y; [| X \<lesssim> Y; Y \<lesssim> X |] ==> P |] ==> P"
    6.86 -by (blast intro: eqpoll_imp_lepoll eqpoll_sym) 
    6.87 +by (blast intro: eqpoll_imp_lepoll eqpoll_sym)
    6.88  
    6.89  lemma eqpoll_iff: "X \<approx> Y <-> X \<lesssim> Y & Y \<lesssim> X"
    6.90  by (blast intro: eqpollI elim!: eqpollE)
    6.91 @@ -146,14 +146,14 @@
    6.92  apply (blast dest: apply_type)
    6.93  done
    6.94  
    6.95 -(*0 \<lesssim> Y*)
    6.96 +(*@{term"0 \<lesssim> Y"}*)
    6.97  lemmas empty_lepollI = empty_subsetI [THEN subset_imp_lepoll]
    6.98  
    6.99  lemma lepoll_0_iff: "A \<lesssim> 0 <-> A=0"
   6.100  by (blast intro: lepoll_0_is_0 lepoll_refl)
   6.101  
   6.102 -lemma Un_lepoll_Un: 
   6.103 -    "[| A \<lesssim> B; C \<lesssim> D; B Int D = 0 |] ==> A Un C \<lesssim> B Un D"
   6.104 +lemma Un_lepoll_Un:
   6.105 +    "[| A \<lesssim> B; C \<lesssim> D; B \<inter> D = 0 |] ==> A \<union> C \<lesssim> B \<union> D"
   6.106  apply (unfold lepoll_def)
   6.107  apply (blast intro: inj_disjoint_Un)
   6.108  done
   6.109 @@ -164,9 +164,9 @@
   6.110  lemma eqpoll_0_iff: "A \<approx> 0 <-> A=0"
   6.111  by (blast intro: eqpoll_0_is_0 eqpoll_refl)
   6.112  
   6.113 -lemma eqpoll_disjoint_Un: 
   6.114 -    "[| A \<approx> B;  C \<approx> D;  A Int C = 0;  B Int D = 0 |]   
   6.115 -     ==> A Un C \<approx> B Un D"
   6.116 +lemma eqpoll_disjoint_Un:
   6.117 +    "[| A \<approx> B;  C \<approx> D;  A \<inter> C = 0;  B \<inter> D = 0 |]
   6.118 +     ==> A \<union> C \<approx> B \<union> D"
   6.119  apply (unfold eqpoll_def)
   6.120  apply (blast intro: bij_disjoint_Un)
   6.121  done
   6.122 @@ -175,15 +175,15 @@
   6.123  subsection{*lesspoll: contributions by Krzysztof Grabczewski *}
   6.124  
   6.125  lemma lesspoll_not_refl: "~ (i \<prec> i)"
   6.126 -by (simp add: lesspoll_def) 
   6.127 +by (simp add: lesspoll_def)
   6.128  
   6.129  lemma lesspoll_irrefl [elim!]: "i \<prec> i ==> P"
   6.130 -by (simp add: lesspoll_def) 
   6.131 +by (simp add: lesspoll_def)
   6.132  
   6.133  lemma lesspoll_imp_lepoll: "A \<prec> B ==> A \<lesssim> B"
   6.134  by (unfold lesspoll_def, blast)
   6.135  
   6.136 -lemma lepoll_well_ord: "[| A \<lesssim> B; well_ord(B,r) |] ==> EX s. well_ord(A,s)"
   6.137 +lemma lepoll_well_ord: "[| A \<lesssim> B; well_ord(B,r) |] ==> \<exists>s. well_ord(A,s)"
   6.138  apply (unfold lepoll_def)
   6.139  apply (blast intro: well_ord_rvimage)
   6.140  done
   6.141 @@ -193,34 +193,34 @@
   6.142  apply (blast intro!: eqpollI elim!: eqpollE)
   6.143  done
   6.144  
   6.145 -lemma inj_not_surj_succ: 
   6.146 -  "[| f : inj(A, succ(m)); f ~: surj(A, succ(m)) |] ==> EX f. f:inj(A,m)"
   6.147 -apply (unfold inj_def surj_def) 
   6.148 -apply (safe del: succE) 
   6.149 -apply (erule swap, rule exI) 
   6.150 -apply (rule_tac a = "lam z:A. if f`z=m then y else f`z" in CollectI)
   6.151 +lemma inj_not_surj_succ:
   6.152 +  "[| f \<in> inj(A, succ(m)); f \<notin> surj(A, succ(m)) |] ==> \<exists>f. f:inj(A,m)"
   6.153 +apply (unfold inj_def surj_def)
   6.154 +apply (safe del: succE)
   6.155 +apply (erule swap, rule exI)
   6.156 +apply (rule_tac a = "\<lambda>z\<in>A. if f`z=m then y else f`z" in CollectI)
   6.157  txt{*the typing condition*}
   6.158   apply (best intro!: if_type [THEN lam_type] elim: apply_funtype [THEN succE])
   6.159  txt{*Proving it's injective*}
   6.160  apply simp
   6.161 -apply blast 
   6.162 +apply blast
   6.163  done
   6.164  
   6.165  (** Variations on transitivity **)
   6.166  
   6.167 -lemma lesspoll_trans: 
   6.168 +lemma lesspoll_trans:
   6.169        "[| X \<prec> Y; Y \<prec> Z |] ==> X \<prec> Z"
   6.170  apply (unfold lesspoll_def)
   6.171  apply (blast elim!: eqpollE intro: eqpollI lepoll_trans)
   6.172  done
   6.173  
   6.174 -lemma lesspoll_trans1: 
   6.175 +lemma lesspoll_trans1:
   6.176        "[| X \<lesssim> Y; Y \<prec> Z |] ==> X \<prec> Z"
   6.177  apply (unfold lesspoll_def)
   6.178  apply (blast elim!: eqpollE intro: eqpollI lepoll_trans)
   6.179  done
   6.180  
   6.181 -lemma lesspoll_trans2: 
   6.182 +lemma lesspoll_trans2:
   6.183        "[| X \<prec> Y; Y \<lesssim> Z |] ==> X \<prec> Z"
   6.184  apply (unfold lesspoll_def)
   6.185  apply (blast elim!: eqpollE intro: eqpollI lepoll_trans)
   6.186 @@ -229,9 +229,9 @@
   6.187  
   6.188  (** LEAST -- the least number operator [from HOL/Univ.ML] **)
   6.189  
   6.190 -lemma Least_equality: 
   6.191 +lemma Least_equality:
   6.192      "[| P(i);  Ord(i);  !!x. x<i ==> ~P(x) |] ==> (LEAST x. P(x)) = i"
   6.193 -apply (unfold Least_def) 
   6.194 +apply (unfold Least_def)
   6.195  apply (rule the_equality, blast)
   6.196  apply (elim conjE)
   6.197  apply (erule Ord_linear_lt, assumption, blast+)
   6.198 @@ -239,16 +239,16 @@
   6.199  
   6.200  lemma LeastI: "[| P(i);  Ord(i) |] ==> P(LEAST x. P(x))"
   6.201  apply (erule rev_mp)
   6.202 -apply (erule_tac i=i in trans_induct) 
   6.203 +apply (erule_tac i=i in trans_induct)
   6.204  apply (rule impI)
   6.205  apply (rule classical)
   6.206  apply (blast intro: Least_equality [THEN ssubst]  elim!: ltE)
   6.207  done
   6.208  
   6.209  (*Proof is almost identical to the one above!*)
   6.210 -lemma Least_le: "[| P(i);  Ord(i) |] ==> (LEAST x. P(x)) le i"
   6.211 +lemma Least_le: "[| P(i);  Ord(i) |] ==> (LEAST x. P(x)) \<le> i"
   6.212  apply (erule rev_mp)
   6.213 -apply (erule_tac i=i in trans_induct) 
   6.214 +apply (erule_tac i=i in trans_induct)
   6.215  apply (rule impI)
   6.216  apply (rule classical)
   6.217  apply (subst Least_equality, assumption+)
   6.218 @@ -259,23 +259,23 @@
   6.219  (*LEAST really is the smallest*)
   6.220  lemma less_LeastE: "[| P(i);  i < (LEAST x. P(x)) |] ==> Q"
   6.221  apply (rule Least_le [THEN [2] lt_trans2, THEN lt_irrefl], assumption+)
   6.222 -apply (simp add: lt_Ord) 
   6.223 +apply (simp add: lt_Ord)
   6.224  done
   6.225  
   6.226  (*Easier to apply than LeastI: conclusion has only one occurrence of P*)
   6.227  lemma LeastI2:
   6.228      "[| P(i);  Ord(i);  !!j. P(j) ==> Q(j) |] ==> Q(LEAST j. P(j))"
   6.229 -by (blast intro: LeastI ) 
   6.230 +by (blast intro: LeastI )
   6.231  
   6.232  (*If there is no such P then LEAST is vacuously 0*)
   6.233 -lemma Least_0: 
   6.234 -    "[| ~ (EX i. Ord(i) & P(i)) |] ==> (LEAST x. P(x)) = 0"
   6.235 +lemma Least_0:
   6.236 +    "[| ~ (\<exists>i. Ord(i) & P(i)) |] ==> (LEAST x. P(x)) = 0"
   6.237  apply (unfold Least_def)
   6.238  apply (rule the_0, blast)
   6.239  done
   6.240  
   6.241  lemma Ord_Least [intro,simp,TC]: "Ord(LEAST x. P(x))"
   6.242 -apply (case_tac "\<exists>i. Ord(i) & P(i)")  
   6.243 +apply (case_tac "\<exists>i. Ord(i) & P(i)")
   6.244  apply safe
   6.245  apply (rule Least_le [THEN ltE])
   6.246  prefer 3 apply assumption+
   6.247 @@ -291,7 +291,7 @@
   6.248       "(!!y. P(y) <-> Q(y)) ==> (LEAST x. P(x)) = (LEAST x. Q(x))"
   6.249  by simp
   6.250  
   6.251 -(*Need AC to get X \<lesssim> Y ==> |X| le |Y|;  see well_ord_lepoll_imp_Card_le
   6.252 +(*Need AC to get @{term"X \<lesssim> Y ==> |X| \<le> |Y|"};  see well_ord_lepoll_imp_Card_le
   6.253    Converse also requires AC, but see well_ord_cardinal_eqE*)
   6.254  lemma cardinal_cong: "X \<approx> Y ==> |X| = |Y|"
   6.255  apply (unfold eqpoll_def cardinal_def)
   6.256 @@ -300,7 +300,7 @@
   6.257  done
   6.258  
   6.259  (*Under AC, the premise becomes trivial; one consequence is ||A|| = |A|*)
   6.260 -lemma well_ord_cardinal_eqpoll: 
   6.261 +lemma well_ord_cardinal_eqpoll:
   6.262      "well_ord(A,r) ==> |A| \<approx> A"
   6.263  apply (unfold cardinal_def)
   6.264  apply (rule LeastI)
   6.265 @@ -308,7 +308,7 @@
   6.266  apply (erule ordermap_bij [THEN bij_converse_bij, THEN bij_imp_eqpoll])
   6.267  done
   6.268  
   6.269 -(* Ord(A) ==> |A| \<approx> A *)
   6.270 +(* @{term"Ord(A) ==> |A| \<approx> A"} *)
   6.271  lemmas Ord_cardinal_eqpoll = well_ord_Memrel [THEN well_ord_cardinal_eqpoll]
   6.272  
   6.273  lemma well_ord_cardinal_eqE:
   6.274 @@ -325,7 +325,7 @@
   6.275  
   6.276  (** Observations from Kunen, page 28 **)
   6.277  
   6.278 -lemma Ord_cardinal_le: "Ord(i) ==> |i| le i"
   6.279 +lemma Ord_cardinal_le: "Ord(i) ==> |i| \<le> i"
   6.280  apply (unfold cardinal_def)
   6.281  apply (erule eqpoll_refl [THEN Least_le])
   6.282  done
   6.283 @@ -335,9 +335,9 @@
   6.284  apply (erule sym)
   6.285  done
   6.286  
   6.287 -(* Could replace the  ~(j \<approx> i)  by  ~(i \<lesssim> j) *)
   6.288 +(* Could replace the  @{term"~(j \<approx> i)"}  by  @{term"~(i \<lesssim> j)"}. *)
   6.289  lemma CardI: "[| Ord(i);  !!j. j<i ==> ~(j \<approx> i) |] ==> Card(i)"
   6.290 -apply (unfold Card_def cardinal_def) 
   6.291 +apply (unfold Card_def cardinal_def)
   6.292  apply (subst Least_equality)
   6.293  apply (blast intro: eqpoll_refl )+
   6.294  done
   6.295 @@ -348,7 +348,7 @@
   6.296  apply (rule Ord_Least)
   6.297  done
   6.298  
   6.299 -lemma Card_cardinal_le: "Card(K) ==> K le |K|"
   6.300 +lemma Card_cardinal_le: "Card(K) ==> K \<le> |K|"
   6.301  apply (simp (no_asm_simp) add: Card_is_Ord Card_cardinal_eq)
   6.302  done
   6.303  
   6.304 @@ -358,7 +358,7 @@
   6.305  done
   6.306  
   6.307  (*The cardinals are the initial ordinals*)
   6.308 -lemma Card_iff_initial: "Card(K) <-> Ord(K) & (ALL j. j<K --> ~ j \<approx> K)"
   6.309 +lemma Card_iff_initial: "Card(K) <-> Ord(K) & (\<forall>j. j<K \<longrightarrow> ~ j \<approx> K)"
   6.310  apply (safe intro!: CardI Card_is_Ord)
   6.311   prefer 2 apply blast
   6.312  apply (unfold Card_def cardinal_def)
   6.313 @@ -377,7 +377,7 @@
   6.314  apply (blast elim!: ltE)
   6.315  done
   6.316  
   6.317 -lemma Card_Un: "[| Card(K);  Card(L) |] ==> Card(K Un L)"
   6.318 +lemma Card_Un: "[| Card(K);  Card(L) |] ==> Card(K \<union> L)"
   6.319  apply (rule Ord_linear_le [of K L])
   6.320  apply (simp_all add: subset_Un_iff [THEN iffD1]  Card_is_Ord le_imp_subset
   6.321                       subset_Un_iff2 [THEN iffD1])
   6.322 @@ -387,7 +387,7 @@
   6.323  
   6.324  lemma Card_cardinal: "Card(|A|)"
   6.325  apply (unfold cardinal_def)
   6.326 -apply (case_tac "EX i. Ord (i) & i \<approx> A")
   6.327 +apply (case_tac "\<exists>i. Ord (i) & i \<approx> A")
   6.328   txt{*degenerate case*}
   6.329   prefer 2 apply (erule Least_0 [THEN ssubst], rule Card_0)
   6.330  txt{*real case: A is isomorphic to some ordinal*}
   6.331 @@ -395,11 +395,11 @@
   6.332  apply (rule less_LeastE)
   6.333  prefer 2 apply assumption
   6.334  apply (erule eqpoll_trans)
   6.335 -apply (best intro: LeastI ) 
   6.336 +apply (best intro: LeastI )
   6.337  done
   6.338  
   6.339  (*Kunen's Lemma 10.5*)
   6.340 -lemma cardinal_eq_lemma: "[| |i| le j;  j le i |] ==> |j| = |i|"
   6.341 +lemma cardinal_eq_lemma: "[| |i| \<le> j;  j \<le> i |] ==> |j| = |i|"
   6.342  apply (rule eqpollI [THEN cardinal_cong])
   6.343  apply (erule le_imp_lepoll)
   6.344  apply (rule lepoll_trans)
   6.345 @@ -409,7 +409,7 @@
   6.346  apply (elim ltE Ord_succD)
   6.347  done
   6.348  
   6.349 -lemma cardinal_mono: "i le j ==> |i| le |j|"
   6.350 +lemma cardinal_mono: "i \<le> j ==> |i| \<le> |j|"
   6.351  apply (rule_tac i = "|i|" and j = "|j|" in Ord_linear_le)
   6.352  apply (safe intro!: Ord_cardinal le_eqI)
   6.353  apply (rule cardinal_eq_lemma)
   6.354 @@ -419,7 +419,7 @@
   6.355  apply (erule Ord_cardinal_le)
   6.356  done
   6.357  
   6.358 -(*Since we have |succ(nat)| le |nat|, the converse of cardinal_mono fails!*)
   6.359 +(*Since we have @{term"|succ(nat)| \<le> |nat|"}, the converse of cardinal_mono fails!*)
   6.360  lemma cardinal_lt_imp_lt: "[| |i| < |j|;  Ord(i);  Ord(j) |] ==> i < j"
   6.361  apply (rule Ord_linear2 [of i j], assumption+)
   6.362  apply (erule lt_trans2 [THEN lt_irrefl])
   6.363 @@ -433,12 +433,12 @@
   6.364  lemma Card_lt_iff: "[| Ord(i);  Card(K) |] ==> (|i| < K) <-> (i < K)"
   6.365  by (blast intro: Card_lt_imp_lt Ord_cardinal_le [THEN lt_trans1])
   6.366  
   6.367 -lemma Card_le_iff: "[| Ord(i);  Card(K) |] ==> (K le |i|) <-> (K le i)"
   6.368 +lemma Card_le_iff: "[| Ord(i);  Card(K) |] ==> (K \<le> |i|) <-> (K \<le> i)"
   6.369  by (simp add: Card_lt_iff Card_is_Ord Ord_cardinal not_lt_iff_le [THEN iff_sym])
   6.370  
   6.371  (*Can use AC or finiteness to discharge first premise*)
   6.372  lemma well_ord_lepoll_imp_Card_le:
   6.373 -     "[| well_ord(B,r);  A \<lesssim> B |] ==> |A| le |B|"
   6.374 +     "[| well_ord(B,r);  A \<lesssim> B |] ==> |A| \<le> |B|"
   6.375  apply (rule_tac i = "|A|" and j = "|B|" in Ord_linear_le)
   6.376  apply (safe intro!: Ord_cardinal le_eqI)
   6.377  apply (rule eqpollI [THEN cardinal_cong], assumption)
   6.378 @@ -452,7 +452,7 @@
   6.379  apply (erule well_ord_rvimage, assumption)
   6.380  done
   6.381  
   6.382 -lemma lepoll_cardinal_le: "[| A \<lesssim> i; Ord(i) |] ==> |A| le i"
   6.383 +lemma lepoll_cardinal_le: "[| A \<lesssim> i; Ord(i) |] ==> |A| \<le> i"
   6.384  apply (rule le_trans)
   6.385  apply (erule well_ord_Memrel [THEN well_ord_lepoll_imp_Card_le], assumption)
   6.386  apply (erule Ord_cardinal_le)
   6.387 @@ -466,7 +466,7 @@
   6.388  apply (blast intro: lepoll_Ord_imp_eqpoll)
   6.389  done
   6.390  
   6.391 -lemma cardinal_subset_Ord: "[|A<=i; Ord(i)|] ==> |A| <= i"
   6.392 +lemma cardinal_subset_Ord: "[|A<=i; Ord(i)|] ==> |A| \<subseteq> i"
   6.393  apply (drule subset_imp_lepoll [THEN lepoll_cardinal_le])
   6.394  apply (auto simp add: lt_def)
   6.395  apply (blast intro: Ord_trans)
   6.396 @@ -474,10 +474,10 @@
   6.397  
   6.398  subsection{*The finite cardinals *}
   6.399  
   6.400 -lemma cons_lepoll_consD: 
   6.401 - "[| cons(u,A) \<lesssim> cons(v,B);  u~:A;  v~:B |] ==> A \<lesssim> B"
   6.402 +lemma cons_lepoll_consD:
   6.403 + "[| cons(u,A) \<lesssim> cons(v,B);  u\<notin>A;  v\<notin>B |] ==> A \<lesssim> B"
   6.404  apply (unfold lepoll_def inj_def, safe)
   6.405 -apply (rule_tac x = "lam x:A. if f`x=v then f`u else f`x" in exI)
   6.406 +apply (rule_tac x = "\<lambda>x\<in>A. if f`x=v then f`u else f`x" in exI)
   6.407  apply (rule CollectI)
   6.408  (*Proving it's in the function space A->B*)
   6.409  apply (rule if_type [THEN lam_type])
   6.410 @@ -488,7 +488,7 @@
   6.411  apply blast
   6.412  done
   6.413  
   6.414 -lemma cons_eqpoll_consD: "[| cons(u,A) \<approx> cons(v,B);  u~:A;  v~:B |] ==> A \<approx> B"
   6.415 +lemma cons_eqpoll_consD: "[| cons(u,A) \<approx> cons(v,B);  u\<notin>A;  v\<notin>B |] ==> A \<approx> B"
   6.416  apply (simp add: eqpoll_iff)
   6.417  apply (blast intro: cons_lepoll_consD)
   6.418  done
   6.419 @@ -501,7 +501,7 @@
   6.420  done
   6.421  
   6.422  lemma nat_lepoll_imp_le [rule_format]:
   6.423 -     "m:nat ==> ALL n: nat. m \<lesssim> n --> m le n"
   6.424 +     "m:nat ==> \<forall>n\<in>nat. m \<lesssim> n \<longrightarrow> m \<le> n"
   6.425  apply (induct_tac m)
   6.426  apply (blast intro!: nat_0_le)
   6.427  apply (rule ballI)
   6.428 @@ -517,12 +517,12 @@
   6.429  done
   6.430  
   6.431  (*The object of all this work: every natural number is a (finite) cardinal*)
   6.432 -lemma nat_into_Card: 
   6.433 +lemma nat_into_Card:
   6.434      "n: nat ==> Card(n)"
   6.435  apply (unfold Card_def cardinal_def)
   6.436  apply (subst Least_equality)
   6.437  apply (rule eqpoll_refl)
   6.438 -apply (erule nat_into_Ord) 
   6.439 +apply (erule nat_into_Ord)
   6.440  apply (simp (no_asm_simp) add: lt_nat_in_nat [THEN nat_eqpoll_iff])
   6.441  apply (blast elim!: lt_irrefl)+
   6.442  done
   6.443 @@ -538,25 +538,25 @@
   6.444  lemma n_lesspoll_nat: "n \<in> nat ==> n \<prec> nat"
   6.445  apply (unfold lesspoll_def)
   6.446  apply (fast elim!: Ord_nat [THEN [2] ltI [THEN leI, THEN le_imp_lepoll]]
   6.447 -                   eqpoll_sym [THEN eqpoll_imp_lepoll] 
   6.448 -    intro: Ord_nat [THEN [2] nat_succI [THEN ltI], THEN leI, 
   6.449 +                   eqpoll_sym [THEN eqpoll_imp_lepoll]
   6.450 +    intro: Ord_nat [THEN [2] nat_succI [THEN ltI], THEN leI,
   6.451                   THEN le_imp_lepoll, THEN lepoll_trans, THEN succ_lepoll_natE])
   6.452  done
   6.453  
   6.454 -lemma nat_lepoll_imp_ex_eqpoll_n: 
   6.455 +lemma nat_lepoll_imp_ex_eqpoll_n:
   6.456       "[| n \<in> nat;  nat \<lesssim> X |] ==> \<exists>Y. Y \<subseteq> X & n \<approx> Y"
   6.457  apply (unfold lepoll_def eqpoll_def)
   6.458  apply (fast del: subsetI subsetCE
   6.459              intro!: subset_SIs
   6.460              dest!: Ord_nat [THEN [2] OrdmemD, THEN [2] restrict_inj]
   6.461 -            elim!: restrict_bij 
   6.462 +            elim!: restrict_bij
   6.463                     inj_is_fun [THEN fun_is_rel, THEN image_subset])
   6.464  done
   6.465  
   6.466  
   6.467  (** lepoll, \<prec> and natural numbers **)
   6.468  
   6.469 -lemma lepoll_imp_lesspoll_succ: 
   6.470 +lemma lepoll_imp_lesspoll_succ:
   6.471       "[| A \<lesssim> m; m:nat |] ==> A \<prec> succ(m)"
   6.472  apply (unfold lesspoll_def)
   6.473  apply (rule conjI)
   6.474 @@ -567,7 +567,7 @@
   6.475  apply (erule succ_lepoll_natE, assumption)
   6.476  done
   6.477  
   6.478 -lemma lesspoll_succ_imp_lepoll: 
   6.479 +lemma lesspoll_succ_imp_lepoll:
   6.480       "[| A \<prec> succ(m); m:nat |] ==> A \<lesssim> m"
   6.481  apply (unfold lesspoll_def lepoll_def eqpoll_def bij_def, clarify)
   6.482  apply (blast intro!: inj_not_surj_succ)
   6.483 @@ -615,14 +615,14 @@
   6.484  lemma Card_nat: "Card(nat)"
   6.485  apply (unfold Card_def cardinal_def)
   6.486  apply (subst Least_equality)
   6.487 -apply (rule eqpoll_refl) 
   6.488 -apply (rule Ord_nat) 
   6.489 +apply (rule eqpoll_refl)
   6.490 +apply (rule Ord_nat)
   6.491  apply (erule ltE)
   6.492  apply (simp_all add: eqpoll_iff lt_not_lepoll ltI)
   6.493  done
   6.494  
   6.495  (*Allows showing that |i| is a limit cardinal*)
   6.496 -lemma nat_le_cardinal: "nat le i ==> nat le |i|"
   6.497 +lemma nat_le_cardinal: "nat \<le> i ==> nat \<le> |i|"
   6.498  apply (rule Card_nat [THEN Card_cardinal_eq, THEN subst])
   6.499  apply (erule cardinal_mono)
   6.500  done
   6.501 @@ -632,26 +632,26 @@
   6.502  (** Congruence laws for successor, cardinal addition and multiplication **)
   6.503  
   6.504  (*Congruence law for  cons  under equipollence*)
   6.505 -lemma cons_lepoll_cong: 
   6.506 -    "[| A \<lesssim> B;  b ~: B |] ==> cons(a,A) \<lesssim> cons(b,B)"
   6.507 +lemma cons_lepoll_cong:
   6.508 +    "[| A \<lesssim> B;  b \<notin> B |] ==> cons(a,A) \<lesssim> cons(b,B)"
   6.509  apply (unfold lepoll_def, safe)
   6.510 -apply (rule_tac x = "lam y: cons (a,A) . if y=a then b else f`y" in exI)
   6.511 +apply (rule_tac x = "\<lambda>y\<in>cons (a,A) . if y=a then b else f`y" in exI)
   6.512  apply (rule_tac d = "%z. if z:B then converse (f) `z else a" in lam_injective)
   6.513 -apply (safe elim!: consE') 
   6.514 +apply (safe elim!: consE')
   6.515     apply simp_all
   6.516 -apply (blast intro: inj_is_fun [THEN apply_type])+ 
   6.517 +apply (blast intro: inj_is_fun [THEN apply_type])+
   6.518  done
   6.519  
   6.520  lemma cons_eqpoll_cong:
   6.521 -     "[| A \<approx> B;  a ~: A;  b ~: B |] ==> cons(a,A) \<approx> cons(b,B)"
   6.522 +     "[| A \<approx> B;  a \<notin> A;  b \<notin> B |] ==> cons(a,A) \<approx> cons(b,B)"
   6.523  by (simp add: eqpoll_iff cons_lepoll_cong)
   6.524  
   6.525  lemma cons_lepoll_cons_iff:
   6.526 -     "[| a ~: A;  b ~: B |] ==> cons(a,A) \<lesssim> cons(b,B)  <->  A \<lesssim> B"
   6.527 +     "[| a \<notin> A;  b \<notin> B |] ==> cons(a,A) \<lesssim> cons(b,B)  <->  A \<lesssim> B"
   6.528  by (blast intro: cons_lepoll_cong cons_lepoll_consD)
   6.529  
   6.530  lemma cons_eqpoll_cons_iff:
   6.531 -     "[| a ~: A;  b ~: B |] ==> cons(a,A) \<approx> cons(b,B)  <->  A \<approx> B"
   6.532 +     "[| a \<notin> A;  b \<notin> B |] ==> cons(a,A) \<approx> cons(b,B)  <->  A \<approx> B"
   6.533  by (blast intro: cons_eqpoll_cong cons_eqpoll_consD)
   6.534  
   6.535  lemma singleton_eqpoll_1: "{a} \<approx> 1"
   6.536 @@ -664,7 +664,7 @@
   6.537  apply (simp (no_asm) add: nat_into_Card [THEN Card_cardinal_eq])
   6.538  done
   6.539  
   6.540 -lemma not_0_is_lepoll_1: "A ~= 0 ==> 1 \<lesssim> A"
   6.541 +lemma not_0_is_lepoll_1: "A \<noteq> 0 ==> 1 \<lesssim> A"
   6.542  apply (erule not_emptyE)
   6.543  apply (rule_tac a = "cons (x, A-{x}) " in subst)
   6.544  apply (rule_tac [2] a = "cons(0,0)" and P= "%y. y \<lesssim> cons (x, A-{x})" in subst)
   6.545 @@ -684,24 +684,24 @@
   6.546  done
   6.547  
   6.548  (*Congruence law for * under equipollence*)
   6.549 -lemma prod_eqpoll_cong: 
   6.550 +lemma prod_eqpoll_cong:
   6.551      "[| A \<approx> C;  B \<approx> D |] ==> A*B \<approx> C*D"
   6.552  apply (unfold eqpoll_def)
   6.553  apply (blast intro!: prod_bij)
   6.554  done
   6.555  
   6.556 -lemma inj_disjoint_eqpoll: 
   6.557 -    "[| f: inj(A,B);  A Int B = 0 |] ==> A Un (B - range(f)) \<approx> B"
   6.558 +lemma inj_disjoint_eqpoll:
   6.559 +    "[| f: inj(A,B);  A \<inter> B = 0 |] ==> A \<union> (B - range(f)) \<approx> B"
   6.560  apply (unfold eqpoll_def)
   6.561  apply (rule exI)
   6.562 -apply (rule_tac c = "%x. if x:A then f`x else x" 
   6.563 -            and d = "%y. if y: range (f) then converse (f) `y else y" 
   6.564 +apply (rule_tac c = "%x. if x:A then f`x else x"
   6.565 +            and d = "%y. if y: range (f) then converse (f) `y else y"
   6.566         in lam_bijective)
   6.567  apply (blast intro!: if_type inj_is_fun [THEN apply_type])
   6.568  apply (simp (no_asm_simp) add: inj_converse_fun [THEN apply_funtype])
   6.569 -apply (safe elim!: UnE') 
   6.570 +apply (safe elim!: UnE')
   6.571     apply (simp_all add: inj_is_fun [THEN apply_rangeI])
   6.572 -apply (blast intro: inj_converse_fun [THEN apply_type])+ 
   6.573 +apply (blast intro: inj_converse_fun [THEN apply_type])+
   6.574  done
   6.575  
   6.576  
   6.577 @@ -710,7 +710,7 @@
   6.578  (*New proofs using cons_lepoll_cons. Could generalise from succ to cons.*)
   6.579  
   6.580  (*If A has at most n+1 elements and a:A then A-{a} has at most n.*)
   6.581 -lemma Diff_sing_lepoll: 
   6.582 +lemma Diff_sing_lepoll:
   6.583        "[| a:A;  A \<lesssim> succ(n) |] ==> A - {a} \<lesssim> n"
   6.584  apply (unfold succ_def)
   6.585  apply (rule cons_lepoll_consD)
   6.586 @@ -719,7 +719,7 @@
   6.587  done
   6.588  
   6.589  (*If A has at least n+1 elements then A-{a} has at least n.*)
   6.590 -lemma lepoll_Diff_sing: 
   6.591 +lemma lepoll_Diff_sing:
   6.592        "[| succ(n) \<lesssim> A |] ==> n \<lesssim> A - {a}"
   6.593  apply (unfold succ_def)
   6.594  apply (rule cons_lepoll_consD)
   6.595 @@ -729,8 +729,8 @@
   6.596  done
   6.597  
   6.598  lemma Diff_sing_eqpoll: "[| a:A; A \<approx> succ(n) |] ==> A - {a} \<approx> n"
   6.599 -by (blast intro!: eqpollI 
   6.600 -          elim!: eqpollE 
   6.601 +by (blast intro!: eqpollI
   6.602 +          elim!: eqpollE
   6.603            intro: Diff_sing_lepoll lepoll_Diff_sing)
   6.604  
   6.605  lemma lepoll_1_is_sing: "[| A \<lesssim> 1; a:A |] ==> A = {a}"
   6.606 @@ -739,23 +739,23 @@
   6.607  apply (blast elim: equalityE)
   6.608  done
   6.609  
   6.610 -lemma Un_lepoll_sum: "A Un B \<lesssim> A+B"
   6.611 +lemma Un_lepoll_sum: "A \<union> B \<lesssim> A+B"
   6.612  apply (unfold lepoll_def)
   6.613 -apply (rule_tac x = "lam x: A Un B. if x:A then Inl (x) else Inr (x) " in exI)
   6.614 +apply (rule_tac x = "\<lambda>x\<in>A \<union> B. if x:A then Inl (x) else Inr (x) " in exI)
   6.615  apply (rule_tac d = "%z. snd (z) " in lam_injective)
   6.616 -apply force 
   6.617 +apply force
   6.618  apply (simp add: Inl_def Inr_def)
   6.619  done
   6.620  
   6.621  lemma well_ord_Un:
   6.622 -     "[| well_ord(X,R); well_ord(Y,S) |] ==> EX T. well_ord(X Un Y, T)"
   6.623 -by (erule well_ord_radd [THEN Un_lepoll_sum [THEN lepoll_well_ord]], 
   6.624 +     "[| well_ord(X,R); well_ord(Y,S) |] ==> \<exists>T. well_ord(X \<union> Y, T)"
   6.625 +by (erule well_ord_radd [THEN Un_lepoll_sum [THEN lepoll_well_ord]],
   6.626      assumption)
   6.627  
   6.628  (*Krzysztof Grabczewski*)
   6.629 -lemma disj_Un_eqpoll_sum: "A Int B = 0 ==> A Un B \<approx> A + B"
   6.630 +lemma disj_Un_eqpoll_sum: "A \<inter> B = 0 ==> A \<union> B \<approx> A + B"
   6.631  apply (unfold eqpoll_def)
   6.632 -apply (rule_tac x = "lam a:A Un B. if a:A then Inl (a) else Inr (a) " in exI)
   6.633 +apply (rule_tac x = "\<lambda>a\<in>A \<union> B. if a:A then Inl (a) else Inr (a) " in exI)
   6.634  apply (rule_tac d = "%z. case (%x. x, %x. x, z) " in lam_bijective)
   6.635  apply auto
   6.636  done
   6.637 @@ -776,14 +776,14 @@
   6.638  apply (blast dest!: lepoll_succ_disj)
   6.639  done
   6.640  
   6.641 -lemma lesspoll_nat_is_Finite: 
   6.642 +lemma lesspoll_nat_is_Finite:
   6.643       "A \<prec> nat ==> Finite(A)"
   6.644  apply (unfold Finite_def)
   6.645 -apply (blast dest: ltD lesspoll_cardinal_lt 
   6.646 +apply (blast dest: ltD lesspoll_cardinal_lt
   6.647                     lesspoll_imp_eqpoll [THEN eqpoll_sym])
   6.648  done
   6.649  
   6.650 -lemma lepoll_Finite: 
   6.651 +lemma lepoll_Finite:
   6.652       "[| Y \<lesssim> X;  Finite(X) |] ==> Finite(Y)"
   6.653  apply (unfold Finite_def)
   6.654  apply (blast elim!: eqpollE
   6.655 @@ -793,8 +793,8 @@
   6.656  
   6.657  lemmas subset_Finite = subset_imp_lepoll [THEN lepoll_Finite]
   6.658  
   6.659 -lemma Finite_Int: "Finite(A) | Finite(B) ==> Finite(A Int B)"
   6.660 -by (blast intro: subset_Finite) 
   6.661 +lemma Finite_Int: "Finite(A) | Finite(B) ==> Finite(A \<inter> B)"
   6.662 +by (blast intro: subset_Finite)
   6.663  
   6.664  lemmas Finite_Diff = Diff_subset [THEN subset_Finite]
   6.665  
   6.666 @@ -819,16 +819,16 @@
   6.667  lemma Finite_succ_iff [iff]: "Finite(succ(x)) <-> Finite(x)"
   6.668  by (simp add: succ_def)
   6.669  
   6.670 -lemma nat_le_infinite_Ord: 
   6.671 -      "[| Ord(i);  ~ Finite(i) |] ==> nat le i"
   6.672 +lemma nat_le_infinite_Ord:
   6.673 +      "[| Ord(i);  ~ Finite(i) |] ==> nat \<le> i"
   6.674  apply (unfold Finite_def)
   6.675  apply (erule Ord_nat [THEN [2] Ord_linear2])
   6.676  prefer 2 apply assumption
   6.677  apply (blast intro!: eqpoll_refl elim!: ltE)
   6.678  done
   6.679  
   6.680 -lemma Finite_imp_well_ord: 
   6.681 -    "Finite(A) ==> EX r. well_ord(A,r)"
   6.682 +lemma Finite_imp_well_ord:
   6.683 +    "Finite(A) ==> \<exists>r. well_ord(A,r)"
   6.684  apply (unfold Finite_def eqpoll_def)
   6.685  apply (blast intro: well_ord_rvimage bij_is_inj well_ord_Memrel nat_into_Ord)
   6.686  done
   6.687 @@ -840,7 +840,7 @@
   6.688  by (fast elim!: eqpoll_sym [THEN eqpoll_0_is_0, THEN succ_neq_0])
   6.689  
   6.690  lemma Finite_Fin_lemma [rule_format]:
   6.691 -     "n \<in> nat ==> \<forall>A. (A\<approx>n & A \<subseteq> X) --> A \<in> Fin(X)"
   6.692 +     "n \<in> nat ==> \<forall>A. (A\<approx>n & A \<subseteq> X) \<longrightarrow> A \<in> Fin(X)"
   6.693  apply (induct_tac n)
   6.694  apply (rule allI)
   6.695  apply (fast intro!: Fin.emptyI dest!: eqpoll_imp_lepoll [THEN lepoll_0_is_0])
   6.696 @@ -857,17 +857,17 @@
   6.697  done
   6.698  
   6.699  lemma Finite_Fin: "[| Finite(A); A \<subseteq> X |] ==> A \<in> Fin(X)"
   6.700 -by (unfold Finite_def, blast intro: Finite_Fin_lemma) 
   6.701 +by (unfold Finite_def, blast intro: Finite_Fin_lemma)
   6.702  
   6.703  lemma eqpoll_imp_Finite_iff: "A \<approx> B ==> Finite(A) <-> Finite(B)"
   6.704 -apply (unfold Finite_def) 
   6.705 -apply (blast intro: eqpoll_trans eqpoll_sym) 
   6.706 +apply (unfold Finite_def)
   6.707 +apply (blast intro: eqpoll_trans eqpoll_sym)
   6.708  done
   6.709  
   6.710 -lemma Fin_lemma [rule_format]: "n: nat ==> ALL A. A \<approx> n --> A : Fin(A)"
   6.711 +lemma Fin_lemma [rule_format]: "n: nat ==> \<forall>A. A \<approx> n \<longrightarrow> A \<in> Fin(A)"
   6.712  apply (induct_tac n)
   6.713  apply (simp add: eqpoll_0_iff, clarify)
   6.714 -apply (subgoal_tac "EX u. u:A")
   6.715 +apply (subgoal_tac "\<exists>u. u:A")
   6.716  apply (erule exE)
   6.717  apply (rule Diff_sing_eqpoll [elim_format])
   6.718  prefer 2 apply assumption
   6.719 @@ -880,28 +880,28 @@
   6.720  apply (blast intro: bij_converse_bij [THEN bij_is_fun, THEN apply_type])
   6.721  done
   6.722  
   6.723 -lemma Finite_into_Fin: "Finite(A) ==> A : Fin(A)"
   6.724 +lemma Finite_into_Fin: "Finite(A) ==> A \<in> Fin(A)"
   6.725  apply (unfold Finite_def)
   6.726  apply (blast intro: Fin_lemma)
   6.727  done
   6.728  
   6.729 -lemma Fin_into_Finite: "A : Fin(U) ==> Finite(A)"
   6.730 +lemma Fin_into_Finite: "A \<in> Fin(U) ==> Finite(A)"
   6.731  by (fast intro!: Finite_0 Finite_cons elim: Fin_induct)
   6.732  
   6.733 -lemma Finite_Fin_iff: "Finite(A) <-> A : Fin(A)"
   6.734 +lemma Finite_Fin_iff: "Finite(A) <-> A \<in> Fin(A)"
   6.735  by (blast intro: Finite_into_Fin Fin_into_Finite)
   6.736  
   6.737 -lemma Finite_Un: "[| Finite(A); Finite(B) |] ==> Finite(A Un B)"
   6.738 -by (blast intro!: Fin_into_Finite Fin_UnI 
   6.739 +lemma Finite_Un: "[| Finite(A); Finite(B) |] ==> Finite(A \<union> B)"
   6.740 +by (blast intro!: Fin_into_Finite Fin_UnI
   6.741            dest!: Finite_into_Fin
   6.742 -          intro: Un_upper1 [THEN Fin_mono, THEN subsetD] 
   6.743 +          intro: Un_upper1 [THEN Fin_mono, THEN subsetD]
   6.744                   Un_upper2 [THEN Fin_mono, THEN subsetD])
   6.745  
   6.746 -lemma Finite_Un_iff [simp]: "Finite(A Un B) <-> (Finite(A) & Finite(B))"
   6.747 -by (blast intro: subset_Finite Finite_Un) 
   6.748 +lemma Finite_Un_iff [simp]: "Finite(A \<union> B) <-> (Finite(A) & Finite(B))"
   6.749 +by (blast intro: subset_Finite Finite_Un)
   6.750  
   6.751  text{*The converse must hold too.*}
   6.752 -lemma Finite_Union: "[| ALL y:X. Finite(y);  Finite(X) |] ==> Finite(Union(X))"
   6.753 +lemma Finite_Union: "[| \<forall>y\<in>X. Finite(y);  Finite(X) |] ==> Finite(\<Union>(X))"
   6.754  apply (simp add: Finite_Fin_iff)
   6.755  apply (rule Fin_UnionI)
   6.756  apply (erule Fin_induct, simp)
   6.757 @@ -911,9 +911,9 @@
   6.758  (* Induction principle for Finite(A), by Sidi Ehmety *)
   6.759  lemma Finite_induct [case_names 0 cons, induct set: Finite]:
   6.760  "[| Finite(A); P(0);
   6.761 -    !! x B.   [| Finite(B); x ~: B; P(B) |] ==> P(cons(x, B)) |]
   6.762 +    !! x B.   [| Finite(B); x \<notin> B; P(B) |] ==> P(cons(x, B)) |]
   6.763   ==> P(A)"
   6.764 -apply (erule Finite_into_Fin [THEN Fin_induct]) 
   6.765 +apply (erule Finite_into_Fin [THEN Fin_induct])
   6.766  apply (blast intro: Fin_into_Finite)+
   6.767  done
   6.768  
   6.769 @@ -930,7 +930,7 @@
   6.770  
   6.771  (*Sidi Ehmety.  And the contrapositive of this says
   6.772     [| ~Finite(A); Finite(B) |] ==> ~Finite(A-B) *)
   6.773 -lemma Diff_Finite [rule_format]: "Finite(B) ==> Finite(A-B) --> Finite(A)"
   6.774 +lemma Diff_Finite [rule_format]: "Finite(B) ==> Finite(A-B) \<longrightarrow> Finite(A)"
   6.775  apply (erule Finite_induct, auto)
   6.776  apply (case_tac "x:A")
   6.777   apply (subgoal_tac [2] "A-cons (x, B) = A - B")
   6.778 @@ -942,37 +942,37 @@
   6.779  by (erule Finite_induct, simp_all)
   6.780  
   6.781  lemma Finite_RepFun_iff_lemma [rule_format]:
   6.782 -     "[|Finite(x); !!x y. f(x)=f(y) ==> x=y|] 
   6.783 -      ==> \<forall>A. x = RepFun(A,f) --> Finite(A)" 
   6.784 +     "[|Finite(x); !!x y. f(x)=f(y) ==> x=y|]
   6.785 +      ==> \<forall>A. x = RepFun(A,f) \<longrightarrow> Finite(A)"
   6.786  apply (erule Finite_induct)
   6.787 - apply clarify 
   6.788 + apply clarify
   6.789   apply (case_tac "A=0", simp)
   6.790 - apply (blast del: allE, clarify) 
   6.791 -apply (subgoal_tac "\<exists>z\<in>A. x = f(z)") 
   6.792 - prefer 2 apply (blast del: allE elim: equalityE, clarify) 
   6.793 + apply (blast del: allE, clarify)
   6.794 +apply (subgoal_tac "\<exists>z\<in>A. x = f(z)")
   6.795 + prefer 2 apply (blast del: allE elim: equalityE, clarify)
   6.796  apply (subgoal_tac "B = {f(u) . u \<in> A - {z}}")
   6.797 - apply (blast intro: Diff_sing_Finite) 
   6.798 -apply (thin_tac "\<forall>A. ?P(A) --> Finite(A)") 
   6.799 -apply (rule equalityI) 
   6.800 - apply (blast intro: elim: equalityE) 
   6.801 -apply (blast intro: elim: equalityCE) 
   6.802 + apply (blast intro: Diff_sing_Finite)
   6.803 +apply (thin_tac "\<forall>A. ?P(A) \<longrightarrow> Finite(A)")
   6.804 +apply (rule equalityI)
   6.805 + apply (blast intro: elim: equalityE)
   6.806 +apply (blast intro: elim: equalityCE)
   6.807  done
   6.808  
   6.809  text{*I don't know why, but if the premise is expressed using meta-connectives
   6.810  then  the simplifier cannot prove it automatically in conditional rewriting.*}
   6.811  lemma Finite_RepFun_iff:
   6.812 -     "(\<forall>x y. f(x)=f(y) --> x=y) ==> Finite(RepFun(A,f)) <-> Finite(A)"
   6.813 -by (blast intro: Finite_RepFun Finite_RepFun_iff_lemma [of _ f]) 
   6.814 +     "(\<forall>x y. f(x)=f(y) \<longrightarrow> x=y) ==> Finite(RepFun(A,f)) <-> Finite(A)"
   6.815 +by (blast intro: Finite_RepFun Finite_RepFun_iff_lemma [of _ f])
   6.816  
   6.817  lemma Finite_Pow: "Finite(A) ==> Finite(Pow(A))"
   6.818 -apply (erule Finite_induct) 
   6.819 -apply (simp_all add: Pow_insert Finite_Un Finite_RepFun) 
   6.820 +apply (erule Finite_induct)
   6.821 +apply (simp_all add: Pow_insert Finite_Un Finite_RepFun)
   6.822  done
   6.823  
   6.824  lemma Finite_Pow_imp_Finite: "Finite(Pow(A)) ==> Finite(A)"
   6.825  apply (subgoal_tac "Finite({{x} . x \<in> A})")
   6.826 - apply (simp add: Finite_RepFun_iff ) 
   6.827 -apply (blast intro: subset_Finite) 
   6.828 + apply (simp add: Finite_RepFun_iff )
   6.829 +apply (blast intro: subset_Finite)
   6.830  done
   6.831  
   6.832  lemma Finite_Pow_iff [iff]: "Finite(Pow(A)) <-> Finite(A)"
   6.833 @@ -992,8 +992,8 @@
   6.834   txt{*x:Z case*}
   6.835   apply (drule_tac x = x in bspec, assumption)
   6.836   apply (blast elim: mem_irrefl mem_asym)
   6.837 -txt{*other case*} 
   6.838 -apply (drule_tac x = Z in spec, blast) 
   6.839 +txt{*other case*}
   6.840 +apply (drule_tac x = Z in spec, blast)
   6.841  done
   6.842  
   6.843  lemma nat_well_ord_converse_Memrel: "n:nat ==> well_ord(n,converse(Memrel(n)))"
   6.844 @@ -1003,7 +1003,7 @@
   6.845  done
   6.846  
   6.847  lemma well_ord_converse:
   6.848 -     "[|well_ord(A,r);      
   6.849 +     "[|well_ord(A,r);
   6.850          well_ord(ordertype(A,r), converse(Memrel(ordertype(A, r)))) |]
   6.851        ==> well_ord(A,converse(r))"
   6.852  apply (rule well_ord_Int_iff [THEN iffD1])
   6.853 @@ -1021,7 +1021,7 @@
   6.854  apply (blast intro!: ordermap_bij [THEN bij_converse_bij])
   6.855  done
   6.856  
   6.857 -lemma Finite_well_ord_converse: 
   6.858 +lemma Finite_well_ord_converse:
   6.859      "[| Finite(A);  well_ord(A,r) |] ==> well_ord(A,converse(r))"
   6.860  apply (unfold Finite_def)
   6.861  apply (rule well_ord_converse, assumption)
   6.862 @@ -1034,9 +1034,9 @@
   6.863  done
   6.864  
   6.865  lemma nat_not_Finite: "~Finite(nat)"
   6.866 -apply (unfold Finite_def, clarify) 
   6.867 -apply (drule eqpoll_imp_lepoll [THEN lepoll_cardinal_le], simp) 
   6.868 -apply (insert Card_nat) 
   6.869 +apply (unfold Finite_def, clarify)
   6.870 +apply (drule eqpoll_imp_lepoll [THEN lepoll_cardinal_le], simp)
   6.871 +apply (insert Card_nat)
   6.872  apply (simp add: Card_def)
   6.873  apply (drule le_imp_subset)
   6.874  apply (blast elim: mem_irrefl)
     7.1 --- a/src/ZF/CardinalArith.thy	Sun Mar 04 23:20:43 2012 +0100
     7.2 +++ b/src/ZF/CardinalArith.thy	Tue Mar 06 15:15:49 2012 +0000
     7.3 @@ -9,30 +9,30 @@
     7.4  
     7.5  definition
     7.6    InfCard       :: "i=>o"  where
     7.7 -    "InfCard(i) == Card(i) & nat le i"
     7.8 +    "InfCard(i) == Card(i) & nat \<le> i"
     7.9  
    7.10  definition
    7.11    cmult         :: "[i,i]=>i"       (infixl "|*|" 70)  where
    7.12      "i |*| j == |i*j|"
    7.13 -  
    7.14 +
    7.15  definition
    7.16    cadd          :: "[i,i]=>i"       (infixl "|+|" 65)  where
    7.17      "i |+| j == |i+j|"
    7.18  
    7.19  definition
    7.20    csquare_rel   :: "i=>i"  where
    7.21 -    "csquare_rel(K) ==   
    7.22 -          rvimage(K*K,   
    7.23 -                  lam <x,y>:K*K. <x Un y, x, y>, 
    7.24 +    "csquare_rel(K) ==
    7.25 +          rvimage(K*K,
    7.26 +                  lam <x,y>:K*K. <x \<union> y, x, y>,
    7.27                    rmult(K,Memrel(K), K*K, rmult(K,Memrel(K), K,Memrel(K))))"
    7.28  
    7.29  definition
    7.30    jump_cardinal :: "i=>i"  where
    7.31      --{*This def is more complex than Kunen's but it more easily proved to
    7.32          be a cardinal*}
    7.33 -    "jump_cardinal(K) ==   
    7.34 +    "jump_cardinal(K) ==
    7.35           \<Union>X\<in>Pow(K). {z. r: Pow(K*K), well_ord(X,r) & z = ordertype(X,r)}"
    7.36 -  
    7.37 +
    7.38  definition
    7.39    csucc         :: "i=>i"  where
    7.40      --{*needed because @{term "jump_cardinal(K)"} might not be the successor
    7.41 @@ -48,25 +48,25 @@
    7.42    cmult  (infixl "\<otimes>" 70)
    7.43  
    7.44  
    7.45 -lemma Card_Union [simp,intro,TC]: "(ALL x:A. Card(x)) ==> Card(Union(A))"
    7.46 -apply (rule CardI) 
    7.47 - apply (simp add: Card_is_Ord) 
    7.48 +lemma Card_Union [simp,intro,TC]: "(\<forall>x\<in>A. Card(x)) ==> Card(\<Union>(A))"
    7.49 +apply (rule CardI)
    7.50 + apply (simp add: Card_is_Ord)
    7.51  apply (clarify dest!: ltD)
    7.52 -apply (drule bspec, assumption) 
    7.53 -apply (frule lt_Card_imp_lesspoll, blast intro: ltI Card_is_Ord) 
    7.54 +apply (drule bspec, assumption)
    7.55 +apply (frule lt_Card_imp_lesspoll, blast intro: ltI Card_is_Ord)
    7.56  apply (drule eqpoll_sym [THEN eqpoll_imp_lepoll])
    7.57 -apply (drule lesspoll_trans1, assumption) 
    7.58 +apply (drule lesspoll_trans1, assumption)
    7.59  apply (subgoal_tac "B \<lesssim> \<Union>A")
    7.60 - apply (drule lesspoll_trans1, assumption, blast) 
    7.61 -apply (blast intro: subset_imp_lepoll) 
    7.62 + apply (drule lesspoll_trans1, assumption, blast)
    7.63 +apply (blast intro: subset_imp_lepoll)
    7.64  done
    7.65  
    7.66 -lemma Card_UN: "(!!x. x:A ==> Card(K(x))) ==> Card(\<Union>x\<in>A. K(x))" 
    7.67 -by (blast intro: Card_Union) 
    7.68 +lemma Card_UN: "(!!x. x:A ==> Card(K(x))) ==> Card(\<Union>x\<in>A. K(x))"
    7.69 +by (blast intro: Card_Union)
    7.70  
    7.71  lemma Card_OUN [simp,intro,TC]:
    7.72       "(!!x. x:A ==> Card(K(x))) ==> Card(\<Union>x<A. K(x))"
    7.73 -by (simp add: OUnion_def Card_0) 
    7.74 +by (simp add: OUnion_def Card_0)
    7.75  
    7.76  lemma n_lesspoll_nat: "n \<in> nat ==> n \<prec> nat"
    7.77  apply (unfold lesspoll_def)
    7.78 @@ -75,8 +75,8 @@
    7.79  apply (rule notI)
    7.80  apply (erule eqpollE)
    7.81  apply (rule succ_lepoll_natE)
    7.82 -apply (blast intro: nat_succI [THEN OrdmemD, THEN subset_imp_lepoll] 
    7.83 -                    lepoll_trans, assumption) 
    7.84 +apply (blast intro: nat_succI [THEN OrdmemD, THEN subset_imp_lepoll]
    7.85 +                    lepoll_trans, assumption)
    7.86  done
    7.87  
    7.88  lemma in_Card_imp_lesspoll: "[| Card(K); b \<in> K |] ==> b \<prec> K"
    7.89 @@ -88,7 +88,7 @@
    7.90  lemma lesspoll_lemma: "[| ~ A \<prec> B; C \<prec> B |] ==> A - C \<noteq> 0"
    7.91  apply (unfold lesspoll_def)
    7.92  apply (fast dest!: Diff_eq_0_iff [THEN iffD1, THEN subset_imp_lepoll]
    7.93 -            intro!: eqpollI elim: notE 
    7.94 +            intro!: eqpollI elim: notE
    7.95              elim!: eqpollE lepoll_trans)
    7.96  done
    7.97  
    7.98 @@ -123,18 +123,18 @@
    7.99  done
   7.100  
   7.101  (*Unconditional version requires AC*)
   7.102 -lemma well_ord_cadd_assoc: 
   7.103 +lemma well_ord_cadd_assoc:
   7.104      "[| well_ord(i,ri); well_ord(j,rj); well_ord(k,rk) |]
   7.105       ==> (i |+| j) |+| k = i |+| (j |+| k)"
   7.106  apply (unfold cadd_def)
   7.107  apply (rule cardinal_cong)
   7.108  apply (rule eqpoll_trans)
   7.109   apply (rule sum_eqpoll_cong [OF well_ord_cardinal_eqpoll eqpoll_refl])
   7.110 - apply (blast intro: well_ord_radd ) 
   7.111 + apply (blast intro: well_ord_radd )
   7.112  apply (rule sum_assoc_eqpoll [THEN eqpoll_trans])
   7.113  apply (rule eqpoll_sym)
   7.114  apply (rule sum_eqpoll_cong [OF eqpoll_refl well_ord_cardinal_eqpoll])
   7.115 -apply (blast intro: well_ord_radd ) 
   7.116 +apply (blast intro: well_ord_radd )
   7.117  done
   7.118  
   7.119  subsubsection{*0 is the identity for addition*}
   7.120 @@ -154,14 +154,14 @@
   7.121  
   7.122  lemma sum_lepoll_self: "A \<lesssim> A+B"
   7.123  apply (unfold lepoll_def inj_def)
   7.124 -apply (rule_tac x = "lam x:A. Inl (x) " in exI)
   7.125 +apply (rule_tac x = "\<lambda>x\<in>A. Inl (x) " in exI)
   7.126  apply simp
   7.127  done
   7.128  
   7.129  (*Could probably weaken the premises to well_ord(K,r), or removing using AC*)
   7.130  
   7.131 -lemma cadd_le_self: 
   7.132 -    "[| Card(K);  Ord(L) |] ==> K le (K |+| L)"
   7.133 +lemma cadd_le_self:
   7.134 +    "[| Card(K);  Ord(L) |] ==> K \<le> (K |+| L)"
   7.135  apply (unfold cadd_def)
   7.136  apply (rule le_trans [OF Card_cardinal_le well_ord_lepoll_imp_Card_le],
   7.137         assumption)
   7.138 @@ -171,18 +171,18 @@
   7.139  
   7.140  subsubsection{*Monotonicity of addition*}
   7.141  
   7.142 -lemma sum_lepoll_mono: 
   7.143 +lemma sum_lepoll_mono:
   7.144       "[| A \<lesssim> C;  B \<lesssim> D |] ==> A + B \<lesssim> C + D"
   7.145  apply (unfold lepoll_def)
   7.146  apply (elim exE)
   7.147 -apply (rule_tac x = "lam z:A+B. case (%w. Inl(f`w), %y. Inr(fa`y), z)" in exI)
   7.148 +apply (rule_tac x = "\<lambda>z\<in>A+B. case (%w. Inl(f`w), %y. Inr(fa`y), z)" in exI)
   7.149  apply (rule_tac d = "case (%w. Inl(converse(f) `w), %y. Inr(converse(fa) ` y))"
   7.150         in lam_injective)
   7.151  apply (typecheck add: inj_is_fun, auto)
   7.152  done
   7.153  
   7.154  lemma cadd_le_mono:
   7.155 -    "[| K' le K;  L' le L |] ==> (K' |+| L') le (K |+| L)"
   7.156 +    "[| K' \<le> K;  L' \<le> L |] ==> (K' |+| L') \<le> (K |+| L)"
   7.157  apply (unfold cadd_def)
   7.158  apply (safe dest!: le_subset_iff [THEN iffD1])
   7.159  apply (rule well_ord_lepoll_imp_Card_le)
   7.160 @@ -195,7 +195,7 @@
   7.161  lemma sum_succ_eqpoll: "succ(A)+B \<approx> succ(A+B)"
   7.162  apply (unfold eqpoll_def)
   7.163  apply (rule exI)
   7.164 -apply (rule_tac c = "%z. if z=Inl (A) then A+B else z" 
   7.165 +apply (rule_tac c = "%z. if z=Inl (A) then A+B else z"
   7.166              and d = "%z. if z=A+B then Inl (A) else z" in lam_bijective)
   7.167     apply simp_all
   7.168  apply (blast dest: sym [THEN eq_imp_not_mem] elim: mem_irrefl)+
   7.169 @@ -227,8 +227,8 @@
   7.170  lemma prod_commute_eqpoll: "A*B \<approx> B*A"
   7.171  apply (unfold eqpoll_def)
   7.172  apply (rule exI)
   7.173 -apply (rule_tac c = "%<x,y>.<y,x>" and d = "%<x,y>.<y,x>" in lam_bijective, 
   7.174 -       auto) 
   7.175 +apply (rule_tac c = "%<x,y>.<y,x>" and d = "%<x,y>.<y,x>" in lam_bijective,
   7.176 +       auto)
   7.177  done
   7.178  
   7.179  lemma cmult_commute: "i |*| j = j |*| i"
   7.180 @@ -250,11 +250,11 @@
   7.181       ==> (i |*| j) |*| k = i |*| (j |*| k)"
   7.182  apply (unfold cmult_def)
   7.183  apply (rule cardinal_cong)
   7.184 -apply (rule eqpoll_trans) 
   7.185 +apply (rule eqpoll_trans)
   7.186   apply (rule prod_eqpoll_cong [OF well_ord_cardinal_eqpoll eqpoll_refl])
   7.187   apply (blast intro: well_ord_rmult)
   7.188  apply (rule prod_assoc_eqpoll [THEN eqpoll_trans])
   7.189 -apply (rule eqpoll_sym) 
   7.190 +apply (rule eqpoll_sym)
   7.191  apply (rule prod_eqpoll_cong [OF eqpoll_refl well_ord_cardinal_eqpoll])
   7.192  apply (blast intro: well_ord_rmult)
   7.193  done
   7.194 @@ -272,12 +272,12 @@
   7.195       ==> (i |+| j) |*| k = (i |*| k) |+| (j |*| k)"
   7.196  apply (unfold cadd_def cmult_def)
   7.197  apply (rule cardinal_cong)
   7.198 -apply (rule eqpoll_trans) 
   7.199 +apply (rule eqpoll_trans)
   7.200   apply (rule prod_eqpoll_cong [OF well_ord_cardinal_eqpoll eqpoll_refl])
   7.201  apply (blast intro: well_ord_radd)
   7.202  apply (rule sum_prod_distrib_eqpoll [THEN eqpoll_trans])
   7.203 -apply (rule eqpoll_sym) 
   7.204 -apply (rule sum_eqpoll_cong [OF well_ord_cardinal_eqpoll 
   7.205 +apply (rule eqpoll_sym)
   7.206 +apply (rule sum_eqpoll_cong [OF well_ord_cardinal_eqpoll
   7.207                                  well_ord_cardinal_eqpoll])
   7.208  apply (blast intro: well_ord_rmult)+
   7.209  done
   7.210 @@ -310,11 +310,11 @@
   7.211  
   7.212  lemma prod_square_lepoll: "A \<lesssim> A*A"
   7.213  apply (unfold lepoll_def inj_def)
   7.214 -apply (rule_tac x = "lam x:A. <x,x>" in exI, simp)
   7.215 +apply (rule_tac x = "\<lambda>x\<in>A. <x,x>" in exI, simp)
   7.216  done
   7.217  
   7.218  (*Could probably weaken the premise to well_ord(K,r), or remove using AC*)
   7.219 -lemma cmult_square_le: "Card(K) ==> K le K |*| K"
   7.220 +lemma cmult_square_le: "Card(K) ==> K \<le> K |*| K"
   7.221  apply (unfold cmult_def)
   7.222  apply (rule le_trans)
   7.223  apply (rule_tac [2] well_ord_lepoll_imp_Card_le)
   7.224 @@ -327,12 +327,12 @@
   7.225  
   7.226  lemma prod_lepoll_self: "b: B ==> A \<lesssim> A*B"
   7.227  apply (unfold lepoll_def inj_def)
   7.228 -apply (rule_tac x = "lam x:A. <x,b>" in exI, simp)
   7.229 +apply (rule_tac x = "\<lambda>x\<in>A. <x,b>" in exI, simp)
   7.230  done
   7.231  
   7.232  (*Could probably weaken the premises to well_ord(K,r), or removing using AC*)
   7.233  lemma cmult_le_self:
   7.234 -    "[| Card(K);  Ord(L);  0<L |] ==> K le (K |*| L)"
   7.235 +    "[| Card(K);  Ord(L);  0<L |] ==> K \<le> (K |*| L)"
   7.236  apply (unfold cmult_def)
   7.237  apply (rule le_trans [OF Card_cardinal_le well_ord_lepoll_imp_Card_le])
   7.238    apply assumption
   7.239 @@ -347,13 +347,13 @@
   7.240  apply (unfold lepoll_def)
   7.241  apply (elim exE)
   7.242  apply (rule_tac x = "lam <w,y>:A*B. <f`w, fa`y>" in exI)
   7.243 -apply (rule_tac d = "%<w,y>. <converse (f) `w, converse (fa) `y>" 
   7.244 +apply (rule_tac d = "%<w,y>. <converse (f) `w, converse (fa) `y>"
   7.245         in lam_injective)
   7.246  apply (typecheck add: inj_is_fun, auto)
   7.247  done
   7.248  
   7.249  lemma cmult_le_mono:
   7.250 -    "[| K' le K;  L' le L |] ==> (K' |*| L') le (K |*| L)"
   7.251 +    "[| K' \<le> K;  L' \<le> L |] ==> (K' |*| L') \<le> (K |*| L)"
   7.252  apply (unfold cmult_def)
   7.253  apply (safe dest!: le_subset_iff [THEN iffD1])
   7.254  apply (rule well_ord_lepoll_imp_Card_le)
   7.255 @@ -391,10 +391,10 @@
   7.256  by (simp add: cmult_succ_lemma Card_is_Ord cadd_commute [of _ 0])
   7.257  
   7.258  lemma sum_lepoll_prod: "2 \<lesssim> C ==> B+B \<lesssim> C*B"
   7.259 -apply (rule lepoll_trans) 
   7.260 -apply (rule sum_eq_2_times [THEN equalityD1, THEN subset_imp_lepoll]) 
   7.261 -apply (erule prod_lepoll_mono) 
   7.262 -apply (rule lepoll_refl) 
   7.263 +apply (rule lepoll_trans)
   7.264 +apply (rule sum_eq_2_times [THEN equalityD1, THEN subset_imp_lepoll])
   7.265 +apply (erule prod_lepoll_mono)
   7.266 +apply (rule lepoll_refl)
   7.267  done
   7.268  
   7.269  lemma lepoll_imp_sum_lepoll_prod: "[| A \<lesssim> B; 2 \<lesssim> A |] ==> A+B \<lesssim> A*B"
   7.270 @@ -404,20 +404,20 @@
   7.271  subsection{*Infinite Cardinals are Limit Ordinals*}
   7.272  
   7.273  (*This proof is modelled upon one assuming nat<=A, with injection
   7.274 -  lam z:cons(u,A). if z=u then 0 else if z : nat then succ(z) else z
   7.275 +  \<lambda>z\<in>cons(u,A). if z=u then 0 else if z \<in> nat then succ(z) else z
   7.276    and inverse %y. if y:nat then nat_case(u, %z. z, y) else y.  \
   7.277    If f: inj(nat,A) then range(f) behaves like the natural numbers.*)
   7.278  lemma nat_cons_lepoll: "nat \<lesssim> A ==> cons(u,A) \<lesssim> A"
   7.279  apply (unfold lepoll_def)
   7.280  apply (erule exE)
   7.281 -apply (rule_tac x = 
   7.282 -          "lam z:cons (u,A).
   7.283 -             if z=u then f`0 
   7.284 -             else if z: range (f) then f`succ (converse (f) `z) else z" 
   7.285 +apply (rule_tac x =
   7.286 +          "\<lambda>z\<in>cons (u,A).
   7.287 +             if z=u then f`0
   7.288 +             else if z: range (f) then f`succ (converse (f) `z) else z"
   7.289         in exI)
   7.290  apply (rule_tac d =
   7.291 -          "%y. if y: range(f) then nat_case (u, %z. f`z, converse(f) `y) 
   7.292 -                              else y" 
   7.293 +          "%y. if y: range(f) then nat_case (u, %z. f`z, converse(f) `y)
   7.294 +                              else y"
   7.295         in lam_injective)
   7.296  apply (fast intro!: if_type apply_type intro: inj_is_fun inj_converse_fun)
   7.297  apply (simp add: inj_is_fun [THEN apply_rangeI]
   7.298 @@ -431,7 +431,7 @@
   7.299  done
   7.300  
   7.301  (*Specialized version required below*)
   7.302 -lemma nat_succ_eqpoll: "nat <= A ==> succ(A) \<approx> A"
   7.303 +lemma nat_succ_eqpoll: "nat \<subseteq> A ==> succ(A) \<approx> A"
   7.304  apply (unfold succ_def)
   7.305  apply (erule subset_imp_lepoll [THEN nat_cons_eqpoll])
   7.306  done
   7.307 @@ -447,7 +447,7 @@
   7.308  done
   7.309  
   7.310  lemma InfCard_Un:
   7.311 -    "[| InfCard(K);  Card(L) |] ==> InfCard(K Un L)"
   7.312 +    "[| InfCard(K);  Card(L) |] ==> InfCard(K \<union> L)"
   7.313  apply (unfold InfCard_def)
   7.314  apply (simp add: Card_Un Un_upper1_le [THEN [2] le_trans]  Card_is_Ord)
   7.315  done
   7.316 @@ -477,7 +477,7 @@
   7.317  apply (unfold eqpoll_def)
   7.318  apply (rule exI)
   7.319  apply (simp add: ordermap_eq_image well_ord_is_wf)
   7.320 -apply (erule ordermap_bij [THEN bij_is_inj, THEN restrict_bij, 
   7.321 +apply (erule ordermap_bij [THEN bij_is_inj, THEN restrict_bij,
   7.322                             THEN bij_converse_bij])
   7.323  apply (rule pred_subset)
   7.324  done
   7.325 @@ -485,7 +485,7 @@
   7.326  subsubsection{*Establishing the well-ordering*}
   7.327  
   7.328  lemma csquare_lam_inj:
   7.329 -     "Ord(K) ==> (lam <x,y>:K*K. <x Un y, x, y>) : inj(K*K, K*K*K)"
   7.330 +     "Ord(K) ==> (lam <x,y>:K*K. <x \<union> y, x, y>) \<in> inj(K*K, K*K*K)"
   7.331  apply (unfold inj_def)
   7.332  apply (force intro: lam_type Un_least_lt [THEN ltD] ltI)
   7.333  done
   7.334 @@ -499,7 +499,7 @@
   7.335  subsubsection{*Characterising initial segments of the well-ordering*}
   7.336  
   7.337  lemma csquareD:
   7.338 - "[| <<x,y>, <z,z>> : csquare_rel(K);  x<K;  y<K;  z<K |] ==> x le z & y le z"
   7.339 + "[| <<x,y>, <z,z>> \<in> csquare_rel(K);  x<K;  y<K;  z<K |] ==> x \<le> z & y \<le> z"
   7.340  apply (unfold csquare_rel_def)
   7.341  apply (erule rev_mp)
   7.342  apply (elim ltE)
   7.343 @@ -508,45 +508,45 @@
   7.344  apply (simp_all add: lt_def succI2)
   7.345  done
   7.346  
   7.347 -lemma pred_csquare_subset: 
   7.348 -    "z<K ==> Order.pred(K*K, <z,z>, csquare_rel(K)) <= succ(z)*succ(z)"
   7.349 +lemma pred_csquare_subset:
   7.350 +    "z<K ==> Order.pred(K*K, <z,z>, csquare_rel(K)) \<subseteq> succ(z)*succ(z)"
   7.351  apply (unfold Order.pred_def)
   7.352  apply (safe del: SigmaI succCI)
   7.353  apply (erule csquareD [THEN conjE])
   7.354 -apply (unfold lt_def, auto) 
   7.355 +apply (unfold lt_def, auto)
   7.356  done
   7.357  
   7.358  lemma csquare_ltI:
   7.359 - "[| x<z;  y<z;  z<K |] ==>  <<x,y>, <z,z>> : csquare_rel(K)"
   7.360 + "[| x<z;  y<z;  z<K |] ==>  <<x,y>, <z,z>> \<in> csquare_rel(K)"
   7.361  apply (unfold csquare_rel_def)
   7.362  apply (subgoal_tac "x<K & y<K")
   7.363 - prefer 2 apply (blast intro: lt_trans) 
   7.364 + prefer 2 apply (blast intro: lt_trans)
   7.365  apply (elim ltE)
   7.366  apply (simp add: rvimage_iff Un_absorb Un_least_mem_iff ltD)
   7.367  done
   7.368  
   7.369  (*Part of the traditional proof.  UNUSED since it's harder to prove & apply *)
   7.370  lemma csquare_or_eqI:
   7.371 - "[| x le z;  y le z;  z<K |] ==> <<x,y>, <z,z>> : csquare_rel(K) | x=z & y=z"
   7.372 + "[| x \<le> z;  y \<le> z;  z<K |] ==> <<x,y>, <z,z>> \<in> csquare_rel(K) | x=z & y=z"
   7.373  apply (unfold csquare_rel_def)
   7.374  apply (subgoal_tac "x<K & y<K")
   7.375 - prefer 2 apply (blast intro: lt_trans1) 
   7.376 + prefer 2 apply (blast intro: lt_trans1)
   7.377  apply (elim ltE)
   7.378  apply (simp add: rvimage_iff Un_absorb Un_least_mem_iff ltD)
   7.379  apply (elim succE)
   7.380 -apply (simp_all add: subset_Un_iff [THEN iff_sym] 
   7.381 +apply (simp_all add: subset_Un_iff [THEN iff_sym]
   7.382                       subset_Un_iff2 [THEN iff_sym] OrdmemD)
   7.383  done
   7.384  
   7.385  subsubsection{*The cardinality of initial segments*}
   7.386  
   7.387  lemma ordermap_z_lt:
   7.388 -      "[| Limit(K);  x<K;  y<K;  z=succ(x Un y) |] ==>
   7.389 +      "[| Limit(K);  x<K;  y<K;  z=succ(x \<union> y) |] ==>
   7.390            ordermap(K*K, csquare_rel(K)) ` <x,y> <
   7.391            ordermap(K*K, csquare_rel(K)) ` <z,z>"
   7.392  apply (subgoal_tac "z<K & well_ord (K*K, csquare_rel (K))")
   7.393  prefer 2 apply (blast intro!: Un_least_lt Limit_has_succ
   7.394 -                              Limit_is_Ord [THEN well_ord_csquare], clarify) 
   7.395 +                              Limit_is_Ord [THEN well_ord_csquare], clarify)
   7.396  apply (rule csquare_ltI [THEN ordermap_mono, THEN ltI])
   7.397  apply (erule_tac [4] well_ord_is_wf)
   7.398  apply (blast intro!: Un_upper1_le Un_upper2_le Ord_ordermap elim!: ltE)+
   7.399 @@ -554,14 +554,14 @@
   7.400  
   7.401  (*Kunen: "each <x,y>: K*K has no more than z*z predecessors..." (page 29) *)
   7.402  lemma ordermap_csquare_le:
   7.403 -  "[| Limit(K);  x<K;  y<K;  z=succ(x Un y) |]
   7.404 -   ==> | ordermap(K*K, csquare_rel(K)) ` <x,y> | le  |succ(z)| |*| |succ(z)|"
   7.405 +  "[| Limit(K);  x<K;  y<K;  z=succ(x \<union> y) |]
   7.406 +   ==> | ordermap(K*K, csquare_rel(K)) ` <x,y> | \<le> |succ(z)| |*| |succ(z)|"
   7.407  apply (unfold cmult_def)
   7.408  apply (rule well_ord_rmult [THEN well_ord_lepoll_imp_Card_le])
   7.409  apply (rule Ord_cardinal [THEN well_ord_Memrel])+
   7.410  apply (subgoal_tac "z<K")
   7.411   prefer 2 apply (blast intro!: Un_least_lt Limit_has_succ)
   7.412 -apply (rule ordermap_z_lt [THEN leI, THEN le_imp_lepoll, THEN lepoll_trans], 
   7.413 +apply (rule ordermap_z_lt [THEN leI, THEN le_imp_lepoll, THEN lepoll_trans],
   7.414         assumption+)
   7.415  apply (rule ordermap_eqpoll_pred [THEN eqpoll_imp_lepoll, THEN lepoll_trans])
   7.416  apply (erule Limit_is_Ord [THEN well_ord_csquare])
   7.417 @@ -573,10 +573,10 @@
   7.418  apply (erule Ord_succ [THEN Ord_cardinal_eqpoll])+
   7.419  done
   7.420  
   7.421 -(*Kunen: "... so the order type <= K" *)
   7.422 +(*Kunen: "... so the order type is @{text"\<le>"} K" *)
   7.423  lemma ordertype_csquare_le:
   7.424 -     "[| InfCard(K);  ALL y:K. InfCard(y) --> y |*| y = y |] 
   7.425 -      ==> ordertype(K*K, csquare_rel(K)) le K"
   7.426 +     "[| InfCard(K);  \<forall>y\<in>K. InfCard(y) \<longrightarrow> y |*| y = y |]
   7.427 +      ==> ordertype(K*K, csquare_rel(K)) \<le> K"
   7.428  apply (frule InfCard_is_Card [THEN Card_is_Ord])
   7.429  apply (rule all_lt_imp_le, assumption)
   7.430  apply (erule well_ord_csquare [THEN Ord_ordertype])
   7.431 @@ -587,16 +587,16 @@
   7.432  apply (safe elim!: ltE)
   7.433  apply (subgoal_tac "Ord (xa) & Ord (ya)")
   7.434   prefer 2 apply (blast intro: Ord_in_Ord, clarify)
   7.435 -(*??WHAT A MESS!*)  
   7.436 +(*??WHAT A MESS!*)
   7.437  apply (rule InfCard_is_Limit [THEN ordermap_csquare_le, THEN lt_trans1],
   7.438 -       (assumption | rule refl | erule ltI)+) 
   7.439 -apply (rule_tac i = "xa Un ya" and j = nat in Ord_linear2,
   7.440 +       (assumption | rule refl | erule ltI)+)
   7.441 +apply (rule_tac i = "xa \<union> ya" and j = nat in Ord_linear2,
   7.442         simp_all add: Ord_Un Ord_nat)
   7.443 -prefer 2 (*case nat le (xa Un ya) *)
   7.444 - apply (simp add: le_imp_subset [THEN nat_succ_eqpoll, THEN cardinal_cong] 
   7.445 +prefer 2 (*case @{term"nat \<le> (xa \<union> ya)"} *)
   7.446 + apply (simp add: le_imp_subset [THEN nat_succ_eqpoll, THEN cardinal_cong]
   7.447                    le_succ_iff InfCard_def Card_cardinal Un_least_lt Ord_Un
   7.448                  ltI nat_le_cardinal Ord_cardinal_le [THEN lt_trans1, THEN ltD])
   7.449 -(*the finite case: xa Un ya < nat *)
   7.450 +(*the finite case: @{term"xa \<union> ya < nat"} *)
   7.451  apply (rule_tac j = nat in lt_trans2)
   7.452   apply (simp add: lt_def nat_cmult_eq_mult nat_succI mult_type
   7.453                    nat_into_Card [THEN Card_cardinal_eq]  Ord_nat)
   7.454 @@ -607,14 +607,14 @@
   7.455  lemma InfCard_csquare_eq: "InfCard(K) ==> K |*| K = K"
   7.456  apply (frule InfCard_is_Card [THEN Card_is_Ord])
   7.457  apply (erule rev_mp)
   7.458 -apply (erule_tac i=K in trans_induct) 
   7.459 +apply (erule_tac i=K in trans_induct)
   7.460  apply (rule impI)
   7.461  apply (rule le_anti_sym)
   7.462  apply (erule_tac [2] InfCard_is_Card [THEN cmult_square_le])
   7.463  apply (rule ordertype_csquare_le [THEN [2] le_trans])
   7.464 -apply (simp add: cmult_def Ord_cardinal_le   
   7.465 +apply (simp add: cmult_def Ord_cardinal_le
   7.466                   well_ord_csquare [THEN Ord_ordertype]
   7.467 -                 well_ord_csquare [THEN ordermap_bij, THEN bij_imp_eqpoll, 
   7.468 +                 well_ord_csquare [THEN ordermap_bij, THEN bij_imp_eqpoll,
   7.469                                     THEN cardinal_cong], assumption+)
   7.470  done
   7.471  
   7.472 @@ -629,9 +629,9 @@
   7.473  done
   7.474  
   7.475  lemma InfCard_square_eqpoll: "InfCard(K) ==> K \<times> K \<approx> K"
   7.476 -apply (rule well_ord_InfCard_square_eq)  
   7.477 - apply (erule InfCard_is_Card [THEN Card_is_Ord, THEN well_ord_Memrel]) 
   7.478 -apply (simp add: InfCard_is_Card [THEN Card_cardinal_eq]) 
   7.479 +apply (rule well_ord_InfCard_square_eq)
   7.480 + apply (erule InfCard_is_Card [THEN Card_is_Ord, THEN well_ord_Memrel])
   7.481 +apply (simp add: InfCard_is_Card [THEN Card_cardinal_eq])
   7.482  done
   7.483  
   7.484  lemma Inf_Card_is_InfCard: "[| ~Finite(i); Card(i) |] ==> InfCard(i)"
   7.485 @@ -639,7 +639,7 @@
   7.486  
   7.487  subsubsection{*Toward's Kunen's Corollary 10.13 (1)*}
   7.488  
   7.489 -lemma InfCard_le_cmult_eq: "[| InfCard(K);  L le K;  0<L |] ==> K |*| L = K"
   7.490 +lemma InfCard_le_cmult_eq: "[| InfCard(K);  L \<le> K;  0<L |] ==> K |*| L = K"
   7.491  apply (rule le_anti_sym)
   7.492   prefer 2
   7.493   apply (erule ltE, blast intro: cmult_le_self InfCard_is_Card)
   7.494 @@ -649,12 +649,12 @@
   7.495  done
   7.496  
   7.497  (*Corollary 10.13 (1), for cardinal multiplication*)
   7.498 -lemma InfCard_cmult_eq: "[| InfCard(K);  InfCard(L) |] ==> K |*| L = K Un L"
   7.499 +lemma InfCard_cmult_eq: "[| InfCard(K);  InfCard(L) |] ==> K |*| L = K \<union> L"
   7.500  apply (rule_tac i = K and j = L in Ord_linear_le)
   7.501  apply (typecheck add: InfCard_is_Card Card_is_Ord)
   7.502  apply (rule cmult_commute [THEN ssubst])
   7.503  apply (rule Un_commute [THEN ssubst])
   7.504 -apply (simp_all add: InfCard_is_Limit [THEN Limit_has_0] InfCard_le_cmult_eq 
   7.505 +apply (simp_all add: InfCard_is_Limit [THEN Limit_has_0] InfCard_le_cmult_eq
   7.506                       subset_Un_iff2 [THEN iffD1] le_imp_subset)
   7.507  done
   7.508  
   7.509 @@ -664,7 +664,7 @@
   7.510  done
   7.511  
   7.512  (*Corollary 10.13 (1), for cardinal addition*)
   7.513 -lemma InfCard_le_cadd_eq: "[| InfCard(K);  L le K |] ==> K |+| L = K"
   7.514 +lemma InfCard_le_cadd_eq: "[| InfCard(K);  L \<le> K |] ==> K |+| L = K"
   7.515  apply (rule le_anti_sym)
   7.516   prefer 2
   7.517   apply (erule ltE, blast intro: cadd_le_self InfCard_is_Card)
   7.518 @@ -673,7 +673,7 @@
   7.519  apply (simp add: InfCard_cdouble_eq)
   7.520  done
   7.521  
   7.522 -lemma InfCard_cadd_eq: "[| InfCard(K);  InfCard(L) |] ==> K |+| L = K Un L"
   7.523 +lemma InfCard_cadd_eq: "[| InfCard(K);  InfCard(L) |] ==> K |+| L = K \<union> L"
   7.524  apply (rule_tac i = K and j = L in Ord_linear_le)
   7.525  apply (typecheck add: InfCard_is_Card Card_is_Ord)
   7.526  apply (rule cadd_commute [THEN ssubst])
   7.527 @@ -704,10 +704,10 @@
   7.528  
   7.529  (*Allows selective unfolding.  Less work than deriving intro/elim rules*)
   7.530  lemma jump_cardinal_iff:
   7.531 -     "i : jump_cardinal(K) <->
   7.532 -      (EX r X. r <= K*K & X <= K & well_ord(X,r) & i = ordertype(X,r))"
   7.533 +     "i \<in> jump_cardinal(K) <->
   7.534 +      (\<exists>r X. r \<subseteq> K*K & X \<subseteq> K & well_ord(X,r) & i = ordertype(X,r))"
   7.535  apply (unfold jump_cardinal_def)
   7.536 -apply (blast del: subsetI) 
   7.537 +apply (blast del: subsetI)
   7.538  done
   7.539  
   7.540  (*The easy part of Theorem 10.16: jump_cardinal(K) exceeds K*)
   7.541 @@ -715,7 +715,7 @@
   7.542  apply (rule Ord_jump_cardinal [THEN [2] ltI])
   7.543  apply (rule jump_cardinal_iff [THEN iffD2])
   7.544  apply (rule_tac x="Memrel(K)" in exI)
   7.545 -apply (rule_tac x=K in exI)  
   7.546 +apply (rule_tac x=K in exI)
   7.547  apply (simp add: ordertype_Memrel well_ord_Memrel)
   7.548  apply (simp add: Memrel_def subset_iff)
   7.549  done
   7.550 @@ -723,10 +723,10 @@
   7.551  (*The proof by contradiction: the bijection f yields a wellordering of X
   7.552    whose ordertype is jump_cardinal(K).  *)
   7.553  lemma Card_jump_cardinal_lemma:
   7.554 -     "[| well_ord(X,r);  r <= K * K;  X <= K;
   7.555 -         f : bij(ordertype(X,r), jump_cardinal(K)) |]
   7.556 -      ==> jump_cardinal(K) : jump_cardinal(K)"
   7.557 -apply (subgoal_tac "f O ordermap (X,r) : bij (X, jump_cardinal (K))")
   7.558 +     "[| well_ord(X,r);  r \<subseteq> K * K;  X \<subseteq> K;
   7.559 +         f \<in> bij(ordertype(X,r), jump_cardinal(K)) |]
   7.560 +      ==> jump_cardinal(K) \<in> jump_cardinal(K)"
   7.561 +apply (subgoal_tac "f O ordermap (X,r) \<in> bij (X, jump_cardinal (K))")
   7.562   prefer 2 apply (blast intro: comp_bij ordermap_bij)
   7.563  apply (rule jump_cardinal_iff [THEN iffD2])
   7.564  apply (intro exI conjI)
   7.565 @@ -760,13 +760,13 @@
   7.566  lemma Ord_0_lt_csucc: "Ord(K) ==> 0 < csucc(K)"
   7.567  by (blast intro: Ord_0_le lt_csucc lt_trans1)
   7.568  
   7.569 -lemma csucc_le: "[| Card(L);  K<L |] ==> csucc(K) le L"
   7.570 +lemma csucc_le: "[| Card(L);  K<L |] ==> csucc(K) \<le> L"
   7.571  apply (unfold csucc_def)
   7.572  apply (rule Least_le)
   7.573  apply (blast intro: Card_is_Ord)+
   7.574  done
   7.575  
   7.576 -lemma lt_csucc_iff: "[| Ord(i); Card(K) |] ==> i < csucc(K) <-> |i| le K"
   7.577 +lemma lt_csucc_iff: "[| Ord(i); Card(K) |] ==> i < csucc(K) <-> |i| \<le> K"
   7.578  apply (rule iffI)
   7.579  apply (rule_tac [2] Card_lt_imp_lt)
   7.580  apply (erule_tac [2] lt_trans1)
   7.581 @@ -774,21 +774,21 @@
   7.582  apply (rule notI [THEN not_lt_imp_le])
   7.583  apply (rule Card_cardinal [THEN csucc_le, THEN lt_trans1, THEN lt_irrefl], assumption)
   7.584  apply (rule Ord_cardinal_le [THEN lt_trans1])
   7.585 -apply (simp_all add: Ord_cardinal Card_is_Ord) 
   7.586 +apply (simp_all add: Ord_cardinal Card_is_Ord)
   7.587  done
   7.588  
   7.589  lemma Card_lt_csucc_iff:
   7.590 -     "[| Card(K'); Card(K) |] ==> K' < csucc(K) <-> K' le K"
   7.591 +     "[| Card(K'); Card(K) |] ==> K' < csucc(K) <-> K' \<le> K"
   7.592  by (simp add: lt_csucc_iff Card_cardinal_eq Card_is_Ord)
   7.593  
   7.594  lemma InfCard_csucc: "InfCard(K) ==> InfCard(csucc(K))"
   7.595 -by (simp add: InfCard_def Card_csucc Card_is_Ord 
   7.596 +by (simp add: InfCard_def Card_csucc Card_is_Ord
   7.597                lt_csucc [THEN leI, THEN [2] le_trans])
   7.598  
   7.599  
   7.600  subsubsection{*Removing elements from a finite set decreases its cardinality*}
   7.601  
   7.602 -lemma Fin_imp_not_cons_lepoll: "A: Fin(U) ==> x~:A --> ~ cons(x,A) \<lesssim> A"
   7.603 +lemma Fin_imp_not_cons_lepoll: "A: Fin(U) ==> x\<notin>A \<longrightarrow> ~ cons(x,A) \<lesssim> A"
   7.604  apply (erule Fin_induct)
   7.605  apply (simp add: lepoll_0_iff)
   7.606  apply (subgoal_tac "cons (x,cons (xa,y)) = cons (xa,cons (x,y))")
   7.607 @@ -797,7 +797,7 @@
   7.608  done
   7.609  
   7.610  lemma Finite_imp_cardinal_cons [simp]:
   7.611 -     "[| Finite(A);  a~:A |] ==> |cons(a,A)| = succ(|A|)"
   7.612 +     "[| Finite(A);  a\<notin>A |] ==> |cons(a,A)| = succ(|A|)"
   7.613  apply (unfold cardinal_def)
   7.614  apply (rule Least_equality)
   7.615  apply (fold cardinal_def)
   7.616 @@ -827,29 +827,29 @@
   7.617  apply (simp add: Finite_imp_succ_cardinal_Diff)
   7.618  done
   7.619  
   7.620 -lemma Finite_cardinal_in_nat [simp]: "Finite(A) ==> |A| : nat"
   7.621 +lemma Finite_cardinal_in_nat [simp]: "Finite(A) ==> |A| \<in> nat"
   7.622  apply (erule Finite_induct)
   7.623  apply (auto simp add: cardinal_0 Finite_imp_cardinal_cons)
   7.624  done
   7.625  
   7.626  lemma card_Un_Int:
   7.627 -     "[|Finite(A); Finite(B)|] ==> |A| #+ |B| = |A Un B| #+ |A Int B|"
   7.628 -apply (erule Finite_induct, simp) 
   7.629 +     "[|Finite(A); Finite(B)|] ==> |A| #+ |B| = |A \<union> B| #+ |A \<inter> B|"
   7.630 +apply (erule Finite_induct, simp)
   7.631  apply (simp add: Finite_Int cons_absorb Un_cons Int_cons_left)
   7.632  done
   7.633  
   7.634 -lemma card_Un_disjoint: 
   7.635 -     "[|Finite(A); Finite(B); A Int B = 0|] ==> |A Un B| = |A| #+ |B|" 
   7.636 +lemma card_Un_disjoint:
   7.637 +     "[|Finite(A); Finite(B); A \<inter> B = 0|] ==> |A \<union> B| = |A| #+ |B|"
   7.638  by (simp add: Finite_Un card_Un_Int)
   7.639  
   7.640  lemma card_partition [rule_format]:
   7.641 -     "Finite(C) ==>  
   7.642 -        Finite (\<Union> C) -->  
   7.643 -        (\<forall>c\<in>C. |c| = k) -->   
   7.644 -        (\<forall>c1 \<in> C. \<forall>c2 \<in> C. c1 \<noteq> c2 --> c1 \<inter> c2 = 0) -->  
   7.645 +     "Finite(C) ==>
   7.646 +        Finite (\<Union> C) \<longrightarrow>
   7.647 +        (\<forall>c\<in>C. |c| = k) \<longrightarrow>
   7.648 +        (\<forall>c1 \<in> C. \<forall>c2 \<in> C. c1 \<noteq> c2 \<longrightarrow> c1 \<inter> c2 = 0) \<longrightarrow>
   7.649          k #* |C| = |\<Union> C|"
   7.650  apply (erule Finite_induct, auto)
   7.651 -apply (subgoal_tac " x \<inter> \<Union>B = 0")  
   7.652 +apply (subgoal_tac " x \<inter> \<Union>B = 0")
   7.653  apply (auto simp add: card_Un_disjoint Finite_Union
   7.654         subset_Finite [of _ "\<Union> (cons(x,F))"])
   7.655  done
   7.656 @@ -866,12 +866,12 @@
   7.657  apply (simp add: nat_cadd_eq_add [symmetric] cadd_def eqpoll_refl)
   7.658  done
   7.659  
   7.660 -lemma Ord_subset_natD [rule_format]: "Ord(i) ==> i <= nat --> i : nat | i=nat"
   7.661 +lemma Ord_subset_natD [rule_format]: "Ord(i) ==> i \<subseteq> nat \<longrightarrow> i \<in> nat | i=nat"
   7.662  apply (erule trans_induct3, auto)
   7.663  apply (blast dest!: nat_le_Limit [THEN le_imp_subset])
   7.664  done
   7.665  
   7.666 -lemma Ord_nat_subset_into_Card: "[| Ord(i); i <= nat |] ==> Card(i)"
   7.667 +lemma Ord_nat_subset_into_Card: "[| Ord(i); i \<subseteq> nat |] ==> Card(i)"
   7.668  by (blast dest: Ord_subset_natD intro: Card_nat nat_into_Card)
   7.669  
   7.670  lemma Finite_Diff_sing_eq_diff_1: "[| Finite(A); x:A |] ==> |A-{x}| = |A| #- 1"
   7.671 @@ -889,7 +889,7 @@
   7.672  done
   7.673  
   7.674  lemma cardinal_lt_imp_Diff_not_0 [rule_format]:
   7.675 -     "Finite(B) ==> ALL A. |B|<|A| --> A - B ~= 0"
   7.676 +     "Finite(B) ==> \<forall>A. |B|<|A| \<longrightarrow> A - B \<noteq> 0"
   7.677  apply (erule Finite_induct, auto)
   7.678  apply (case_tac "Finite (A)")
   7.679   apply (subgoal_tac [2] "Finite (cons (x, B))")
   7.680 @@ -900,100 +900,13 @@
   7.681  apply (case_tac "x:A")
   7.682   apply (subgoal_tac [2] "A - cons (x, B) = A - B")
   7.683    apply auto
   7.684 -apply (subgoal_tac "|A| le |cons (x, B) |")
   7.685 +apply (subgoal_tac "|A| \<le> |cons (x, B) |")
   7.686   prefer 2
   7.687 - apply (blast dest: Finite_cons [THEN Finite_imp_well_ord] 
   7.688 + apply (blast dest: Finite_cons [THEN Finite_imp_well_ord]
   7.689                intro: well_ord_lepoll_imp_Card_le subset_imp_lepoll)
   7.690  apply (auto simp add: Finite_imp_cardinal_cons)
   7.691  apply (auto dest!: Finite_cardinal_in_nat simp add: le_iff)
   7.692  apply (blast intro: lt_trans)
   7.693  done
   7.694  
   7.695 -
   7.696 -ML{*
   7.697 -val InfCard_def = @{thm InfCard_def};
   7.698 -val cmult_def = @{thm cmult_def};
   7.699 -val cadd_def = @{thm cadd_def};
   7.700 -val jump_cardinal_def = @{thm jump_cardinal_def};
   7.701 -val csucc_def = @{thm csucc_def};
   7.702 -
   7.703 -val sum_commute_eqpoll = @{thm sum_commute_eqpoll};
   7.704 -val cadd_commute = @{thm cadd_commute};
   7.705 -val sum_assoc_eqpoll = @{thm sum_assoc_eqpoll};
   7.706 -val well_ord_cadd_assoc = @{thm well_ord_cadd_assoc};
   7.707 -val sum_0_eqpoll = @{thm sum_0_eqpoll};
   7.708 -val cadd_0 = @{thm cadd_0};
   7.709 -val sum_lepoll_self = @{thm sum_lepoll_self};
   7.710 -val cadd_le_self = @{thm cadd_le_self};
   7.711 -val sum_lepoll_mono = @{thm sum_lepoll_mono};
   7.712 -val cadd_le_mono = @{thm cadd_le_mono};
   7.713 -val eq_imp_not_mem = @{thm eq_imp_not_mem};
   7.714 -val sum_succ_eqpoll = @{thm sum_succ_eqpoll};
   7.715 -val nat_cadd_eq_add = @{thm nat_cadd_eq_add};
   7.716 -val prod_commute_eqpoll = @{thm prod_commute_eqpoll};
   7.717 -val cmult_commute = @{thm cmult_commute};
   7.718 -val prod_assoc_eqpoll = @{thm prod_assoc_eqpoll};
   7.719 -val well_ord_cmult_assoc = @{thm well_ord_cmult_assoc};
   7.720 -val sum_prod_distrib_eqpoll = @{thm sum_prod_distrib_eqpoll};
   7.721 -val well_ord_cadd_cmult_distrib = @{thm well_ord_cadd_cmult_distrib};
   7.722 -val prod_0_eqpoll = @{thm prod_0_eqpoll};
   7.723 -val cmult_0 = @{thm cmult_0};
   7.724 -val prod_singleton_eqpoll = @{thm prod_singleton_eqpoll};
   7.725 -val cmult_1 = @{thm cmult_1};
   7.726 -val prod_lepoll_self = @{thm prod_lepoll_self};
   7.727 -val cmult_le_self = @{thm cmult_le_self};
   7.728 -val prod_lepoll_mono = @{thm prod_lepoll_mono};
   7.729 -val cmult_le_mono = @{thm cmult_le_mono};
   7.730 -val prod_succ_eqpoll = @{thm prod_succ_eqpoll};
   7.731 -val nat_cmult_eq_mult = @{thm nat_cmult_eq_mult};
   7.732 -val cmult_2 = @{thm cmult_2};
   7.733 -val sum_lepoll_prod = @{thm sum_lepoll_prod};
   7.734 -val lepoll_imp_sum_lepoll_prod = @{thm lepoll_imp_sum_lepoll_prod};
   7.735 -val nat_cons_lepoll = @{thm nat_cons_lepoll};
   7.736 -val nat_cons_eqpoll = @{thm nat_cons_eqpoll};
   7.737 -val nat_succ_eqpoll = @{thm nat_succ_eqpoll};
   7.738 -val InfCard_nat = @{thm InfCard_nat};
   7.739 -val InfCard_is_Card = @{thm InfCard_is_Card};
   7.740 -val InfCard_Un = @{thm InfCard_Un};
   7.741 -val InfCard_is_Limit = @{thm InfCard_is_Limit};
   7.742 -val ordermap_eqpoll_pred = @{thm ordermap_eqpoll_pred};
   7.743 -val ordermap_z_lt = @{thm ordermap_z_lt};
   7.744 -val InfCard_le_cmult_eq = @{thm InfCard_le_cmult_eq};
   7.745 -val InfCard_cmult_eq = @{thm InfCard_cmult_eq};
   7.746 -val InfCard_cdouble_eq = @{thm InfCard_cdouble_eq};
   7.747 -val InfCard_le_cadd_eq = @{thm InfCard_le_cadd_eq};
   7.748 -val InfCard_cadd_eq = @{thm InfCard_cadd_eq};
   7.749 -val Ord_jump_cardinal = @{thm Ord_jump_cardinal};
   7.750 -val jump_cardinal_iff = @{thm jump_cardinal_iff};
   7.751 -val K_lt_jump_cardinal = @{thm K_lt_jump_cardinal};
   7.752 -val Card_jump_cardinal = @{thm Card_jump_cardinal};
   7.753 -val csucc_basic = @{thm csucc_basic};
   7.754 -val Card_csucc = @{thm Card_csucc};
   7.755 -val lt_csucc = @{thm lt_csucc};
   7.756 -val Ord_0_lt_csucc = @{thm Ord_0_lt_csucc};
   7.757 -val csucc_le = @{thm csucc_le};
   7.758 -val lt_csucc_iff = @{thm lt_csucc_iff};
   7.759 -val Card_lt_csucc_iff = @{thm Card_lt_csucc_iff};
   7.760 -val InfCard_csucc = @{thm InfCard_csucc};
   7.761 -val Finite_into_Fin = @{thm Finite_into_Fin};
   7.762 -val Fin_into_Finite = @{thm Fin_into_Finite};
   7.763 -val Finite_Fin_iff = @{thm Finite_Fin_iff};
   7.764 -val Finite_Un = @{thm Finite_Un};
   7.765 -val Finite_Union = @{thm Finite_Union};
   7.766 -val Finite_induct = @{thm Finite_induct};
   7.767 -val Fin_imp_not_cons_lepoll = @{thm Fin_imp_not_cons_lepoll};
   7.768 -val Finite_imp_cardinal_cons = @{thm Finite_imp_cardinal_cons};
   7.769 -val Finite_imp_succ_cardinal_Diff = @{thm Finite_imp_succ_cardinal_Diff};
   7.770 -val Finite_imp_cardinal_Diff = @{thm Finite_imp_cardinal_Diff};
   7.771 -val nat_implies_well_ord = @{thm nat_implies_well_ord};
   7.772 -val nat_sum_eqpoll_sum = @{thm nat_sum_eqpoll_sum};
   7.773 -val Diff_sing_Finite = @{thm Diff_sing_Finite};
   7.774 -val Diff_Finite = @{thm Diff_Finite};
   7.775 -val Ord_subset_natD = @{thm Ord_subset_natD};
   7.776 -val Ord_nat_subset_into_Card = @{thm Ord_nat_subset_into_Card};
   7.777 -val Finite_cardinal_in_nat = @{thm Finite_cardinal_in_nat};
   7.778 -val Finite_Diff_sing_eq_diff_1 = @{thm Finite_Diff_sing_eq_diff_1};
   7.779 -val cardinal_lt_imp_Diff_not_0 = @{thm cardinal_lt_imp_Diff_not_0};
   7.780 -*}
   7.781 -
   7.782  end
     8.1 --- a/src/ZF/Cardinal_AC.thy	Sun Mar 04 23:20:43 2012 +0100
     8.2 +++ b/src/ZF/Cardinal_AC.thy	Tue Mar 06 15:15:49 2012 +0000
     8.3 @@ -29,11 +29,11 @@
     8.4  by (blast intro: cardinal_cong cardinal_eqE)
     8.5  
     8.6  lemma cardinal_disjoint_Un:
     8.7 -     "[| |A|=|B|;  |C|=|D|;  A Int C = 0;  B Int D = 0 |] 
     8.8 -      ==> |A Un C| = |B Un D|"
     8.9 +     "[| |A|=|B|;  |C|=|D|;  A \<inter> C = 0;  B \<inter> D = 0 |]
    8.10 +      ==> |A \<union> C| = |B \<union> D|"
    8.11  by (simp add: cardinal_eqpoll_iff eqpoll_disjoint_Un)
    8.12  
    8.13 -lemma lepoll_imp_Card_le: "A lepoll B ==> |A| le |B|"
    8.14 +lemma lepoll_imp_Card_le: "A lepoll B ==> |A| \<le> |B|"
    8.15  apply (rule AC_well_ord [THEN exE])
    8.16  apply (erule well_ord_lepoll_imp_Card_le, assumption)
    8.17  done
    8.18 @@ -67,21 +67,21 @@
    8.19  
    8.20  subsection {*The relationship between cardinality and le-pollence*}
    8.21  
    8.22 -lemma Card_le_imp_lepoll: "|A| le |B| ==> A lepoll B"
    8.23 +lemma Card_le_imp_lepoll: "|A| \<le> |B| ==> A lepoll B"
    8.24  apply (rule cardinal_eqpoll
    8.25                [THEN eqpoll_sym, THEN eqpoll_imp_lepoll, THEN lepoll_trans])
    8.26  apply (erule le_imp_subset [THEN subset_imp_lepoll, THEN lepoll_trans])
    8.27  apply (rule cardinal_eqpoll [THEN eqpoll_imp_lepoll])
    8.28  done
    8.29  
    8.30 -lemma le_Card_iff: "Card(K) ==> |A| le K <-> A lepoll K"
    8.31 -apply (erule Card_cardinal_eq [THEN subst], rule iffI, 
    8.32 +lemma le_Card_iff: "Card(K) ==> |A| \<le> K <-> A lepoll K"
    8.33 +apply (erule Card_cardinal_eq [THEN subst], rule iffI,
    8.34         erule Card_le_imp_lepoll)
    8.35 -apply (erule lepoll_imp_Card_le) 
    8.36 +apply (erule lepoll_imp_Card_le)
    8.37  done
    8.38  
    8.39  lemma cardinal_0_iff_0 [simp]: "|A| = 0 <-> A = 0";
    8.40 -apply auto 
    8.41 +apply auto
    8.42  apply (drule cardinal_0 [THEN ssubst])
    8.43  apply (blast intro: eqpoll_0_iff [THEN iffD1] cardinal_eqpoll_iff [THEN iffD1])
    8.44  done
    8.45 @@ -90,7 +90,7 @@
    8.46  apply (cut_tac A = "A" in cardinal_eqpoll)
    8.47  apply (auto simp add: eqpoll_iff)
    8.48  apply (blast intro: lesspoll_trans2 lt_Card_imp_lesspoll Card_cardinal)
    8.49 -apply (force intro: cardinal_lt_imp_lt lesspoll_cardinal_lt lesspoll_trans2 
    8.50 +apply (force intro: cardinal_lt_imp_lt lesspoll_cardinal_lt lesspoll_trans2
    8.51               simp add: cardinal_idem)
    8.52  done
    8.53  
    8.54 @@ -101,17 +101,17 @@
    8.55  
    8.56  subsection{*Other Applications of AC*}
    8.57  
    8.58 -lemma surj_implies_inj: "f: surj(X,Y) ==> EX g. g: inj(Y,X)"
    8.59 +lemma surj_implies_inj: "f: surj(X,Y) ==> \<exists>g. g: inj(Y,X)"
    8.60  apply (unfold surj_def)
    8.61  apply (erule CollectE)
    8.62  apply (rule_tac A1 = Y and B1 = "%y. f-``{y}" in AC_Pi [THEN exE])
    8.63  apply (fast elim!: apply_Pair)
    8.64 -apply (blast dest: apply_type Pi_memberD 
    8.65 +apply (blast dest: apply_type Pi_memberD
    8.66               intro: apply_equality Pi_type f_imp_injective)
    8.67  done
    8.68  
    8.69  (*Kunen's Lemma 10.20*)
    8.70 -lemma surj_implies_cardinal_le: "f: surj(X,Y) ==> |Y| le |X|"
    8.71 +lemma surj_implies_cardinal_le: "f: surj(X,Y) ==> |Y| \<le> |X|"
    8.72  apply (rule lepoll_imp_Card_le)
    8.73  apply (erule surj_implies_inj [THEN exE])
    8.74  apply (unfold lepoll_def)
    8.75 @@ -120,7 +120,7 @@
    8.76  
    8.77  (*Kunen's Lemma 10.21*)
    8.78  lemma cardinal_UN_le:
    8.79 -     "[| InfCard(K);  ALL i:K. |X(i)| le K |] ==> |\<Union>i\<in>K. X(i)| le K"
    8.80 +     "[| InfCard(K);  \<forall>i\<in>K. |X(i)| \<le> K |] ==> |\<Union>i\<in>K. X(i)| \<le> K"
    8.81  apply (simp add: InfCard_is_Card le_Card_iff)
    8.82  apply (rule lepoll_trans)
    8.83   prefer 2
    8.84 @@ -131,12 +131,12 @@
    8.85  apply (erule AC_ball_Pi [THEN exE])
    8.86  apply (rule exI)
    8.87  (*Lemma needed in both subgoals, for a fixed z*)
    8.88 -apply (subgoal_tac "ALL z: (\<Union>i\<in>K. X (i)). z: X (LEAST i. z:X (i)) & 
    8.89 -                    (LEAST i. z:X (i)) : K")
    8.90 +apply (subgoal_tac "\<forall>z\<in>(\<Union>i\<in>K. X (i)). z: X (LEAST i. z:X (i)) &
    8.91 +                    (LEAST i. z:X (i)) \<in> K")
    8.92   prefer 2
    8.93   apply (fast intro!: Least_le [THEN lt_trans1, THEN ltD] ltI
    8.94               elim!: LeastI Ord_in_Ord)
    8.95 -apply (rule_tac c = "%z. <LEAST i. z:X (i), f ` (LEAST i. z:X (i)) ` z>" 
    8.96 +apply (rule_tac c = "%z. <LEAST i. z:X (i), f ` (LEAST i. z:X (i)) ` z>"
    8.97              and d = "%<i,j>. converse (f`i) ` j" in lam_injective)
    8.98  (*Instantiate the lemma proved above*)
    8.99  by (blast intro: inj_is_fun [THEN apply_type] dest: apply_type, force)
   8.100 @@ -144,14 +144,14 @@
   8.101  
   8.102  (*The same again, using csucc*)
   8.103  lemma cardinal_UN_lt_csucc:
   8.104 -     "[| InfCard(K);  ALL i:K. |X(i)| < csucc(K) |]
   8.105 +     "[| InfCard(K);  \<forall>i\<in>K. |X(i)| < csucc(K) |]
   8.106        ==> |\<Union>i\<in>K. X(i)| < csucc(K)"
   8.107  by (simp add: Card_lt_csucc_iff cardinal_UN_le InfCard_is_Card Card_cardinal)
   8.108  
   8.109  (*The same again, for a union of ordinals.  In use, j(i) is a bit like rank(i),
   8.110    the least ordinal j such that i:Vfrom(A,j). *)
   8.111  lemma cardinal_UN_Ord_lt_csucc:
   8.112 -     "[| InfCard(K);  ALL i:K. j(i) < csucc(K) |]
   8.113 +     "[| InfCard(K);  \<forall>i\<in>K. j(i) < csucc(K) |]
   8.114        ==> (\<Union>i\<in>K. j(i)) < csucc(K)"
   8.115  apply (rule cardinal_UN_lt_csucc [THEN Card_lt_imp_lt], assumption)
   8.116  apply (blast intro: Ord_cardinal_le [THEN lt_trans1] elim: ltE)
   8.117 @@ -164,10 +164,10 @@
   8.118      set need not be a cardinal.  Surprisingly complicated proof!
   8.119  **)
   8.120  
   8.121 -(*Work backwards along the injection from W into K, given that W~=0.*)
   8.122 +(*Work backwards along the injection from W into K, given that @{term"W\<noteq>0"}.*)
   8.123  lemma inj_UN_subset:
   8.124 -     "[| f: inj(A,B);  a:A |] ==>            
   8.125 -      (\<Union>x\<in>A. C(x)) <= (\<Union>y\<in>B. C(if y: range(f) then converse(f)`y else a))"
   8.126 +     "[| f: inj(A,B);  a:A |] ==>
   8.127 +      (\<Union>x\<in>A. C(x)) \<subseteq> (\<Union>y\<in>B. C(if y: range(f) then converse(f)`y else a))"
   8.128  apply (rule UN_least)
   8.129  apply (rule_tac x1= "f`x" in subset_trans [OF _ UN_upper])
   8.130   apply (simp add: inj_is_fun [THEN apply_rangeI])
   8.131 @@ -177,15 +177,15 @@
   8.132  (*Simpler to require |W|=K; we'd have a bijection; but the theorem would
   8.133    be weaker.*)
   8.134  lemma le_UN_Ord_lt_csucc:
   8.135 -     "[| InfCard(K);  |W| le K;  ALL w:W. j(w) < csucc(K) |]
   8.136 +     "[| InfCard(K);  |W| \<le> K;  \<forall>w\<in>W. j(w) < csucc(K) |]
   8.137        ==> (\<Union>w\<in>W. j(w)) < csucc(K)"
   8.138  apply (case_tac "W=0")
   8.139  (*solve the easy 0 case*)
   8.140 - apply (simp add: InfCard_is_Card Card_is_Ord [THEN Card_csucc] 
   8.141 + apply (simp add: InfCard_is_Card Card_is_Ord [THEN Card_csucc]
   8.142                    Card_is_Ord Ord_0_lt_csucc)
   8.143  apply (simp add: InfCard_is_Card le_Card_iff lepoll_def)
   8.144  apply (safe intro!: equalityI)
   8.145 -apply (erule swap) 
   8.146 +apply (erule swap)
   8.147  apply (rule lt_subset_trans [OF inj_UN_subset cardinal_UN_Ord_lt_csucc], assumption+)
   8.148   apply (simp add: inj_converse_fun [THEN apply_type])
   8.149  apply (blast intro!: Ord_UN elim: ltE)
     9.1 --- a/src/ZF/Epsilon.thy	Sun Mar 04 23:20:43 2012 +0100
     9.2 +++ b/src/ZF/Epsilon.thy	Tue Mar 06 15:15:49 2012 +0000
     9.3 @@ -9,23 +9,23 @@
     9.4  
     9.5  definition
     9.6    eclose    :: "i=>i"  where
     9.7 -    "eclose(A) == \<Union>n\<in>nat. nat_rec(n, A, %m r. Union(r))"
     9.8 +    "eclose(A) == \<Union>n\<in>nat. nat_rec(n, A, %m r. \<Union>(r))"
     9.9  
    9.10  definition
    9.11    transrec  :: "[i, [i,i]=>i] =>i"  where
    9.12      "transrec(a,H) == wfrec(Memrel(eclose({a})), a, H)"
    9.13 - 
    9.14 +
    9.15  definition
    9.16    rank      :: "i=>i"  where
    9.17      "rank(a) == transrec(a, %x f. \<Union>y\<in>x. succ(f`y))"
    9.18  
    9.19  definition
    9.20    transrec2 :: "[i, i, [i,i]=>i] =>i"  where
    9.21 -    "transrec2(k, a, b) ==                     
    9.22 -       transrec(k, 
    9.23 -                %i r. if(i=0, a, 
    9.24 -                        if(EX j. i=succ(j),        
    9.25 -                           b(THE j. i=succ(j), r`(THE j. i=succ(j))),   
    9.26 +    "transrec2(k, a, b) ==
    9.27 +       transrec(k,
    9.28 +                %i r. if(i=0, a,
    9.29 +                        if(\<exists>j. i=succ(j),
    9.30 +                           b(THE j. i=succ(j), r`(THE j. i=succ(j))),
    9.31                             \<Union>j<i. r`j)))"
    9.32  
    9.33  definition
    9.34 @@ -39,7 +39,7 @@
    9.35  
    9.36  subsection{*Basic Closure Properties*}
    9.37  
    9.38 -lemma arg_subset_eclose: "A <= eclose(A)"
    9.39 +lemma arg_subset_eclose: "A \<subseteq> eclose(A)"
    9.40  apply (unfold eclose_def)
    9.41  apply (rule nat_rec_0 [THEN equalityD2, THEN subset_trans])
    9.42  apply (rule nat_0I [THEN UN_upper])
    9.43 @@ -56,19 +56,19 @@
    9.44  apply (erule UnionI, assumption)
    9.45  done
    9.46  
    9.47 -(* x : eclose(A) ==> x <= eclose(A) *)
    9.48 -lemmas eclose_subset =  
    9.49 +(* @{term"x \<in> eclose(A) ==> x \<subseteq> eclose(A)"} *)
    9.50 +lemmas eclose_subset =
    9.51         Transset_eclose [unfolded Transset_def, THEN bspec]
    9.52  
    9.53 -(* [| A : eclose(B); c : A |] ==> c : eclose(B) *)
    9.54 +(* @{term"[| A \<in> eclose(B); c \<in> A |] ==> c \<in> eclose(B)"} *)
    9.55  lemmas ecloseD = eclose_subset [THEN subsetD]
    9.56  
    9.57  lemmas arg_in_eclose_sing = arg_subset_eclose [THEN singleton_subsetD]
    9.58  lemmas arg_into_eclose_sing = arg_in_eclose_sing [THEN ecloseD]
    9.59  
    9.60  (* This is epsilon-induction for eclose(A); see also eclose_induct_down...
    9.61 -   [| a: eclose(A);  !!x. [| x: eclose(A); ALL y:x. P(y) |] ==> P(x) 
    9.62 -   |] ==> P(a) 
    9.63 +   [| a: eclose(A);  !!x. [| x: eclose(A); \<forall>y\<in>x. P(y) |] ==> P(x)
    9.64 +   |] ==> P(a)
    9.65  *)
    9.66  lemmas eclose_induct =
    9.67       Transset_induct [OF _ Transset_eclose, induct set: eclose]
    9.68 @@ -76,37 +76,37 @@
    9.69  
    9.70  (*Epsilon induction*)
    9.71  lemma eps_induct:
    9.72 -    "[| !!x. ALL y:x. P(y) ==> P(x) |]  ==>  P(a)"
    9.73 -by (rule arg_in_eclose_sing [THEN eclose_induct], blast) 
    9.74 +    "[| !!x. \<forall>y\<in>x. P(y) ==> P(x) |]  ==>  P(a)"
    9.75 +by (rule arg_in_eclose_sing [THEN eclose_induct], blast)
    9.76  
    9.77  
    9.78  subsection{*Leastness of @{term eclose}*}
    9.79  
    9.80  (** eclose(A) is the least transitive set including A as a subset. **)
    9.81  
    9.82 -lemma eclose_least_lemma: 
    9.83 -    "[| Transset(X);  A<=X;  n: nat |] ==> nat_rec(n, A, %m r. Union(r)) <= X"
    9.84 +lemma eclose_least_lemma:
    9.85 +    "[| Transset(X);  A<=X;  n: nat |] ==> nat_rec(n, A, %m r. \<Union>(r)) \<subseteq> X"
    9.86  apply (unfold Transset_def)
    9.87 -apply (erule nat_induct) 
    9.88 +apply (erule nat_induct)
    9.89  apply (simp add: nat_rec_0)
    9.90  apply (simp add: nat_rec_succ, blast)
    9.91  done
    9.92  
    9.93 -lemma eclose_least: 
    9.94 -     "[| Transset(X);  A<=X |] ==> eclose(A) <= X"
    9.95 +lemma eclose_least:
    9.96 +     "[| Transset(X);  A<=X |] ==> eclose(A) \<subseteq> X"
    9.97  apply (unfold eclose_def)
    9.98  apply (rule eclose_least_lemma [THEN UN_least], assumption+)
    9.99  done
   9.100  
   9.101  (*COMPLETELY DIFFERENT induction principle from eclose_induct!!*)
   9.102  lemma eclose_induct_down [consumes 1]:
   9.103 -    "[| a: eclose(b);                                            
   9.104 -        !!y.   [| y: b |] ==> P(y);                              
   9.105 -        !!y z. [| y: eclose(b);  P(y);  z: y |] ==> P(z)         
   9.106 +    "[| a: eclose(b);
   9.107 +        !!y.   [| y: b |] ==> P(y);
   9.108 +        !!y z. [| y: eclose(b);  P(y);  z: y |] ==> P(z)
   9.109       |] ==> P(a)"
   9.110  apply (rule eclose_least [THEN subsetD, THEN CollectD2, of "eclose(b)"])
   9.111    prefer 3 apply assumption
   9.112 - apply (unfold Transset_def) 
   9.113 + apply (unfold Transset_def)
   9.114   apply (blast intro: ecloseD)
   9.115  apply (blast intro: arg_subset_eclose [THEN subsetD])
   9.116  done
   9.117 @@ -117,10 +117,10 @@
   9.118  done
   9.119  
   9.120  text{*A transitive set either is empty or contains the empty set.*}
   9.121 -lemma Transset_0_lemma [rule_format]: "Transset(A) ==> x\<in>A --> 0\<in>A";
   9.122 -apply (simp add: Transset_def) 
   9.123 -apply (rule_tac a=x in eps_induct, clarify) 
   9.124 -apply (drule bspec, assumption) 
   9.125 +lemma Transset_0_lemma [rule_format]: "Transset(A) ==> x\<in>A \<longrightarrow> 0\<in>A";
   9.126 +apply (simp add: Transset_def)
   9.127 +apply (rule_tac a=x in eps_induct, clarify)
   9.128 +apply (drule bspec, assumption)
   9.129  apply (case_tac "x=0", auto)
   9.130  done
   9.131  
   9.132 @@ -132,28 +132,28 @@
   9.133  
   9.134  (*Unused...*)
   9.135  lemma mem_eclose_trans: "[| A: eclose(B);  B: eclose(C) |] ==> A: eclose(C)"
   9.136 -by (rule eclose_least [OF Transset_eclose eclose_subset, THEN subsetD], 
   9.137 +by (rule eclose_least [OF Transset_eclose eclose_subset, THEN subsetD],
   9.138      assumption+)
   9.139  
   9.140  (*Variant of the previous lemma in a useable form for the sequel*)
   9.141  lemma mem_eclose_sing_trans:
   9.142       "[| A: eclose({B});  B: eclose({C}) |] ==> A: eclose({C})"
   9.143 -by (rule eclose_least [OF Transset_eclose singleton_subsetI, THEN subsetD], 
   9.144 +by (rule eclose_least [OF Transset_eclose singleton_subsetI, THEN subsetD],
   9.145      assumption+)
   9.146  
   9.147  lemma under_Memrel: "[| Transset(i);  j:i |] ==> Memrel(i)-``{j} = j"
   9.148  by (unfold Transset_def, blast)
   9.149  
   9.150  lemma lt_Memrel: "j < i ==> Memrel(i) -`` {j} = j"
   9.151 -by (simp add: lt_def Ord_def under_Memrel) 
   9.152 +by (simp add: lt_def Ord_def under_Memrel)
   9.153  
   9.154 -(* j : eclose(A) ==> Memrel(eclose(A)) -`` j = j *)
   9.155 +(* @{term"j \<in> eclose(A) ==> Memrel(eclose(A)) -`` j = j"} *)
   9.156  lemmas under_Memrel_eclose = Transset_eclose [THEN under_Memrel]
   9.157  
   9.158  lemmas wfrec_ssubst = wf_Memrel [THEN wfrec, THEN ssubst]
   9.159  
   9.160  lemma wfrec_eclose_eq:
   9.161 -    "[| k:eclose({j});  j:eclose({i}) |] ==>  
   9.162 +    "[| k:eclose({j});  j:eclose({i}) |] ==>
   9.163       wfrec(Memrel(eclose({i})), k, H) = wfrec(Memrel(eclose({j})), k, H)"
   9.164  apply (erule eclose_induct)
   9.165  apply (rule wfrec_ssubst)
   9.166 @@ -161,13 +161,13 @@
   9.167  apply (simp add: under_Memrel_eclose mem_eclose_sing_trans [of _ j i])
   9.168  done
   9.169  
   9.170 -lemma wfrec_eclose_eq2: 
   9.171 +lemma wfrec_eclose_eq2:
   9.172      "k: i ==> wfrec(Memrel(eclose({i})),k,H) = wfrec(Memrel(eclose({k})),k,H)"
   9.173  apply (rule arg_in_eclose_sing [THEN wfrec_eclose_eq])
   9.174  apply (erule arg_into_eclose_sing)
   9.175  done
   9.176  
   9.177 -lemma transrec: "transrec(a,H) = H(a, lam x:a. transrec(x,H))"
   9.178 +lemma transrec: "transrec(a,H) = H(a, \<lambda>x\<in>a. transrec(x,H))"
   9.179  apply (unfold transrec_def)
   9.180  apply (rule wfrec_ssubst)
   9.181  apply (simp add: wfrec_eclose_eq2 arg_in_eclose_sing under_Memrel_eclose)
   9.182 @@ -175,44 +175,44 @@
   9.183  
   9.184  (*Avoids explosions in proofs; resolve it with a meta-level definition.*)
   9.185  lemma def_transrec:
   9.186 -    "[| !!x. f(x)==transrec(x,H) |] ==> f(a) = H(a, lam x:a. f(x))"
   9.187 +    "[| !!x. f(x)==transrec(x,H) |] ==> f(a) = H(a, \<lambda>x\<in>a. f(x))"
   9.188  apply simp
   9.189  apply (rule transrec)
   9.190  done
   9.191  
   9.192  lemma transrec_type:
   9.193 -    "[| !!x u. [| x:eclose({a});  u: Pi(x,B) |] ==> H(x,u) : B(x) |]
   9.194 -     ==> transrec(a,H) : B(a)"
   9.195 +    "[| !!x u. [| x:eclose({a});  u: Pi(x,B) |] ==> H(x,u) \<in> B(x) |]
   9.196 +     ==> transrec(a,H) \<in> B(a)"
   9.197  apply (rule_tac i = a in arg_in_eclose_sing [THEN eclose_induct])
   9.198  apply (subst transrec)
   9.199 -apply (simp add: lam_type) 
   9.200 +apply (simp add: lam_type)
   9.201  done
   9.202  
   9.203 -lemma eclose_sing_Ord: "Ord(i) ==> eclose({i}) <= succ(i)"
   9.204 +lemma eclose_sing_Ord: "Ord(i) ==> eclose({i}) \<subseteq> succ(i)"
   9.205  apply (erule Ord_is_Transset [THEN Transset_succ, THEN eclose_least])
   9.206  apply (rule succI1 [THEN singleton_subsetI])
   9.207  done
   9.208  
   9.209 -lemma succ_subset_eclose_sing: "succ(i) <= eclose({i})"
   9.210 -apply (insert arg_subset_eclose [of "{i}"], simp) 
   9.211 -apply (frule eclose_subset, blast) 
   9.212 +lemma succ_subset_eclose_sing: "succ(i) \<subseteq> eclose({i})"
   9.213 +apply (insert arg_subset_eclose [of "{i}"], simp)
   9.214 +apply (frule eclose_subset, blast)
   9.215  done
   9.216  
   9.217  lemma eclose_sing_Ord_eq: "Ord(i) ==> eclose({i}) = succ(i)"
   9.218  apply (rule equalityI)
   9.219 -apply (erule eclose_sing_Ord)  
   9.220 -apply (rule succ_subset_eclose_sing) 
   9.221 +apply (erule eclose_sing_Ord)
   9.222 +apply (rule succ_subset_eclose_sing)
   9.223  done
   9.224  
   9.225  lemma Ord_transrec_type:
   9.226    assumes jini: "j: i"
   9.227        and ordi: "Ord(i)"
   9.228 -      and minor: " !!x u. [| x: i;  u: Pi(x,B) |] ==> H(x,u) : B(x)"
   9.229 -  shows "transrec(j,H) : B(j)"
   9.230 +      and minor: " !!x u. [| x: i;  u: Pi(x,B) |] ==> H(x,u) \<in> B(x)"
   9.231 +  shows "transrec(j,H) \<in> B(j)"
   9.232  apply (rule transrec_type)
   9.233  apply (insert jini ordi)
   9.234  apply (blast intro!: minor
   9.235 -             intro: Ord_trans 
   9.236 +             intro: Ord_trans
   9.237               dest: Ord_in_Ord [THEN eclose_sing_Ord, THEN subsetD])
   9.238  done
   9.239  
   9.240 @@ -223,7 +223,7 @@
   9.241  by (subst rank_def [THEN def_transrec], simp)
   9.242  
   9.243  lemma Ord_rank [simp]: "Ord(rank(a))"
   9.244 -apply (rule_tac a=a in eps_induct) 
   9.245 +apply (rule_tac a=a in eps_induct)
   9.246  apply (subst rank)
   9.247  apply (rule Ord_succ [THEN Ord_UN])
   9.248  apply (erule bspec, assumption)
   9.249 @@ -247,9 +247,9 @@
   9.250  apply (erule rank_lt [THEN lt_trans], assumption)
   9.251  done
   9.252  
   9.253 -lemma rank_mono: "a<=b ==> rank(a) le rank(b)"
   9.254 +lemma rank_mono: "a<=b ==> rank(a) \<le> rank(b)"
   9.255  apply (rule subset_imp_le)
   9.256 -apply (auto simp add: rank [of a] rank [of b]) 
   9.257 +apply (auto simp add: rank [of a] rank [of b])
   9.258  done
   9.259  
   9.260  lemma rank_Pow: "rank(Pow(a)) = succ(rank(a))"
   9.261 @@ -270,7 +270,7 @@
   9.262  apply (erule rank_lt [THEN leI, THEN succ_leI, THEN le_imp_subset])
   9.263  done
   9.264  
   9.265 -lemma rank_Union: "rank(Union(A)) = (\<Union>x\<in>A. rank(x))"
   9.266 +lemma rank_Union: "rank(\<Union>(A)) = (\<Union>x\<in>A. rank(x))"
   9.267  apply (rule equalityI)
   9.268  apply (rule_tac [2] rank_mono [THEN le_imp_subset, THEN UN_least])
   9.269  apply (erule_tac [2] Union_upper)
   9.270 @@ -308,13 +308,13 @@
   9.271       "P(a) ==> (THE x. P(x)) = (if (EX!x. P(x)) then a else 0)"
   9.272  by (simp add: the_0 the_equality2)
   9.273  
   9.274 -(*The first premise not only fixs i but ensures f~=0.
   9.275 -  The second premise is now essential.  Consider otherwise the relation 
   9.276 -  r = {<0,0>,<0,1>,<0,2>,...}.  Then f`0 = Union(f``{0}) = Union(nat) = nat,
   9.277 +(*The first premise not only fixs i but ensures @{term"f\<noteq>0"}.
   9.278 +  The second premise is now essential.  Consider otherwise the relation
   9.279 +  r = {<0,0>,<0,1>,<0,2>,...}.  Then f`0 = \<Union>(f``{0}) = \<Union>(nat) = nat,
   9.280    whose rank equals that of r.*)
   9.281 -lemma rank_apply: "[|i : domain(f); function(f)|] ==> rank(f`i) < rank(f)"
   9.282 -apply clarify  
   9.283 -apply (simp add: function_apply_equality) 
   9.284 +lemma rank_apply: "[|i \<in> domain(f); function(f)|] ==> rank(f`i) < rank(f)"
   9.285 +apply clarify
   9.286 +apply (simp add: function_apply_equality)
   9.287  apply (blast intro: lt_trans rank_lt rank_pair2)
   9.288  done
   9.289  
   9.290 @@ -326,7 +326,7 @@
   9.291  apply (erule arg_into_eclose [THEN eclose_subset])
   9.292  done
   9.293  
   9.294 -lemma eclose_mono: "A<=B ==> eclose(A) <= eclose(B)"
   9.295 +lemma eclose_mono: "A<=B ==> eclose(A) \<subseteq> eclose(B)"
   9.296  apply (rule Transset_eclose [THEN eclose_least])
   9.297  apply (erule subset_trans)
   9.298  apply (rule arg_subset_eclose)
   9.299 @@ -340,7 +340,7 @@
   9.300  apply (rule arg_subset_eclose)
   9.301  done
   9.302  
   9.303 -(** Transfinite recursion for definitions based on the 
   9.304 +(** Transfinite recursion for definitions based on the
   9.305      three cases of ordinals **)
   9.306  
   9.307  lemma transrec2_0 [simp]: "transrec2(0,a,b) = a"
   9.308 @@ -354,14 +354,14 @@
   9.309  lemma transrec2_Limit:
   9.310       "Limit(i) ==> transrec2(i,a,b) = (\<Union>j<i. transrec2(j,a,b))"
   9.311  apply (rule transrec2_def [THEN def_transrec, THEN trans])
   9.312 -apply (auto simp add: OUnion_def) 
   9.313 +apply (auto simp add: OUnion_def)
   9.314  done
   9.315  
   9.316  lemma def_transrec2:
   9.317       "(!!x. f(x)==transrec2(x,a,b))
   9.318 -      ==> f(0) = a & 
   9.319 -          f(succ(i)) = b(i, f(i)) & 
   9.320 -          (Limit(K) --> f(K) = (\<Union>j<K. f(j)))"
   9.321 +      ==> f(0) = a &
   9.322 +          f(succ(i)) = b(i, f(i)) &
   9.323 +          (Limit(K) \<longrightarrow> f(K) = (\<Union>j<K. f(j)))"
   9.324  by (simp add: transrec2_Limit)
   9.325  
   9.326  
   9.327 @@ -390,10 +390,10 @@
   9.328  done
   9.329  
   9.330  lemma rec_type:
   9.331 -    "[| n: nat;   
   9.332 -        a: C(0);   
   9.333 +    "[| n: nat;
   9.334 +        a: C(0);
   9.335          !!m z. [| m: nat;  z: C(m) |] ==> b(m,z): C(succ(m)) |]
   9.336 -     ==> rec(n,a,b) : C(n)"
   9.337 +     ==> rec(n,a,b) \<in> C(n)"
   9.338  by (erule nat_induct, auto)
   9.339  
   9.340  end
    10.1 --- a/src/ZF/EquivClass.thy	Sun Mar 04 23:20:43 2012 +0100
    10.2 +++ b/src/ZF/EquivClass.thy	Tue Mar 06 15:15:49 2012 +0000
    10.3 @@ -13,12 +13,12 @@
    10.4  
    10.5  definition
    10.6    congruent  :: "[i,i=>i]=>o"  where
    10.7 -      "congruent(r,b) == ALL y z. <y,z>:r --> b(y)=b(z)"
    10.8 +      "congruent(r,b) == \<forall>y z. <y,z>:r \<longrightarrow> b(y)=b(z)"
    10.9  
   10.10  definition
   10.11    congruent2 :: "[i,i,[i,i]=>i]=>o"  where
   10.12 -      "congruent2(r1,r2,b) == ALL y1 z1 y2 z2.
   10.13 -           <y1,z1>:r1 --> <y2,z2>:r2 --> b(y1,y2) = b(z1,z2)"
   10.14 +      "congruent2(r1,r2,b) == \<forall>y1 z1 y2 z2.
   10.15 +           <y1,z1>:r1 \<longrightarrow> <y2,z2>:r2 \<longrightarrow> b(y1,y2) = b(z1,z2)"
   10.16  
   10.17  abbreviation
   10.18    RESPECTS ::"[i=>i, i] => o"  (infixr "respects" 80) where
   10.19 @@ -36,11 +36,11 @@
   10.20  (** first half: equiv(A,r) ==> converse(r) O r = r **)
   10.21  
   10.22  lemma sym_trans_comp_subset:
   10.23 -    "[| sym(r); trans(r) |] ==> converse(r) O r <= r"
   10.24 +    "[| sym(r); trans(r) |] ==> converse(r) O r \<subseteq> r"
   10.25  by (unfold trans_def sym_def, blast)
   10.26  
   10.27  lemma refl_comp_subset:
   10.28 -    "[| refl(A,r); r <= A*A |] ==> r <= converse(r) O r"
   10.29 +    "[| refl(A,r); r \<subseteq> A*A |] ==> r \<subseteq> converse(r) O r"
   10.30  by (unfold refl_def, blast)
   10.31  
   10.32  lemma equiv_comp_eq:
   10.33 @@ -54,14 +54,14 @@
   10.34      "[| converse(r) O r = r;  domain(r) = A |] ==> equiv(A,r)"
   10.35  apply (unfold equiv_def refl_def sym_def trans_def)
   10.36  apply (erule equalityE)
   10.37 -apply (subgoal_tac "ALL x y. <x,y> : r --> <y,x> : r", blast+)
   10.38 +apply (subgoal_tac "\<forall>x y. <x,y> \<in> r \<longrightarrow> <y,x> \<in> r", blast+)
   10.39  done
   10.40  
   10.41  (** Equivalence classes **)
   10.42  
   10.43  (*Lemma for the next result*)
   10.44  lemma equiv_class_subset:
   10.45 -    "[| sym(r);  trans(r);  <a,b>: r |] ==> r``{a} <= r``{b}"
   10.46 +    "[| sym(r);  trans(r);  <a,b>: r |] ==> r``{a} \<subseteq> r``{b}"
   10.47  by (unfold trans_def sym_def, blast)
   10.48  
   10.49  lemma equiv_class_eq:
   10.50 @@ -77,7 +77,7 @@
   10.51  
   10.52  (*Lemma for the next result*)
   10.53  lemma subset_equiv_class:
   10.54 -    "[| equiv(A,r);  r``{b} <= r``{a};  b: A |] ==> <a,b>: r"
   10.55 +    "[| equiv(A,r);  r``{b} \<subseteq> r``{a};  b: A |] ==> <a,b>: r"
   10.56  by (unfold equiv_def refl_def, blast)
   10.57  
   10.58  lemma eq_equiv_class: "[| r``{a} = r``{b};  equiv(A,r);  b: A |] ==> <a,b>: r"
   10.59 @@ -85,10 +85,10 @@
   10.60  
   10.61  (*thus r``{a} = r``{b} as well*)
   10.62  lemma equiv_class_nondisjoint:
   10.63 -    "[| equiv(A,r);  x: (r``{a} Int r``{b}) |] ==> <a,b>: r"
   10.64 +    "[| equiv(A,r);  x: (r``{a} \<inter> r``{b}) |] ==> <a,b>: r"
   10.65  by (unfold equiv_def trans_def sym_def, blast)
   10.66  
   10.67 -lemma equiv_type: "equiv(A,r) ==> r <= A*A"
   10.68 +lemma equiv_type: "equiv(A,r) ==> r \<subseteq> A*A"
   10.69  by (unfold equiv_def, blast)
   10.70  
   10.71  lemma equiv_class_eq_iff:
   10.72 @@ -113,11 +113,11 @@
   10.73  by (unfold quotient_def, blast)
   10.74  
   10.75  lemma Union_quotient:
   10.76 -    "equiv(A,r) ==> Union(A//r) = A"
   10.77 +    "equiv(A,r) ==> \<Union>(A//r) = A"
   10.78  by (unfold equiv_def refl_def quotient_def, blast)
   10.79  
   10.80  lemma quotient_disj:
   10.81 -    "[| equiv(A,r);  X: A//r;  Y: A//r |] ==> X=Y | (X Int Y <= 0)"
   10.82 +    "[| equiv(A,r);  X: A//r;  Y: A//r |] ==> X=Y | (X \<inter> Y \<subseteq> 0)"
   10.83  apply (unfold quotient_def)
   10.84  apply (safe intro!: equiv_class_eq, assumption)
   10.85  apply (unfold equiv_def trans_def sym_def, blast)
   10.86 @@ -130,17 +130,17 @@
   10.87  
   10.88  (*Conversion rule*)
   10.89  lemma UN_equiv_class:
   10.90 -    "[| equiv(A,r);  b respects r;  a: A |] ==> (UN x:r``{a}. b(x)) = b(a)"
   10.91 -apply (subgoal_tac "\<forall>x \<in> r``{a}. b(x) = b(a)") 
   10.92 +    "[| equiv(A,r);  b respects r;  a: A |] ==> (\<Union>x\<in>r``{a}. b(x)) = b(a)"
   10.93 +apply (subgoal_tac "\<forall>x \<in> r``{a}. b(x) = b(a)")
   10.94   apply simp
   10.95 - apply (blast intro: equiv_class_self)  
   10.96 + apply (blast intro: equiv_class_self)
   10.97  apply (unfold equiv_def sym_def congruent_def, blast)
   10.98  done
   10.99  
  10.100 -(*type checking of  UN x:r``{a}. b(x) *)
  10.101 +(*type checking of  @{term"\<Union>x\<in>r``{a}. b(x)"} *)
  10.102  lemma UN_equiv_class_type:
  10.103 -    "[| equiv(A,r);  b respects r;  X: A//r;  !!x.  x : A ==> b(x) : B |]
  10.104 -     ==> (UN x:X. b(x)) : B"
  10.105 +    "[| equiv(A,r);  b respects r;  X: A//r;  !!x.  x \<in> A ==> b(x) \<in> B |]
  10.106 +     ==> (\<Union>x\<in>X. b(x)) \<in> B"
  10.107  apply (unfold quotient_def, safe)
  10.108  apply (simp (no_asm_simp) add: UN_equiv_class)
  10.109  done
  10.110 @@ -150,12 +150,12 @@
  10.111  *)
  10.112  lemma UN_equiv_class_inject:
  10.113      "[| equiv(A,r);   b respects r;
  10.114 -        (UN x:X. b(x))=(UN y:Y. b(y));  X: A//r;  Y: A//r;
  10.115 +        (\<Union>x\<in>X. b(x))=(\<Union>y\<in>Y. b(y));  X: A//r;  Y: A//r;
  10.116          !!x y. [| x:A; y:A; b(x)=b(y) |] ==> <x,y>:r |]
  10.117       ==> X=Y"
  10.118  apply (unfold quotient_def, safe)
  10.119  apply (rule equiv_class_eq, assumption)
  10.120 -apply (simp add: UN_equiv_class [of A r b])  
  10.121 +apply (simp add: UN_equiv_class [of A r b])
  10.122  done
  10.123  
  10.124  
  10.125 @@ -170,7 +170,7 @@
  10.126       congruent(r1, %x1. \<Union>x2 \<in> r2``{a}. b(x1,x2))"
  10.127  apply (unfold congruent_def, safe)
  10.128  apply (frule equiv_type [THEN subsetD], assumption)
  10.129 -apply clarify 
  10.130 +apply clarify
  10.131  apply (simp add: UN_equiv_class congruent2_implies_congruent)
  10.132  apply (unfold congruent2_def equiv_def refl_def, blast)
  10.133  done
  10.134 @@ -185,10 +185,10 @@
  10.135  lemma UN_equiv_class_type2:
  10.136      "[| equiv(A,r);  b respects2 r;
  10.137          X1: A//r;  X2: A//r;
  10.138 -        !!x1 x2.  [| x1: A; x2: A |] ==> b(x1,x2) : B
  10.139 -     |] ==> (UN x1:X1. UN x2:X2. b(x1,x2)) : B"
  10.140 +        !!x1 x2.  [| x1: A; x2: A |] ==> b(x1,x2) \<in> B
  10.141 +     |] ==> (\<Union>x1\<in>X1. \<Union>x2\<in>X2. b(x1,x2)) \<in> B"
  10.142  apply (unfold quotient_def, safe)
  10.143 -apply (blast intro: UN_equiv_class_type congruent2_implies_congruent_UN 
  10.144 +apply (blast intro: UN_equiv_class_type congruent2_implies_congruent_UN
  10.145                      congruent2_implies_congruent quotientI)
  10.146  done
  10.147  
  10.148 @@ -196,12 +196,12 @@
  10.149  (*Suggested by John Harrison -- the two subproofs may be MUCH simpler
  10.150    than the direct proof*)
  10.151  lemma congruent2I:
  10.152 -    "[|  equiv(A1,r1);  equiv(A2,r2);  
  10.153 +    "[|  equiv(A1,r1);  equiv(A2,r2);
  10.154          !! y z w. [| w \<in> A2;  <y,z> \<in> r1 |] ==> b(y,w) = b(z,w);
  10.155          !! y z w. [| w \<in> A1;  <y,z> \<in> r2 |] ==> b(w,y) = b(w,z)
  10.156       |] ==> congruent2(r1,r2,b)"
  10.157  apply (unfold congruent2_def equiv_def refl_def, safe)
  10.158 -apply (blast intro: trans) 
  10.159 +apply (blast intro: trans)
  10.160  done
  10.161  
  10.162  lemma congruent2_commuteI:
  10.163 @@ -209,11 +209,11 @@
  10.164       and commute: "!! y z. [| y: A;  z: A |] ==> b(y,z) = b(z,y)"
  10.165       and congt:   "!! y z w. [| w: A;  <y,z>: r |] ==> b(w,y) = b(w,z)"
  10.166   shows "b respects2 r"
  10.167 -apply (insert equivA [THEN equiv_type, THEN subsetD]) 
  10.168 +apply (insert equivA [THEN equiv_type, THEN subsetD])
  10.169  apply (rule congruent2I [OF equivA equivA])
  10.170  apply (rule commute [THEN trans])
  10.171  apply (rule_tac [3] commute [THEN trans, symmetric])
  10.172 -apply (rule_tac [5] sym) 
  10.173 +apply (rule_tac [5] sym)
  10.174  apply (blast intro: congt)+
  10.175  done
  10.176  
  10.177 @@ -222,12 +222,12 @@
  10.178      "[| equiv(A,r);  Z: A//r;
  10.179          !!w. [| w: A |] ==> congruent(r, %z. b(w,z));
  10.180          !!x y. [| x: A;  y: A |] ==> b(y,x) = b(x,y)
  10.181 -     |] ==> congruent(r, %w. UN z: Z. b(w,z))"
  10.182 +     |] ==> congruent(r, %w. \<Union>z\<in>Z. b(w,z))"
  10.183  apply (simp (no_asm) add: congruent_def)
  10.184  apply (safe elim!: quotientE)
  10.185  apply (frule equiv_type [THEN subsetD], assumption)
  10.186 -apply (simp add: UN_equiv_class [of A r]) 
  10.187 -apply (simp add: congruent_def) 
  10.188 +apply (simp add: UN_equiv_class [of A r])
  10.189 +apply (simp add: congruent_def)
  10.190  done
  10.191  
  10.192  end
    11.1 --- a/src/ZF/Finite.thy	Sun Mar 04 23:20:43 2012 +0100
    11.2 +++ b/src/ZF/Finite.thy	Tue Mar 06 15:15:49 2012 +0000
    11.3 @@ -2,7 +2,7 @@
    11.4      Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
    11.5      Copyright   1994  University of Cambridge
    11.6  
    11.7 -prove:  b: Fin(A) ==> inj(b,b) <= surj(b,b)
    11.8 +prove:  b: Fin(A) ==> inj(b,b) \<subseteq> surj(b,b)
    11.9  *)
   11.10  
   11.11  header{*Finite Powerset Operator and Finite Function Space*}
   11.12 @@ -22,41 +22,41 @@
   11.13    FiniteFun :: "[i,i]=>i"         ("(_ -||>/ _)" [61, 60] 60)
   11.14  
   11.15  inductive
   11.16 -  domains   "Fin(A)" <= "Pow(A)"
   11.17 +  domains   "Fin(A)" \<subseteq> "Pow(A)"
   11.18    intros
   11.19 -    emptyI:  "0 : Fin(A)"
   11.20 -    consI:   "[| a: A;  b: Fin(A) |] ==> cons(a,b) : Fin(A)"
   11.21 +    emptyI:  "0 \<in> Fin(A)"
   11.22 +    consI:   "[| a: A;  b: Fin(A) |] ==> cons(a,b) \<in> Fin(A)"
   11.23    type_intros  empty_subsetI cons_subsetI PowI
   11.24    type_elims   PowD [elim_format]
   11.25  
   11.26  inductive
   11.27 -  domains   "FiniteFun(A,B)" <= "Fin(A*B)"
   11.28 +  domains   "FiniteFun(A,B)" \<subseteq> "Fin(A*B)"
   11.29    intros
   11.30 -    emptyI:  "0 : A -||> B"
   11.31 -    consI:   "[| a: A;  b: B;  h: A -||> B;  a ~: domain(h) |]
   11.32 -              ==> cons(<a,b>,h) : A -||> B"
   11.33 +    emptyI:  "0 \<in> A -||> B"
   11.34 +    consI:   "[| a: A;  b: B;  h: A -||> B;  a \<notin> domain(h) |]
   11.35 +              ==> cons(<a,b>,h) \<in> A -||> B"
   11.36    type_intros Fin.intros
   11.37  
   11.38  
   11.39  subsection {* Finite Powerset Operator *}
   11.40  
   11.41 -lemma Fin_mono: "A<=B ==> Fin(A) <= Fin(B)"
   11.42 +lemma Fin_mono: "A<=B ==> Fin(A) \<subseteq> Fin(B)"
   11.43  apply (unfold Fin.defs)
   11.44  apply (rule lfp_mono)
   11.45  apply (rule Fin.bnd_mono)+
   11.46  apply blast
   11.47  done
   11.48  
   11.49 -(* A : Fin(B) ==> A <= B *)
   11.50 +(* @{term"A \<in> Fin(B) ==> A \<subseteq> B"} *)
   11.51  lemmas FinD = Fin.dom_subset [THEN subsetD, THEN PowD]
   11.52  
   11.53  (** Induction on finite sets **)
   11.54  
   11.55 -(*Discharging x~:y entails extra work*)
   11.56 +(*Discharging @{term"x\<notin>y"} entails extra work*)
   11.57  lemma Fin_induct [case_names 0 cons, induct set: Fin]:
   11.58      "[| b: Fin(A);
   11.59          P(0);
   11.60 -        !!x y. [| x: A;  y: Fin(A);  x~:y;  P(y) |] ==> P(cons(x,y))
   11.61 +        !!x y. [| x: A;  y: Fin(A);  x\<notin>y;  P(y) |] ==> P(cons(x,y))
   11.62       |] ==> P(b)"
   11.63  apply (erule Fin.induct, simp)
   11.64  apply (case_tac "a:b")
   11.65 @@ -72,18 +72,18 @@
   11.66  by (blast intro: Fin.emptyI dest: FinD)
   11.67  
   11.68  (*The union of two finite sets is finite.*)
   11.69 -lemma Fin_UnI [simp]: "[| b: Fin(A);  c: Fin(A) |] ==> b Un c : Fin(A)"
   11.70 +lemma Fin_UnI [simp]: "[| b: Fin(A);  c: Fin(A) |] ==> b \<union> c \<in> Fin(A)"
   11.71  apply (erule Fin_induct)
   11.72  apply (simp_all add: Un_cons)
   11.73  done
   11.74  
   11.75  
   11.76  (*The union of a set of finite sets is finite.*)
   11.77 -lemma Fin_UnionI: "C : Fin(Fin(A)) ==> Union(C) : Fin(A)"
   11.78 +lemma Fin_UnionI: "C \<in> Fin(Fin(A)) ==> \<Union>(C) \<in> Fin(A)"
   11.79  by (erule Fin_induct, simp_all)
   11.80  
   11.81  (*Every subset of a finite set is finite.*)
   11.82 -lemma Fin_subset_lemma [rule_format]: "b: Fin(A) ==> \<forall>z. z<=b --> z: Fin(A)"
   11.83 +lemma Fin_subset_lemma [rule_format]: "b: Fin(A) ==> \<forall>z. z<=b \<longrightarrow> z: Fin(A)"
   11.84  apply (erule Fin_induct)
   11.85  apply (simp add: subset_empty_iff)
   11.86  apply (simp add: subset_cons_iff distrib_simps, safe)
   11.87 @@ -93,16 +93,16 @@
   11.88  lemma Fin_subset: "[| c<=b;  b: Fin(A) |] ==> c: Fin(A)"
   11.89  by (blast intro: Fin_subset_lemma)
   11.90  
   11.91 -lemma Fin_IntI1 [intro,simp]: "b: Fin(A) ==> b Int c : Fin(A)"
   11.92 +lemma Fin_IntI1 [intro,simp]: "b: Fin(A) ==> b \<inter> c \<in> Fin(A)"
   11.93  by (blast intro: Fin_subset)
   11.94  
   11.95 -lemma Fin_IntI2 [intro,simp]: "c: Fin(A) ==> b Int c : Fin(A)"
   11.96 +lemma Fin_IntI2 [intro,simp]: "c: Fin(A) ==> b \<inter> c \<in> Fin(A)"
   11.97  by (blast intro: Fin_subset)
   11.98  
   11.99  lemma Fin_0_induct_lemma [rule_format]:
  11.100      "[| c: Fin(A);  b: Fin(A); P(b);
  11.101          !!x y. [| x: A;  y: Fin(A);  x:y;  P(y) |] ==> P(y-{x})
  11.102 -     |] ==> c<=b --> P(b-c)"
  11.103 +     |] ==> c<=b \<longrightarrow> P(b-c)"
  11.104  apply (erule Fin_induct, simp)
  11.105  apply (subst Diff_cons)
  11.106  apply (simp add: cons_subset_iff Diff_subset [THEN Fin_subset])
  11.107 @@ -114,11 +114,11 @@
  11.108          !!x y. [| x: A;  y: Fin(A);  x:y;  P(y) |] ==> P(y-{x})
  11.109       |] ==> P(0)"
  11.110  apply (rule Diff_cancel [THEN subst])
  11.111 -apply (blast intro: Fin_0_induct_lemma) 
  11.112 +apply (blast intro: Fin_0_induct_lemma)
  11.113  done
  11.114  
  11.115  (*Functions from a finite ordinal*)
  11.116 -lemma nat_fun_subset_Fin: "n: nat ==> n->A <= Fin(nat*A)"
  11.117 +lemma nat_fun_subset_Fin: "n: nat ==> n->A \<subseteq> Fin(nat*A)"
  11.118  apply (induct_tac "n")
  11.119  apply (simp add: subset_iff)
  11.120  apply (simp add: succ_def mem_not_refl [THEN cons_fun_eq])
  11.121 @@ -129,14 +129,14 @@
  11.122  subsection{*Finite Function Space*}
  11.123  
  11.124  lemma FiniteFun_mono:
  11.125 -    "[| A<=C;  B<=D |] ==> A -||> B  <=  C -||> D"
  11.126 +    "[| A<=C;  B<=D |] ==> A -||> B  \<subseteq>  C -||> D"
  11.127  apply (unfold FiniteFun.defs)
  11.128  apply (rule lfp_mono)
  11.129  apply (rule FiniteFun.bnd_mono)+
  11.130  apply (intro Fin_mono Sigma_mono basic_monos, assumption+)
  11.131  done
  11.132  
  11.133 -lemma FiniteFun_mono1: "A<=B ==> A -||> A  <=  B -||> B"
  11.134 +lemma FiniteFun_mono1: "A<=B ==> A -||> A  \<subseteq>  B -||> B"
  11.135  by (blast dest: FiniteFun_mono)
  11.136  
  11.137  lemma FiniteFun_is_fun: "h: A -||>B ==> h: domain(h) -> B"
  11.138 @@ -144,14 +144,14 @@
  11.139  apply (simp add: fun_extend3)
  11.140  done
  11.141  
  11.142 -lemma FiniteFun_domain_Fin: "h: A -||>B ==> domain(h) : Fin(A)"
  11.143 +lemma FiniteFun_domain_Fin: "h: A -||>B ==> domain(h) \<in> Fin(A)"
  11.144  by (erule FiniteFun.induct, simp, simp)
  11.145  
  11.146  lemmas FiniteFun_apply_type = FiniteFun_is_fun [THEN apply_type]
  11.147  
  11.148  (*Every subset of a finite function is a finite function.*)
  11.149  lemma FiniteFun_subset_lemma [rule_format]:
  11.150 -     "b: A-||>B ==> ALL z. z<=b --> z: A-||>B"
  11.151 +     "b: A-||>B ==> \<forall>z. z<=b \<longrightarrow> z: A-||>B"
  11.152  apply (erule FiniteFun.induct)
  11.153  apply (simp add: subset_empty_iff FiniteFun.intros)
  11.154  apply (simp add: subset_cons_iff distrib_simps, safe)
  11.155 @@ -165,29 +165,29 @@
  11.156  
  11.157  (** Some further results by Sidi O. Ehmety **)
  11.158  
  11.159 -lemma fun_FiniteFunI [rule_format]: "A:Fin(X) ==> ALL f. f:A->B --> f:A-||>B"
  11.160 +lemma fun_FiniteFunI [rule_format]: "A:Fin(X) ==> \<forall>f. f:A->B \<longrightarrow> f:A-||>B"
  11.161  apply (erule Fin.induct)
  11.162   apply (simp add: FiniteFun.intros, clarify)
  11.163  apply (case_tac "a:b")
  11.164   apply (simp add: cons_absorb)
  11.165 -apply (subgoal_tac "restrict (f,b) : b -||> B")
  11.166 +apply (subgoal_tac "restrict (f,b) \<in> b -||> B")
  11.167   prefer 2 apply (blast intro: restrict_type2)
  11.168  apply (subst fun_cons_restrict_eq, assumption)
  11.169  apply (simp add: restrict_def lam_def)
  11.170 -apply (blast intro: apply_funtype FiniteFun.intros 
  11.171 +apply (blast intro: apply_funtype FiniteFun.intros
  11.172                      FiniteFun_mono [THEN [2] rev_subsetD])
  11.173  done
  11.174  
  11.175 -lemma lam_FiniteFun: "A: Fin(X) ==> (lam x:A. b(x)) : A -||> {b(x). x:A}"
  11.176 +lemma lam_FiniteFun: "A: Fin(X) ==> (\<lambda>x\<in>A. b(x)) \<in> A -||> {b(x). x:A}"
  11.177  by (blast intro: fun_FiniteFunI lam_funtype)
  11.178  
  11.179  lemma FiniteFun_Collect_iff:
  11.180 -     "f : FiniteFun(A, {y:B. P(y)})
  11.181 -      <-> f : FiniteFun(A,B) & (ALL x:domain(f). P(f`x))"
  11.182 +     "f \<in> FiniteFun(A, {y:B. P(y)})
  11.183 +      <-> f \<in> FiniteFun(A,B) & (\<forall>x\<in>domain(f). P(f`x))"
  11.184  apply auto
  11.185  apply (blast intro: FiniteFun_mono [THEN [2] rev_subsetD])
  11.186  apply (blast dest: Pair_mem_PiD FiniteFun_is_fun)
  11.187 -apply (rule_tac A1="domain(f)" in 
  11.188 +apply (rule_tac A1="domain(f)" in
  11.189         subset_refl [THEN [2] FiniteFun_mono, THEN subsetD])
  11.190   apply (fast dest: FiniteFun_domain_Fin Fin.dom_subset [THEN subsetD])
  11.191  apply (rule fun_FiniteFunI)
    12.1 --- a/src/ZF/Fixedpt.thy	Sun Mar 04 23:20:43 2012 +0100
    12.2 +++ b/src/ZF/Fixedpt.thy	Tue Mar 06 15:15:49 2012 +0000
    12.3 @@ -10,15 +10,15 @@
    12.4  definition 
    12.5    (*monotone operator from Pow(D) to itself*)
    12.6    bnd_mono :: "[i,i=>i]=>o"  where
    12.7 -     "bnd_mono(D,h) == h(D)<=D & (ALL W X. W<=X --> X<=D --> h(W) <= h(X))"
    12.8 +     "bnd_mono(D,h) == h(D)<=D & (\<forall>W X. W<=X \<longrightarrow> X<=D \<longrightarrow> h(W) \<subseteq> h(X))"
    12.9  
   12.10  definition 
   12.11    lfp      :: "[i,i=>i]=>i"  where
   12.12 -     "lfp(D,h) == Inter({X: Pow(D). h(X) <= X})"
   12.13 +     "lfp(D,h) == \<Inter>({X: Pow(D). h(X) \<subseteq> X})"
   12.14  
   12.15  definition 
   12.16    gfp      :: "[i,i=>i]=>i"  where
   12.17 -     "gfp(D,h) == Union({X: Pow(D). X <= h(X)})"
   12.18 +     "gfp(D,h) == \<Union>({X: Pow(D). X \<subseteq> h(X)})"
   12.19  
   12.20  text{*The theorem is proved in the lattice of subsets of @{term D}, 
   12.21        namely @{term "Pow(D)"}, with Inter as the greatest lower bound.*}
   12.22 @@ -27,32 +27,32 @@
   12.23  
   12.24  lemma bnd_monoI:
   12.25      "[| h(D)<=D;   
   12.26 -        !!W X. [| W<=D;  X<=D;  W<=X |] ==> h(W) <= h(X)   
   12.27 +        !!W X. [| W<=D;  X<=D;  W<=X |] ==> h(W) \<subseteq> h(X)   
   12.28       |] ==> bnd_mono(D,h)"
   12.29  by (unfold bnd_mono_def, clarify, blast)  
   12.30  
   12.31 -lemma bnd_monoD1: "bnd_mono(D,h) ==> h(D) <= D"
   12.32 +lemma bnd_monoD1: "bnd_mono(D,h) ==> h(D) \<subseteq> D"
   12.33  apply (unfold bnd_mono_def)
   12.34  apply (erule conjunct1)
   12.35  done
   12.36  
   12.37 -lemma bnd_monoD2: "[| bnd_mono(D,h);  W<=X;  X<=D |] ==> h(W) <= h(X)"
   12.38 +lemma bnd_monoD2: "[| bnd_mono(D,h);  W<=X;  X<=D |] ==> h(W) \<subseteq> h(X)"
   12.39  by (unfold bnd_mono_def, blast)
   12.40  
   12.41  lemma bnd_mono_subset:
   12.42 -    "[| bnd_mono(D,h);  X<=D |] ==> h(X) <= D"
   12.43 +    "[| bnd_mono(D,h);  X<=D |] ==> h(X) \<subseteq> D"
   12.44  by (unfold bnd_mono_def, clarify, blast) 
   12.45  
   12.46  lemma bnd_mono_Un:
   12.47 -     "[| bnd_mono(D,h);  A <= D;  B <= D |] ==> h(A) Un h(B) <= h(A Un B)"
   12.48 +     "[| bnd_mono(D,h);  A \<subseteq> D;  B \<subseteq> D |] ==> h(A) \<union> h(B) \<subseteq> h(A \<union> B)"
   12.49  apply (unfold bnd_mono_def)
   12.50  apply (rule Un_least, blast+)
   12.51  done
   12.52  
   12.53  (*unused*)
   12.54  lemma bnd_mono_UN:
   12.55 -     "[| bnd_mono(D,h);  \<forall>i\<in>I. A(i) <= D |] 
   12.56 -      ==> (\<Union>i\<in>I. h(A(i))) <= h((\<Union>i\<in>I. A(i)))"
   12.57 +     "[| bnd_mono(D,h);  \<forall>i\<in>I. A(i) \<subseteq> D |] 
   12.58 +      ==> (\<Union>i\<in>I. h(A(i))) \<subseteq> h((\<Union>i\<in>I. A(i)))"
   12.59  apply (unfold bnd_mono_def) 
   12.60  apply (rule UN_least)
   12.61  apply (elim conjE) 
   12.62 @@ -63,7 +63,7 @@
   12.63  
   12.64  (*Useful??*)
   12.65  lemma bnd_mono_Int:
   12.66 -     "[| bnd_mono(D,h);  A <= D;  B <= D |] ==> h(A Int B) <= h(A) Int h(B)"
   12.67 +     "[| bnd_mono(D,h);  A \<subseteq> D;  B \<subseteq> D |] ==> h(A \<inter> B) \<subseteq> h(A) \<inter> h(B)"
   12.68  apply (rule Int_greatest) 
   12.69  apply (erule bnd_monoD2, rule Int_lower1, assumption) 
   12.70  apply (erule bnd_monoD2, rule Int_lower2, assumption) 
   12.71 @@ -73,37 +73,37 @@
   12.72  
   12.73  (*lfp is contained in each pre-fixedpoint*)
   12.74  lemma lfp_lowerbound: 
   12.75 -    "[| h(A) <= A;  A<=D |] ==> lfp(D,h) <= A"
   12.76 +    "[| h(A) \<subseteq> A;  A<=D |] ==> lfp(D,h) \<subseteq> A"
   12.77  by (unfold lfp_def, blast)
   12.78  
   12.79  (*Unfolding the defn of Inter dispenses with the premise bnd_mono(D,h)!*)
   12.80 -lemma lfp_subset: "lfp(D,h) <= D"
   12.81 +lemma lfp_subset: "lfp(D,h) \<subseteq> D"
   12.82  by (unfold lfp_def Inter_def, blast)
   12.83  
   12.84  (*Used in datatype package*)
   12.85 -lemma def_lfp_subset:  "A == lfp(D,h) ==> A <= D"
   12.86 +lemma def_lfp_subset:  "A == lfp(D,h) ==> A \<subseteq> D"
   12.87  apply simp
   12.88  apply (rule lfp_subset)
   12.89  done
   12.90  
   12.91  lemma lfp_greatest:  
   12.92 -    "[| h(D) <= D;  !!X. [| h(X) <= X;  X<=D |] ==> A<=X |] ==> A <= lfp(D,h)"
   12.93 +    "[| h(D) \<subseteq> D;  !!X. [| h(X) \<subseteq> X;  X<=D |] ==> A<=X |] ==> A \<subseteq> lfp(D,h)"
   12.94  by (unfold lfp_def, blast) 
   12.95  
   12.96  lemma lfp_lemma1:  
   12.97 -    "[| bnd_mono(D,h);  h(A)<=A;  A<=D |] ==> h(lfp(D,h)) <= A"
   12.98 +    "[| bnd_mono(D,h);  h(A)<=A;  A<=D |] ==> h(lfp(D,h)) \<subseteq> A"
   12.99  apply (erule bnd_monoD2 [THEN subset_trans])
  12.100  apply (rule lfp_lowerbound, assumption+)
  12.101  done
  12.102  
  12.103 -lemma lfp_lemma2: "bnd_mono(D,h) ==> h(lfp(D,h)) <= lfp(D,h)"
  12.104 +lemma lfp_lemma2: "bnd_mono(D,h) ==> h(lfp(D,h)) \<subseteq> lfp(D,h)"
  12.105  apply (rule bnd_monoD1 [THEN lfp_greatest])
  12.106  apply (rule_tac [2] lfp_lemma1)
  12.107  apply (assumption+)
  12.108  done
  12.109  
  12.110  lemma lfp_lemma3: 
  12.111 -    "bnd_mono(D,h) ==> lfp(D,h) <= h(lfp(D,h))"
  12.112 +    "bnd_mono(D,h) ==> lfp(D,h) \<subseteq> h(lfp(D,h))"
  12.113  apply (rule lfp_lowerbound)
  12.114  apply (rule bnd_monoD2, assumption)
  12.115  apply (rule lfp_lemma2, assumption)
  12.116 @@ -127,16 +127,16 @@
  12.117  subsection{*General Induction Rule for Least Fixedpoints*}
  12.118  
  12.119  lemma Collect_is_pre_fixedpt:
  12.120 -    "[| bnd_mono(D,h);  !!x. x : h(Collect(lfp(D,h),P)) ==> P(x) |]
  12.121 -     ==> h(Collect(lfp(D,h),P)) <= Collect(lfp(D,h),P)"
  12.122 +    "[| bnd_mono(D,h);  !!x. x \<in> h(Collect(lfp(D,h),P)) ==> P(x) |]
  12.123 +     ==> h(Collect(lfp(D,h),P)) \<subseteq> Collect(lfp(D,h),P)"
  12.124  by (blast intro: lfp_lemma2 [THEN subsetD] bnd_monoD2 [THEN subsetD] 
  12.125                   lfp_subset [THEN subsetD]) 
  12.126  
  12.127  (*This rule yields an induction hypothesis in which the components of a
  12.128    data structure may be assumed to be elements of lfp(D,h)*)
  12.129  lemma induct:
  12.130 -    "[| bnd_mono(D,h);  a : lfp(D,h);                    
  12.131 -        !!x. x : h(Collect(lfp(D,h),P)) ==> P(x)         
  12.132 +    "[| bnd_mono(D,h);  a \<in> lfp(D,h);                    
  12.133 +        !!x. x \<in> h(Collect(lfp(D,h),P)) ==> P(x)         
  12.134       |] ==> P(a)"
  12.135  apply (rule Collect_is_pre_fixedpt
  12.136                [THEN lfp_lowerbound, THEN subsetD, THEN CollectD2])
  12.137 @@ -147,14 +147,14 @@
  12.138  (*Definition form, to control unfolding*)
  12.139  lemma def_induct:
  12.140      "[| A == lfp(D,h);  bnd_mono(D,h);  a:A;    
  12.141 -        !!x. x : h(Collect(A,P)) ==> P(x)  
  12.142 +        !!x. x \<in> h(Collect(A,P)) ==> P(x)  
  12.143       |] ==> P(a)"
  12.144  by (rule induct, blast+)
  12.145  
  12.146  (*This version is useful when "A" is not a subset of D
  12.147 -  second premise could simply be h(D Int A) <= D or !!X. X<=D ==> h(X)<=D *)
  12.148 +  second premise could simply be h(D \<inter> A) \<subseteq> D or !!X. X<=D ==> h(X)<=D *)
  12.149  lemma lfp_Int_lowerbound:
  12.150 -    "[| h(D Int A) <= A;  bnd_mono(D,h) |] ==> lfp(D,h) <= A" 
  12.151 +    "[| h(D \<inter> A) \<subseteq> A;  bnd_mono(D,h) |] ==> lfp(D,h) \<subseteq> A" 
  12.152  apply (rule lfp_lowerbound [THEN subset_trans])
  12.153  apply (erule bnd_mono_subset [THEN Int_greatest], blast+)
  12.154  done
  12.155 @@ -164,8 +164,8 @@
  12.156  lemma lfp_mono:
  12.157    assumes hmono: "bnd_mono(D,h)"
  12.158        and imono: "bnd_mono(E,i)"
  12.159 -      and subhi: "!!X. X<=D ==> h(X) <= i(X)"
  12.160 -    shows "lfp(D,h) <= lfp(E,i)"
  12.161 +      and subhi: "!!X. X<=D ==> h(X) \<subseteq> i(X)"
  12.162 +    shows "lfp(D,h) \<subseteq> lfp(E,i)"
  12.163  apply (rule bnd_monoD1 [THEN lfp_greatest])
  12.164  apply (rule imono)
  12.165  apply (rule hmono [THEN [2] lfp_Int_lowerbound])
  12.166 @@ -176,13 +176,13 @@
  12.167  (*This (unused) version illustrates that monotonicity is not really needed,
  12.168    but both lfp's must be over the SAME set D;  Inter is anti-monotonic!*)
  12.169  lemma lfp_mono2:
  12.170 -    "[| i(D) <= D;  !!X. X<=D ==> h(X) <= i(X)  |] ==> lfp(D,h) <= lfp(D,i)"
  12.171 +    "[| i(D) \<subseteq> D;  !!X. X<=D ==> h(X) \<subseteq> i(X)  |] ==> lfp(D,h) \<subseteq> lfp(D,i)"
  12.172  apply (rule lfp_greatest, assumption)
  12.173  apply (rule lfp_lowerbound, blast, assumption)
  12.174  done
  12.175  
  12.176  lemma lfp_cong:
  12.177 -     "[|D=D'; !!X. X <= D' ==> h(X) = h'(X)|] ==> lfp(D,h) = lfp(D',h')"
  12.178 +     "[|D=D'; !!X. X \<subseteq> D' ==> h(X) = h'(X)|] ==> lfp(D,h) = lfp(D',h')"
  12.179  apply (simp add: lfp_def)
  12.180  apply (rule_tac t=Inter in subst_context)
  12.181  apply (rule Collect_cong, simp_all) 
  12.182 @@ -192,44 +192,44 @@
  12.183  subsection{*Proof of Knaster-Tarski Theorem using @{term gfp}*}
  12.184  
  12.185  (*gfp contains each post-fixedpoint that is contained in D*)
  12.186 -lemma gfp_upperbound: "[| A <= h(A);  A<=D |] ==> A <= gfp(D,h)"
  12.187 +lemma gfp_upperbound: "[| A \<subseteq> h(A);  A<=D |] ==> A \<subseteq> gfp(D,h)"
  12.188  apply (unfold gfp_def)
  12.189  apply (rule PowI [THEN CollectI, THEN Union_upper])
  12.190  apply (assumption+)
  12.191  done
  12.192  
  12.193 -lemma gfp_subset: "gfp(D,h) <= D"
  12.194 +lemma gfp_subset: "gfp(D,h) \<subseteq> D"
  12.195  by (unfold gfp_def, blast)
  12.196  
  12.197  (*Used in datatype package*)
  12.198 -lemma def_gfp_subset: "A==gfp(D,h) ==> A <= D"
  12.199 +lemma def_gfp_subset: "A==gfp(D,h) ==> A \<subseteq> D"
  12.200  apply simp
  12.201  apply (rule gfp_subset)
  12.202  done
  12.203  
  12.204  lemma gfp_least: 
  12.205 -    "[| bnd_mono(D,h);  !!X. [| X <= h(X);  X<=D |] ==> X<=A |] ==>  
  12.206 -     gfp(D,h) <= A"
  12.207 +    "[| bnd_mono(D,h);  !!X. [| X \<subseteq> h(X);  X<=D |] ==> X<=A |] ==>  
  12.208 +     gfp(D,h) \<subseteq> A"
  12.209  apply (unfold gfp_def)
  12.210  apply (blast dest: bnd_monoD1) 
  12.211  done
  12.212  
  12.213  lemma gfp_lemma1: 
  12.214 -    "[| bnd_mono(D,h);  A<=h(A);  A<=D |] ==> A <= h(gfp(D,h))"
  12.215 +    "[| bnd_mono(D,h);  A<=h(A);  A<=D |] ==> A \<subseteq> h(gfp(D,h))"
  12.216  apply (rule subset_trans, assumption)
  12.217  apply (erule bnd_monoD2)
  12.218  apply (rule_tac [2] gfp_subset)
  12.219  apply (simp add: gfp_upperbound)
  12.220  done
  12.221  
  12.222 -lemma gfp_lemma2: "bnd_mono(D,h) ==> gfp(D,h) <= h(gfp(D,h))"
  12.223 +lemma gfp_lemma2: "bnd_mono(D,h) ==> gfp(D,h) \<subseteq> h(gfp(D,h))"
  12.224  apply (rule gfp_least)
  12.225  apply (rule_tac [2] gfp_lemma1)
  12.226  apply (assumption+)
  12.227  done
  12.228  
  12.229  lemma gfp_lemma3: 
  12.230 -    "bnd_mono(D,h) ==> h(gfp(D,h)) <= gfp(D,h)"
  12.231 +    "bnd_mono(D,h) ==> h(gfp(D,h)) \<subseteq> gfp(D,h)"
  12.232  apply (rule gfp_upperbound)
  12.233  apply (rule bnd_monoD2, assumption)
  12.234  apply (rule gfp_lemma2, assumption)
  12.235 @@ -253,12 +253,12 @@
  12.236  subsection{*Coinduction Rules for Greatest Fixed Points*}
  12.237  
  12.238  (*weak version*)
  12.239 -lemma weak_coinduct: "[| a: X;  X <= h(X);  X <= D |] ==> a : gfp(D,h)"
  12.240 +lemma weak_coinduct: "[| a: X;  X \<subseteq> h(X);  X \<subseteq> D |] ==> a \<in> gfp(D,h)"
  12.241  by (blast intro: gfp_upperbound [THEN subsetD])
  12.242  
  12.243  lemma coinduct_lemma:
  12.244 -    "[| X <= h(X Un gfp(D,h));  X <= D;  bnd_mono(D,h) |] ==>   
  12.245 -     X Un gfp(D,h) <= h(X Un gfp(D,h))"
  12.246 +    "[| X \<subseteq> h(X \<union> gfp(D,h));  X \<subseteq> D;  bnd_mono(D,h) |] ==>   
  12.247 +     X \<union> gfp(D,h) \<subseteq> h(X \<union> gfp(D,h))"
  12.248  apply (erule Un_least)
  12.249  apply (rule gfp_lemma2 [THEN subset_trans], assumption)
  12.250  apply (rule Un_upper2 [THEN subset_trans])
  12.251 @@ -268,8 +268,8 @@
  12.252  
  12.253  (*strong version*)
  12.254  lemma coinduct:
  12.255 -     "[| bnd_mono(D,h);  a: X;  X <= h(X Un gfp(D,h));  X <= D |]
  12.256 -      ==> a : gfp(D,h)"
  12.257 +     "[| bnd_mono(D,h);  a: X;  X \<subseteq> h(X \<union> gfp(D,h));  X \<subseteq> D |]
  12.258 +      ==> a \<in> gfp(D,h)"
  12.259  apply (rule weak_coinduct)
  12.260  apply (erule_tac [2] coinduct_lemma)
  12.261  apply (simp_all add: gfp_subset Un_subset_iff) 
  12.262 @@ -277,8 +277,8 @@
  12.263  
  12.264  (*Definition form, to control unfolding*)
  12.265  lemma def_coinduct:
  12.266 -    "[| A == gfp(D,h);  bnd_mono(D,h);  a: X;  X <= h(X Un A);  X <= D |] ==>  
  12.267 -     a : A"
  12.268 +    "[| A == gfp(D,h);  bnd_mono(D,h);  a: X;  X \<subseteq> h(X \<union> A);  X \<subseteq> D |] ==>  
  12.269 +     a \<in> A"
  12.270  apply simp
  12.271  apply (rule coinduct, assumption+)
  12.272  done
  12.273 @@ -286,15 +286,15 @@
  12.274  (*The version used in the induction/coinduction package*)
  12.275  lemma def_Collect_coinduct:
  12.276      "[| A == gfp(D, %w. Collect(D,P(w)));  bnd_mono(D, %w. Collect(D,P(w)));   
  12.277 -        a: X;  X <= D;  !!z. z: X ==> P(X Un A, z) |] ==>  
  12.278 -     a : A"
  12.279 +        a: X;  X \<subseteq> D;  !!z. z: X ==> P(X \<union> A, z) |] ==>  
  12.280 +     a \<in> A"
  12.281  apply (rule def_coinduct, assumption+, blast+)
  12.282  done
  12.283  
  12.284  (*Monotonicity of gfp!*)
  12.285  lemma gfp_mono:
  12.286 -    "[| bnd_mono(D,h);  D <= E;                  
  12.287 -        !!X. X<=D ==> h(X) <= i(X)  |] ==> gfp(D,h) <= gfp(E,i)"
  12.288 +    "[| bnd_mono(D,h);  D \<subseteq> E;                  
  12.289 +        !!X. X<=D ==> h(X) \<subseteq> i(X)  |] ==> gfp(D,h) \<subseteq> gfp(E,i)"
  12.290  apply (rule gfp_upperbound)
  12.291  apply (rule gfp_lemma2 [THEN subset_trans], assumption)
  12.292  apply (blast del: subsetI intro: gfp_subset) 
    13.1 --- a/src/ZF/InfDatatype.thy	Sun Mar 04 23:20:43 2012 +0100
    13.2 +++ b/src/ZF/InfDatatype.thy	Tue Mar 06 15:15:49 2012 +0000
    13.3 @@ -7,68 +7,68 @@
    13.4  
    13.5  theory InfDatatype imports Datatype_ZF Univ Finite Cardinal_AC begin
    13.6  
    13.7 -lemmas fun_Limit_VfromE = 
    13.8 +lemmas fun_Limit_VfromE =
    13.9      Limit_VfromE [OF apply_funtype InfCard_csucc [THEN InfCard_is_Limit]]
   13.10  
   13.11  lemma fun_Vcsucc_lemma:
   13.12 -     "[| f: D -> Vfrom(A,csucc(K));  |D| le K;  InfCard(K) |]   
   13.13 -      ==> EX j. f: D -> Vfrom(A,j) & j < csucc(K)"
   13.14 -apply (rule_tac x = "\<Union>d\<in>D. LEAST i. f`d : Vfrom (A,i) " in exI)
   13.15 +     "[| f: D -> Vfrom(A,csucc(K));  |D| \<le> K;  InfCard(K) |]
   13.16 +      ==> \<exists>j. f: D -> Vfrom(A,j) & j < csucc(K)"
   13.17 +apply (rule_tac x = "\<Union>d\<in>D. LEAST i. f`d \<in> Vfrom (A,i) " in exI)
   13.18  apply (rule conjI)
   13.19 -apply (rule_tac [2] le_UN_Ord_lt_csucc) 
   13.20 -apply (rule_tac [4] ballI, erule_tac [4] fun_Limit_VfromE, simp_all) 
   13.21 +apply (rule_tac [2] le_UN_Ord_lt_csucc)
   13.22 +apply (rule_tac [4] ballI, erule_tac [4] fun_Limit_VfromE, simp_all)
   13.23   prefer 2 apply (fast elim: Least_le [THEN lt_trans1] ltE)
   13.24  apply (rule Pi_type)
   13.25  apply (rename_tac [2] d)
   13.26  apply (erule_tac [2] fun_Limit_VfromE, simp_all)
   13.27 -apply (subgoal_tac "f`d : Vfrom (A, LEAST i. f`d : Vfrom (A,i))")
   13.28 +apply (subgoal_tac "f`d \<in> Vfrom (A, LEAST i. f`d \<in> Vfrom (A,i))")
   13.29   apply (erule Vfrom_mono [OF subset_refl UN_upper, THEN subsetD])
   13.30   apply assumption
   13.31  apply (fast elim: LeastI ltE)
   13.32  done
   13.33  
   13.34  lemma subset_Vcsucc:
   13.35 -     "[| D <= Vfrom(A,csucc(K));  |D| le K;  InfCard(K) |]     
   13.36 -      ==> EX j. D <= Vfrom(A,j) & j < csucc(K)"
   13.37 +     "[| D \<subseteq> Vfrom(A,csucc(K));  |D| \<le> K;  InfCard(K) |]
   13.38 +      ==> \<exists>j. D \<subseteq> Vfrom(A,j) & j < csucc(K)"
   13.39  by (simp add: subset_iff_id fun_Vcsucc_lemma)
   13.40  
   13.41  (*Version for arbitrary index sets*)
   13.42  lemma fun_Vcsucc:
   13.43 -     "[| |D| le K;  InfCard(K);  D <= Vfrom(A,csucc(K)) |] ==>  
   13.44 -          D -> Vfrom(A,csucc(K)) <= Vfrom(A,csucc(K))"
   13.45 +     "[| |D| \<le> K;  InfCard(K);  D \<subseteq> Vfrom(A,csucc(K)) |] ==>
   13.46 +          D -> Vfrom(A,csucc(K)) \<subseteq> Vfrom(A,csucc(K))"
   13.47  apply (safe dest!: fun_Vcsucc_lemma subset_Vcsucc)
   13.48  apply (rule Vfrom [THEN ssubst])
   13.49  apply (drule fun_is_rel)
   13.50  (*This level includes the function, and is below csucc(K)*)
   13.51 -apply (rule_tac a1 = "succ (succ (j Un ja))" in UN_I [THEN UnI2])
   13.52 +apply (rule_tac a1 = "succ (succ (j \<union> ja))" in UN_I [THEN UnI2])
   13.53  apply (blast intro: ltD InfCard_csucc InfCard_is_Limit Limit_has_succ
   13.54 -                    Un_least_lt) 
   13.55 +                    Un_least_lt)
   13.56  apply (erule subset_trans [THEN PowI])
   13.57  apply (fast intro: Pair_in_Vfrom Vfrom_UnI1 Vfrom_UnI2)
   13.58  done
   13.59  
   13.60  lemma fun_in_Vcsucc:
   13.61 -     "[| f: D -> Vfrom(A, csucc(K));  |D| le K;  InfCard(K);         
   13.62 -         D <= Vfrom(A,csucc(K)) |]                                   
   13.63 +     "[| f: D -> Vfrom(A, csucc(K));  |D| \<le> K;  InfCard(K);
   13.64 +         D \<subseteq> Vfrom(A,csucc(K)) |]
   13.65         ==> f: Vfrom(A,csucc(K))"
   13.66  by (blast intro: fun_Vcsucc [THEN subsetD])
   13.67  
   13.68 -(*Remove <= from the rule above*)
   13.69 +text{*Remove @{text "\<subseteq>"} from the rule above*}
   13.70  lemmas fun_in_Vcsucc' = fun_in_Vcsucc [OF _ _ _ subsetI]
   13.71  
   13.72  (** Version where K itself is the index set **)
   13.73  
   13.74  lemma Card_fun_Vcsucc:
   13.75 -     "InfCard(K) ==> K -> Vfrom(A,csucc(K)) <= Vfrom(A,csucc(K))"
   13.76 +     "InfCard(K) ==> K -> Vfrom(A,csucc(K)) \<subseteq> Vfrom(A,csucc(K))"
   13.77  apply (frule InfCard_is_Card [THEN Card_is_Ord])
   13.78  apply (blast del: subsetI
   13.79 -             intro: fun_Vcsucc Ord_cardinal_le i_subset_Vfrom 
   13.80 -                   lt_csucc [THEN leI, THEN le_imp_subset, THEN subset_trans]) 
   13.81 +             intro: fun_Vcsucc Ord_cardinal_le i_subset_Vfrom
   13.82 +                   lt_csucc [THEN leI, THEN le_imp_subset, THEN subset_trans])
   13.83  done
   13.84  
   13.85  lemma Card_fun_in_Vcsucc:
   13.86       "[| f: K -> Vfrom(A, csucc(K));  InfCard(K) |] ==> f: Vfrom(A,csucc(K))"
   13.87 -by (blast intro: Card_fun_Vcsucc [THEN subsetD]) 
   13.88 +by (blast intro: Card_fun_Vcsucc [THEN subsetD])
   13.89  
   13.90  lemma Limit_csucc: "InfCard(K) ==> Limit(csucc(K))"
   13.91  by (erule InfCard_csucc [THEN InfCard_is_Limit])
   13.92 @@ -79,7 +79,7 @@
   13.93  lemmas zero_in_Vcsucc = Limit_csucc [THEN zero_in_VLimit]
   13.94  lemmas nat_into_Vcsucc = nat_into_VLimit [OF _ Limit_csucc]
   13.95  
   13.96 -(*For handling Cardinals of the form  (nat Un |X|) *)
   13.97 +(*For handling Cardinals of the form  @{term"nat \<union> |X|"} *)
   13.98  
   13.99  lemmas InfCard_nat_Un_cardinal = InfCard_Un [OF InfCard_nat Card_cardinal]
  13.100  
  13.101 @@ -91,15 +91,15 @@
  13.102  (*The new version of Data_Arg.intrs, declared in Datatype.ML*)
  13.103  lemmas Data_Arg_intros =
  13.104         SigmaI InlI InrI
  13.105 -       Pair_in_univ Inl_in_univ Inr_in_univ 
  13.106 +       Pair_in_univ Inl_in_univ Inr_in_univ
  13.107         zero_in_univ A_into_univ nat_into_univ UnCI
  13.108  
  13.109  (*For most K-branching datatypes with domain Vfrom(A, csucc(K)) *)
  13.110  lemmas inf_datatype_intros =
  13.111       InfCard_nat InfCard_nat_Un_cardinal
  13.112 -     Pair_in_Vcsucc Inl_in_Vcsucc Inr_in_Vcsucc 
  13.113 +     Pair_in_Vcsucc Inl_in_Vcsucc Inr_in_Vcsucc
  13.114       zero_in_Vcsucc A_into_Vfrom nat_into_Vcsucc
  13.115 -     Card_fun_in_Vcsucc fun_in_Vcsucc' UN_I 
  13.116 +     Card_fun_in_Vcsucc fun_in_Vcsucc' UN_I
  13.117  
  13.118  end
  13.119  
    14.1 --- a/src/ZF/IntDiv_ZF.thy	Sun Mar 04 23:20:43 2012 +0100
    14.2 +++ b/src/ZF/IntDiv_ZF.thy	Tue Mar 06 15:15:49 2012 +0000
    14.3 @@ -18,11 +18,11 @@
    14.4  
    14.5      fun negateSnd (q,r:int) = (q,~r);
    14.6  
    14.7 -    fun divAlg (a,b) = if 0<=a then 
    14.8 -                          if b>0 then posDivAlg (a,b) 
    14.9 +    fun divAlg (a,b) = if 0<=a then
   14.10 +                          if b>0 then posDivAlg (a,b)
   14.11                             else if a=0 then (0,0)
   14.12                                  else negateSnd (negDivAlg (~a,~b))
   14.13 -                       else 
   14.14 +                       else
   14.15                            if 0<b then negDivAlg (a,b)
   14.16                            else        negateSnd (posDivAlg (~a,~b));
   14.17  *)
   14.18 @@ -66,7 +66,7 @@
   14.19               %<a,b> f. if (#0 $<= a$+b | b$<=#0) then <#-1,a$+b>
   14.20                         else adjust(b, f ` <a,#2$*b>))"
   14.21  
   14.22 -(*for the general case b\<noteq>0*)
   14.23 +(*for the general case @{term"b\<noteq>0"}*)
   14.24  
   14.25  definition
   14.26    negateSnd :: "i => i"  where
   14.27 @@ -81,7 +81,7 @@
   14.28                    if #0 $<= b then posDivAlg (<a,b>)
   14.29                    else if a=#0 then <#0,#0>
   14.30                         else negateSnd (negDivAlg (<$-a,$-b>))
   14.31 -               else 
   14.32 +               else
   14.33                    if #0$<b then negDivAlg (<a,b>)
   14.34                    else         negateSnd (posDivAlg (<$-a,$-b>))"
   14.35  
   14.36 @@ -226,7 +226,7 @@
   14.37  (** strict, in 1st argument; proof is by induction on k>0 **)
   14.38  
   14.39  lemma zmult_zless_mono2_lemma [rule_format]:
   14.40 -     "[| i$<j; k \<in> nat |] ==> 0<k --> $#k $* i $< $#k $* j"
   14.41 +     "[| i$<j; k \<in> nat |] ==> 0<k \<longrightarrow> $#k $* i $< $#k $* j"
   14.42  apply (induct_tac "k")
   14.43   prefer 2
   14.44   apply (subst int_succ_int_1)
   14.45 @@ -266,13 +266,13 @@
   14.46  
   14.47  lemma zmult_zless_mono1_neg: "[| i $< j;  k $< #0 |] ==> j$*k $< i$*k"
   14.48  apply (rule zminus_zless_zminus [THEN iffD1])
   14.49 -apply (simp del: zmult_zminus_right 
   14.50 +apply (simp del: zmult_zminus_right
   14.51              add: zmult_zminus_right [symmetric] zmult_zless_mono1 zless_zminus)
   14.52  done
   14.53  
   14.54  lemma zmult_zless_mono2_neg: "[| i $< j;  k $< #0 |] ==> k$*j $< k$*i"
   14.55  apply (rule zminus_zless_zminus [THEN iffD1])
   14.56 -apply (simp del: zmult_zminus 
   14.57 +apply (simp del: zmult_zminus
   14.58              add: zmult_zminus [symmetric] zmult_zless_mono2 zless_zminus)
   14.59  done
   14.60  
   14.61 @@ -291,16 +291,16 @@
   14.62  done
   14.63  
   14.64  
   14.65 -(** Cancellation laws for k*m < k*n and m*k < n*k, also for <= and =,
   14.66 +(** Cancellation laws for k*m < k*n and m*k < n*k, also for @{text"\<le>"} and =,
   14.67      but not (yet?) for k*m < n*k. **)
   14.68  
   14.69  lemma zmult_zless_lemma:
   14.70 -     "[| k \<in> int; m \<in> int; n \<in> int |]  
   14.71 +     "[| k \<in> int; m \<in> int; n \<in> int |]
   14.72        ==> (m$*k $< n$*k) <-> ((#0 $< k & m$<n) | (k $< #0 & n$<m))"
   14.73  apply (case_tac "k = #0")
   14.74  apply (auto simp add: neq_iff_zless zmult_zless_mono1 zmult_zless_mono1_neg)
   14.75 -apply (auto simp add: not_zless_iff_zle 
   14.76 -                      not_zle_iff_zless [THEN iff_sym, of "m$*k"] 
   14.77 +apply (auto simp add: not_zless_iff_zle
   14.78 +                      not_zle_iff_zless [THEN iff_sym, of "m$*k"]
   14.79                        not_zle_iff_zless [THEN iff_sym, of m])
   14.80  apply (auto elim: notE
   14.81              simp add: zless_imp_zle zmult_zle_mono1 zmult_zle_mono1_neg)
   14.82 @@ -308,7 +308,7 @@
   14.83  
   14.84  lemma zmult_zless_cancel2:
   14.85       "(m$*k $< n$*k) <-> ((#0 $< k & m$<n) | (k $< #0 & n$<m))"
   14.86 -apply (cut_tac k = "intify (k)" and m = "intify (m)" and n = "intify (n)" 
   14.87 +apply (cut_tac k = "intify (k)" and m = "intify (m)" and n = "intify (n)"
   14.88         in zmult_zless_lemma)
   14.89  apply auto
   14.90  done
   14.91 @@ -318,11 +318,11 @@
   14.92  by (simp add: zmult_commute [of k] zmult_zless_cancel2)
   14.93  
   14.94  lemma zmult_zle_cancel2:
   14.95 -     "(m$*k $<= n$*k) <-> ((#0 $< k --> m$<=n) & (k $< #0 --> n$<=m))"
   14.96 +     "(m$*k $<= n$*k) <-> ((#0 $< k \<longrightarrow> m$<=n) & (k $< #0 \<longrightarrow> n$<=m))"
   14.97  by (auto simp add: not_zless_iff_zle [THEN iff_sym] zmult_zless_cancel2)
   14.98  
   14.99  lemma zmult_zle_cancel1:
  14.100 -     "(k$*m $<= k$*n) <-> ((#0 $< k --> m$<=n) & (k $< #0 --> n$<=m))"
  14.101 +     "(k$*m $<= k$*n) <-> ((#0 $< k \<longrightarrow> m$<=n) & (k $< #0 \<longrightarrow> n$<=m))"
  14.102  by (auto simp add: not_zless_iff_zle [THEN iff_sym] zmult_zless_cancel1)
  14.103  
  14.104  lemma int_eq_iff_zle: "[| m \<in> int; n \<in> int |] ==> m=n <-> (m $<= n & n $<= m)"
  14.105 @@ -350,7 +350,7 @@
  14.106  subsection{* Uniqueness and monotonicity of quotients and remainders *}
  14.107  
  14.108  lemma unique_quotient_lemma:
  14.109 -     "[| b$*q' $+ r' $<= b$*q $+ r;  #0 $<= r';  #0 $< b;  r $< b |]  
  14.110 +     "[| b$*q' $+ r' $<= b$*q $+ r;  #0 $<= r';  #0 $< b;  r $< b |]
  14.111        ==> q' $<= q"
  14.112  apply (subgoal_tac "r' $+ b $* (q'$-q) $<= r")
  14.113   prefer 2 apply (simp add: zdiff_zmult_distrib2 zadd_ac zcompare_rls)
  14.114 @@ -359,18 +359,18 @@
  14.115   apply (erule zle_zless_trans)
  14.116   apply (simp add: zdiff_zmult_distrib2 zadd_zmult_distrib2 zadd_ac zcompare_rls)
  14.117   apply (erule zle_zless_trans)
  14.118 - apply (simp add: ); 
  14.119 + apply (simp add: );
  14.120  apply (subgoal_tac "b $* q' $< b $* (#1 $+ q)")
  14.121 - prefer 2 
  14.122 + prefer 2
  14.123   apply (simp add: zdiff_zmult_distrib2 zadd_zmult_distrib2 zadd_ac zcompare_rls)
  14.124  apply (auto elim: zless_asym
  14.125          simp add: zmult_zless_cancel1 zless_add1_iff_zle zadd_ac zcompare_rls)
  14.126  done
  14.127  
  14.128  lemma unique_quotient_lemma_neg:
  14.129 -     "[| b$*q' $+ r' $<= b$*q $+ r;  r $<= #0;  b $< #0;  b $< r' |]  
  14.130 +     "[| b$*q' $+ r' $<= b$*q $+ r;  r $<= #0;  b $< #0;  b $< r' |]
  14.131        ==> q $<= q'"
  14.132 -apply (rule_tac b = "$-b" and r = "$-r'" and r' = "$-r" 
  14.133 +apply (rule_tac b = "$-b" and r = "$-r'" and r' = "$-r"
  14.134         in unique_quotient_lemma)
  14.135  apply (auto simp del: zminus_zadd_distrib
  14.136              simp add: zminus_zadd_distrib [symmetric] zle_zminus zless_zminus)
  14.137 @@ -378,19 +378,19 @@
  14.138  
  14.139  
  14.140  lemma unique_quotient:
  14.141 -     "[| quorem (<a,b>, <q,r>);  quorem (<a,b>, <q',r'>);  b \<in> int; b ~= #0;  
  14.142 +     "[| quorem (<a,b>, <q,r>);  quorem (<a,b>, <q',r'>);  b \<in> int; b \<noteq> #0;
  14.143           q \<in> int; q' \<in> int |] ==> q = q'"
  14.144  apply (simp add: split_ifs quorem_def neq_iff_zless)
  14.145  apply safe
  14.146  apply simp_all
  14.147  apply (blast intro: zle_anti_sym
  14.148 -             dest: zle_eq_refl [THEN unique_quotient_lemma] 
  14.149 +             dest: zle_eq_refl [THEN unique_quotient_lemma]
  14.150                     zle_eq_refl [THEN unique_quotient_lemma_neg] sym)+
  14.151  done
  14.152  
  14.153  lemma unique_remainder:
  14.154 -     "[| quorem (<a,b>, <q,r>);  quorem (<a,b>, <q',r'>);  b \<in> int; b ~= #0;  
  14.155 -         q \<in> int; q' \<in> int;  
  14.156 +     "[| quorem (<a,b>, <q,r>);  quorem (<a,b>, <q',r'>);  b \<in> int; b \<noteq> #0;
  14.157 +         q \<in> int; q' \<in> int;
  14.158           r \<in> int; r' \<in> int |] ==> r = r'"
  14.159  apply (subgoal_tac "q = q'")
  14.160   prefer 2 apply (blast intro: unique_quotient)
  14.161 @@ -398,18 +398,18 @@
  14.162  done
  14.163  
  14.164  
  14.165 -subsection{*Correctness of posDivAlg, 
  14.166 +subsection{*Correctness of posDivAlg,
  14.167             the Division Algorithm for @{text "a\<ge>0"} and @{text "b>0"} *}
  14.168  
  14.169  lemma adjust_eq [simp]:
  14.170 -     "adjust(b, <q,r>) = (let diff = r$-b in  
  14.171 -                          if #0 $<= diff then <#2$*q $+ #1,diff>   
  14.172 +     "adjust(b, <q,r>) = (let diff = r$-b in
  14.173 +                          if #0 $<= diff then <#2$*q $+ #1,diff>
  14.174                                           else <#2$*q,r>)"
  14.175  by (simp add: Let_def adjust_def)
  14.176  
  14.177  
  14.178  lemma posDivAlg_termination:
  14.179 -     "[| #0 $< b; ~ a $< b |]    
  14.180 +     "[| #0 $< b; ~ a $< b |]
  14.181        ==> nat_of(a $- #2 $\<times> b $+ #1) < nat_of(a $- b $+ #1)"
  14.182  apply (simp (no_asm) add: zless_nat_conj)
  14.183  apply (simp add: not_zless_iff_zle zless_add1_iff_zle zcompare_rls)
  14.184 @@ -418,8 +418,8 @@
  14.185  lemmas posDivAlg_unfold = def_wfrec [OF posDivAlg_def wf_measure]
  14.186  
  14.187  lemma posDivAlg_eqn:
  14.188 -     "[| #0 $< b; a \<in> int; b \<in> int |] ==>  
  14.189 -      posDivAlg(<a,b>) =       
  14.190 +     "[| #0 $< b; a \<in> int; b \<in> int |] ==>
  14.191 +      posDivAlg(<a,b>) =
  14.192         (if a$<b then <#0,a> else adjust(b, posDivAlg (<a, #2$*b>)))"
  14.193  apply (rule posDivAlg_unfold [THEN trans])
  14.194  apply (simp add: vimage_iff not_zless_iff_zle [THEN iff_sym])
  14.195 @@ -428,11 +428,11 @@
  14.196  
  14.197  lemma posDivAlg_induct_lemma [rule_format]:
  14.198    assumes prem:
  14.199 -        "!!a b. [| a \<in> int; b \<in> int;  
  14.200 -                   ~ (a $< b | b $<= #0) --> P(<a, #2 $* b>) |] ==> P(<a,b>)"
  14.201 -  shows "<u,v> \<in> int*int --> P(<u,v>)"
  14.202 +        "!!a b. [| a \<in> int; b \<in> int;
  14.203 +                   ~ (a $< b | b $<= #0) \<longrightarrow> P(<a, #2 $* b>) |] ==> P(<a,b>)"
  14.204 +  shows "<u,v> \<in> int*int \<longrightarrow> P(<u,v>)"
  14.205  apply (rule_tac a = "<u,v>" in wf_induct)
  14.206 -apply (rule_tac A = "int*int" and f = "%<a,b>.nat_of (a $- b $+ #1)" 
  14.207 +apply (rule_tac A = "int*int" and f = "%<a,b>.nat_of (a $- b $+ #1)"
  14.208         in wf_measure)
  14.209  apply clarify
  14.210  apply (rule prem)
  14.211 @@ -446,7 +446,7 @@
  14.212    assumes u_int: "u \<in> int"
  14.213        and v_int: "v \<in> int"
  14.214        and ih: "!!a b. [| a \<in> int; b \<in> int;
  14.215 -                     ~ (a $< b | b $<= #0) --> P(a, #2 $* b) |] ==> P(a,b)"
  14.216 +                     ~ (a $< b | b $<= #0) \<longrightarrow> P(a, #2 $* b) |] ==> P(a,b)"
  14.217    shows "P(u,v)"
  14.218  apply (subgoal_tac "(%<x,y>. P (x,y)) (<u,v>)")
  14.219  apply simp
  14.220 @@ -456,8 +456,8 @@
  14.221  apply (auto simp add: u_int v_int)
  14.222  done
  14.223  
  14.224 -(*FIXME: use intify in integ_of so that we always have integ_of w \<in> int.
  14.225 -    then this rewrite can work for ALL constants!!*)
  14.226 +(*FIXME: use intify in integ_of so that we always have @{term"integ_of w \<in> int"}.
  14.227 +    then this rewrite can work for all constants!!*)
  14.228  lemma intify_eq_0_iff_zle: "intify(m) = #0 <-> (m $<= #0 & #0 $<= m)"
  14.229  apply (simp (no_asm) add: int_eq_iff_zle)
  14.230  done
  14.231 @@ -483,17 +483,17 @@
  14.232  (** Inequality reasoning **)
  14.233  
  14.234  lemma int_0_less_lemma:
  14.235 -     "[| x \<in> int; y \<in> int |]  
  14.236 +     "[| x \<in> int; y \<in> int |]
  14.237        ==> (#0 $< x $* y) <-> (#0 $< x & #0 $< y | x $< #0 & y $< #0)"
  14.238  apply (auto simp add: zle_def not_zless_iff_zle zmult_pos zmult_neg)
  14.239 -apply (rule ccontr) 
  14.240 -apply (rule_tac [2] ccontr) 
  14.241 +apply (rule ccontr)
  14.242 +apply (rule_tac [2] ccontr)
  14.243  apply (auto simp add: zle_def not_zless_iff_zle)
  14.244  apply (erule_tac P = "#0$< x$* y" in rev_mp)
  14.245  apply (erule_tac [2] P = "#0$< x$* y" in rev_mp)
  14.246 -apply (drule zmult_pos_neg, assumption) 
  14.247 +apply (drule zmult_pos_neg, assumption)
  14.248   prefer 2
  14.249 - apply (drule zmult_pos_neg, assumption) 
  14.250 + apply (drule zmult_pos_neg, assumption)
  14.251  apply (auto dest: zless_not_sym simp add: zmult_commute)
  14.252  done
  14.253  
  14.254 @@ -504,7 +504,7 @@
  14.255  done
  14.256  
  14.257  lemma int_0_le_lemma:
  14.258 -     "[| x \<in> int; y \<in> int |]  
  14.259 +     "[| x \<in> int; y \<in> int |]
  14.260        ==> (#0 $<= x $* y) <-> (#0 $<= x & #0 $<= y | x $<= #0 & y $<= #0)"
  14.261  by (auto simp add: zle_def not_zless_iff_zle int_0_less_mult_iff)
  14.262  
  14.263 @@ -532,7 +532,7 @@
  14.264  apply (rule_tac u = "a" and v = "b" in posDivAlg_induct)
  14.265  apply assumption+
  14.266  apply (case_tac "#0 $< ba")
  14.267 - apply (simp add: posDivAlg_eqn adjust_def integ_of_type 
  14.268 + apply (simp add: posDivAlg_eqn adjust_def integ_of_type
  14.269               split add: split_if_asm)
  14.270   apply clarify
  14.271   apply (simp add: int_0_less_mult_iff not_zle_iff_zless)
  14.272 @@ -543,8 +543,8 @@
  14.273  
  14.274  (*Correctness of posDivAlg: it computes quotients correctly*)
  14.275  lemma posDivAlg_correct [rule_format]:
  14.276 -     "[| a \<in> int; b \<in> int |]  
  14.277 -      ==> #0 $<= a --> #0 $< b --> quorem (<a,b>, posDivAlg(<a,b>))"
  14.278 +     "[| a \<in> int; b \<in> int |]
  14.279 +      ==> #0 $<= a \<longrightarrow> #0 $< b \<longrightarrow> quorem (<a,b>, posDivAlg(<a,b>))"
  14.280  apply (rule_tac u = "a" and v = "b" in posDivAlg_induct)
  14.281  apply auto
  14.282     apply (simp_all add: quorem_def)
  14.283 @@ -567,7 +567,7 @@
  14.284  subsection{*Correctness of negDivAlg, the division algorithm for a<0 and b>0*}
  14.285  
  14.286  lemma negDivAlg_termination:
  14.287 -     "[| #0 $< b; a $+ b $< #0 |] 
  14.288 +     "[| #0 $< b; a $+ b $< #0 |]
  14.289        ==> nat_of($- a $- #2 $* b) < nat_of($- a $- b)"
  14.290  apply (simp (no_asm) add: zless_nat_conj)
  14.291  apply (simp add: zcompare_rls not_zle_iff_zless zless_zdiff_iff [THEN iff_sym]
  14.292 @@ -577,9 +577,9 @@
  14.293  lemmas negDivAlg_unfold = def_wfrec [OF negDivAlg_def wf_measure]
  14.294  
  14.295  lemma negDivAlg_eqn:
  14.296 -     "[| #0 $< b; a : int; b : int |] ==>  
  14.297 -      negDivAlg(<a,b>) =       
  14.298 -       (if #0 $<= a$+b then <#-1,a$+b>  
  14.299 +     "[| #0 $< b; a \<in> int; b \<in> int |] ==>
  14.300 +      negDivAlg(<a,b>) =
  14.301 +       (if #0 $<= a$+b then <#-1,a$+b>
  14.302                         else adjust(b, negDivAlg (<a, #2$*b>)))"
  14.303  apply (rule negDivAlg_unfold [THEN trans])
  14.304  apply (simp (no_asm_simp) add: vimage_iff not_zless_iff_zle [THEN iff_sym])
  14.305 @@ -588,12 +588,12 @@
  14.306  
  14.307  lemma negDivAlg_induct_lemma [rule_format]:
  14.308    assumes prem:
  14.309 -        "!!a b. [| a \<in> int; b \<in> int;  
  14.310 -                   ~ (#0 $<= a $+ b | b $<= #0) --> P(<a, #2 $* b>) |]  
  14.311 +        "!!a b. [| a \<in> int; b \<in> int;
  14.312 +                   ~ (#0 $<= a $+ b | b $<= #0) \<longrightarrow> P(<a, #2 $* b>) |]
  14.313                  ==> P(<a,b>)"
  14.314 -  shows "<u,v> \<in> int*int --> P(<u,v>)"
  14.315 +  shows "<u,v> \<in> int*int \<longrightarrow> P(<u,v>)"
  14.316  apply (rule_tac a = "<u,v>" in wf_induct)
  14.317 -apply (rule_tac A = "int*int" and f = "%<a,b>.nat_of ($- a $- b)" 
  14.318 +apply (rule_tac A = "int*int" and f = "%<a,b>.nat_of ($- a $- b)"
  14.319         in wf_measure)
  14.320  apply clarify
  14.321  apply (rule prem)
  14.322 @@ -605,8 +605,8 @@
  14.323  lemma negDivAlg_induct [consumes 2]:
  14.324    assumes u_int: "u \<in> int"
  14.325        and v_int: "v \<in> int"
  14.326 -      and ih: "!!a b. [| a \<in> int; b \<in> int;  
  14.327 -                         ~ (#0 $<= a $+ b | b $<= #0) --> P(a, #2 $* b) |]  
  14.328 +      and ih: "!!a b. [| a \<in> int; b \<in> int;
  14.329 +                         ~ (#0 $<= a $+ b | b $<= #0) \<longrightarrow> P(a, #2 $* b) |]
  14.330                        ==> P(a,b)"
  14.331    shows "P(u,v)"
  14.332  apply (subgoal_tac " (%<x,y>. P (x,y)) (<u,v>)")
  14.333 @@ -624,7 +624,7 @@
  14.334  apply (rule_tac u = "a" and v = "b" in negDivAlg_induct)
  14.335  apply assumption+
  14.336  apply (case_tac "#0 $< ba")
  14.337 - apply (simp add: negDivAlg_eqn adjust_def integ_of_type 
  14.338 + apply (simp add: negDivAlg_eqn adjust_def integ_of_type
  14.339               split add: split_if_asm)
  14.340   apply clarify
  14.341   apply (simp add: int_0_less_mult_iff not_zle_iff_zless)
  14.342 @@ -637,8 +637,8 @@
  14.343  (*Correctness of negDivAlg: it computes quotients correctly
  14.344    It doesn't work if a=0 because the 0/b=0 rather than -1*)
  14.345  lemma negDivAlg_correct [rule_format]:
  14.346 -     "[| a \<in> int; b \<in> int |]  
  14.347 -      ==> a $< #0 --> #0 $< b --> quorem (<a,b>, negDivAlg(<a,b>))"
  14.348 +     "[| a \<in> int; b \<in> int |]
  14.349 +      ==> a $< #0 \<longrightarrow> #0 $< b \<longrightarrow> quorem (<a,b>, negDivAlg(<a,b>))"
  14.350  apply (rule_tac u = "a" and v = "b" in negDivAlg_induct)
  14.351    apply auto
  14.352     apply (simp_all add: quorem_def)
  14.353 @@ -698,7 +698,7 @@
  14.354  done
  14.355  
  14.356  lemma quorem_neg:
  14.357 -     "[|quorem (<$-a,$-b>, qr);  a \<in> int;  b \<in> int;  qr \<in> int * int|]   
  14.358 +     "[|quorem (<$-a,$-b>, qr);  a \<in> int;  b \<in> int;  qr \<in> int * int|]
  14.359        ==> quorem (<a,b>, negateSnd(qr))"
  14.360  apply clarify
  14.361  apply (auto elim: zless_asym simp add: quorem_def zless_zminus)
  14.362 @@ -714,7 +714,7 @@
  14.363       "[|b \<noteq> #0;  a \<in> int;  b \<in> int|] ==> quorem (<a,b>, divAlg(<a,b>))"
  14.364  apply (auto simp add: quorem_0 divAlg_def)
  14.365  apply (safe intro!: quorem_neg posDivAlg_correct negDivAlg_correct
  14.366 -                    posDivAlg_type negDivAlg_type) 
  14.367 +                    posDivAlg_type negDivAlg_type)
  14.368  apply (auto simp add: quorem_def neq_iff_zless)
  14.369  txt{*linear arithmetic from here on*}
  14.370  apply (auto simp add: zle_def)
  14.371 @@ -756,7 +756,7 @@
  14.372  done
  14.373  
  14.374  
  14.375 -(** Arbitrary definitions for division by zero.  Useful to simplify 
  14.376 +(** Arbitrary definitions for division by zero.  Useful to simplify
  14.377      certain equations **)
  14.378  
  14.379  lemma DIVISION_BY_ZERO_ZDIV: "a zdiv #0 = #0"
  14.380 @@ -774,7 +774,7 @@
  14.381  lemma raw_zmod_zdiv_equality:
  14.382       "[| a \<in> int; b \<in> int |] ==> a = b $* (a zdiv b) $+ (a zmod b)"
  14.383  apply (case_tac "b = #0")
  14.384 - apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD) 
  14.385 + apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD)
  14.386  apply (cut_tac a = "a" and b = "b" in divAlg_correct)
  14.387  apply (auto simp add: quorem_def zdiv_def zmod_def split_def)
  14.388  done
  14.389 @@ -808,21 +808,21 @@
  14.390  (** proving general properties of zdiv and zmod **)
  14.391  
  14.392  lemma quorem_div_mod:
  14.393 -     "[|b \<noteq> #0;  a \<in> int;  b \<in> int |]  
  14.394 +     "[|b \<noteq> #0;  a \<in> int;  b \<in> int |]
  14.395        ==> quorem (<a,b>, <a zdiv b, a zmod b>)"
  14.396  apply (cut_tac a = "a" and b = "b" in zmod_zdiv_equality)
  14.397 -apply (auto simp add: quorem_def neq_iff_zless pos_mod_sign pos_mod_bound 
  14.398 +apply (auto simp add: quorem_def neq_iff_zless pos_mod_sign pos_mod_bound
  14.399                        neg_mod_sign neg_mod_bound)
  14.400  done
  14.401  
  14.402 -(*Surely quorem(<a,b>,<q,r>) implies a \<in> int, but it doesn't matter*)
  14.403 +(*Surely quorem(<a,b>,<q,r>) implies @{term"a \<in> int"}, but it doesn't matter*)
  14.404  lemma quorem_div:
  14.405 -     "[| quorem(<a,b>,<q,r>);  b \<noteq> #0;  a \<in> int;  b \<in> int;  q \<in> int |]  
  14.406 +     "[| quorem(<a,b>,<q,r>);  b \<noteq> #0;  a \<in> int;  b \<in> int;  q \<in> int |]
  14.407        ==> a zdiv b = q"
  14.408  by (blast intro: quorem_div_mod [THEN unique_quotient])
  14.409  
  14.410  lemma quorem_mod:
  14.411 -     "[| quorem(<a,b>,<q,r>); b \<noteq> #0; a \<in> int; b \<in> int; q \<in> int; r \<in> int |] 
  14.412 +     "[| quorem(<a,b>,<q,r>); b \<noteq> #0; a \<in> int; b \<in> int; q \<in> int; r \<in> int |]
  14.413        ==> a zmod b = r"
  14.414  by (blast intro: quorem_div_mod [THEN unique_remainder])
  14.415  
  14.416 @@ -835,7 +835,7 @@
  14.417  done
  14.418  
  14.419  lemma zdiv_pos_pos_trivial: "[| #0 $<= a;  a $< b |] ==> a zdiv b = #0"
  14.420 -apply (cut_tac a = "intify (a)" and b = "intify (b)" 
  14.421 +apply (cut_tac a = "intify (a)" and b = "intify (b)"
  14.422         in zdiv_pos_pos_trivial_raw)
  14.423  apply auto
  14.424  done
  14.425 @@ -849,7 +849,7 @@
  14.426  done
  14.427  
  14.428  lemma zdiv_neg_neg_trivial: "[| a $<= #0;  b $< a |] ==> a zdiv b = #0"
  14.429 -apply (cut_tac a = "intify (a)" and b = "intify (b)" 
  14.430 +apply (cut_tac a = "intify (a)" and b = "intify (b)"
  14.431         in zdiv_neg_neg_trivial_raw)
  14.432  apply auto
  14.433  done
  14.434 @@ -869,7 +869,7 @@
  14.435  done
  14.436  
  14.437  lemma zdiv_pos_neg_trivial: "[| #0 $< a;  a$+b $<= #0 |] ==> a zdiv b = #-1"
  14.438 -apply (cut_tac a = "intify (a)" and b = "intify (b)" 
  14.439 +apply (cut_tac a = "intify (a)" and b = "intify (b)"
  14.440         in zdiv_pos_neg_trivial_raw)
  14.441  apply auto
  14.442  done
  14.443 @@ -886,7 +886,7 @@
  14.444  done
  14.445  
  14.446  lemma zmod_pos_pos_trivial: "[| #0 $<= a;  a $< b |] ==> a zmod b = intify(a)"
  14.447 -apply (cut_tac a = "intify (a)" and b = "intify (b)" 
  14.448 +apply (cut_tac a = "intify (a)" and b = "intify (b)"
  14.449         in zmod_pos_pos_trivial_raw)
  14.450  apply auto
  14.451  done
  14.452 @@ -900,7 +900,7 @@
  14.453  done
  14.454  
  14.455  lemma zmod_neg_neg_trivial: "[| a $<= #0;  b $< a |] ==> a zmod b = intify(a)"
  14.456 -apply (cut_tac a = "intify (a)" and b = "intify (b)" 
  14.457 +apply (cut_tac a = "intify (a)" and b = "intify (b)"
  14.458         in zmod_neg_neg_trivial_raw)
  14.459  apply auto
  14.460  done
  14.461 @@ -914,7 +914,7 @@
  14.462  done
  14.463  
  14.464  lemma zmod_pos_neg_trivial: "[| #0 $< a;  a$+b $<= #0 |] ==> a zmod b = a$+b"
  14.465 -apply (cut_tac a = "intify (a)" and b = "intify (b)" 
  14.466 +apply (cut_tac a = "intify (a)" and b = "intify (b)"
  14.467         in zmod_pos_neg_trivial_raw)
  14.468  apply auto
  14.469  done
  14.470 @@ -927,7 +927,7 @@
  14.471  lemma zdiv_zminus_zminus_raw:
  14.472       "[|a \<in> int;  b \<in> int|] ==> ($-a) zdiv ($-b) = a zdiv b"
  14.473  apply (case_tac "b = #0")
  14.474 - apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD) 
  14.475 + apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD)
  14.476  apply (subst quorem_div_mod [THEN quorem_neg, simplified, THEN quorem_div])
  14.477  apply auto
  14.478  done
  14.479 @@ -941,7 +941,7 @@
  14.480  lemma zmod_zminus_zminus_raw:
  14.481       "[|a \<in> int;  b \<in> int|] ==> ($-a) zmod ($-b) = $- (a zmod b)"
  14.482  apply (case_tac "b = #0")
  14.483 - apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD) 
  14.484 + apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD)
  14.485  apply (subst quorem_div_mod [THEN quorem_neg, simplified, THEN quorem_mod])
  14.486  apply auto
  14.487  done
  14.488 @@ -1008,7 +1008,7 @@
  14.489  (*Here we have 0 zmod 0 = 0, also assumed by Knuth (who puts m zmod 0 = 0) *)
  14.490  lemma zmod_self_raw: "a \<in> int ==> a zmod a = #0"
  14.491  apply (case_tac "a = #0")
  14.492 - apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD) 
  14.493 + apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD)
  14.494  apply (blast intro: quorem_div_mod [THEN self_remainder])
  14.495  done
  14.496  
  14.497 @@ -1042,14 +1042,14 @@
  14.498  
  14.499  (** a positive, b positive **)
  14.500  
  14.501 -lemma zdiv_pos_pos: "[| #0 $< a;  #0 $<= b |]  
  14.502 +lemma zdiv_pos_pos: "[| #0 $< a;  #0 $<= b |]
  14.503        ==> a zdiv b = fst (posDivAlg(<intify(a), intify(b)>))"
  14.504  apply (simp (no_asm_simp) add: zdiv_def divAlg_def)
  14.505  apply (auto simp add: zle_def)
  14.506  done
  14.507  
  14.508  lemma zmod_pos_pos:
  14.509 -     "[| #0 $< a;  #0 $<= b |]  
  14.510 +     "[| #0 $< a;  #0 $<= b |]
  14.511        ==> a zmod b = snd (posDivAlg(<intify(a), intify(b)>))"
  14.512  apply (simp (no_asm_simp) add: zmod_def divAlg_def)
  14.513  apply (auto simp add: zle_def)
  14.514 @@ -1058,14 +1058,14 @@
  14.515  (** a negative, b positive **)
  14.516  
  14.517  lemma zdiv_neg_pos:
  14.518 -     "[| a $< #0;  #0 $< b |]  
  14.519 +     "[| a $< #0;  #0 $< b |]
  14.520        ==> a zdiv b = fst (negDivAlg(<intify(a), intify(b)>))"
  14.521  apply (simp (no_asm_simp) add: zdiv_def divAlg_def)
  14.522  apply (blast dest: zle_zless_trans)
  14.523  done
  14.524  
  14.525  lemma zmod_neg_pos:
  14.526 -     "[| a $< #0;  #0 $< b |]  
  14.527 +     "[| a $< #0;  #0 $< b |]
  14.528        ==> a zmod b = snd (negDivAlg(<intify(a), intify(b)>))"
  14.529  apply (simp (no_asm_simp) add: zmod_def divAlg_def)
  14.530  apply (blast dest: zle_zless_trans)
  14.531 @@ -1074,7 +1074,7 @@
  14.532  (** a positive, b negative **)
  14.533  
  14.534  lemma zdiv_pos_neg:
  14.535 -     "[| #0 $< a;  b $< #0 |]  
  14.536 +     "[| #0 $< a;  b $< #0 |]
  14.537        ==> a zdiv b = fst (negateSnd(negDivAlg (<$-a, $-b>)))"
  14.538  apply (simp (no_asm_simp) add: zdiv_def divAlg_def intify_eq_0_iff_zle)
  14.539  apply auto
  14.540 @@ -1084,7 +1084,7 @@
  14.541  done
  14.542  
  14.543  lemma zmod_pos_neg:
  14.544 -     "[| #0 $< a;  b $< #0 |]  
  14.545 +     "[| #0 $< a;  b $< #0 |]
  14.546        ==> a zmod b = snd (negateSnd(negDivAlg (<$-a, $-b>)))"
  14.547  apply (simp (no_asm_simp) add: zmod_def divAlg_def intify_eq_0_iff_zle)
  14.548  apply auto
  14.549 @@ -1096,7 +1096,7 @@
  14.550  (** a negative, b negative **)
  14.551  
  14.552  lemma zdiv_neg_neg:
  14.553 -     "[| a $< #0;  b $<= #0 |]  
  14.554 +     "[| a $< #0;  b $<= #0 |]
  14.555        ==> a zdiv b = fst (negateSnd(posDivAlg(<$-a, $-b>)))"
  14.556  apply (simp (no_asm_simp) add: zdiv_def divAlg_def)
  14.557  apply auto
  14.558 @@ -1104,7 +1104,7 @@
  14.559  done
  14.560  
  14.561  lemma zmod_neg_neg:
  14.562 -     "[| a $< #0;  b $<= #0 |]  
  14.563 +     "[| a $< #0;  b $<= #0 |]
  14.564        ==> a zmod b = snd (negateSnd(posDivAlg(<$-a, $-b>)))"
  14.565  apply (simp (no_asm_simp) add: zmod_def divAlg_def)
  14.566  apply auto
  14.567 @@ -1198,10 +1198,10 @@
  14.568  done
  14.569  
  14.570  lemma zdiv_mono2_lemma:
  14.571 -     "[| b$*q $+ r = b'$*q' $+ r';  #0 $<= b'$*q' $+ r';   
  14.572 -         r' $< b';  #0 $<= r;  #0 $< b';  b' $<= b |]   
  14.573 +     "[| b$*q $+ r = b'$*q' $+ r';  #0 $<= b'$*q' $+ r';
  14.574 +         r' $< b';  #0 $<= r;  #0 $< b';  b' $<= b |]
  14.575        ==> q $<= q'"
  14.576 -apply (frule q_pos_lemma, assumption+) 
  14.577 +apply (frule q_pos_lemma, assumption+)
  14.578  apply (subgoal_tac "b$*q $< b$* (q' $+ #1)")
  14.579   apply (simp add: zmult_zless_cancel1)
  14.580   apply (force dest: zless_add1_iff_zle [THEN iffD1] zless_trans zless_zle_trans)
  14.581 @@ -1219,7 +1219,7 @@
  14.582  
  14.583  
  14.584  lemma zdiv_mono2_raw:
  14.585 -     "[| #0 $<= a;  #0 $< b';  b' $<= b;  a \<in> int |]   
  14.586 +     "[| #0 $<= a;  #0 $< b';  b' $<= b;  a \<in> int |]
  14.587        ==> a zdiv b $<= a zdiv b'"
  14.588  apply (subgoal_tac "#0 $< b")
  14.589   prefer 2 apply (blast dest: zless_zle_trans)
  14.590 @@ -1232,7 +1232,7 @@
  14.591  done
  14.592  
  14.593  lemma zdiv_mono2:
  14.594 -     "[| #0 $<= a;  #0 $< b';  b' $<= b |]   
  14.595 +     "[| #0 $<= a;  #0 $< b';  b' $<= b |]
  14.596        ==> a zdiv b $<= a zdiv b'"
  14.597  apply (cut_tac a = "intify (a)" in zdiv_mono2_raw)
  14.598  apply auto
  14.599 @@ -1249,12 +1249,12 @@
  14.600  
  14.601  
  14.602  lemma zdiv_mono2_neg_lemma:
  14.603 -     "[| b$*q $+ r = b'$*q' $+ r';  b'$*q' $+ r' $< #0;   
  14.604 -         r $< b;  #0 $<= r';  #0 $< b';  b' $<= b |]   
  14.605 +     "[| b$*q $+ r = b'$*q' $+ r';  b'$*q' $+ r' $< #0;
  14.606 +         r $< b;  #0 $<= r';  #0 $< b';  b' $<= b |]
  14.607        ==> q' $<= q"
  14.608  apply (subgoal_tac "#0 $< b")
  14.609   prefer 2 apply (blast dest: zless_zle_trans)
  14.610 -apply (frule q_neg_lemma, assumption+) 
  14.611 +apply (frule q_neg_lemma, assumption+)
  14.612  apply (subgoal_tac "b$*q' $< b$* (q $+ #1)")
  14.613   apply (simp add: zmult_zless_cancel1)
  14.614   apply (blast dest: zless_trans zless_add1_iff_zle [THEN iffD1])
  14.615 @@ -1278,7 +1278,7 @@
  14.616  done
  14.617  
  14.618  lemma zdiv_mono2_neg_raw:
  14.619 -     "[| a $< #0;  #0 $< b';  b' $<= b;  a \<in> int |]   
  14.620 +     "[| a $< #0;  #0 $< b';  b' $<= b;  a \<in> int |]
  14.621        ==> a zdiv b' $<= a zdiv b"
  14.622  apply (subgoal_tac "#0 $< b")
  14.623   prefer 2 apply (blast dest: zless_zle_trans)
  14.624 @@ -1290,7 +1290,7 @@
  14.625  apply (simp_all add: pos_mod_sign pos_mod_bound)
  14.626  done
  14.627  
  14.628 -lemma zdiv_mono2_neg: "[| a $< #0;  #0 $< b';  b' $<= b |]   
  14.629 +lemma zdiv_mono2_neg: "[| a $< #0;  #0 $< b';  b' $<= b |]
  14.630        ==> a zdiv b' $<= a zdiv b"
  14.631  apply (cut_tac a = "intify (a)" in zdiv_mono2_neg_raw)
  14.632  apply auto
  14.633 @@ -1303,18 +1303,18 @@
  14.634  (** proving (a*b) zdiv c = a $* (b zdiv c) $+ a * (b zmod c) **)
  14.635  
  14.636  lemma zmult1_lemma:
  14.637 -     "[| quorem(<b,c>, <q,r>);  c \<in> int;  c \<noteq> #0 |]  
  14.638 +     "[| quorem(<b,c>, <q,r>);  c \<in> int;  c \<noteq> #0 |]
  14.639        ==> quorem (<a$*b, c>, <a$*q $+ (a$*r) zdiv c, (a$*r) zmod c>)"
  14.640  apply (auto simp add: split_ifs quorem_def neq_iff_zless zadd_zmult_distrib2
  14.641                        pos_mod_sign pos_mod_bound neg_mod_sign neg_mod_bound)
  14.642 -apply (auto intro: raw_zmod_zdiv_equality) 
  14.643 +apply (auto intro: raw_zmod_zdiv_equality)
  14.644  done
  14.645  
  14.646  lemma zdiv_zmult1_eq_raw:
  14.647 -     "[|b \<in> int;  c \<in> int|]  
  14.648 +     "[|b \<in> int;  c \<in> int|]
  14.649        ==> (a$*b) zdiv c = a$*(b zdiv c) $+ a$*(b zmod c) zdiv c"
  14.650  apply (case_tac "c = #0")
  14.651 - apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD) 
  14.652 + apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD)
  14.653  apply (rule quorem_div_mod [THEN zmult1_lemma, THEN quorem_div])
  14.654  apply auto
  14.655  done
  14.656 @@ -1327,7 +1327,7 @@
  14.657  lemma zmod_zmult1_eq_raw:
  14.658       "[|b \<in> int;  c \<in> int|] ==> (a$*b) zmod c = a$*(b zmod c) zmod c"
  14.659  apply (case_tac "c = #0")
  14.660 - apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD) 
  14.661 + apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD)
  14.662  apply (rule quorem_div_mod [THEN zmult1_lemma, THEN quorem_mod])
  14.663  apply auto
  14.664  done
  14.665 @@ -1366,12 +1366,12 @@
  14.666  done
  14.667  
  14.668  
  14.669 -(** proving (a$+b) zdiv c = 
  14.670 +(** proving (a$+b) zdiv c =
  14.671              a zdiv c $+ b zdiv c $+ ((a zmod c $+ b zmod c) zdiv c) **)
  14.672  
  14.673  lemma zadd1_lemma:
  14.674 -     "[| quorem(<a,c>, <aq,ar>);  quorem(<b,c>, <bq,br>);   
  14.675 -         c \<in> int;  c \<noteq> #0 |]  
  14.676 +     "[| quorem(<a,c>, <aq,ar>);  quorem(<b,c>, <bq,br>);
  14.677 +         c \<in> int;  c \<noteq> #0 |]
  14.678        ==> quorem (<a$+b, c>, <aq $+ bq $+ (ar$+br) zdiv c, (ar$+br) zmod c>)"
  14.679  apply (auto simp add: split_ifs quorem_def neq_iff_zless zadd_zmult_distrib2
  14.680                        pos_mod_sign pos_mod_bound neg_mod_sign neg_mod_bound)
  14.681 @@ -1380,32 +1380,32 @@
  14.682  
  14.683  (*NOT suitable for rewriting: the RHS has an instance of the LHS*)
  14.684  lemma zdiv_zadd1_eq_raw:
  14.685 -     "[|a \<in> int; b \<in> int; c \<in> int|] ==>  
  14.686 +     "[|a \<in> int; b \<in> int; c \<in> int|] ==>
  14.687        (a$+b) zdiv c = a zdiv c $+ b zdiv c $+ ((a zmod c $+ b zmod c) zdiv c)"
  14.688  apply (case_tac "c = #0")
  14.689 - apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD) 
  14.690 + apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD)
  14.691  apply (blast intro: zadd1_lemma [OF quorem_div_mod quorem_div_mod,
  14.692                                   THEN quorem_div])
  14.693  done
  14.694  
  14.695  lemma zdiv_zadd1_eq:
  14.696       "(a$+b) zdiv c = a zdiv c $+ b zdiv c $+ ((a zmod c $+ b zmod c) zdiv c)"
  14.697 -apply (cut_tac a = "intify (a)" and b = "intify (b)" and c = "intify (c)" 
  14.698 +apply (cut_tac a = "intify (a)" and b = "intify (b)" and c = "intify (c)"
  14.699         in zdiv_zadd1_eq_raw)
  14.700  apply auto
  14.701  done
  14.702  
  14.703  lemma zmod_zadd1_eq_raw:
  14.704 -     "[|a \<in> int; b \<in> int; c \<in> int|]   
  14.705 +     "[|a \<in> int; b \<in> int; c \<in> int|]
  14.706        ==> (a$+b) zmod c = (a zmod c $+ b zmod c) zmod c"
  14.707  apply (case_tac "c = #0")
  14.708 - apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD) 
  14.709 -apply (blast intro: zadd1_lemma [OF quorem_div_mod quorem_div_mod, 
  14.710 + apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD)
  14.711 +apply (blast intro: zadd1_lemma [OF quorem_div_mod quorem_div_mod,
  14.712                                   THEN quorem_mod])
  14.713  done
  14.714  
  14.715  lemma zmod_zadd1_eq: "(a$+b) zmod c = (a zmod c $+ b zmod c) zmod c"
  14.716 -apply (cut_tac a = "intify (a)" and b = "intify (b)" and c = "intify (c)" 
  14.717 +apply (cut_tac a = "intify (a)" and b = "intify (b)" and c = "intify (c)"
  14.718         in zmod_zadd1_eq_raw)
  14.719  apply auto
  14.720  done
  14.721 @@ -1413,7 +1413,7 @@
  14.722  lemma zmod_div_trivial_raw:
  14.723       "[|a \<in> int; b \<in> int|] ==> (a zmod b) zdiv b = #0"
  14.724  apply (case_tac "b = #0")
  14.725 - apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD) 
  14.726 + apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD)
  14.727  apply (auto simp add: neq_iff_zless pos_mod_sign pos_mod_bound
  14.728           zdiv_pos_pos_trivial neg_mod_sign neg_mod_bound zdiv_neg_neg_trivial)
  14.729  done
  14.730 @@ -1426,8 +1426,8 @@
  14.731  lemma zmod_mod_trivial_raw:
  14.732       "[|a \<in> int; b \<in> int|] ==> (a zmod b) zmod b = a zmod b"
  14.733  apply (case_tac "b = #0")
  14.734 - apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD) 
  14.735 -apply (auto simp add: neq_iff_zless pos_mod_sign pos_mod_bound 
  14.736 + apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD)
  14.737 +apply (auto simp add: neq_iff_zless pos_mod_sign pos_mod_bound
  14.738         zmod_pos_pos_trivial neg_mod_sign neg_mod_bound zmod_neg_neg_trivial)
  14.739  done
  14.740  
  14.741 @@ -1461,13 +1461,13 @@
  14.742  
  14.743  lemma zmod_zadd_self1 [simp]: "(a$+b) zmod a = b zmod a"
  14.744  apply (case_tac "a = #0")
  14.745 - apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD) 
  14.746 + apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD)
  14.747  apply (simp (no_asm_simp) add: zmod_zadd1_eq)
  14.748  done
  14.749  
  14.750  lemma zmod_zadd_self2 [simp]: "(b$+a) zmod a = b zmod a"
  14.751  apply (case_tac "a = #0")
  14.752 - apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD) 
  14.753 + apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD)
  14.754  apply (simp (no_asm_simp) add: zmod_zadd1_eq)
  14.755  done
  14.756  
  14.757 @@ -1495,7 +1495,7 @@
  14.758       "[| #0 $< c;   b $< r;  r $<= #0 |] ==> b $* (q zmod c) $+ r $<= #0"
  14.759  apply (subgoal_tac "b $* (q zmod c) $<= #0")
  14.760   prefer 2
  14.761 - apply (simp add: zmult_le_0_iff pos_mod_sign) 
  14.762 + apply (simp add: zmult_le_0_iff pos_mod_sign)
  14.763   apply (blast intro: zless_imp_zle dest: zless_zle_trans)
  14.764  (*arithmetic*)
  14.765  apply (drule zadd_zle_mono)
  14.766 @@ -1507,7 +1507,7 @@
  14.767       "[| #0 $< c;  #0 $<= r;  r $< b |] ==> #0 $<= b $* (q zmod c) $+ r"
  14.768  apply (subgoal_tac "#0 $<= b $* (q zmod c)")
  14.769   prefer 2
  14.770 - apply (simp add: int_0_le_mult_iff pos_mod_sign) 
  14.771 + apply (simp add: int_0_le_mult_iff pos_mod_sign)
  14.772   apply (blast intro: zless_imp_zle dest: zle_zless_trans)
  14.773  (*arithmetic*)
  14.774  apply (drule zadd_zle_mono)
  14.775 @@ -1527,10 +1527,10 @@
  14.776  done
  14.777  
  14.778  lemma zdiv_zmult2_lemma:
  14.779 -     "[| quorem (<a,b>, <q,r>);  a \<in> int;  b \<in> int;  b \<noteq> #0;  #0 $< c |]  
  14.780 +     "[| quorem (<a,b>, <q,r>);  a \<in> int;  b \<in> int;  b \<noteq> #0;  #0 $< c |]
  14.781        ==> quorem (<a,b$*c>, <q zdiv c, b$*(q zmod c) $+ r>)"
  14.782  apply (auto simp add: zmult_ac zmod_zdiv_equality [symmetric] quorem_def
  14.783 -               neq_iff_zless int_0_less_mult_iff 
  14.784 +               neq_iff_zless int_0_less_mult_iff
  14.785                 zadd_zmult_distrib2 [symmetric] zdiv_zmult2_aux1 zdiv_zmult2_aux2
  14.786                 zdiv_zmult2_aux3 zdiv_zmult2_aux4)
  14.787  apply (blast dest: zless_trans)+
  14.788 @@ -1539,7 +1539,7 @@
  14.789  lemma zdiv_zmult2_eq_raw:
  14.790       "[|#0 $< c;  a \<in> int;  b \<in> int|] ==> a zdiv (b$*c) = (a zdiv b) zdiv c"
  14.791  apply (case_tac "b = #0")
  14.792 - apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD) 
  14.793 + apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD)
  14.794  apply (rule quorem_div_mod [THEN zdiv_zmult2_lemma, THEN quorem_div])
  14.795  apply (auto simp add: intify_eq_0_iff_zle)
  14.796  apply (blast dest: zle_zless_trans)
  14.797 @@ -1551,10 +1551,10 @@
  14.798  done
  14.799  
  14.800  lemma zmod_zmult2_eq_raw:
  14.801 -     "[|#0 $< c;  a \<in> int;  b \<in> int|]  
  14.802 +     "[|#0 $< c;  a \<in> int;  b \<in> int|]
  14.803        ==> a zmod (b$*c) = b$*(a zdiv b zmod c) $+ a zmod b"
  14.804  apply (case_tac "b = #0")
  14.805 - apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD) 
  14.806 + apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD)
  14.807  apply (rule quorem_div_mod [THEN zdiv_zmult2_lemma, THEN quorem_mod])
  14.808  apply (auto simp add: intify_eq_0_iff_zle)
  14.809  apply (blast dest: zle_zless_trans)
  14.810 @@ -1584,7 +1584,7 @@
  14.811  lemma zdiv_zmult_zmult1_raw:
  14.812       "[|intify(c) \<noteq> #0; b \<in> int|] ==> (c$*a) zdiv (c$*b) = a zdiv b"
  14.813  apply (case_tac "b = #0")
  14.814 - apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD) 
  14.815 + apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD)
  14.816  apply (auto simp add: neq_iff_zless [of b]
  14.817    zdiv_zmult_zmult1_aux1 zdiv_zmult_zmult1_aux2)
  14.818  done
  14.819 @@ -1603,14 +1603,14 @@
  14.820  subsection{* Distribution of factors over "zmod" *}
  14.821  
  14.822  lemma zmod_zmult_zmult1_aux1:
  14.823 -     "[| #0 $< b;  intify(c) \<noteq> #0 |]  
  14.824 +     "[| #0 $< b;  intify(c) \<noteq> #0 |]
  14.825        ==> (c$*a) zmod (c$*b) = c $* (a zmod b)"
  14.826  apply (subst zmod_zmult2_eq)
  14.827  apply auto
  14.828  done
  14.829  
  14.830  lemma zmod_zmult_zmult1_aux2:
  14.831 -     "[| b $< #0;  intify(c) \<noteq> #0 |]  
  14.832 +     "[| b $< #0;  intify(c) \<noteq> #0 |]
  14.833        ==> (c$*a) zmod (c$*b) = c $* (a zmod b)"
  14.834  apply (subgoal_tac " (c $* ($-a)) zmod (c $* ($-b)) = c $* (($-a) zmod ($-b))")
  14.835  apply (rule_tac [2] zmod_zmult_zmult1_aux1)
  14.836 @@ -1620,9 +1620,9 @@
  14.837  lemma zmod_zmult_zmult1_raw:
  14.838       "[|b \<in> int; c \<in> int|] ==> (c$*a) zmod (c$*b) = c $* (a zmod b)"
  14.839  apply (case_tac "b = #0")
  14.840 - apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD) 
  14.841 + apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD)
  14.842  apply (case_tac "c = #0")
  14.843 - apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD) 
  14.844 + apply (simp add: DIVISION_BY_ZERO_ZDIV DIVISION_BY_ZERO_ZMOD)
  14.845  apply (auto simp add: neq_iff_zless [of b]
  14.846    zmod_zmult_zmult1_aux1 zmod_zmult_zmult1_aux2)
  14.847  done
  14.848 @@ -1726,9 +1726,9 @@
  14.849   apply auto
  14.850   done
  14.851  
  14.852 - lemma zdiv_integ_of_BIT: "integ_of (v BIT b) zdiv integ_of (w BIT False) =  
  14.853 -           (if ~b | #0 $<= integ_of w                    
  14.854 -            then integ_of v zdiv (integ_of w)     
  14.855 + lemma zdiv_integ_of_BIT: "integ_of (v BIT b) zdiv integ_of (w BIT False) =
  14.856 +           (if ~b | #0 $<= integ_of w
  14.857 +            then integ_of v zdiv (integ_of w)
  14.858              else (integ_of v $+ #1) zdiv (integ_of w))"
  14.859   apply (simp_tac (global_simpset_of Int.thy add: zadd_assoc integ_of_BIT)
  14.860   apply (simp (no_asm_simp) del: bin_arith_extra_simps@bin_rel_simps add: zdiv_zmult_zmult1 pos_zdiv_mult_2 lemma neg_zdiv_mult_2)
  14.861 @@ -1770,11 +1770,11 @@
  14.862   apply auto
  14.863   done
  14.864  
  14.865 - lemma zmod_integ_of_BIT: "integ_of (v BIT b) zmod integ_of (w BIT False) =  
  14.866 -           (if b then  
  14.867 -                 if #0 $<= integ_of w  
  14.868 -                 then #2 $* (integ_of v zmod integ_of w) $+ #1     
  14.869 -                 else #2 $* ((integ_of v $+ #1) zmod integ_of w) - #1   
  14.870 + lemma zmod_integ_of_BIT: "integ_of (v BIT b) zmod integ_of (w BIT False) =
  14.871 +           (if b then
  14.872 +                 if #0 $<= integ_of w
  14.873 +                 then #2 $* (integ_of v zmod integ_of w) $+ #1
  14.874 +                 else #2 $* ((integ_of v $+ #1) zmod integ_of w) - #1
  14.875              else #2 $* (integ_of v zmod integ_of w))"
  14.876   apply (simp_tac (global_simpset_of Int.thy add: zadd_assoc integ_of_BIT)
  14.877   apply (simp (no_asm_simp) del: bin_arith_extra_simps@bin_rel_simps add: zmod_zmult_zmult1 pos_zmod_mult_2 lemma neg_zmod_mult_2)
    15.1 --- a/src/ZF/Int_ZF.thy	Sun Mar 04 23:20:43 2012 +0100
    15.2 +++ b/src/ZF/Int_ZF.thy	Tue Mar 06 15:15:49 2012 +0000
    15.3 @@ -9,7 +9,7 @@
    15.4  
    15.5  definition
    15.6    intrel :: i  where
    15.7 -    "intrel == {p : (nat*nat)*(nat*nat).                 
    15.8 +    "intrel == {p \<in> (nat*nat)*(nat*nat).                 
    15.9                  \<exists>x1 y1 x2 y2. p=<<x1,y1>,<x2,y2>> & x1#+y2 = x2#+y1}"
   15.10  
   15.11  definition
   15.12 @@ -22,7 +22,7 @@
   15.13  
   15.14  definition
   15.15    intify :: "i=>i" --{*coercion from ANYTHING to int*}  where
   15.16 -    "intify(m) == if m : int then m else $#0"
   15.17 +    "intify(m) == if m \<in> int then m else $#0"
   15.18  
   15.19  definition
   15.20    raw_zminus :: "i=>i"  where
   15.21 @@ -135,7 +135,7 @@
   15.22  apply (fast elim!: sym int_trans_lemma)
   15.23  done
   15.24  
   15.25 -lemma image_intrel_int: "[| m\<in>nat; n\<in>nat |] ==> intrel `` {<m,n>} : int"
   15.26 +lemma image_intrel_int: "[| m\<in>nat; n\<in>nat |] ==> intrel `` {<m,n>} \<in> int"
   15.27  by (simp add: int_def)
   15.28  
   15.29  declare equiv_intrel [THEN eq_equiv_class_iff, simp]
   15.30 @@ -145,7 +145,7 @@
   15.31  
   15.32  (** int_of: the injection from nat to int **)
   15.33  
   15.34 -lemma int_of_type [simp,TC]: "$#m : int"
   15.35 +lemma int_of_type [simp,TC]: "$#m \<in> int"
   15.36  by (simp add: int_def quotient_def int_of_def, auto)
   15.37  
   15.38  lemma int_of_eq [iff]: "($# m = $# n) <-> natify(m)=natify(n)"
   15.39 @@ -157,10 +157,10 @@
   15.40  
   15.41  (** intify: coercion from anything to int **)
   15.42  
   15.43 -lemma intify_in_int [iff,TC]: "intify(x) : int"
   15.44 +lemma intify_in_int [iff,TC]: "intify(x) \<in> int"
   15.45  by (simp add: intify_def)
   15.46  
   15.47 -lemma intify_ident [simp]: "n : int ==> intify(n) = n"
   15.48 +lemma intify_ident [simp]: "n \<in> int ==> intify(n) = n"
   15.49  by (simp add: intify_def)
   15.50  
   15.51  
   15.52 @@ -220,12 +220,12 @@
   15.53  lemma zminus_congruent: "(%<x,y>. intrel``{<y,x>}) respects intrel"
   15.54  by (auto simp add: congruent_def add_ac)
   15.55  
   15.56 -lemma raw_zminus_type: "z : int ==> raw_zminus(z) : int"
   15.57 +lemma raw_zminus_type: "z \<in> int ==> raw_zminus(z) \<in> int"
   15.58  apply (simp add: int_def raw_zminus_def)
   15.59  apply (typecheck add: UN_equiv_class_type [OF equiv_intrel zminus_congruent])
   15.60  done
   15.61  
   15.62 -lemma zminus_type [TC,iff]: "$-z : int"
   15.63 +lemma zminus_type [TC,iff]: "$-z \<in> int"
   15.64  by (simp add: zminus_def raw_zminus_type)
   15.65  
   15.66  lemma raw_zminus_inject: 
   15.67 @@ -253,7 +253,7 @@
   15.68       ==> $- (intrel``{<x,y>}) = intrel `` {<y,x>}"
   15.69  by (simp add: zminus_def raw_zminus image_intrel_int)
   15.70  
   15.71 -lemma raw_zminus_zminus: "z : int ==> raw_zminus (raw_zminus(z)) = z"
   15.72 +lemma raw_zminus_zminus: "z \<in> int ==> raw_zminus (raw_zminus(z)) = z"
   15.73  by (auto simp add: int_def raw_zminus)
   15.74  
   15.75  lemma zminus_zminus_intify [simp]: "$- ($- z) = intify(z)"
   15.76 @@ -262,7 +262,7 @@
   15.77  lemma zminus_int0 [simp]: "$- ($#0) = $#0"
   15.78  by (simp add: int_of_def zminus)
   15.79  
   15.80 -lemma zminus_zminus: "z : int ==> $- ($- z) = z"
   15.81 +lemma zminus_zminus: "z \<in> int ==> $- ($- z) = z"
   15.82  by simp
   15.83  
   15.84  
   15.85 @@ -352,7 +352,7 @@
   15.86       "[| znegative(z); z: int |] ==> $# (zmagnitude(z)) = $- z"
   15.87  by (drule zneg_int_of, auto)
   15.88  
   15.89 -lemma int_cases: "z : int ==> \<exists>n\<in>nat. z = $# n | z = $- ($# succ(n))"
   15.90 +lemma int_cases: "z \<in> int ==> \<exists>n\<in>nat. z = $# n | z = $- ($# succ(n))"
   15.91  apply (case_tac "znegative (z) ")
   15.92  prefer 2 apply (blast dest: not_zneg_mag sym)
   15.93  apply (blast dest: zneg_int_of)
   15.94 @@ -398,13 +398,13 @@
   15.95  apply (simp (no_asm_simp) add: add_assoc [symmetric])
   15.96  done
   15.97  
   15.98 -lemma raw_zadd_type: "[| z: int;  w: int |] ==> raw_zadd(z,w) : int"
   15.99 +lemma raw_zadd_type: "[| z: int;  w: int |] ==> raw_zadd(z,w) \<in> int"
  15.100  apply (simp add: int_def raw_zadd_def)
  15.101  apply (rule UN_equiv_class_type2 [OF equiv_intrel zadd_congruent2], assumption+)
  15.102  apply (simp add: Let_def)
  15.103  done
  15.104  
  15.105 -lemma zadd_type [iff,TC]: "z $+ w : int"
  15.106 +lemma zadd_type [iff,TC]: "z $+ w \<in> int"
  15.107  by (simp add: zadd_def raw_zadd_type)
  15.108  
  15.109  lemma raw_zadd: 
  15.110 @@ -422,7 +422,7 @@
  15.111         intrel `` {<x1#+x2, y1#+y2>}"
  15.112  by (simp add: zadd_def raw_zadd image_intrel_int)
  15.113  
  15.114 -lemma raw_zadd_int0: "z : int ==> raw_zadd ($#0,z) = z"
  15.115 +lemma raw_zadd_int0: "z \<in> int ==> raw_zadd ($#0,z) = z"
  15.116  by (auto simp add: int_def int_of_def raw_zadd)
  15.117  
  15.118  lemma zadd_int0_intify [simp]: "$#0 $+ z = intify(z)"
  15.119 @@ -469,13 +469,13 @@
  15.120  by (simp add: int_of_add [symmetric] natify_succ)
  15.121  
  15.122  lemma int_of_diff: 
  15.123 -     "[| m\<in>nat;  n le m |] ==> $# (m #- n) = ($#m) $- ($#n)"
  15.124 +     "[| m\<in>nat;  n \<le> m |] ==> $# (m #- n) = ($#m) $- ($#n)"
  15.125  apply (simp add: int_of_def zdiff_def)
  15.126  apply (frule lt_nat_in_nat)
  15.127  apply (simp_all add: zadd zminus add_diff_inverse2)
  15.128  done
  15.129  
  15.130 -lemma raw_zadd_zminus_inverse: "z : int ==> raw_zadd (z, $- z) = $#0"
  15.131 +lemma raw_zadd_zminus_inverse: "z \<in> int ==> raw_zadd (z, $- z) = $#0"
  15.132  by (auto simp add: int_def int_of_def zminus raw_zadd add_commute)
  15.133  
  15.134  lemma zadd_zminus_inverse [simp]: "z $+ ($- z) = $#0"
  15.135 @@ -511,13 +511,13 @@
  15.136  done
  15.137  
  15.138  
  15.139 -lemma raw_zmult_type: "[| z: int;  w: int |] ==> raw_zmult(z,w) : int"
  15.140 +lemma raw_zmult_type: "[| z: int;  w: int |] ==> raw_zmult(z,w) \<in> int"
  15.141  apply (simp add: int_def raw_zmult_def)
  15.142  apply (rule UN_equiv_class_type2 [OF equiv_intrel zmult_congruent2], assumption+)
  15.143  apply (simp add: Let_def)
  15.144  done
  15.145  
  15.146 -lemma zmult_type [iff,TC]: "z $* w : int"
  15.147 +lemma zmult_type [iff,TC]: "z $* w \<in> int"
  15.148  by (simp add: zmult_def raw_zmult_type)
  15.149  
  15.150  lemma raw_zmult: 
  15.151 @@ -533,19 +533,19 @@
  15.152            intrel `` {<x1#*x2 #+ y1#*y2, x1#*y2 #+ y1#*x2>}"
  15.153  by (simp add: zmult_def raw_zmult image_intrel_int)
  15.154  
  15.155 -lemma raw_zmult_int0: "z : int ==> raw_zmult ($#0,z) = $#0"
  15.156 +lemma raw_zmult_int0: "z \<in> int ==> raw_zmult ($#0,z) = $#0"
  15.157  by (auto simp add: int_def int_of_def raw_zmult)
  15.158  
  15.159  lemma zmult_int0 [simp]: "$#0 $* z = $#0"
  15.160  by (simp add: zmult_def raw_zmult_int0)
  15.161  
  15.162 -lemma raw_zmult_int1: "z : int ==> raw_zmult ($#1,z) = z"
  15.163 +lemma raw_zmult_int1: "z \<in> int ==> raw_zmult ($#1,z) = z"
  15.164  by (auto simp add: int_def int_of_def raw_zmult)
  15.165  
  15.166  lemma zmult_int1_intify [simp]: "$#1 $* z = intify(z)"
  15.167  by (simp add: zmult_def raw_zmult_int1)
  15.168  
  15.169 -lemma zmult_int1: "z : int ==> $#1 $* z = z"
  15.170 +lemma zmult_int1: "z \<in> int ==> $#1 $* z = z"
  15.171  by simp
  15.172  
  15.173  lemma raw_zmult_commute:
  15.174 @@ -603,7 +603,7 @@
  15.175  
  15.176  (*** Subtraction laws ***)
  15.177  
  15.178 -lemma zdiff_type [iff,TC]: "z $- w : int"
  15.179 +lemma zdiff_type [iff,TC]: "z $- w \<in> int"
  15.180  by (simp add: zdiff_def)
  15.181  
  15.182  lemma zminus_zdiff_eq [simp]: "$- (z $- y) = y $- z"
  15.183 @@ -644,10 +644,10 @@
  15.184  lemma zless_not_refl [iff]: "~ (z$<z)"
  15.185  by (auto simp add: zless_def znegative_def int_of_def zdiff_def)
  15.186  
  15.187 -lemma neq_iff_zless: "[| x: int; y: int |] ==> (x ~= y) <-> (x $< y | y $< x)"
  15.188 +lemma neq_iff_zless: "[| x: int; y: int |] ==> (x \<noteq> y) <-> (x $< y | y $< x)"
  15.189  by (cut_tac z = x and w = y in zless_linear, auto)
  15.190  
  15.191 -lemma zless_imp_intify_neq: "w $< z ==> intify(w) ~= intify(z)"
  15.192 +lemma zless_imp_intify_neq: "w $< z ==> intify(w) \<noteq> intify(z)"
  15.193  apply auto
  15.194  apply (subgoal_tac "~ (intify (w) $< intify (z))")
  15.195  apply (erule_tac [2] ssubst)
  15.196 @@ -672,7 +672,7 @@
  15.197  done
  15.198  
  15.199  lemma zless_succ_zadd_lemma: 
  15.200 -    "w : int ==> w $< w $+ $# succ(n)"
  15.201 +    "w \<in> int ==> w $< w $+ $# succ(n)"
  15.202  apply (simp add: zless_def znegative_def zdiff_def int_def)
  15.203  apply (auto simp add: zadd zminus int_of_def image_iff)
  15.204  apply (rule_tac x = 0 in exI, auto)
  15.205 @@ -695,7 +695,7 @@
  15.206  done
  15.207  
  15.208  lemma zless_trans_lemma: 
  15.209 -    "[| x $< y; y $< z; x: int; y : int; z: int |] ==> x $< z"
  15.210 +    "[| x $< y; y $< z; x: int; y \<in> int; z: int |] ==> x $< z"
  15.211  apply (simp add: zless_def znegative_def zdiff_def int_def)
  15.212  apply (auto simp add: zadd zminus image_iff)
  15.213  apply (rename_tac x1 x2 y1 y2)
    16.1 --- a/src/ZF/List_ZF.thy	Sun Mar 04 23:20:43 2012 +0100
    16.2 +++ b/src/ZF/List_ZF.thy	Tue Mar 06 15:15:49 2012 +0000
    16.3 @@ -93,20 +93,20 @@
    16.4  definition
    16.5  (* Function `take' returns the first n elements of a list *)
    16.6    take     :: "[i,i]=>i"  where
    16.7 -  "take(n, as) == list_rec(lam n:nat. [],
    16.8 -                %a l r. lam n:nat. nat_case([], %m. Cons(a, r`m), n), as)`n"
    16.9 +  "take(n, as) == list_rec(\<lambda>n\<in>nat. [],
   16.10 +                %a l r. \<lambda>n\<in>nat. nat_case([], %m. Cons(a, r`m), n), as)`n"
   16.11  
   16.12  definition
   16.13    nth :: "[i, i]=>i"  where
   16.14    --{*returns the (n+1)th element of a list, or 0 if the
   16.15     list is too short.*}
   16.16 -  "nth(n, as) == list_rec(lam n:nat. 0,
   16.17 -                          %a l r. lam n:nat. nat_case(a, %m. r`m, n), as) ` n"
   16.18 +  "nth(n, as) == list_rec(\<lambda>n\<in>nat. 0,
   16.19 +                          %a l r. \<lambda>n\<in>nat. nat_case(a, %m. r`m, n), as) ` n"
   16.20  
   16.21  definition
   16.22    list_update :: "[i, i, i]=>i"  where
   16.23 -  "list_update(xs, i, v) == list_rec(lam n:nat. Nil,
   16.24 -      %u us vs. lam n:nat. nat_case(Cons(v, us), %m. Cons(u, vs`m), n), xs)`i"
   16.25 +  "list_update(xs, i, v) == list_rec(\<lambda>n\<in>nat. Nil,
   16.26 +      %u us vs. \<lambda>n\<in>nat. nat_case(Cons(v, us), %m. Cons(u, vs`m), n), xs)`i"
   16.27  
   16.28  consts
   16.29    filter :: "[i=>o, i] => i"
   16.30 @@ -119,25 +119,25 @@
   16.31  
   16.32  primrec
   16.33    "upt(i, 0) = Nil"
   16.34 -  "upt(i, succ(j)) = (if i le j then upt(i, j)@[j] else Nil)"
   16.35 +  "upt(i, succ(j)) = (if i \<le> j then upt(i, j)@[j] else Nil)"
   16.36  
   16.37  definition
   16.38    min :: "[i,i] =>i"  where
   16.39 -    "min(x, y) == (if x le y then x else y)"
   16.40 +    "min(x, y) == (if x \<le> y then x else y)"
   16.41  
   16.42  definition
   16.43    max :: "[i, i] =>i"  where
   16.44 -    "max(x, y) == (if x le y then y else x)"
   16.45 +    "max(x, y) == (if x \<le> y then y else x)"
   16.46  
   16.47  (*** Aspects of the datatype definition ***)
   16.48  
   16.49  declare list.intros [simp,TC]
   16.50  
   16.51  (*An elimination rule, for type-checking*)
   16.52 -inductive_cases ConsE: "Cons(a,l) : list(A)"
   16.53 +inductive_cases ConsE: "Cons(a,l) \<in> list(A)"
   16.54  
   16.55  lemma Cons_type_iff [simp]: "Cons(a,l) \<in> list(A) <-> a \<in> A & l \<in> list(A)"
   16.56 -by (blast elim: ConsE) 
   16.57 +by (blast elim: ConsE)
   16.58  
   16.59  (*Proving freeness results*)
   16.60  lemma Cons_iff: "Cons(a,l)=Cons(a',l') <-> a=a' & l=l'"
   16.61 @@ -153,7 +153,7 @@
   16.62  
   16.63  (**  Lemmas to justify using "list" in other recursive type definitions **)
   16.64  
   16.65 -lemma list_mono: "A<=B ==> list(A) <= list(B)"
   16.66 +lemma list_mono: "A<=B ==> list(A) \<subseteq> list(B)"
   16.67  apply (unfold list.defs )
   16.68  apply (rule lfp_mono)
   16.69  apply (simp_all add: list.bnd_mono)
   16.70 @@ -161,7 +161,7 @@
   16.71  done
   16.72  
   16.73  (*There is a similar proof by list induction.*)
   16.74 -lemma list_univ: "list(univ(A)) <= univ(A)"
   16.75 +lemma list_univ: "list(univ(A)) \<subseteq> univ(A)"
   16.76  apply (unfold list.defs list.con_defs)
   16.77  apply (rule lfp_lowerbound)
   16.78  apply (rule_tac [2] A_subset_univ [THEN univ_mono])
   16.79 @@ -171,25 +171,25 @@
   16.80  (*These two theorems justify datatypes involving list(nat), list(A), ...*)
   16.81  lemmas list_subset_univ = subset_trans [OF list_mono list_univ]
   16.82  
   16.83 -lemma list_into_univ: "[| l: list(A);  A <= univ(B) |] ==> l: univ(B)"
   16.84 +lemma list_into_univ: "[| l: list(A);  A \<subseteq> univ(B) |] ==> l: univ(B)"
   16.85  by (blast intro: list_subset_univ [THEN subsetD])
   16.86  
   16.87  lemma list_case_type:
   16.88      "[| l: list(A);
   16.89          c: C(Nil);
   16.90          !!x y. [| x: A;  y: list(A) |] ==> h(x,y): C(Cons(x,y))
   16.91 -     |] ==> list_case(c,h,l) : C(l)"
   16.92 +     |] ==> list_case(c,h,l) \<in> C(l)"
   16.93  by (erule list.induct, auto)
   16.94  
   16.95  lemma list_0_triv: "list(0) = {Nil}"
   16.96 -apply (rule equalityI, auto) 
   16.97 -apply (induct_tac x, auto) 
   16.98 +apply (rule equalityI, auto)
   16.99 +apply (induct_tac x, auto)
  16.100  done
  16.101  
  16.102  
  16.103  (*** List functions ***)
  16.104  
  16.105 -lemma tl_type: "l: list(A) ==> tl(l) : list(A)"
  16.106 +lemma tl_type: "l: list(A) ==> tl(l) \<in> list(A)"
  16.107  apply (induct_tac "l")
  16.108  apply (simp_all (no_asm_simp) add: list.intros)
  16.109  done
  16.110 @@ -208,7 +208,7 @@
  16.111  apply (simp (no_asm_simp))
  16.112  done
  16.113  
  16.114 -lemma drop_type [simp,TC]: "[| i:nat; l: list(A) |] ==> drop(i,l) : list(A)"
  16.115 +lemma drop_type [simp,TC]: "[| i:nat; l: list(A) |] ==> drop(i,l) \<in> list(A)"
  16.116  apply (induct_tac "i")
  16.117  apply (simp_all (no_asm_simp) add: tl_type)
  16.118  done
  16.119 @@ -222,57 +222,57 @@
  16.120      "[| l: list(A);
  16.121          c: C(Nil);
  16.122          !!x y r. [| x:A;  y: list(A);  r: C(y) |] ==> h(x,y,r): C(Cons(x,y))
  16.123 -     |] ==> list_rec(c,h,l) : C(l)"
  16.124 +     |] ==> list_rec(c,h,l) \<in> C(l)"
  16.125  by (induct_tac "l", auto)
  16.126  
  16.127  (** map **)
  16.128  
  16.129  lemma map_type [TC]:
  16.130 -    "[| l: list(A);  !!x. x: A ==> h(x): B |] ==> map(h,l) : list(B)"
  16.131 +    "[| l: list(A);  !!x. x: A ==> h(x): B |] ==> map(h,l) \<in> list(B)"
  16.132  apply (simp add: map_list_def)
  16.133  apply (typecheck add: list.intros list_rec_type, blast)
  16.134  done
  16.135  
  16.136 -lemma map_type2 [TC]: "l: list(A) ==> map(h,l) : list({h(u). u:A})"
  16.137 +lemma map_type2 [TC]: "l: list(A) ==> map(h,l) \<in> list({h(u). u:A})"
  16.138  apply (erule map_type)
  16.139  apply (erule RepFunI)
  16.140  done
  16.141  
  16.142  (** length **)
  16.143  
  16.144 -lemma length_type [TC]: "l: list(A) ==> length(l) : nat"
  16.145 +lemma length_type [TC]: "l: list(A) ==> length(l) \<in> nat"
  16.146  by (simp add: length_list_def)
  16.147  
  16.148  lemma lt_length_in_nat:
  16.149     "[|x < length(xs); xs \<in> list(A)|] ==> x \<in> nat"
  16.150 -by (frule lt_nat_in_nat, typecheck) 
  16.151 +by (frule lt_nat_in_nat, typecheck)
  16.152  
  16.153  (** app **)
  16.154  
  16.155 -lemma app_type [TC]: "[| xs: list(A);  ys: list(A) |] ==> xs@ys : list(A)"
  16.156 +lemma app_type [TC]: "[| xs: list(A);  ys: list(A) |] ==> xs@ys \<in> list(A)"
  16.157  by (simp add: app_list_def)
  16.158  
  16.159  (** rev **)
  16.160  
  16.161 -lemma rev_type [TC]: "xs: list(A) ==> rev(xs) : list(A)"
  16.162 +lemma rev_type [TC]: "xs: list(A) ==> rev(xs) \<in> list(A)"
  16.163  by (simp add: rev_list_def)
  16.164  
  16.165  
  16.166  (** flat **)
  16.167  
  16.168 -lemma flat_type [TC]: "ls: list(list(A)) ==> flat(ls) : list(A)"
  16.169 +lemma flat_type [TC]: "ls: list(list(A)) ==> flat(ls) \<in> list(A)"
  16.170  by (simp add: flat_list_def)
  16.171  
  16.172  
  16.173  (** set_of_list **)
  16.174  
  16.175 -lemma set_of_list_type [TC]: "l: list(A) ==> set_of_list(l) : Pow(A)"
  16.176 +lemma set_of_list_type [TC]: "l: list(A) ==> set_of_list(l) \<in> Pow(A)"
  16.177  apply (unfold set_of_list_list_def)
  16.178  apply (erule list_rec_type, auto)
  16.179  done
  16.180  
  16.181  lemma set_of_list_append:
  16.182 -     "xs: list(A) ==> set_of_list (xs@ys) = set_of_list(xs) Un set_of_list(ys)"
  16.183 +     "xs: list(A) ==> set_of_list (xs@ys) = set_of_list(xs) \<union> set_of_list(ys)"
  16.184  apply (erule list.induct)
  16.185  apply (simp_all (no_asm_simp) add: Un_cons)
  16.186  done
  16.187 @@ -280,7 +280,7 @@
  16.188  
  16.189  (** list_add **)
  16.190  
  16.191 -lemma list_add_type [TC]: "xs: list(nat) ==> list_add(xs) : nat"
  16.192 +lemma list_add_type [TC]: "xs: list(nat) ==> list_add(xs) \<in> nat"
  16.193  by (simp add: list_add_list_def)
  16.194  
  16.195  
  16.196 @@ -316,7 +316,7 @@
  16.197  
  16.198  (** theorems about list(Collect(A,P)) -- used in Induct/Term.thy **)
  16.199  
  16.200 -(* c : list(Collect(B,P)) ==> c : list(B) *)
  16.201 +(* @{term"c \<in> list(Collect(B,P)) ==> c \<in> list"} *)
  16.202  lemmas list_CollectD = Collect_subset [THEN list_mono, THEN subsetD]
  16.203  
  16.204  lemma map_list_Collect: "l: list({x:A. h(x)=j(x)}) ==> map(h,l) = map(j,l)"
  16.205 @@ -350,11 +350,11 @@
  16.206  (*Lemma for the inductive step of drop_length*)
  16.207  lemma drop_length_Cons [rule_format]:
  16.208       "xs: list(A) ==>
  16.209 -           \<forall>x.  EX z zs. drop(length(xs), Cons(x,xs)) = Cons(z,zs)"
  16.210 +           \<forall>x.  \<exists>z zs. drop(length(xs), Cons(x,xs)) = Cons(z,zs)"
  16.211  by (erule list.induct, simp_all)
  16.212  
  16.213  lemma drop_length [rule_format]:
  16.214 -     "l: list(A) ==> \<forall>i \<in> length(l). (EX z zs. drop(i,l) = Cons(z,zs))"
  16.215 +     "l: list(A) ==> \<forall>i \<in> length(l). (\<exists>z zs. drop(i,l) = Cons(z,zs))"
  16.216  apply (erule list.induct, simp_all, safe)
  16.217  apply (erule drop_length_Cons)
  16.218  apply (rule natE)
  16.219 @@ -435,25 +435,25 @@
  16.220  done
  16.221  
  16.222  lemma list_complete_induct_lemma [rule_format]:
  16.223 - assumes ih: 
  16.224 -    "\<And>l. [| l \<in> list(A); 
  16.225 -             \<forall>l' \<in> list(A). length(l') < length(l) --> P(l')|] 
  16.226 + assumes ih:
  16.227 +    "\<And>l. [| l \<in> list(A);
  16.228 +             \<forall>l' \<in> list(A). length(l') < length(l) \<longrightarrow> P(l')|]
  16.229            ==> P(l)"
  16.230 -  shows "n \<in> nat ==> \<forall>l \<in> list(A). length(l) < n --> P(l)"
  16.231 +  shows "n \<in> nat ==> \<forall>l \<in> list(A). length(l) < n \<longrightarrow> P(l)"
  16.232  apply (induct_tac n, simp)
  16.233 -apply (blast intro: ih elim!: leE) 
  16.234 +apply (blast intro: ih elim!: leE)
  16.235  done
  16.236  
  16.237  theorem list_complete_induct:
  16.238 -      "[| l \<in> list(A); 
  16.239 -          \<And>l. [| l \<in> list(A); 
  16.240 -                  \<forall>l' \<in> list(A). length(l') < length(l) --> P(l')|] 
  16.241 +      "[| l \<in> list(A);
  16.242 +          \<And>l. [| l \<in> list(A);
  16.243 +                  \<forall>l' \<in> list(A). length(l') < length(l) \<longrightarrow> P(l')|]
  16.244                 ==> P(l)
  16.245         |] ==> P(l)"
  16.246 -apply (rule list_complete_induct_lemma [of A]) 
  16.247 -   prefer 4 apply (rule le_refl, simp) 
  16.248 -  apply blast 
  16.249 - apply simp 
  16.250 +apply (rule list_complete_induct_lemma [of A])
  16.251 +   prefer 4 apply (rule le_refl, simp)
  16.252 +  apply blast
  16.253 + apply simp
  16.254  apply assumption
  16.255  done
  16.256  
  16.257 @@ -501,13 +501,13 @@
  16.258  lemma filter_type [simp,TC]: "xs:list(A) ==> filter(P, xs):list(A)"
  16.259  by (induct_tac "xs", auto)
  16.260  
  16.261 -lemma length_filter: "xs:list(A) ==> length(filter(P, xs)) le length(xs)"
  16.262 +lemma length_filter: "xs:list(A) ==> length(filter(P, xs)) \<le> length(xs)"
  16.263  apply (induct_tac "xs", auto)
  16.264  apply (rule_tac j = "length (l) " in le_trans)
  16.265  apply (auto simp add: le_iff)
  16.266  done
  16.267  
  16.268 -lemma filter_is_subset: "xs:list(A) ==> set_of_list(filter(P,xs)) <= set_of_list(xs)"
  16.269 +lemma filter_is_subset: "xs:list(A) ==> set_of_list(filter(P,xs)) \<subseteq> set_of_list(xs)"
  16.270  by (induct_tac "xs", auto)
  16.271  
  16.272  lemma filter_False [simp]: "xs:list(A) ==> filter(%p. False, xs) = Nil"
  16.273 @@ -527,10 +527,10 @@
  16.274  lemma length_tl [simp]: "xs:list(A) ==> length(tl(xs)) = length(xs) #- 1"
  16.275  by (erule list.induct, auto)
  16.276  
  16.277 -lemma length_greater_0_iff: "xs:list(A) ==> 0<length(xs) <-> xs ~= Nil"
  16.278 +lemma length_greater_0_iff: "xs:list(A) ==> 0<length(xs) <-> xs \<noteq> Nil"
  16.279  by (erule list.induct, auto)
  16.280  
  16.281 -lemma length_succ_iff: "xs:list(A) ==> length(xs)=succ(n) <-> (EX y ys. xs=Cons(y, ys) & length(ys)=n)"
  16.282 +lemma length_succ_iff: "xs:list(A) ==> length(xs)=succ(n) <-> (\<exists>y ys. xs=Cons(y, ys) & length(ys)=n)"
  16.283  by (erule list.induct, auto)
  16.284  
  16.285  (** more theorems about append **)
  16.286 @@ -554,7 +554,7 @@
  16.287  (*TOO SLOW as a default simprule!*)
  16.288  lemma append_left_is_Nil_iff [rule_format]:
  16.289       "[| xs:list(A); ys:list(A); zs:list(A) |] ==>
  16.290 -   length(ys)=length(zs) --> (xs@ys=zs <-> (xs=Nil & ys=zs))"
  16.291 +   length(ys)=length(zs) \<longrightarrow> (xs@ys=zs <-> (xs=Nil & ys=zs))"
  16.292  apply (erule list.induct)
  16.293  apply (auto simp add: length_app)
  16.294  done
  16.295 @@ -562,14 +562,14 @@
  16.296  (*TOO SLOW as a default simprule!*)
  16.297  lemma append_left_is_Nil_iff2 [rule_format]:
  16.298       "[| xs:list(A); ys:list(A); zs:list(A) |] ==>
  16.299 -   length(ys)=length(zs) --> (zs=ys@xs <-> (xs=Nil & ys=zs))"
  16.300 +   length(ys)=length(zs) \<longrightarrow> (zs=ys@xs <-> (xs=Nil & ys=zs))"
  16.301  apply (erule list.induct)
  16.302  apply (auto simp add: length_app)
  16.303  done
  16.304  
  16.305  lemma append_eq_append_iff [rule_format,simp]:
  16.306       "xs:list(A) ==> \<forall>ys \<in> list(A).
  16.307 -      length(xs)=length(ys) --> (xs@us = ys@vs) <-> (xs=ys & us=vs)"
  16.308 +      length(xs)=length(ys) \<longrightarrow> (xs@us = ys@vs) <-> (xs=ys & us=vs)"
  16.309  apply (erule list.induct)
  16.310  apply (simp (no_asm_simp))
  16.311  apply clarify
  16.312 @@ -579,7 +579,7 @@
  16.313  lemma append_eq_append [rule_format]:
  16.314    "xs:list(A) ==>
  16.315     \<forall>ys \<in> list(A). \<forall>us \<in> list(A). \<forall>vs \<in> list(A).
  16.316 -   length(us) = length(vs) --> (xs@us = ys@vs) --> (xs=ys & us=vs)"
  16.317 +   length(us) = length(vs) \<longrightarrow> (xs@us = ys@vs) \<longrightarrow> (xs=ys & us=vs)"
  16.318  apply (induct_tac "xs")
  16.319  apply (force simp add: length_app, clarify)
  16.320  apply (erule_tac a = ys in list.cases, simp)
  16.321 @@ -606,13 +606,13 @@
  16.322  but the proof requires two more hypotheses: x:A and y:A *)
  16.323  lemma append1_eq_iff [rule_format,simp]:
  16.324       "xs:list(A) ==> \<forall>ys \<in> list(A). xs@[x] = ys@[y] <-> (xs = ys & x=y)"
  16.325 -apply (erule list.induct)  
  16.326 - apply clarify 
  16.327 +apply (erule list.induct)
  16.328 + apply clarify
  16.329   apply (erule list.cases)
  16.330   apply simp_all
  16.331 -txt{*Inductive step*}  
  16.332 -apply clarify 
  16.333 -apply (erule_tac a=ys in list.cases, simp_all)  
  16.334 +txt{*Inductive step*}
  16.335 +apply clarify
  16.336 +apply (erule_tac a=ys in list.cases, simp_all)
  16.337  done
  16.338  
  16.339  
  16.340 @@ -623,15 +623,15 @@
  16.341  lemma append_right_is_self_iff2 [simp]:
  16.342       "[| xs:list(A); ys:list(A) |] ==> (ys = xs@ys) <-> (xs=Nil)"
  16.343  apply (rule iffI)
  16.344 -apply (drule sym, auto) 
  16.345 +apply (drule sym, auto)
  16.346  done
  16.347  
  16.348  lemma hd_append [rule_format,simp]:
  16.349 -     "xs:list(A) ==> xs ~= Nil --> hd(xs @ ys) = hd(xs)"
  16.350 +     "xs:list(A) ==> xs \<noteq> Nil \<longrightarrow> hd(xs @ ys) = hd(xs)"
  16.351  by (induct_tac "xs", auto)
  16.352  
  16.353  lemma tl_append [rule_format,simp]:
  16.354 -     "xs:list(A) ==> xs~=Nil --> tl(xs @ ys) = tl(xs)@ys"
  16.355 +     "xs:list(A) ==> xs\<noteq>Nil \<longrightarrow> tl(xs @ ys) = tl(xs)@ys"
  16.356  by (induct_tac "xs", auto)
  16.357  
  16.358  (** rev **)
  16.359 @@ -649,7 +649,7 @@
  16.360  
  16.361  lemma rev_list_elim [rule_format]:
  16.362       "xs:list(A) ==>
  16.363 -      (xs=Nil --> P) --> (\<forall>ys \<in> list(A). \<forall>y \<in> A. xs =ys@[y] -->P)-->P"
  16.364 +      (xs=Nil \<longrightarrow> P) \<longrightarrow> (\<forall>ys \<in> list(A). \<forall>y \<in> A. xs =ys@[y] \<longrightarrow>P)\<longrightarrow>P"
  16.365  by (erule list_append_induct, auto)
  16.366  
  16.367  
  16.368 @@ -662,13 +662,13 @@
  16.369  done
  16.370  
  16.371  lemma drop_all [rule_format,simp]:
  16.372 -     "n:nat ==> \<forall>xs \<in> list(A). length(xs) le n --> drop(n, xs)=Nil"
  16.373 +     "n:nat ==> \<forall>xs \<in> list(A). length(xs) \<le> n \<longrightarrow> drop(n, xs)=Nil"
  16.374  apply (erule nat_induct)
  16.375  apply (auto elim: list.cases)
  16.376  done
  16.377  
  16.378  lemma drop_append [rule_format]:
  16.379 -     "n:nat ==> 
  16.380 +     "n:nat ==>
  16.381        \<forall>xs \<in> list(A). drop(n, xs@ys) = drop(n,xs) @ drop(n #- length(xs), ys)"
  16.382  apply (induct_tac "n")
  16.383  apply (auto elim: list.cases)
  16.384 @@ -696,14 +696,14 @@
  16.385  by (unfold take_def, auto)
  16.386  
  16.387  lemma take_all [rule_format,simp]:
  16.388 -     "n:nat ==> \<forall>xs \<in> list(A). length(xs) le n  --> take(n, xs) = xs"
  16.389 +     "n:nat ==> \<forall>xs \<in> list(A). length(xs) \<le> n  \<longrightarrow> take(n, xs) = xs"
  16.390  apply (erule nat_induct)
  16.391 -apply (auto elim: list.cases) 
  16.392 +apply (auto elim: list.cases)
  16.393  done
  16.394  
  16.395  lemma take_type [rule_format,simp,TC]:
  16.396       "xs:list(A) ==> \<forall>n \<in> nat. take(n, xs):list(A)"
  16.397 -apply (erule list.induct, simp, clarify) 
  16.398 +apply (erule list.induct, simp, clarify)
  16.399  apply (erule natE, auto)
  16.400  done
  16.401  
  16.402 @@ -711,12 +711,12 @@
  16.403   "xs:list(A) ==>
  16.404    \<forall>ys \<in> list(A). \<forall>n \<in> nat. take(n, xs @ ys) =
  16.405                              take(n, xs) @ take(n #- length(xs), ys)"
  16.406 -apply (erule list.induct, simp, clarify) 
  16.407 +apply (erule list.induct, simp, clarify)
  16.408  apply (erule natE, auto)
  16.409  done
  16.410  
  16.411  lemma take_take [rule_format]:
  16.412 -   "m : nat ==>
  16.413 +   "m \<in> nat ==>
  16.414      \<forall>xs \<in> list(A). \<forall>n \<in> nat. take(n, take(m,xs))= take(min(n, m), xs)"
  16.415  apply (induct_tac "m", auto)
  16.416  apply (erule_tac a = xs in list.cases)
  16.417 @@ -728,38 +728,38 @@
  16.418  (** nth **)
  16.419  
  16.420  lemma nth_0 [simp]: "nth(0, Cons(a, l)) = a"
  16.421 -by (simp add: nth_def) 
  16.422 +by (simp add: nth_def)
  16.423  
  16.424  lemma nth_Cons [simp]: "n:nat ==> nth(succ(n), Cons(a,l)) = nth(n,l)"
  16.425 -by (simp add: nth_def) 
  16.426 +by (simp add: nth_def)
  16.427  
  16.428  lemma nth_empty [simp]: "nth(n, Nil) = 0"
  16.429 -by (simp add: nth_def) 
  16.430 +by (simp add: nth_def)
  16.431  
  16.432  lemma nth_type [rule_format,simp,TC]:
  16.433 -     "xs:list(A) ==> \<forall>n. n < length(xs) --> nth(n,xs) : A"
  16.434 +     "xs:list(A) ==> \<forall>n. n < length(xs) \<longrightarrow> nth(n,xs) \<in> A"
  16.435  apply (erule list.induct, simp, clarify)
  16.436 -apply (subgoal_tac "n \<in> nat")  
  16.437 +apply (subgoal_tac "n \<in> nat")
  16.438   apply (erule natE, auto dest!: le_in_nat)
  16.439  done
  16.440  
  16.441  lemma nth_eq_0 [rule_format]:
  16.442 -     "xs:list(A) ==> \<forall>n \<in> nat. length(xs) le n --> nth(n,xs) = 0"
  16.443 -apply (erule list.induct, simp, clarify) 
  16.444 +     "xs:list(A) ==> \<forall>n \<in> nat. length(xs) \<le> n \<longrightarrow> nth(n,xs) = 0"
  16.445 +apply (erule list.induct, simp, clarify)
  16.446  apply (erule natE, auto)
  16.447  done
  16.448  
  16.449  lemma nth_append [rule_format]:
  16.450 -  "xs:list(A) ==> 
  16.451 +  "xs:list(A) ==>
  16.452     \<forall>n \<in> nat. nth(n, xs @ ys) = (if n < length(xs) then nth(n,xs)
  16.453                                  else nth(n #- length(xs), ys))"
  16.454 -apply (induct_tac "xs", simp, clarify) 
  16.455 +apply (induct_tac "xs", simp, clarify)
  16.456  apply (erule natE, auto)
  16.457  done
  16.458  
  16.459  lemma set_of_list_conv_nth:
  16.460      "xs:list(A)
  16.461 -     ==> set_of_list(xs) = {x:A. EX i:nat. i<length(xs) & x = nth(i,xs)}"
  16.462 +     ==> set_of_list(xs) = {x:A. \<exists>i\<in>nat. i<length(xs) & x = nth(i,xs)}"
  16.463  apply (induct_tac "xs", simp_all)
  16.464  apply (rule equalityI, auto)
  16.465  apply (rule_tac x = 0 in bexI, auto)
  16.466 @@ -770,40 +770,40 @@
  16.467  
  16.468  lemma nth_take_lemma [rule_format]:
  16.469   "k:nat ==>
  16.470 -  \<forall>xs \<in> list(A). (\<forall>ys \<in> list(A). k le length(xs) --> k le length(ys) -->
  16.471 -      (\<forall>i \<in> nat. i<k --> nth(i,xs) = nth(i,ys))--> take(k,xs) = take(k,ys))"
  16.472 +  \<forall>xs \<in> list(A). (\<forall>ys \<in> list(A). k \<le> length(xs) \<longrightarrow> k \<le> length(ys) \<longrightarrow>
  16.473 +      (\<forall>i \<in> nat. i<k \<longrightarrow> nth(i,xs) = nth(i,ys))\<longrightarrow> take(k,xs) = take(k,ys))"
  16.474  apply (induct_tac "k")
  16.475  apply (simp_all (no_asm_simp) add: lt_succ_eq_0_disj all_conj_distrib)
  16.476  apply clarify
  16.477  (*Both lists are non-empty*)
  16.478 -apply (erule_tac a=xs in list.cases, simp) 
  16.479 -apply (erule_tac a=ys in list.cases, clarify) 
  16.480 +apply (erule_tac a=xs in list.cases, simp)
  16.481 +apply (erule_tac a=ys in list.cases, clarify)
  16.482  apply (simp (no_asm_use) )
  16.483  apply clarify
  16.484  apply (simp (no_asm_simp))
  16.485  apply (rule conjI, force)
  16.486 -apply (rename_tac y ys z zs) 
  16.487 -apply (drule_tac x = zs and x1 = ys in bspec [THEN bspec], auto)   
  16.488 +apply (rename_tac y ys z zs)
  16.489 +apply (drule_tac x = zs and x1 = ys in bspec [THEN bspec], auto)
  16.490  done
  16.491  
  16.492  lemma nth_equalityI [rule_format]:
  16.493       "[| xs:list(A); ys:list(A); length(xs) = length(ys);
  16.494 -         \<forall>i \<in> nat. i < length(xs) --> nth(i,xs) = nth(i,ys) |]
  16.495 +         \<forall>i \<in> nat. i < length(xs) \<longrightarrow> nth(i,xs) = nth(i,ys) |]
  16.496        ==> xs = ys"
  16.497 -apply (subgoal_tac "length (xs) le length (ys) ")
  16.498 -apply (cut_tac k="length(xs)" and xs=xs and ys=ys in nth_take_lemma) 
  16.499 +apply (subgoal_tac "length (xs) \<le> length (ys) ")
  16.500 +apply (cut_tac k="length(xs)" and xs=xs and ys=ys in nth_take_lemma)
  16.501  apply (simp_all add: take_all)
  16.502  done
  16.503  
  16.504  (*The famous take-lemma*)
  16.505  
  16.506  lemma take_equalityI [rule_format]:
  16.507 -    "[| xs:list(A); ys:list(A); (\<forall>i \<in> nat. take(i, xs) = take(i,ys)) |] 
  16.508 +    "[| xs:list(A); ys:list(A); (\<forall>i \<in> nat. take(i, xs) = take(i,ys)) |]
  16.509       ==> xs = ys"
  16.510 -apply (case_tac "length (xs) le length (ys) ")
  16.511 +apply (case_tac "length (xs) \<le> length (ys) ")
  16.512  apply (drule_tac x = "length (ys) " in bspec)
  16.513  apply (drule_tac [3] not_lt_imp_le)
  16.514 -apply (subgoal_tac [5] "length (ys) le length (xs) ")
  16.515 +apply (subgoal_tac [5] "length (ys) \<le> length (xs) ")
  16.516  apply (rule_tac [6] j = "succ (length (ys))" in le_trans)
  16.517  apply (rule_tac [6] leI)
  16.518  apply (drule_tac [5] x = "length (xs) " in bspec)
  16.519 @@ -813,20 +813,20 @@
  16.520  lemma nth_drop [rule_format]:
  16.521    "n:nat ==> \<forall>i \<in> nat. \<forall>xs \<in> list(A). nth(i, drop(n, xs)) = nth(n #+ i, xs)"
  16.522  apply (induct_tac "n", simp_all, clarify)
  16.523 -apply (erule list.cases, auto)  
  16.524 +apply (erule list.cases, auto)
  16.525  done
  16.526  
  16.527  lemma take_succ [rule_format]:
  16.528 -  "xs\<in>list(A) 
  16.529 -   ==> \<forall>i. i < length(xs) --> take(succ(i), xs) = take(i,xs) @ [nth(i, xs)]"
  16.530 +  "xs\<in>list(A)
  16.531 +   ==> \<forall>i. i < length(xs) \<longrightarrow> take(succ(i), xs) = take(i,xs) @ [nth(i, xs)]"
  16.532  apply (induct_tac "xs", auto)
  16.533 -apply (subgoal_tac "i\<in>nat") 
  16.534 +apply (subgoal_tac "i\<in>nat")
  16.535  apply (erule natE)
  16.536 -apply (auto simp add: le_in_nat) 
  16.537 +apply (auto simp add: le_in_nat)
  16.538  done
  16.539  
  16.540  lemma take_add [rule_format]:
  16.541 -     "[|xs\<in>list(A); j\<in>nat|] 
  16.542 +     "[|xs\<in>list(A); j\<in>nat|]
  16.543        ==> \<forall>i\<in>nat. take(i #+ j, xs) = take(i,xs) @ take(j, drop(i,xs))"
  16.544  apply (induct_tac "xs", simp_all, clarify)
  16.545  apply (erule_tac n = i in natE, simp_all)
  16.546 @@ -861,37 +861,37 @@
  16.547  (* zip equations *)
  16.548  
  16.549  lemma list_on_set_of_list: "xs \<in> list(A) ==> xs \<in> list(set_of_list(xs))"
  16.550 -apply (induct_tac xs, simp_all) 
  16.551 -apply (blast intro: list_mono [THEN subsetD]) 
  16.552 +apply (induct_tac xs, simp_all)
  16.553 +apply (blast intro: list_mono [THEN subsetD])
  16.554  done
  16.555  
  16.556  lemma zip_Nil [simp]: "ys:list(A) ==> zip(Nil, ys)=Nil"
  16.557  apply (simp add: zip_def list_on_set_of_list [of _ A])
  16.558 -apply (erule list.cases, simp_all) 
  16.559 +apply (erule list.cases, simp_all)
  16.560  done
  16.561  
  16.562  lemma zip_Nil2 [simp]: "xs:list(A) ==> zip(xs, Nil)=Nil"
  16.563  apply (simp add: zip_def list_on_set_of_list [of _ A])
  16.564 -apply (erule list.cases, simp_all) 
  16.565 +apply (erule list.cases, simp_all)
  16.566  done
  16.567  
  16.568  lemma zip_aux_unique [rule_format]:
  16.569 -     "[|B<=C;  xs \<in> list(A)|] 
  16.570 +     "[|B<=C;  xs \<in> list(A)|]
  16.571        ==> \<forall>ys \<in> list(B). zip_aux(C,xs) ` ys = zip_aux(B,xs) ` ys"
  16.572 -apply (induct_tac xs) 
  16.573 - apply simp_all 
  16.574 - apply (blast intro: list_mono [THEN subsetD], clarify) 
  16.575 -apply (erule_tac a=ys in list.cases, auto) 
  16.576 -apply (blast intro: list_mono [THEN subsetD]) 
  16.577 +apply (induct_tac xs)
  16.578 + apply simp_all
  16.579 + apply (blast intro: list_mono [THEN subsetD], clarify)
  16.580 +apply (erule_tac a=ys in list.cases, auto)
  16.581 +apply (blast intro: list_mono [THEN subsetD])
  16.582  done
  16.583  
  16.584  lemma zip_Cons_Cons [simp]:
  16.585       "[| xs:list(A); ys:list(B); x:A; y:B |] ==>
  16.586        zip(Cons(x,xs), Cons(y, ys)) = Cons(<x,y>, zip(xs, ys))"
  16.587 -apply (simp add: zip_def, auto) 
  16.588 -apply (rule zip_aux_unique, auto) 
  16.589 +apply (simp add: zip_def, auto)
  16.590 +apply (rule zip_aux_unique, auto)
  16.591  apply (simp add: list_on_set_of_list [of _ B])
  16.592 -apply (blast intro: list_on_set_of_list list_mono [THEN subsetD]) 
  16.593 +apply (blast intro: list_on_set_of_list list_mono [THEN subsetD])
  16.594  done
  16.595  
  16.596  lemma zip_type [rule_format,simp,TC]:
  16.597 @@ -907,53 +907,53 @@
  16.598       "xs:list(A) ==> \<forall>ys \<in> list(B). length(zip(xs,ys)) =
  16.599                                       min(length(xs), length(ys))"
  16.600  apply (unfold min_def)
  16.601 -apply (induct_tac "xs", simp_all, clarify) 
  16.602 +apply (induct_tac "xs", simp_all, clarify)
  16.603  apply (erule_tac a = ys in list.cases, auto)
  16.604  done
  16.605  
  16.606  lemma zip_append1 [rule_format]:
  16.607   "[| ys:list(A); zs:list(B) |] ==>
  16.608 -  \<forall>xs \<in> list(A). zip(xs @ ys, zs) = 
  16.609 +  \<forall>xs \<in> list(A). zip(xs @ ys, zs) =
  16.610                   zip(xs, take(length(xs), zs)) @ zip(ys, drop(length(xs),zs))"
  16.611 -apply (induct_tac "zs", force, clarify) 
  16.612 -apply (erule_tac a = xs in list.cases, simp_all) 
  16.613 +apply (induct_tac "zs", force, clarify)
  16.614 +apply (erule_tac a = xs in list.cases, simp_all)
  16.615  done
  16.616  
  16.617  lemma zip_append2 [rule_format]:
  16.618   "[| xs:list(A); zs:list(B) |] ==> \<forall>ys \<in> list(B). zip(xs, ys@zs) =
  16.619         zip(take(length(ys), xs), ys) @ zip(drop(length(ys), xs), zs)"
  16.620 -apply (induct_tac "xs", force, clarify) 
  16.621 +apply (induct_tac "xs", force, clarify)
  16.622  apply (erule_tac a = ys in list.cases, auto)
  16.623  done
  16.624  
  16.625  lemma zip_append [simp]:
  16.626   "[| length(xs) = length(us); length(ys) = length(vs);
  16.627 -     xs:list(A); us:list(B); ys:list(A); vs:list(B) |] 
  16.628 +     xs:list(A); us:list(B); ys:list(A); vs:list(B) |]
  16.629    ==> zip(xs@ys,us@vs) = zip(xs, us) @ zip(ys, vs)"
  16.630  by (simp (no_asm_simp) add: zip_append1 drop_append diff_self_eq_0)
  16.631  
  16.632  
  16.633  lemma zip_rev [rule_format,simp]:
  16.634   "ys:list(B) ==> \<forall>xs \<in> list(A).
  16.635 -    length(xs) = length(ys) --> zip(rev(xs), rev(ys)) = rev(zip(xs, ys))"
  16.636 -apply (induct_tac "ys", force, clarify) 
  16.637 +    length(xs) = length(ys) \<longrightarrow> zip(rev(xs), rev(ys)) = rev(zip(xs, ys))"
  16.638 +apply (induct_tac "ys", force, clarify)
  16.639  apply (erule_tac a = xs in list.cases)
  16.640  apply (auto simp add: length_rev)
  16.641  done
  16.642  
  16.643  lemma nth_zip [rule_format,simp]:
  16.644     "ys:list(B) ==> \<forall>i \<in> nat. \<forall>xs \<in> list(A).
  16.645 -                    i < length(xs) --> i < length(ys) -->
  16.646 +                    i < length(xs) \<longrightarrow> i < length(ys) \<longrightarrow>
  16.647                      nth(i,zip(xs, ys)) = <nth(i,xs),nth(i, ys)>"
  16.648 -apply (induct_tac "ys", force, clarify) 
  16.649 -apply (erule_tac a = xs in list.cases, simp) 
  16.650 +apply (induct_tac "ys", force, clarify)
  16.651 +apply (erule_tac a = xs in list.cases, simp)
  16.652  apply (auto elim: natE)
  16.653  done
  16.654  
  16.655  lemma set_of_list_zip [rule_format]:
  16.656       "[| xs:list(A); ys:list(B); i:nat |]
  16.657        ==> set_of_list(zip(xs, ys)) =
  16.658 -          {<x, y>:A*B. EX i:nat. i < min(length(xs), length(ys))
  16.659 +          {<x, y>:A*B. \<exists>i\<in>nat. i < min(length(xs), length(ys))
  16.660            & x = nth(i, xs) & y = nth(i, ys)}"
  16.661  by (force intro!: Collect_cong simp add: lt_min_iff set_of_list_conv_nth)
  16.662  
  16.663 @@ -988,15 +988,15 @@
  16.664  done
  16.665  
  16.666  lemma nth_list_update [rule_format]:
  16.667 -     "[| xs:list(A) |] ==> \<forall>i \<in> nat. \<forall>j \<in> nat. i < length(xs)  -->
  16.668 +     "[| xs:list(A) |] ==> \<forall>i \<in> nat. \<forall>j \<in> nat. i < length(xs)  \<longrightarrow>
  16.669           nth(j, list_update(xs, i, x)) = (if i=j then x else nth(j, xs))"
  16.670  apply (induct_tac "xs")
  16.671   apply simp_all
  16.672  apply clarify
  16.673 -apply (rename_tac i j) 
  16.674 -apply (erule_tac n=i in natE) 
  16.675 +apply (rename_tac i j)
  16.676 +apply (erule_tac n=i in natE)
  16.677  apply (erule_tac [2] n=j in natE)
  16.678 -apply (erule_tac n=j in natE, simp_all, force) 
  16.679 +apply (erule_tac n=j in natE, simp_all, force)
  16.680  done
  16.681  
  16.682  lemma nth_list_update_eq [simp]:
  16.683 @@ -1005,19 +1005,19 @@
  16.684  
  16.685  
  16.686  lemma nth_list_update_neq [rule_format,simp]:
  16.687 -  "xs:list(A) ==> 
  16.688 -     \<forall>i \<in> nat. \<forall>j \<in> nat. i ~= j --> nth(j, list_update(xs,i,x)) = nth(j,xs)"
  16.689 +  "xs:list(A) ==>
  16.690 +     \<forall>i \<in> nat. \<forall>j \<in> nat. i \<noteq> j \<longrightarrow> nth(j, list_update(xs,i,x)) = nth(j,xs)"
  16.691  apply (induct_tac "xs")
  16.692   apply (simp (no_asm))
  16.693  apply clarify
  16.694  apply (erule natE)
  16.695 -apply (erule_tac [2] natE, simp_all) 
  16.696 +apply (erule_tac [2] natE, simp_all)
  16.697  apply (erule natE, simp_all)
  16.698  done
  16.699  
  16.700  lemma list_update_overwrite [rule_format,simp]:
  16.701       "xs:list(A) ==> \<forall>i \<in> nat. i < length(xs)
  16.702 -   --> list_update(list_update(xs, i, x), i, y) = list_update(xs, i,y)"
  16.703 +   \<longrightarrow> list_update(list_update(xs, i, x), i, y) = list_update(xs, i,y)"
  16.704  apply (induct_tac "xs")
  16.705   apply (simp (no_asm))
  16.706  apply clarify
  16.707 @@ -1025,8 +1025,8 @@
  16.708  done
  16.709  
  16.710  lemma list_update_same_conv [rule_format]:
  16.711 -     "xs:list(A) ==> 
  16.712 -      \<forall>i \<in> nat. i < length(xs) --> 
  16.713 +     "xs:list(A) ==>
  16.714 +      \<forall>i \<in> nat. i < length(xs) \<longrightarrow>
  16.715                   (list_update(xs, i, x) = xs) <-> (nth(i, xs) = x)"
  16.716  apply (induct_tac "xs")
  16.717   apply (simp (no_asm))
  16.718 @@ -1035,9 +1035,9 @@
  16.719  done
  16.720  
  16.721  lemma update_zip [rule_format]:
  16.722 -     "ys:list(B) ==> 
  16.723 +     "ys:list(B) ==>
  16.724        \<forall>i \<in> nat. \<forall>xy \<in> A*B. \<forall>xs \<in> list(A).
  16.725 -        length(xs) = length(ys) -->
  16.726 +        length(xs) = length(ys) \<longrightarrow>
  16.727          list_update(zip(xs, ys), i, xy) = zip(list_update(xs, i, fst(xy)),
  16.728                                                list_update(ys, i, snd(xy)))"
  16.729  apply (induct_tac "ys")
  16.730 @@ -1047,8 +1047,8 @@
  16.731  done
  16.732  
  16.733  lemma set_update_subset_cons [rule_format]:
  16.734 -  "xs:list(A) ==> 
  16.735 -   \<forall>i \<in> nat. set_of_list(list_update(xs, i, x)) <= cons(x, set_of_list(xs))"
  16.736 +  "xs:list(A) ==>
  16.737 +   \<forall>i \<in> nat. set_of_list(list_update(xs, i, x)) \<subseteq> cons(x, set_of_list(xs))"
  16.738  apply (induct_tac "xs")
  16.739   apply simp
  16.740  apply (rule ballI)
  16.741 @@ -1056,8 +1056,8 @@
  16.742  done
  16.743  
  16.744  lemma set_of_list_update_subsetI:
  16.745 -     "[| set_of_list(xs) <= A; xs:list(A); x:A; i:nat|]
  16.746 -   ==> set_of_list(list_update(xs, i,x)) <= A"
  16.747 +     "[| set_of_list(xs) \<subseteq> A; xs:list(A); x:A; i:nat|]
  16.748 +   ==> set_of_list(list_update(xs, i,x)) \<subseteq> A"
  16.749  apply (rule subset_trans)
  16.750  apply (rule set_update_subset_cons, auto)
  16.751  done
  16.752 @@ -1071,7 +1071,7 @@
  16.753  apply (auto simp: lt_Ord intro: le_anti_sym)
  16.754  done
  16.755  
  16.756 -lemma upt_conv_Nil [simp]: "[| j le i; j:nat |] ==> upt(i,j) = Nil"
  16.757 +lemma upt_conv_Nil [simp]: "[| j \<le> i; j:nat |] ==> upt(i,j) = Nil"
  16.758  apply (subst upt_rec, auto)
  16.759  apply (auto simp add: le_iff)
  16.760  apply (drule lt_asym [THEN notE], auto)
  16.761 @@ -1079,7 +1079,7 @@
  16.762  
  16.763  (*Only needed if upt_Suc is deleted from the simpset*)
  16.764  lemma upt_succ_append:
  16.765 -     "[| i le j; j:nat |] ==> upt(i,succ(j)) = upt(i, j)@[j]"
  16.766 +     "[| i \<le> j; j:nat |] ==> upt(i,succ(j)) = upt(i, j)@[j]"
  16.767  by simp
  16.768  
  16.769  lemma upt_conv_Cons:
  16.770 @@ -1093,7 +1093,7 @@
  16.771  
  16.772  (*LOOPS as a simprule, since j<=j*)
  16.773  lemma upt_add_eq_append:
  16.774 -     "[| i le j; j:nat; k:nat |] ==> upt(i, j #+k) = upt(i,j)@upt(j,j#+k)"
  16.775 +     "[| i \<le> j; j:nat; k:nat |] ==> upt(i, j #+k) = upt(i,j)@upt(j,j#+k)"
  16.776  apply (induct_tac "k")
  16.777  apply (auto simp add: app_assoc app_type)
  16.778  apply (rule_tac j = j in le_trans, auto)
  16.779 @@ -1106,22 +1106,22 @@
  16.780  done
  16.781  
  16.782  lemma nth_upt [rule_format,simp]:
  16.783 -     "[| i:nat; j:nat; k:nat |] ==> i #+ k < j --> nth(k, upt(i,j)) = i #+ k"
  16.784 +     "[| i:nat; j:nat; k:nat |] ==> i #+ k < j \<longrightarrow> nth(k, upt(i,j)) = i #+ k"
  16.785  apply (induct_tac "j", simp)
  16.786  apply (simp add: nth_append le_iff)
  16.787 -apply (auto dest!: not_lt_imp_le 
  16.788 +apply (auto dest!: not_lt_imp_le
  16.789              simp add: nth_append less_diff_conv add_commute)
  16.790  done
  16.791  
  16.792  lemma take_upt [rule_format,simp]:
  16.793       "[| m:nat; n:nat |] ==>
  16.794 -         \<forall>i \<in> nat. i #+ m le n --> take(m, upt(i,n)) = upt(i,i#+m)"
  16.795 +         \<forall>i \<in> nat. i #+ m \<le> n \<longrightarrow> take(m, upt(i,n)) = upt(i,i#+m)"
  16.796  apply (induct_tac "m")
  16.797  apply (simp (no_asm_simp) add: take_0)
  16.798  apply clarify
  16.799 -apply (subst upt_rec, simp) 
  16.800 +apply (subst upt_rec, simp)
  16.801  apply (rule sym)
  16.802 -apply (subst upt_rec, simp) 
  16.803 +apply (subst upt_rec, simp)
  16.804  apply (simp_all del: upt.simps)
  16.805  apply (rule_tac j = "succ (i #+ x) " in lt_trans2)
  16.806  apply auto
  16.807 @@ -1135,7 +1135,7 @@
  16.808  
  16.809  lemma nth_map [rule_format,simp]:
  16.810       "xs:list(A) ==>
  16.811 -      \<forall>n \<in> nat. n < length(xs) --> nth(n, map(f, xs)) = f(nth(n, xs))"
  16.812 +      \<forall>n \<in> nat. n < length(xs) \<longrightarrow> nth(n, map(f, xs)) = f(nth(n, xs))"
  16.813  apply (induct_tac "xs", simp)
  16.814  apply (rule ballI)
  16.815  apply (induct_tac "n", auto)
  16.816 @@ -1143,15 +1143,15 @@
  16.817  
  16.818  lemma nth_map_upt [rule_format]:
  16.819       "[| m:nat; n:nat |] ==>
  16.820 -      \<forall>i \<in> nat. i < n #- m --> nth(i, map(f, upt(m,n))) = f(m #+ i)"
  16.821 -apply (rule_tac n = m and m = n in diff_induct, typecheck, simp, simp) 
  16.822 -apply (subst map_succ_upt [symmetric], simp_all, clarify) 
  16.823 +      \<forall>i \<in> nat. i < n #- m \<longrightarrow> nth(i, map(f, upt(m,n))) = f(m #+ i)"
  16.824 +apply (rule_tac n = m and m = n in diff_induct, typecheck, simp, simp)
  16.825 +apply (subst map_succ_upt [symmetric], simp_all, clarify)
  16.826  apply (subgoal_tac "i < length (upt (0, x))")
  16.827 - prefer 2 
  16.828 - apply (simp add: less_diff_conv) 
  16.829 + prefer 2
  16.830 + apply (simp add: less_diff_conv)
  16.831   apply (rule_tac j = "succ (i #+ y) " in lt_trans2)
  16.832 -  apply simp 
  16.833 - apply simp 
  16.834 +  apply simp
  16.835 + apply simp
  16.836  apply (subgoal_tac "i < length (upt (y, x))")
  16.837   apply (simp_all add: add_commute less_diff_conv)
  16.838  done
  16.839 @@ -1202,29 +1202,29 @@
  16.840  
  16.841  lemma sublist_Cons:
  16.842       "[| xs:list(B); x:B |] ==>
  16.843 -      sublist(Cons(x, xs), A) = 
  16.844 -      (if 0:A then [x] else []) @ sublist(xs, {j:nat. succ(j) : A})"
  16.845 +      sublist(Cons(x, xs), A) =
  16.846 +      (if 0:A then [x] else []) @ sublist(xs, {j:nat. succ(j) \<in> A})"
  16.847  apply (erule_tac l = xs in list_append_induct)
  16.848 -apply (simp (no_asm_simp) add: sublist_def)  
  16.849 -apply (simp del: app_Cons add: app_Cons [symmetric] sublist_append, simp) 
  16.850 +apply (simp (no_asm_simp) add: sublist_def)
  16.851 +apply (simp del: app_Cons add: app_Cons [symmetric] sublist_append, simp)
  16.852  done
  16.853  
  16.854  lemma sublist_singleton [simp]:
  16.855 -     "sublist([x], A) = (if 0 : A then [x] else [])"
  16.856 +     "sublist([x], A) = (if 0 \<in> A then [x] else [])"
  16.857  by (simp add: sublist_Cons)
  16.858  
  16.859  lemma sublist_upt_eq_take [rule_format, simp]:
  16.860 -    "xs:list(A) ==> ALL n:nat. sublist(xs,n) = take(n,xs)"
  16.861 -apply (erule list.induct, simp) 
  16.862 -apply (clarify ); 
  16.863 -apply (erule natE) 
  16.864 +    "xs:list(A) ==> \<forall>n\<in>nat. sublist(xs,n) = take(n,xs)"
  16.865 +apply (erule list.induct, simp)
  16.866 +apply (clarify );
  16.867 +apply (erule natE)
  16.868  apply (simp_all add: nat_eq_Collect_lt Ord_mem_iff_lt sublist_Cons)
  16.869  done
  16.870  
  16.871  lemma sublist_Int_eq:
  16.872 -     "xs : list(B) ==> sublist(xs, A \<inter> nat) = sublist(xs, A)"
  16.873 +     "xs \<in> list(B) ==> sublist(xs, A \<inter> nat) = sublist(xs, A)"
  16.874  apply (erule list.induct)
  16.875 -apply (simp_all add: sublist_Cons) 
  16.876 +apply (simp_all add: sublist_Cons)
  16.877  done
  16.878  
  16.879  text{*Repetition of a List Element*}
    17.1 --- a/src/ZF/Main_ZF.thy	Sun Mar 04 23:20:43 2012 +0100
    17.2 +++ b/src/ZF/Main_ZF.thy	Tue Mar 06 15:15:49 2012 +0000
    17.3 @@ -27,8 +27,8 @@
    17.4  by (induct n rule: nat_induct, simp_all)
    17.5  
    17.6  lemma iterates_type [TC]:
    17.7 -     "[| n:nat;  a: A; !!x. x:A ==> F(x) : A |] 
    17.8 -      ==> F^n (a) : A"  
    17.9 +     "[| n:nat;  a: A; !!x. x:A ==> F(x) \<in> A |] 
   17.10 +      ==> F^n (a) \<in> A"  
   17.11  by (induct n rule: nat_induct, simp_all)
   17.12  
   17.13  lemma iterates_omega_triv:
    18.1 --- a/src/ZF/Nat_ZF.thy	Sun Mar 04 23:20:43 2012 +0100
    18.2 +++ b/src/ZF/Nat_ZF.thy	Tue Mar 06 15:15:49 2012 +0000
    18.3 @@ -9,7 +9,7 @@
    18.4  
    18.5  definition
    18.6    nat :: i  where
    18.7 -    "nat == lfp(Inf, %X. {0} Un {succ(i). i:X})"
    18.8 +    "nat == lfp(Inf, %X. {0} \<union> {succ(i). i:X})"
    18.9  
   18.10  definition
   18.11    quasinat :: "i => o"  where
   18.12 @@ -18,26 +18,26 @@
   18.13  definition
   18.14    (*Has an unconditional succ case, which is used in "recursor" below.*)
   18.15    nat_case :: "[i, i=>i, i]=>i"  where
   18.16 -    "nat_case(a,b,k) == THE y. k=0 & y=a | (EX x. k=succ(x) & y=b(x))"
   18.17 +    "nat_case(a,b,k) == THE y. k=0 & y=a | (\<exists>x. k=succ(x) & y=b(x))"
   18.18  
   18.19  definition
   18.20    nat_rec :: "[i, i, [i,i]=>i]=>i"  where
   18.21 -    "nat_rec(k,a,b) ==   
   18.22 +    "nat_rec(k,a,b) ==
   18.23            wfrec(Memrel(nat), k, %n f. nat_case(a, %m. b(m, f`m), n))"
   18.24  
   18.25    (*Internalized relations on the naturals*)
   18.26 -  
   18.27 +
   18.28  definition
   18.29    Le :: i  where
   18.30 -    "Le == {<x,y>:nat*nat. x le y}"
   18.31 +    "Le == {<x,y>:nat*nat. x \<le> y}"
   18.32  
   18.33  definition
   18.34    Lt :: i  where
   18.35      "Lt == {<x, y>:nat*nat. x < y}"
   18.36 -  
   18.37 +
   18.38  definition
   18.39    Ge :: i  where
   18.40 -    "Ge == {<x,y>:nat*nat. y le x}"
   18.41 +    "Ge == {<x,y>:nat*nat. y \<le> x}"
   18.42  
   18.43  definition
   18.44    Gt :: i  where
   18.45 @@ -51,33 +51,33 @@
   18.46  predecessors!*}
   18.47  
   18.48  
   18.49 -lemma nat_bnd_mono: "bnd_mono(Inf, %X. {0} Un {succ(i). i:X})"
   18.50 +lemma nat_bnd_mono: "bnd_mono(Inf, %X. {0} \<union> {succ(i). i:X})"
   18.51  apply (rule bnd_monoI)
   18.52 -apply (cut_tac infinity, blast, blast) 
   18.53 +apply (cut_tac infinity, blast, blast)
   18.54  done
   18.55  
   18.56 -(* nat = {0} Un {succ(x). x:nat} *)
   18.57 +(* @{term"nat = {0} \<union> {succ(x). x:nat}"} *)
   18.58  lemmas nat_unfold = nat_bnd_mono [THEN nat_def [THEN def_lfp_unfold]]
   18.59  
   18.60  (** Type checking of 0 and successor **)
   18.61  
   18.62 -lemma nat_0I [iff,TC]: "0 : nat"
   18.63 +lemma nat_0I [iff,TC]: "0 \<in> nat"
   18.64  apply (subst nat_unfold)
   18.65  apply (rule singletonI [THEN UnI1])
   18.66  done
   18.67  
   18.68 -lemma nat_succI [intro!,TC]: "n : nat ==> succ(n) : nat"
   18.69 +lemma nat_succI [intro!,TC]: "n \<in> nat ==> succ(n) \<in> nat"
   18.70  apply (subst nat_unfold)
   18.71  apply (erule RepFunI [THEN UnI2])
   18.72  done
   18.73  
   18.74 -lemma nat_1I [iff,TC]: "1 : nat"
   18.75 +lemma nat_1I [iff,TC]: "1 \<in> nat"
   18.76  by (rule nat_0I [THEN nat_succI])
   18.77  
   18.78 -lemma nat_2I [iff,TC]: "2 : nat"
   18.79 +lemma nat_2I [iff,TC]: "2 \<in> nat"
   18.80  by (rule nat_1I [THEN nat_succI])
   18.81  
   18.82 -lemma bool_subset_nat: "bool <= nat"
   18.83 +lemma bool_subset_nat: "bool \<subseteq> nat"
   18.84  by (blast elim!: boolE)
   18.85  
   18.86  lemmas bool_into_nat = bool_subset_nat [THEN subsetD]
   18.87 @@ -92,15 +92,15 @@
   18.88  
   18.89  lemma natE:
   18.90      "[| n: nat;  n=0 ==> P;  !!x. [| x: nat; n=succ(x) |] ==> P |] ==> P"
   18.91 -by (erule nat_unfold [THEN equalityD1, THEN subsetD, THEN UnE], auto) 
   18.92 +by (erule nat_unfold [THEN equalityD1, THEN subsetD, THEN UnE], auto)
   18.93  
   18.94  lemma nat_into_Ord [simp]: "n: nat ==> Ord(n)"
   18.95  by (erule nat_induct, auto)
   18.96  
   18.97 -(* i: nat ==> 0 le i; same thing as 0<succ(i)  *)
   18.98 +(* @{term"i: nat ==> 0 \<le> i"}; same thing as @{term"0<succ(i)"}  *)
   18.99  lemmas nat_0_le = nat_into_Ord [THEN Ord_0_le]
  18.100  
  18.101 -(* i: nat ==> i le i; same thing as i<succ(i)  *)
  18.102 +(* @{term"i: nat ==> i \<le> i"}; same thing as @{term"i<succ(i)"}  *)
  18.103  lemmas nat_le_refl = nat_into_Ord [THEN le_refl]
  18.104  
  18.105  lemma Ord_nat [iff]: "Ord(nat)"
  18.106 @@ -108,7 +108,7 @@
  18.107  apply (erule_tac [2] nat_into_Ord [THEN Ord_is_Transset])
  18.108  apply (unfold Transset_def)
  18.109  apply (rule ballI)
  18.110 -apply (erule nat_induct, auto) 
  18.111 +apply (erule nat_induct, auto)
  18.112  done
  18.113  
  18.114  lemma Limit_nat [iff]: "Limit(nat)"
  18.115 @@ -126,12 +126,12 @@
  18.116  lemma nat_succ_iff [iff]: "succ(n): nat <-> n: nat"
  18.117  by (blast dest!: succ_natD)
  18.118  
  18.119 -lemma nat_le_Limit: "Limit(i) ==> nat le i"
  18.120 +lemma nat_le_Limit: "Limit(i) ==> nat \<le> i"
  18.121  apply (rule subset_imp_le)
  18.122 -apply (simp_all add: Limit_is_Ord) 
  18.123 +apply (simp_all add: Limit_is_Ord)
  18.124  apply (rule subsetI)
  18.125  apply (erule nat_induct)
  18.126 - apply (erule Limit_has_0 [THEN ltD]) 
  18.127 + apply (erule Limit_has_0 [THEN ltD])
  18.128  apply (blast intro: Limit_has_succ [THEN ltD] ltI Limit_is_Ord)
  18.129  done
  18.130  
  18.131 @@ -140,10 +140,10 @@
  18.132  
  18.133  lemma lt_nat_in_nat: "[| m<n;  n: nat |] ==> m: nat"
  18.134  apply (erule ltE)
  18.135 -apply (erule Ord_trans, assumption, simp) 
  18.136 +apply (erule Ord_trans, assumption, simp)
  18.137  done
  18.138  
  18.139 -lemma le_in_nat: "[| m le n; n:nat |] ==> m:nat"
  18.140 +lemma le_in_nat: "[| m \<le> n; n:nat |] ==> m:nat"
  18.141  by (blast dest!: lt_nat_in_nat)
  18.142  
  18.143  
  18.144 @@ -153,59 +153,59 @@
  18.145  
  18.146  lemmas complete_induct = Ord_induct [OF _ Ord_nat, case_names less, consumes 1]
  18.147  
  18.148 -lemmas complete_induct_rule =  
  18.149 +lemmas complete_induct_rule =
  18.150          complete_induct [rule_format, case_names less, consumes 1]
  18.151  
  18.152  
  18.153 -lemma nat_induct_from_lemma [rule_format]: 
  18.154 -    "[| n: nat;  m: nat;   
  18.155 -        !!x. [| x: nat;  m le x;  P(x) |] ==> P(succ(x)) |] 
  18.156 -     ==> m le n --> P(m) --> P(n)"
  18.157 -apply (erule nat_induct) 
  18.158 +lemma nat_induct_from_lemma [rule_format]:
  18.159 +    "[| n: nat;  m: nat;
  18.160 +        !!x. [| x: nat;  m \<le> x;  P(x) |] ==> P(succ(x)) |]
  18.161 +     ==> m \<le> n \<longrightarrow> P(m) \<longrightarrow> P(n)"
  18.162 +apply (erule nat_induct)
  18.163  apply (simp_all add: distrib_simps le0_iff le_succ_iff)
  18.164  done
  18.165  
  18.166  (*Induction starting from m rather than 0*)
  18.167 -lemma nat_induct_from: 
  18.168 -    "[| m le n;  m: nat;  n: nat;   
  18.169 -        P(m);   
  18.170 -        !!x. [| x: nat;  m le x;  P(x) |] ==> P(succ(x)) |]
  18.171 +lemma nat_induct_from:
  18.172 +    "[| m \<le> n;  m: nat;  n: nat;
  18.173 +        P(m);
  18.174 +        !!x. [| x: nat;  m \<le> x;  P(x) |] ==> P(succ(x)) |]
  18.175       ==> P(n)"
  18.176  apply (blast intro: nat_induct_from_lemma)
  18.177  done
  18.178  
  18.179  (*Induction suitable for subtraction and less-than*)
  18.180  lemma diff_induct [case_names 0 0_succ succ_succ, consumes 2]:
  18.181 -    "[| m: nat;  n: nat;   
  18.182 -        !!x. x: nat ==> P(x,0);   
  18.183 -        !!y. y: nat ==> P(0,succ(y));   
  18.184 +    "[| m: nat;  n: nat;
  18.185 +        !!x. x: nat ==> P(x,0);
  18.186 +        !!y. y: nat ==> P(0,succ(y));
  18.187          !!x y. [| x: nat;  y: nat;  P(x,y) |] ==> P(succ(x),succ(y)) |]
  18.188       ==> P(m,n)"
  18.189  apply (erule_tac x = m in rev_bspec)
  18.190 -apply (erule nat_induct, simp) 
  18.191 +apply (erule nat_induct, simp)
  18.192  apply (rule ballI)
  18.193  apply (rename_tac i j)
  18.194 -apply (erule_tac n=j in nat_induct, auto)  
  18.195 +apply (erule_tac n=j in nat_induct, auto)
  18.196  done
  18.197  
  18.198  
  18.199  (** Induction principle analogous to trancl_induct **)
  18.200  
  18.201  lemma succ_lt_induct_lemma [rule_format]:
  18.202 -     "m: nat ==> P(m,succ(m)) --> (ALL x: nat. P(m,x) --> P(m,succ(x))) -->  
  18.203 -                 (ALL n:nat. m<n --> P(m,n))"
  18.204 +     "m: nat ==> P(m,succ(m)) \<longrightarrow> (\<forall>x\<in>nat. P(m,x) \<longrightarrow> P(m,succ(x))) \<longrightarrow>
  18.205 +                 (\<forall>n\<in>nat. m<n \<longrightarrow> P(m,n))"
  18.206  apply (erule nat_induct)
  18.207   apply (intro impI, rule nat_induct [THEN ballI])
  18.208     prefer 4 apply (intro impI, rule nat_induct [THEN ballI])
  18.209 -apply (auto simp add: le_iff) 
  18.210 +apply (auto simp add: le_iff)
  18.211  done
  18.212  
  18.213  lemma succ_lt_induct:
  18.214 -    "[| m<n;  n: nat;                                    
  18.215 -        P(m,succ(m));                                    
  18.216 +    "[| m<n;  n: nat;
  18.217 +        P(m,succ(m));
  18.218          !!x. [| x: nat;  P(m,x) |] ==> P(m,succ(x)) |]
  18.219       ==> P(m,n)"
  18.220 -by (blast intro: succ_lt_induct_lemma lt_nat_in_nat) 
  18.221 +by (blast intro: succ_lt_induct_lemma lt_nat_in_nat)
  18.222  
  18.223  subsection{*quasinat: to allow a case-split rule for @{term nat_case}*}
  18.224  
  18.225 @@ -219,36 +219,36 @@
  18.226  lemma nat_imp_quasinat: "n \<in> nat ==> quasinat(n)"
  18.227  by (erule natE, simp_all)
  18.228  
  18.229 -lemma non_nat_case: "~ quasinat(x) ==> nat_case(a,b,x) = 0" 
  18.230 -by (simp add: quasinat_def nat_case_def) 
  18.231 +lemma non_nat_case: "~ quasinat(x) ==> nat_case(a,b,x) = 0"
  18.232 +by (simp add: quasinat_def nat_case_def)
  18.233  
  18.234  lemma nat_cases_disj: "k=0 | (\<exists>y. k = succ(y)) | ~ quasinat(k)"
  18.235 -apply (case_tac "k=0", simp) 
  18.236 -apply (case_tac "\<exists>m. k = succ(m)") 
  18.237 -apply (simp_all add: quasinat_def) 
  18.238 +apply (case_tac "k=0", simp)
  18.239 +apply (case_tac "\<exists>m. k = succ(m)")
  18.240 +apply (simp_all add: quasinat_def)
  18.241  done
  18.242  
  18.243  lemma nat_cases:
  18.244       "[|k=0 ==> P;  !!y. k = succ(y) ==> P; ~ quasinat(k) ==> P|] ==> P"
  18.245 -by (insert nat_cases_disj [of k], blast) 
  18.246 +by (insert nat_cases_disj [of k], blast)
  18.247  
  18.248  (** nat_case **)
  18.249  
  18.250  lemma nat_case_0 [simp]: "nat_case(a,b,0) = a"
  18.251  by (simp add: nat_case_def)
  18.252  
  18.253 -lemma nat_case_succ [simp]: "nat_case(a,b,succ(n)) = b(n)" 
  18.254 +lemma nat_case_succ [simp]: "nat_case(a,b,succ(n)) = b(n)"
  18.255  by (simp add: nat_case_def)
  18.256  
  18.257  lemma nat_case_type [TC]:
  18.258 -    "[| n: nat;  a: C(0);  !!m. m: nat ==> b(m): C(succ(m)) |] 
  18.259 -     ==> nat_case(a,b,n) : C(n)";
  18.260 -by (erule nat_induct, auto) 
  18.261 +    "[| n: nat;  a: C(0);  !!m. m: nat ==> b(m): C(succ(m)) |]
  18.262 +     ==> nat_case(a,b,n) \<in> C(n)";
  18.263 +by (erule nat_induct, auto)
  18.264  
  18.265  lemma split_nat_case:
  18.266 -  "P(nat_case(a,b,k)) <-> 
  18.267 -   ((k=0 --> P(a)) & (\<forall>x. k=succ(x) --> P(b(x))) & (~ quasinat(k) \<longrightarrow> P(0)))"
  18.268 -apply (rule nat_cases [of k]) 
  18.269 +  "P(nat_case(a,b,k)) <->
  18.270 +   ((k=0 \<longrightarrow> P(a)) & (\<forall>x. k=succ(x) \<longrightarrow> P(b(x))) & (~ quasinat(k) \<longrightarrow> P(0)))"
  18.271 +apply (rule nat_cases [of k])
  18.272  apply (auto simp add: non_nat_case)
  18.273  done
  18.274  
  18.275 @@ -260,41 +260,41 @@
  18.276  
  18.277  lemma nat_rec_0: "nat_rec(0,a,b) = a"
  18.278  apply (rule nat_rec_def [THEN def_wfrec, THEN trans])
  18.279 - apply (rule wf_Memrel) 
  18.280 + apply (rule wf_Memrel)
  18.281  apply (rule nat_case_0)
  18.282  done
  18.283  
  18.284  lemma nat_rec_succ: "m: nat ==> nat_rec(succ(m),a,b) = b(m, nat_rec(m,a,b))"
  18.285  apply (rule nat_rec_def [THEN def_wfrec, THEN trans])
  18.286 - apply (rule wf_Memrel) 
  18.287 + apply (rule wf_Memrel)
  18.288  apply (simp add: vimage_singleton_iff)
  18.289  done
  18.290  
  18.291  (** The union of two natural numbers is a natural number -- their maximum **)
  18.292  
  18.293 -lemma Un_nat_type [TC]: "[| i: nat; j: nat |] ==> i Un j: nat"
  18.294 +lemma Un_nat_type [TC]: "[| i: nat; j: nat |] ==> i \<union> j: nat"
  18.295  apply (rule Un_least_lt [THEN ltD])
  18.296 -apply (simp_all add: lt_def) 
  18.297 +apply (simp_all add: lt_def)
  18.298  done
  18.299  
  18.300 -lemma Int_nat_type [TC]: "[| i: nat; j: nat |] ==> i Int j: nat"
  18.301 +lemma Int_nat_type [TC]: "[| i: nat; j: nat |] ==> i \<inter> j: nat"
  18.302  apply (rule Int_greatest_lt [THEN ltD])
  18.303 -apply (simp_all add: lt_def) 
  18.304 +apply (simp_all add: lt_def)
  18.305  done
  18.306  
  18.307  (*needed to simplify unions over nat*)
  18.308 -lemma nat_nonempty [simp]: "nat ~= 0"
  18.309 +lemma nat_nonempty [simp]: "nat \<noteq> 0"
  18.310  by blast
  18.311  
  18.312  text{*A natural number is the set of its predecessors*}
  18.313  lemma nat_eq_Collect_lt: "i \<in> nat ==> {j\<in>nat. j<i} = i"
  18.314  apply (rule equalityI)
  18.315 -apply (blast dest: ltD)  
  18.316 +apply (blast dest: ltD)
  18.317  apply (auto simp add: Ord_mem_iff_lt)
  18.318 -apply (blast intro: lt_trans) 
  18.319 +apply (blast intro: lt_trans)
  18.320  done
  18.321  
  18.322 -lemma Le_iff [iff]: "<x,y> : Le <-> x le y & x : nat & y : nat"
  18.323 +lemma Le_iff [iff]: "<x,y> \<in> Le <-> x \<le> y & x \<in> nat & y \<in> nat"
  18.324  by (force simp add: Le_def)
  18.325  
  18.326  end
    19.1 --- a/src/ZF/OrdQuant.thy	Sun Mar 04 23:20:43 2012 +0100
    19.2 +++ b/src/ZF/OrdQuant.thy	Tue Mar 06 15:15:49 2012 +0000
    19.3 @@ -11,11 +11,11 @@
    19.4  definition
    19.5    (* Ordinal Quantifiers *)
    19.6    oall :: "[i, i => o] => o"  where
    19.7 -    "oall(A, P) == ALL x. x<A --> P(x)"
    19.8 +    "oall(A, P) == \<forall>x. x<A \<longrightarrow> P(x)"
    19.9  
   19.10  definition
   19.11    oex :: "[i, i => o] => o"  where
   19.12 -    "oex(A, P)  == EX x. x<A & P(x)"
   19.13 +    "oex(A, P)  == \<exists>x. x<A & P(x)"
   19.14  
   19.15  definition
   19.16    (* Ordinal Union *)
   19.17 @@ -48,18 +48,18 @@
   19.18  (*MOST IMPORTANT that this is added to the simpset BEFORE Ord_atomize
   19.19    is proved.  Ord_atomize would convert this rule to
   19.20      x < 0 ==> P(x) == True, which causes dire effects!*)
   19.21 -lemma [simp]: "(ALL x<0. P(x))"
   19.22 +lemma [simp]: "(\<forall>x<0. P(x))"
   19.23  by (simp add: oall_def)
   19.24  
   19.25 -lemma [simp]: "~(EX x<0. P(x))"
   19.26 +lemma [simp]: "~(\<exists>x<0. P(x))"
   19.27  by (simp add: oex_def)
   19.28  
   19.29 -lemma [simp]: "(ALL x<succ(i). P(x)) <-> (Ord(i) --> P(i) & (ALL x<i. P(x)))"
   19.30 +lemma [simp]: "(\<forall>x<succ(i). P(x)) <-> (Ord(i) \<longrightarrow> P(i) & (\<forall>x<i. P(x)))"
   19.31  apply (simp add: oall_def le_iff)
   19.32  apply (blast intro: lt_Ord2)
   19.33  done
   19.34  
   19.35 -lemma [simp]: "(EX x<succ(i). P(x)) <-> (Ord(i) & (P(i) | (EX x<i. P(x))))"
   19.36 +lemma [simp]: "(\<exists>x<succ(i). P(x)) <-> (Ord(i) & (P(i) | (\<exists>x<i. P(x))))"
   19.37  apply (simp add: oex_def le_iff)
   19.38  apply (blast intro: lt_Ord2)
   19.39  done
   19.40 @@ -84,12 +84,11 @@
   19.41  lemma Limit_OUN_eq: "Limit(i) ==> (\<Union>x<i. x) = i"
   19.42  by (simp add: OUnion_def Limit_Union_eq Limit_is_Ord)
   19.43  
   19.44 -(* No < version; consider (\<Union>i\<in>nat.i)=nat *)
   19.45 +(* No < version of this theorem: consider that @{term"(\<Union>i\<in>nat.i)=nat"}! *)
   19.46  lemma OUN_least:
   19.47       "(!!x. x<A ==> B(x) \<subseteq> C) ==> (\<Union>x<A. B(x)) \<subseteq> C"
   19.48  by (simp add: OUnion_def UN_least ltI)
   19.49  
   19.50 -(* No < version; consider (\<Union>i\<in>nat.i)=nat *)
   19.51  lemma OUN_least_le:
   19.52       "[| Ord(i);  !!x. x<A ==> b(x) \<le> i |] ==> (\<Union>x<A. b(x)) \<le> i"
   19.53  by (simp add: OUnion_def UN_least_le ltI Ord_0_le)
   19.54 @@ -105,34 +104,34 @@
   19.55  
   19.56  lemma OUN_Union_eq:
   19.57       "(!!x. x:X ==> Ord(x))
   19.58 -      ==> (\<Union>z < Union(X). C(z)) = (\<Union>x\<in>X. \<Union>z < x. C(z))"
   19.59 +      ==> (\<Union>z < \<Union>(X). C(z)) = (\<Union>x\<in>X. \<Union>z < x. C(z))"
   19.60  by (simp add: OUnion_def)
   19.61  
   19.62 -(*So that rule_format will get rid of ALL x<A...*)
   19.63 +(*So that rule_format will get rid of this quantifier...*)
   19.64  lemma atomize_oall [symmetric, rulify]:
   19.65 -     "(!!x. x<A ==> P(x)) == Trueprop (ALL x<A. P(x))"
   19.66 +     "(!!x. x<A ==> P(x)) == Trueprop (\<forall>x<A. P(x))"
   19.67  by (simp add: oall_def atomize_all atomize_imp)
   19.68  
   19.69  subsubsection {*universal quantifier for ordinals*}
   19.70  
   19.71  lemma oallI [intro!]:
   19.72 -    "[| !!x. x<A ==> P(x) |] ==> ALL x<A. P(x)"
   19.73 +    "[| !!x. x<A ==> P(x) |] ==> \<forall>x<A. P(x)"
   19.74  by (simp add: oall_def)
   19.75  
   19.76 -lemma ospec: "[| ALL x<A. P(x);  x<A |] ==> P(x)"
   19.77 +lemma ospec: "[| \<forall>x<A. P(x);  x<A |] ==> P(x)"
   19.78  by (simp add: oall_def)
   19.79  
   19.80  lemma oallE:
   19.81 -    "[| ALL x<A. P(x);  P(x) ==> Q;  ~x<A ==> Q |] ==> Q"
   19.82 +    "[| \<forall>x<A. P(x);  P(x) ==> Q;  ~x<A ==> Q |] ==> Q"
   19.83  by (simp add: oall_def, blast)
   19.84  
   19.85  lemma rev_oallE [elim]:
   19.86 -    "[| ALL x<A. P(x);  ~x<A ==> Q;  P(x) ==> Q |] ==> Q"
   19.87 +    "[| \<forall>x<A. P(x);  ~x<A ==> Q;  P(x) ==> Q |] ==> Q"
   19.88  by (simp add: oall_def, blast)
   19.89  
   19.90  
   19.91 -(*Trival rewrite rule;   (ALL x<a.P)<->P holds only if a is not 0!*)
   19.92 -lemma oall_simp [simp]: "(ALL x<a. True) <-> True"
   19.93 +(*Trival rewrite rule.  @{term"(\<forall>x<a.P)<->P"} holds only if a is not 0!*)
   19.94 +lemma oall_simp [simp]: "(\<forall>x<a. True) <-> True"
   19.95  by blast
   19.96  
   19.97  (*Congruence rule for rewriting*)
   19.98 @@ -145,18 +144,18 @@
   19.99  subsubsection {*existential quantifier for ordinals*}
  19.100  
  19.101  lemma oexI [intro]:
  19.102 -    "[| P(x);  x<A |] ==> EX x<A. P(x)"
  19.103 +    "[| P(x);  x<A |] ==> \<exists>x<A. P(x)"
  19.104  apply (simp add: oex_def, blast)
  19.105  done
  19.106  
  19.107 -(*Not of the general form for such rules; ~EX has become ALL~ *)
  19.108 +(*Not of the general form for such rules... *)
  19.109  lemma oexCI:
  19.110 -   "[| ALL x<A. ~P(x) ==> P(a);  a<A |] ==> EX x<A. P(x)"
  19.111 +   "[| \<forall>x<A. ~P(x) ==> P(a);  a<A |] ==> \<exists>x<A. P(x)"
  19.112  apply (simp add: oex_def, blast)
  19.113  done
  19.114  
  19.115  lemma oexE [elim!]:
  19.116 -    "[| EX x<A. P(x);  !!x. [| x<A; P(x) |] ==> Q |] ==> Q"
  19.117 +    "[| \<exists>x<A. P(x);  !!x. [| x<A; P(x) |] ==> Q |] ==> Q"
  19.118  apply (simp add: oex_def, blast)
  19.119  done
  19.120  
  19.121 @@ -173,11 +172,11 @@
  19.122  by (unfold OUnion_def lt_def, blast)
  19.123  
  19.124  lemma OUN_E [elim!]:
  19.125 -    "[| b : (\<Union>z<i. B(z));  !!a.[| b: B(a);  a<i |] ==> R |] ==> R"
  19.126 +    "[| b \<in> (\<Union>z<i. B(z));  !!a.[| b: B(a);  a<i |] ==> R |] ==> R"
  19.127  apply (unfold OUnion_def lt_def, blast)
  19.128  done
  19.129  
  19.130 -lemma OUN_iff: "b : (\<Union>x<i. B(x)) <-> (EX x<i. b : B(x))"
  19.131 +lemma OUN_iff: "b \<in> (\<Union>x<i. B(x)) <-> (\<exists>x<i. b \<in> B(x))"
  19.132  by (unfold OUnion_def oex_def lt_def, blast)
  19.133  
  19.134  lemma OUN_cong [cong]:
  19.135 @@ -185,7 +184,7 @@
  19.136  by (simp add: OUnion_def lt_def OUN_iff)
  19.137  
  19.138  lemma lt_induct:
  19.139 -    "[| i<k;  !!x.[| x<k;  ALL y<x. P(y) |] ==> P(x) |]  ==>  P(i)"
  19.140 +    "[| i<k;  !!x.[| x<k;  \<forall>y<x. P(y) |] ==> P(x) |]  ==>  P(i)"
  19.141  apply (simp add: lt_def oall_def)
  19.142  apply (erule conjE)
  19.143  apply (erule Ord_induct, assumption, blast)
  19.144 @@ -196,11 +195,11 @@
  19.145  
  19.146  definition
  19.147    "rall"     :: "[i=>o, i=>o] => o"  where
  19.148 -    "rall(M, P) == ALL x. M(x) --> P(x)"
  19.149 +    "rall(M, P) == \<forall>x. M(x) \<longrightarrow> P(x)"
  19.150  
  19.151  definition
  19.152    "rex"      :: "[i=>o, i=>o] => o"  where
  19.153 -    "rex(M, P) == EX x. M(x) & P(x)"
  19.154 +    "rex(M, P) == \<exists>x. M(x) & P(x)"
  19.155  
  19.156  syntax
  19.157    "_rall"     :: "[pttrn, i=>o, o] => o"        ("(3ALL _[_]./ _)" 10)
  19.158 @@ -220,18 +219,18 @@
  19.159  
  19.160  subsubsection{*Relativized universal quantifier*}
  19.161  
  19.162 -lemma rallI [intro!]: "[| !!x. M(x) ==> P(x) |] ==> ALL x[M]. P(x)"
  19.163 +lemma rallI [intro!]: "[| !!x. M(x) ==> P(x) |] ==> \<forall>x[M]. P(x)"
  19.164  by (simp add: rall_def)
  19.165  
  19.166 -lemma rspec: "[| ALL x[M]. P(x); M(x) |] ==> P(x)"
  19.167 +lemma rspec: "[| \<forall>x[M]. P(x); M(x) |] ==> P(x)"
  19.168  by (simp add: rall_def)
  19.169  
  19.170  (*Instantiates x first: better for automatic theorem proving?*)
  19.171  lemma rev_rallE [elim]:
  19.172 -    "[| ALL x[M]. P(x);  ~ M(x) ==> Q;  P(x) ==> Q |] ==> Q"
  19.173 +    "[| \<forall>x[M]. P(x);  ~ M(x) ==> Q;  P(x) ==> Q |] ==> Q"
  19.174  by (simp add: rall_def, blast)
  19.175  
  19.176 -lemma rallE: "[| ALL x[M]. P(x);  P(x) ==> Q;  ~ M(x) ==> Q |] ==> Q"
  19.177 +lemma rallE: "[| \<forall>x[M]. P(x);  P(x) ==> Q;  ~ M(x) ==> Q |] ==> Q"
  19.178  by blast
  19.179  
  19.180  (*Trival rewrite rule;   (ALL x[M].P)<->P holds only if A is nonempty!*)
  19.181 @@ -240,24 +239,24 @@
  19.182  
  19.183  (*Congruence rule for rewriting*)
  19.184  lemma rall_cong [cong]:
  19.185 -    "(!!x. M(x) ==> P(x) <-> P'(x)) ==> (ALL x[M]. P(x)) <-> (ALL x[M]. P'(x))"
  19.186 +    "(!!x. M(x) ==> P(x) <-> P'(x)) ==> (\<forall>x[M]. P(x)) <-> (\<forall>x[M]. P'(x))"
  19.187  by (simp add: rall_def)
  19.188  
  19.189  
  19.190  subsubsection{*Relativized existential quantifier*}
  19.191  
  19.192 -lemma rexI [intro]: "[| P(x); M(x) |] ==> EX x[M]. P(x)"
  19.193 +lemma rexI [intro]: "[| P(x); M(x) |] ==> \<exists>x[M]. P(x)"
  19.194  by (simp add: rex_def, blast)
  19.195  
  19.196  (*The best argument order when there is only one M(x)*)
  19.197 -lemma rev_rexI: "[| M(x);  P(x) |] ==> EX x[M]. P(x)"
  19.198 +lemma rev_rexI: "[| M(x);  P(x) |] ==> \<exists>x[M]. P(x)"
  19.199  by blast
  19.200  
  19.201 -(*Not of the general form for such rules; ~EX has become ALL~ *)
  19.202 -lemma rexCI: "[| ALL x[M]. ~P(x) ==> P(a); M(a) |] ==> EX x[M]. P(x)"
  19.203 +(*Not of the general form for such rules... *)
  19.204 +lemma rexCI: "[| \<forall>x[M]. ~P(x) ==> P(a); M(a) |] ==> \<exists>x[M]. P(x)"
  19.205  by blast
  19.206  
  19.207 -lemma rexE [elim!]: "[| EX x[M]. P(x);  !!x. [| M(x); P(x) |] ==> Q |] ==> Q"
  19.208 +lemma rexE [elim!]: "[| \<exists>x[M]. P(x);  !!x. [| M(x); P(x) |] ==> Q |] ==> Q"
  19.209  by (simp add: rex_def, blast)
  19.210  
  19.211  (*We do not even have (EX x[M]. True) <-> True unless A is nonempty!!*)
  19.212 @@ -265,7 +264,7 @@
  19.213  by (simp add: rex_def)
  19.214  
  19.215  lemma rex_cong [cong]:
  19.216 -    "(!!x. M(x) ==> P(x) <-> P'(x)) ==> (EX x[M]. P(x)) <-> (EX x[M]. P'(x))"
  19.217 +    "(!!x. M(x) ==> P(x) <-> P'(x)) ==> (\<exists>x[M]. P(x)) <-> (\<exists>x[M]. P'(x))"
  19.218  by (simp add: rex_def cong: conj_cong)
  19.219  
  19.220  lemma rall_is_ball [simp]: "(\<forall>x[%z. z\<in>A]. P(x)) <-> (\<forall>x\<in>A. P(x))"
  19.221 @@ -274,68 +273,68 @@
  19.222  lemma rex_is_bex [simp]: "(\<exists>x[%z. z\<in>A]. P(x)) <-> (\<exists>x\<in>A. P(x))"
  19.223  by blast
  19.224  
  19.225 -lemma atomize_rall: "(!!x. M(x) ==> P(x)) == Trueprop (ALL x[M]. P(x))";
  19.226 +lemma atomize_rall: "(!!x. M(x) ==> P(x)) == Trueprop (\<forall>x[M]. P(x))";
  19.227  by (simp add: rall_def atomize_all atomize_imp)
  19.228  
  19.229  declare atomize_rall [symmetric, rulify]
  19.230  
  19.231  lemma rall_simps1:
  19.232 -     "(ALL x[M]. P(x) & Q)   <-> (ALL x[M]. P(x)) & ((ALL x[M]. False) | Q)"
  19.233 -     "(ALL x[M]. P(x) | Q)   <-> ((ALL x[M]. P(x)) | Q)"
  19.234 -     "(ALL x[M]. P(x) --> Q) <-> ((EX x[M]. P(x)) --> Q)"
  19.235 -     "(~(ALL x[M]. P(x))) <-> (EX x[M]. ~P(x))"
  19.236 +     "(\<forall>x[M]. P(x) & Q)   <-> (\<forall>x[M]. P(x)) & ((\<forall>x[M]. False) | Q)"
  19.237 +     "(\<forall>x[M]. P(x) | Q)   <-> ((\<forall>x[M]. P(x)) | Q)"
  19.238 +     "(\<forall>x[M]. P(x) \<longrightarrow> Q) <-> ((\<exists>x[M]. P(x)) \<longrightarrow> Q)"
  19.239 +     "(~(\<forall>x[M]. P(x))) <-> (\<exists>x[M]. ~P(x))"
  19.240  by blast+
  19.241  
  19.242  lemma rall_simps2:
  19.243 -     "(ALL x[M]. P & Q(x))   <-> ((ALL x[M]. False) | P) & (ALL x[M]. Q(x))"
  19.244 -     "(ALL x[M]. P | Q(x))   <-> (P | (ALL x[M]. Q(x)))"
  19.245 -     "(ALL x[M]. P --> Q(x)) <-> (P --> (ALL x[M]. Q(x)))"
  19.246 +     "(\<forall>x[M]. P & Q(x))   <-> ((\<forall>x[M]. False) | P) & (\<forall>x[M]. Q(x))"
  19.247 +     "(\<forall>x[M]. P | Q(x))   <-> (P | (\<forall>x[M]. Q(x)))"
  19.248 +     "(\<forall>x[M]. P \<longrightarrow> Q(x)) <-> (P \<longrightarrow> (\<forall>x[M]. Q(x)))"
  19.249  by blast+
  19.250  
  19.251  lemmas rall_simps [simp] = rall_simps1 rall_simps2
  19.252  
  19.253  lemma rall_conj_distrib:
  19.254 -    "(ALL x[M]. P(x) & Q(x)) <-> ((ALL x[M]. P(x)) & (ALL x[M]. Q(x)))"
  19.255 +    "(\<forall>x[M]. P(x) & Q(x)) <-> ((\<forall>x[M]. P(x)) & (\<forall>x[M]. Q(x)))"
  19.256  by blast
  19.257  
  19.258  lemma rex_simps1:
  19.259 -     "(EX x[M]. P(x) & Q) <-> ((EX x[M]. P(x)) & Q)"
  19.260 -     "(EX x[M]. P(x) | Q) <-> (EX x[M]. P(x)) | ((EX x[M]. True) & Q)"
  19.261 -     "(EX x[M]. P(x) --> Q) <-> ((ALL x[M]. P(x)) --> ((EX x[M]. True) & Q))"
  19.262 -     "(~(EX x[M]. P(x))) <-> (ALL x[M]. ~P(x))"
  19.263 +     "(\<exists>x[M]. P(x) & Q) <-> ((\<exists>x[M]. P(x)) & Q)"
  19.264 +     "(\<exists>x[M]. P(x) | Q) <-> (\<exists>x[M]. P(x)) | ((\<exists>x[M]. True) & Q)"
  19.265 +     "(\<exists>x[M]. P(x) \<longrightarrow> Q) <-> ((\<forall>x[M]. P(x)) \<longrightarrow> ((\<exists>x[M]. True) & Q))"
  19.266 +     "(~(\<exists>x[M]. P(x))) <-> (\<forall>x[M]. ~P(x))"
  19.267  by blast+
  19.268  
  19.269  lemma rex_simps2:
  19.270 -     "(EX x[M]. P & Q(x)) <-> (P & (EX x[M]. Q(x)))"
  19.271 -     "(EX x[M]. P | Q(x)) <-> ((EX x[M]. True) & P) | (EX x[M]. Q(x))"
  19.272 -     "(EX x[M]. P --> Q(x)) <-> (((ALL x[M]. False) | P) --> (EX x[M]. Q(x)))"
  19.273 +     "(\<exists>x[M]. P & Q(x)) <-> (P & (\<exists>x[M]. Q(x)))"
  19.274 +     "(\<exists>x[M]. P | Q(x)) <-> ((\<exists>x[M]. True) & P) | (\<exists>x[M]. Q(x))"
  19.275 +     "(\<exists>x[M]. P \<longrightarrow> Q(x)) <-> (((\<forall>x[M]. False) | P) \<longrightarrow> (\<exists>x[M]. Q(x)))"
  19.276  by blast+
  19.277  
  19.278  lemmas rex_simps [simp] = rex_simps1 rex_simps2
  19.279  
  19.280  lemma rex_disj_distrib:
  19.281 -    "(EX x[M]. P(x) | Q(x)) <-> ((EX x[M]. P(x)) | (EX x[M]. Q(x)))"
  19.282 +    "(\<exists>x[M]. P(x) | Q(x)) <-> ((\<exists>x[M]. P(x)) | (\<exists>x[M]. Q(x)))"
  19.283  by blast
  19.284  
  19.285  
  19.286  subsubsection{*One-point rule for bounded quantifiers*}
  19.287  
  19.288 -lemma rex_triv_one_point1 [simp]: "(EX x[M]. x=a) <-> ( M(a))"
  19.289 +lemma rex_triv_one_point1 [simp]: "(\<exists>x[M]. x=a) <-> ( M(a))"
  19.290  by blast
  19.291  
  19.292 -lemma rex_triv_one_point2 [simp]: "(EX x[M]. a=x) <-> ( M(a))"
  19.293 +lemma rex_triv_one_point2 [simp]: "(\<exists>x[M]. a=x) <-> ( M(a))"
  19.294  by blast
  19.295  
  19.296 -lemma rex_one_point1 [simp]: "(EX x[M]. x=a & P(x)) <-> ( M(a) & P(a))"
  19.297 +lemma rex_one_point1 [simp]: "(\<exists>x[M]. x=a & P(x)) <-> ( M(a) & P(a))"
  19.298  by blast
  19.299  
  19.300 -lemma rex_one_point2 [simp]: "(EX x[M]. a=x & P(x)) <-> ( M(a) & P(a))"
  19.301 +lemma rex_one_point2 [simp]: "(\<exists>x[M]. a=x & P(x)) <-> ( M(a) & P(a))"
  19.302  by blast
  19.303  
  19.304 -lemma rall_one_point1 [simp]: "(ALL x[M]. x=a --> P(x)) <-> ( M(a) --> P(a))"
  19.305 +lemma rall_one_point1 [simp]: "(\<forall>x[M]. x=a \<longrightarrow> P(x)) <-> ( M(a) \<longrightarrow> P(a))"
  19.306  by blast
  19.307  
  19.308 -lemma rall_one_point2 [simp]: "(ALL x[M]. a=x --> P(x)) <-> ( M(a) --> P(a))"
  19.309 +lemma rall_one_point2 [simp]: "(\<forall>x[M]. a=x \<longrightarrow> P(x)) <-> ( M(a) \<longrightarrow> P(a))"
  19.310  by blast
  19.311  
  19.312  
  19.313 @@ -343,9 +342,9 @@
  19.314  
  19.315  definition
  19.316    setclass :: "[i,i] => o"       ("##_" [40] 40)  where
  19.317 -   "setclass(A) == %x. x : A"
  19.318 +   "setclass(A) == %x. x \<in> A"
  19.319  
  19.320 -lemma setclass_iff [simp]: "setclass(A,x) <-> x : A"
  19.321 +lemma setclass_iff [simp]: "setclass(A,x) <-> x \<in> A"
  19.322  by (simp add: setclass_def)
  19.323  
  19.324  lemma rall_setclass_is_ball [simp]: "(\<forall>x[##A]. P(x)) <-> (\<forall>x\<in>A. P(x))"
  19.325 @@ -368,14 +367,14 @@
  19.326  
  19.327  text {* Setting up the one-point-rule simproc *}
  19.328  
  19.329 -simproc_setup defined_rex ("EX x[M]. P(x) & Q(x)") = {*
  19.330 +simproc_setup defined_rex ("\<exists>x[M]. P(x) & Q(x)") = {*
  19.331    let
  19.332      val unfold_rex_tac = unfold_tac @{thms rex_def};
  19.333      fun prove_rex_tac ss = unfold_rex_tac ss THEN Quantifier1.prove_one_point_ex_tac;
  19.334    in fn _ => fn ss => Quantifier1.rearrange_bex (prove_rex_tac ss) ss end
  19.335  *}
  19.336  
  19.337 -simproc_setup defined_rall ("ALL x[M]. P(x) --> Q(x)") = {*
  19.338 +simproc_setup defined_rall ("\<forall>x[M]. P(x) \<longrightarrow> Q(x)") = {*
  19.339    let
  19.340      val unfold_rall_tac = unfold_tac @{thms rall_def};
  19.341      fun prove_rall_tac ss = unfold_rall_tac ss THEN Quantifier1.prove_one_point_all_tac;
    20.1 --- a/src/ZF/Order.thy	Sun Mar 04 23:20:43 2012 +0100
    20.2 +++ b/src/ZF/Order.thy	Tue Mar 06 15:15:49 2012 +0000
    20.3 @@ -21,7 +21,7 @@
    20.4  
    20.5  definition
    20.6    linear   :: "[i,i]=>o"                (*Strict total ordering*)  where
    20.7 -   "linear(A,r) == (ALL x:A. ALL y:A. <x,y>:r | x=y | <y,x>:r)"
    20.8 +   "linear(A,r) == (\<forall>x\<in>A. \<forall>y\<in>A. <x,y>:r | x=y | <y,x>:r)"
    20.9  
   20.10  definition
   20.11    tot_ord  :: "[i,i]=>o"                (*Strict total ordering*)  where
   20.12 @@ -46,12 +46,12 @@
   20.13  definition
   20.14    mono_map :: "[i,i,i,i]=>i"            (*Order-preserving maps*)  where
   20.15     "mono_map(A,r,B,s) ==
   20.16 -              {f: A->B. ALL x:A. ALL y:A. <x,y>:r --> <f`x,f`y>:s}"
   20.17 +              {f: A->B. \<forall>x\<in>A. \<forall>y\<in>A. <x,y>:r \<longrightarrow> <f`x,f`y>:s}"
   20.18  
   20.19  definition
   20.20    ord_iso  :: "[i,i,i,i]=>i"            (*Order isomorphisms*)  where
   20.21     "ord_iso(A,r,B,s) ==
   20.22 -              {f: bij(A,B). ALL x:A. ALL y:A. <x,y>:r <-> <f`x,f`y>:s}"
   20.23 +              {f: bij(A,B). \<forall>x\<in>A. \<forall>y\<in>A. <x,y>:r <-> <f`x,f`y>:s}"
   20.24  
   20.25  definition
   20.26    pred     :: "[i,i,i]=>i"              (*Set of predecessors*)  where
   20.27 @@ -64,7 +64,7 @@
   20.28  
   20.29  definition
   20.30    first :: "[i, i, i] => o"  where
   20.31 -    "first(u, X, R) == u:X & (ALL v:X. v~=u --> <u,v> : R)"
   20.32 +    "first(u, X, R) == u:X & (\<forall>v\<in>X. v\<noteq>u \<longrightarrow> <u,v> \<in> R)"
   20.33  
   20.34  
   20.35  notation (xsymbols)
   20.36 @@ -74,7 +74,7 @@
   20.37  subsection{*Immediate Consequences of the Definitions*}
   20.38  
   20.39  lemma part_ord_Imp_asym:
   20.40 -    "part_ord(A,r) ==> asym(r Int A*A)"
   20.41 +    "part_ord(A,r) ==> asym(r \<inter> A*A)"
   20.42  by (unfold part_ord_def irrefl_def trans_on_def asym_def, blast)
   20.43  
   20.44  lemma linearE:
   20.45 @@ -107,7 +107,7 @@
   20.46  
   20.47  (** Derived rules for pred(A,x,r) **)
   20.48  
   20.49 -lemma pred_iff: "y : pred(A,x,r) <-> <y,x>:r & y:A"
   20.50 +lemma pred_iff: "y \<in> pred(A,x,r) <-> <y,x>:r & y:A"
   20.51  by (unfold pred_def, blast)
   20.52  
   20.53  lemmas predI = conjI [THEN pred_iff [THEN iffD2]]
   20.54 @@ -115,14 +115,14 @@
   20.55  lemma predE: "[| y: pred(A,x,r);  [| y:A; <y,x>:r |] ==> P |] ==> P"
   20.56  by (simp add: pred_def)
   20.57  
   20.58 -lemma pred_subset_under: "pred(A,x,r) <= r -`` {x}"
   20.59 +lemma pred_subset_under: "pred(A,x,r) \<subseteq> r -`` {x}"
   20.60  by (simp add: pred_def, blast)
   20.61  
   20.62 -lemma pred_subset: "pred(A,x,r) <= A"
   20.63 +lemma pred_subset: "pred(A,x,r) \<subseteq> A"
   20.64  by (simp add: pred_def, blast)
   20.65  
   20.66  lemma pred_pred_eq:
   20.67 -    "pred(pred(A,x,r), y, r) = pred(A,x,r) Int pred(A,y,r)"
   20.68 +    "pred(pred(A,x,r), y, r) = pred(A,x,r) \<inter> pred(A,y,r)"
   20.69  by (simp add: pred_def, blast)
   20.70  
   20.71  lemma trans_pred_pred_eq:
   20.72 @@ -160,30 +160,30 @@
   20.73  
   20.74  (** Relations restricted to a smaller domain, by Krzysztof Grabczewski **)
   20.75  
   20.76 -lemma irrefl_Int_iff: "irrefl(A,r Int A*A) <-> irrefl(A,r)"
   20.77 +lemma irrefl_Int_iff: "irrefl(A,r \<inter> A*A) <-> irrefl(A,r)"
   20.78  by (unfold irrefl_def, blast)
   20.79  
   20.80 -lemma trans_on_Int_iff: "trans[A](r Int A*A) <-> trans[A](r)"
   20.81 +lemma trans_on_Int_iff: "trans[A](r \<inter> A*A) <-> trans[A](r)"
   20.82  by (unfold trans_on_def, blast)
   20.83  
   20.84 -lemma part_ord_Int_iff: "part_ord(A,r Int A*A) <-> part_ord(A,r)"
   20.85 +lemma part_ord_Int_iff: "part_ord(A,r \<inter> A*A) <-> part_ord(A,r)"
   20.86  apply (unfold part_ord_def)
   20.87  apply (simp add: irrefl_Int_iff trans_on_Int_iff)
   20.88  done
   20.89  
   20.90 -lemma linear_Int_iff: "linear(A,r Int A*A) <-> linear(A,r)"
   20.91 +lemma linear_Int_iff: "linear(A,r \<inter> A*A) <-> linear(A,r)"
   20.92  by (unfold linear_def, blast)
   20.93  
   20.94 -lemma tot_ord_Int_iff: "tot_ord(A,r Int A*A) <-> tot_ord(A,r)"
   20.95 +lemma tot_ord_Int_iff: "tot_ord(A,r \<inter> A*A) <-> tot_ord(A,r)"
   20.96  apply (unfold tot_ord_def)
   20.97  apply (simp add: part_ord_Int_iff linear_Int_iff)
   20.98  done
   20.99  
  20.100 -lemma wf_on_Int_iff: "wf[A](r Int A*A) <-> wf[A](r)"
  20.101 +lemma wf_on_Int_iff: "wf[A](r \<inter> A*A) <-> wf[A](r)"
  20.102  apply (unfold wf_on_def wf_def, fast) (*10 times faster than blast!*)
  20.103  done
  20.104  
  20.105 -lemma well_ord_Int_iff: "well_ord(A,r Int A*A) <-> well_ord(A,r)"
  20.106 +lemma well_ord_Int_iff: "well_ord(A,r \<inter> A*A) <-> well_ord(A,r)"
  20.107  apply (unfold well_ord_def)
  20.108  apply (simp add: tot_ord_Int_iff wf_on_Int_iff)
  20.109  done
  20.110 @@ -256,7 +256,7 @@
  20.111  
  20.112  lemma ord_isoI:
  20.113      "[| f: bij(A, B);
  20.114 -        !!x y. [| x:A; y:A |] ==> <x, y> : r <-> <f`x, f`y> : s |]
  20.115 +        !!x y. [| x:A; y:A |] ==> <x, y> \<in> r <-> <f`x, f`y> \<in> s |]
  20.116       ==> f: ord_iso(A,r,B,s)"
  20.117  by (simp add: ord_iso_def)
  20.118  
  20.119 @@ -272,12 +272,12 @@
  20.120  
  20.121  (*Needed?  But ord_iso_converse is!*)
  20.122  lemma ord_iso_apply:
  20.123 -    "[| f: ord_iso(A,r,B,s);  <x,y>: r;  x:A;  y:A |] ==> <f`x, f`y> : s"
  20.124 +    "[| f: ord_iso(A,r,B,s);  <x,y>: r;  x:A;  y:A |] ==> <f`x, f`y> \<in> s"
  20.125  by (simp add: ord_iso_def)
  20.126  
  20.127  lemma ord_iso_converse:
  20.128      "[| f: ord_iso(A,r,B,s);  <x,y>: s;  x:B;  y:B |]
  20.129 -     ==> <converse(f) ` x, converse(f) ` y> : r"
  20.130 +     ==> <converse(f) ` x, converse(f) ` y> \<in> r"
  20.131  apply (simp add: ord_iso_def, clarify)
  20.132  apply (erule bspec [THEN bspec, THEN iffD2])
  20.133  apply (erule asm_rl bij_converse_bij [THEN bij_is_fun, THEN apply_type])+
  20.134 @@ -323,7 +323,7 @@
  20.135          f O g = id(B);  g O f = id(A) |] ==> f: ord_iso(A,r,B,s)"
  20.136  apply (simp add: ord_iso_def mono_map_def, safe)
  20.137  apply (intro fg_imp_bijective, auto)
  20.138 -apply (subgoal_tac "<g` (f`x), g` (f`y) > : r")
  20.139 +apply (subgoal_tac "<g` (f`x), g` (f`y) > \<in> r")
  20.140  apply (simp add: comp_eq_id_iff [THEN iffD1])
  20.141  apply (blast intro: apply_funtype)
  20.142  done
  20.143 @@ -360,7 +360,7 @@
  20.144  lemma wf_on_ord_iso:
  20.145      "[| wf[B](s);  f: ord_iso(A,r,B,s) |] ==> wf[A](r)"
  20.146  apply (simp add: wf_on_def wf_def ord_iso_def, safe)
  20.147 -apply (drule_tac x = "{f`z. z:Z Int A}" in spec)
  20.148 +apply (drule_tac x = "{f`z. z:Z \<inter> A}" in spec)
  20.149  apply (safe intro!: equalityI)
  20.150  apply (blast dest!: equalityD1 intro: bij_is_fun [THEN apply_type])+
  20.151  done
  20.152 @@ -388,18 +388,18 @@
  20.153  (*Kunen's Lemma 6.1: there's no order-isomorphism to an initial segment
  20.154                       of a well-ordering*)
  20.155  lemma well_ord_iso_predE:
  20.156 -     "[| well_ord(A,r);  f : ord_iso(A, r, pred(A,x,r), r);  x:A |] ==> P"
  20.157 +     "[| well_ord(A,r);  f \<in> ord_iso(A, r, pred(A,x,r), r);  x:A |] ==> P"
  20.158  apply (insert well_ord_iso_subset_lemma [of A r f "pred(A,x,r)" x])
  20.159  apply (simp add: pred_subset)
  20.160  (*Now we know  f`x < x *)
  20.161  apply (drule ord_iso_is_bij [THEN bij_is_fun, THEN apply_type], assumption)
  20.162 -(*Now we also know f`x : pred(A,x,r);  contradiction! *)
  20.163 +(*Now we also know @{term"f`x \<in> pred(A,x,r)"}: contradiction! *)
  20.164  apply (simp add: well_ord_def pred_def)
  20.165  done
  20.166  
  20.167  (*Simple consequence of Lemma 6.1*)
  20.168  lemma well_ord_iso_pred_eq:
  20.169 -     "[| well_ord(A,r);  f : ord_iso(pred(A,a,r), r, pred(A,c,r), r);
  20.170 +     "[| well_ord(A,r);  f \<in> ord_iso(pred(A,a,r), r, pred(A,c,r), r);
  20.171           a:A;  c:A |] ==> a=c"
  20.172  apply (frule well_ord_is_trans_on)
  20.173  apply (frule well_ord_is_linear)
  20.174 @@ -413,7 +413,7 @@
  20.175  
  20.176  (*Does not assume r is a wellordering!*)
  20.177  lemma ord_iso_image_pred:
  20.178 -     "[|f : ord_iso(A,r,B,s);  a:A|] ==> f `` pred(A,a,r) = pred(B, f`a, s)"
  20.179 +     "[|f \<in> ord_iso(A,r,B,s);  a:A|] ==> f `` pred(A,a,r) = pred(B, f`a, s)"
  20.180  apply (unfold ord_iso_def pred_def)
  20.181  apply (erule CollectE)
  20.182  apply (simp (no_asm_simp) add: image_fun [OF bij_is_fun Collect_subset])
  20.183 @@ -425,26 +425,26 @@
  20.184  done
  20.185  
  20.186  lemma ord_iso_restrict_image:
  20.187 -     "[| f : ord_iso(A,r,B,s);  C<=A |] 
  20.188 -      ==> restrict(f,C) : ord_iso(C, r, f``C, s)"
  20.189 -apply (simp add: ord_iso_def) 
  20.190 -apply (blast intro: bij_is_inj restrict_bij) 
  20.191 +     "[| f \<in> ord_iso(A,r,B,s);  C<=A |]
  20.192 +      ==> restrict(f,C) \<in> ord_iso(C, r, f``C, s)"
  20.193 +apply (simp add: ord_iso_def)
  20.194 +apply (blast intro: bij_is_inj restrict_bij)
  20.195  done
  20.196  
  20.197  (*But in use, A and B may themselves be initial segments.  Then use
  20.198    trans_pred_pred_eq to simplify the pred(pred...) terms.  See just below.*)
  20.199  lemma ord_iso_restrict_pred:
  20.200 -   "[| f : ord_iso(A,r,B,s);   a:A |]
  20.201 -    ==> restrict(f, pred(A,a,r)) : ord_iso(pred(A,a,r), r, pred(B, f`a, s), s)"
  20.202 -apply (simp add: ord_iso_image_pred [symmetric]) 
  20.203 -apply (blast intro: ord_iso_restrict_image elim: predE) 
  20.204 +   "[| f \<in> ord_iso(A,r,B,s);   a:A |]
  20.205 +    ==> restrict(f, pred(A,a,r)) \<in> ord_iso(pred(A,a,r), r, pred(B, f`a, s), s)"
  20.206 +apply (simp add: ord_iso_image_pred [symmetric])
  20.207 +apply (blast intro: ord_iso_restrict_image elim: predE)
  20.208  done
  20.209  
  20.210  (*Tricky; a lot of forward proof!*)
  20.211  lemma well_ord_iso_preserving:
  20.212       "[| well_ord(A,r);  well_ord(B,s);  <a,c>: r;
  20.213 -         f : ord_iso(pred(A,a,r), r, pred(B,b,s), s);
  20.214 -         g : ord_iso(pred(A,c,r), r, pred(B,d,s), s);
  20.215 +         f \<in> ord_iso(pred(A,a,r), r, pred(B,b,s), s);
  20.216 +         g \<in> ord_iso(pred(A,c,r), r, pred(B,d,s), s);
  20.217           a:A;  c:A;  b:B;  d:B |] ==> <b,d>: s"
  20.218  apply (frule ord_iso_is_bij [THEN bij_is_fun, THEN apply_type], (erule asm_rl predI predE)+)
  20.219  apply (subgoal_tac "b = g`a")
  20.220 @@ -459,7 +459,7 @@
  20.221  lemma well_ord_iso_unique_lemma:
  20.222       "[| well_ord(A,r);
  20.223           f: ord_iso(A,r, B,s);  g: ord_iso(A,r, B,s);  y: A |]
  20.224 -      ==> ~ <g`y, f`y> : s"
  20.225 +      ==> ~ <g`y, f`y> \<in> s"
  20.226  apply (frule well_ord_iso_subset_lemma)
  20.227  apply (rule_tac f = "converse (f) " and g = g in ord_iso_trans)
  20.228  apply auto
  20.229 @@ -479,7 +479,7 @@
  20.230           f: ord_iso(A,r, B,s);  g: ord_iso(A,r, B,s) |] ==> f = g"
  20.231  apply (rule fun_extension)
  20.232  apply (erule ord_iso_is_bij [THEN bij_is_fun])+
  20.233 -apply (subgoal_tac "f`x : B & g`x : B & linear(B,s)")
  20.234 +apply (subgoal_tac "f`x \<in> B & g`x \<in> B & linear(B,s)")
  20.235   apply (simp add: linear_def)
  20.236   apply (blast dest: well_ord_iso_unique_lemma)
  20.237  apply (blast intro: ord_iso_is_bij bij_is_fun apply_funtype
  20.238 @@ -488,13 +488,13 @@
  20.239  
  20.240  subsection{*Towards Kunen's Theorem 6.3: Linearity of the Similarity Relation*}
  20.241  
  20.242 -lemma ord_iso_map_subset: "ord_iso_map(A,r,B,s) <= A*B"
  20.243 +lemma ord_iso_map_subset: "ord_iso_map(A,r,B,s) \<subseteq> A*B"
  20.244  by (unfold ord_iso_map_def, blast)
  20.245  
  20.246 -lemma domain_ord_iso_map: "domain(ord_iso_map(A,r,B,s)) <= A"
  20.247 +lemma domain_ord_iso_map: "domain(ord_iso_map(A,r,B,s)) \<subseteq> A"
  20.248  by (unfold ord_iso_map_def, blast)
  20.249  
  20.250 -lemma range_ord_iso_map: "range(ord_iso_map(A,r,B,s)) <= B"
  20.251 +lemma range_ord_iso_map: "range(ord_iso_map(A,r,B,s)) \<subseteq> B"
  20.252  by (unfold ord_iso_map_def, blast)
  20.253  
  20.254  lemma converse_ord_iso_map:
  20.255 @@ -510,14 +510,14 @@
  20.256  done
  20.257  
  20.258  lemma ord_iso_map_fun: "well_ord(B,s) ==> ord_iso_map(A,r,B,s)
  20.259 -           : domain(ord_iso_map(A,r,B,s)) -> range(ord_iso_map(A,r,B,s))"
  20.260 +           \<in> domain(ord_iso_map(A,r,B,s)) -> range(ord_iso_map(A,r,B,s))"
  20.261  by (simp add: Pi_iff function_ord_iso_map
  20.262                   ord_iso_map_subset [THEN domain_times_range])
  20.263  
  20.264  lemma ord_iso_map_mono_map:
  20.265      "[| well_ord(A,r);  well_ord(B,s) |]
  20.266       ==> ord_iso_map(A,r,B,s)
  20.267 -           : mono_map(domain(ord_iso_map(A,r,B,s)), r,
  20.268 +           \<in> mono_map(domain(ord_iso_map(A,r,B,s)), r,
  20.269                        range(ord_iso_map(A,r,B,s)), s)"
  20.270  apply (unfold mono_map_def)
  20.271  apply (simp (no_asm_simp) add: ord_iso_map_fun)
  20.272 @@ -530,7 +530,7 @@
  20.273  
  20.274  lemma ord_iso_map_ord_iso:
  20.275      "[| well_ord(A,r);  well_ord(B,s) |] ==> ord_iso_map(A,r,B,s)
  20.276 -           : ord_iso(domain(ord_iso_map(A,r,B,s)), r,
  20.277 +           \<in> ord_iso(domain(ord_iso_map(A,r,B,s)), r,
  20.278                        range(ord_iso_map(A,r,B,s)), s)"
  20.279  apply (rule well_ord_mono_ord_isoI)
  20.280     prefer 4
  20.281 @@ -545,8 +545,8 @@
  20.282  (*One way of saying that domain(ord_iso_map(A,r,B,s)) is downwards-closed*)
  20.283  lemma domain_ord_iso_map_subset:
  20.284       "[| well_ord(A,r);  well_ord(B,s);
  20.285 -         a: A;  a ~: domain(ord_iso_map(A,r,B,s)) |]
  20.286 -      ==>  domain(ord_iso_map(A,r,B,s)) <= pred(A, a, r)"
  20.287 +         a: A;  a \<notin> domain(ord_iso_map(A,r,B,s)) |]
  20.288 +      ==>  domain(ord_iso_map(A,r,B,s)) \<subseteq> pred(A, a, r)"
  20.289  apply (unfold ord_iso_map_def)
  20.290  apply (safe intro!: predI)
  20.291  (*Case analysis on  xa vs a in r *)
  20.292 @@ -570,7 +570,7 @@
  20.293  lemma domain_ord_iso_map_cases:
  20.294       "[| well_ord(A,r);  well_ord(B,s) |]
  20.295        ==> domain(ord_iso_map(A,r,B,s)) = A |
  20.296 -          (EX x:A. domain(ord_iso_map(A,r,B,s)) = pred(A,x,r))"
  20.297 +          (\<exists>x\<in>A. domain(ord_iso_map(A,r,B,s)) = pred(A,x,r))"
  20.298  apply (frule well_ord_is_wf)
  20.299  apply (unfold wf_on_def wf_def)
  20.300  apply (drule_tac x = "A-domain (ord_iso_map (A,r,B,s))" in spec)
  20.301 @@ -589,7 +589,7 @@
  20.302  lemma range_ord_iso_map_cases:
  20.303      "[| well_ord(A,r);  well_ord(B,s) |]
  20.304       ==> range(ord_iso_map(A,r,B,s)) = B |
  20.305 -         (EX y:B. range(ord_iso_map(A,r,B,s)) = pred(B,y,s))"
  20.306 +         (\<exists>y\<in>B. range(ord_iso_map(A,r,B,s)) = pred(B,y,s))"
  20.307  apply (rule converse_ord_iso_map [THEN subst])
  20.308  apply (simp add: domain_ord_iso_map_cases)
  20.309  done
  20.310 @@ -597,9 +597,9 @@
  20.311  text{*Kunen's Theorem 6.3: Fundamental Theorem for Well-Ordered Sets*}
  20.312  theorem well_ord_trichotomy:
  20.313     "[| well_ord(A,r);  well_ord(B,s) |]
  20.314 -    ==> ord_iso_map(A,r,B,s) : ord_iso(A, r, B, s) |
  20.315 -        (EX x:A. ord_iso_map(A,r,B,s) : ord_iso(pred(A,x,r), r, B, s)) |
  20.316 -        (EX y:B. ord_iso_map(A,r,B,s) : ord_iso(A, r, pred(B,y,s), s))"
  20.317 +    ==> ord_iso_map(A,r,B,s) \<in> ord_iso(A, r, B, s) |
  20.318 +        (\<exists>x\<in>A. ord_iso_map(A,r,B,s) \<in> ord_iso(pred(A,x,r), r, B, s)) |
  20.319 +        (\<exists>y\<in>B. ord_iso_map(A,r,B,s) \<in> ord_iso(A, r, pred(B,y,s), s))"
  20.320  apply (frule_tac B = B in domain_ord_iso_map_cases, assumption)
  20.321  apply (frule_tac B = B in range_ord_iso_map_cases, assumption)
  20.322  apply (drule ord_iso_map_ord_iso, assumption)
  20.323 @@ -646,7 +646,7 @@
  20.324  by (unfold first_def, blast)
  20.325  
  20.326  lemma well_ord_imp_ex1_first:
  20.327 -        "[| well_ord(A,r); B<=A; B~=0 |] ==> (EX! b. first(b,B,r))"
  20.328 +        "[| well_ord(A,r); B<=A; B\<noteq>0 |] ==> (EX! b. first(b,B,r))"
  20.329  apply (unfold well_ord_def wf_on_def wf_def first_def)
  20.330  apply (elim conjE allE disjE, blast)
  20.331  apply (erule bexE)
  20.332 @@ -655,7 +655,7 @@
  20.333  done
  20.334  
  20.335  lemma the_first_in:
  20.336 -     "[| well_ord(A,r); B<=A; B~=0 |] ==> (THE b. first(b,B,r)) : B"
  20.337 +     "[| well_ord(A,r); B<=A; B\<noteq>0 |] ==> (THE b. first(b,B,r)) \<in> B"
  20.338  apply (drule well_ord_imp_ex1_first, assumption+)
  20.339  apply (rule first_is_elem)
  20.340  apply (erule theI)
  20.341 @@ -666,7 +666,7 @@
  20.342  
  20.343  lemma subset_vimage_vimage_iff:
  20.344    "[| Preorder(r); A \<subseteq> field(r); B \<subseteq> field(r) |] ==>
  20.345 -  r -`` A \<subseteq> r -`` B <-> (ALL a:A. EX b:B. <a, b> : r)"
  20.346 +  r -`` A \<subseteq> r -`` B <-> (\<forall>a\<in>A. \<exists>b\<in>B. <a, b> \<in> r)"
  20.347    apply (auto simp: subset_def preorder_on_def refl_def vimage_def image_def)
  20.348     apply blast
  20.349    unfolding trans_on_def
  20.350 @@ -678,12 +678,12 @@
  20.351    done
  20.352  
  20.353  lemma subset_vimage1_vimage1_iff:
  20.354 -  "[| Preorder(r); a : field(r); b : field(r) |] ==>
  20.355 -  r -`` {a} \<subseteq> r -`` {b} <-> <a, b> : r"
  20.356 +  "[| Preorder(r); a \<in> field(r); b \<in> field(r) |] ==>
  20.357 +  r -`` {a} \<subseteq> r -`` {b} <-> <a, b> \<in> r"
  20.358    by (simp add: subset_vimage_vimage_iff)
  20.359  
  20.360  lemma Refl_antisym_eq_Image1_Image1_iff:
  20.361 -  "[| refl(field(r), r); antisym(r); a : field(r); b : field(r) |] ==>
  20.362 +  "[| refl(field(r), r); antisym(r); a \<in> field(r); b \<in> field(r) |] ==>
  20.363    r `` {a} = r `` {b} <-> a = b"
  20.364    apply rule
  20.365     apply (frule equality_iffD)
  20.366 @@ -694,13 +694,13 @@
  20.367    done
  20.368  
  20.369  lemma Partial_order_eq_Image1_Image1_iff:
  20.370 -  "[| Partial_order(r); a : field(r); b : field(r) |] ==>
  20.371 +  "[| Partial_order(r); a \<in> field(r); b \<in> field(r) |] ==>
  20.372    r `` {a} = r `` {b} <-> a = b"
  20.373    by (simp add: partial_order_on_def preorder_on_def
  20.374      Refl_antisym_eq_Image1_Image1_iff)
  20.375  
  20.376  lemma Refl_antisym_eq_vimage1_vimage1_iff:
  20.377 -  "[| refl(field(r), r); antisym(r); a : field(r); b : field(r) |] ==>
  20.378 +  "[| refl(field(r), r); antisym(r); a \<in> field(r); b \<in> field(r) |] ==>
  20.379    r -`` {a} = r -`` {b} <-> a = b"
  20.380    apply rule
  20.381     apply (frule equality_iffD)
  20.382 @@ -711,7 +711,7 @@
  20.383    done
  20.384  
  20.385  lemma Partial_order_eq_vimage1_vimage1_iff:
  20.386 -  "[| Partial_order(r); a : field(r); b : field(r) |] ==>
  20.387 +  "[| Partial_order(r); a \<in> field(r); b \<in> field(r) |] ==>
  20.388    r -`` {a} = r -`` {b} <-> a = b"
  20.389    by (simp add: partial_order_on_def preorder_on_def
  20.390      Refl_antisym_eq_vimage1_vimage1_iff)
    21.1 --- a/src/ZF/OrderArith.thy	Sun Mar 04 23:20:43 2012 +0100
    21.2 +++ b/src/ZF/OrderArith.thy	Tue Mar 06 15:15:49 2012 +0000
    21.3 @@ -12,22 +12,22 @@
    21.4    radd    :: "[i,i,i,i]=>i"  where
    21.5      "radd(A,r,B,s) == 
    21.6                  {z: (A+B) * (A+B).  
    21.7 -                    (EX x y. z = <Inl(x), Inr(y)>)   |   
    21.8 -                    (EX x' x. z = <Inl(x'), Inl(x)> & <x',x>:r)   |      
    21.9 -                    (EX y' y. z = <Inr(y'), Inr(y)> & <y',y>:s)}"
   21.10 +                    (\<exists>x y. z = <Inl(x), Inr(y)>)   |   
   21.11 +                    (\<exists>x' x. z = <Inl(x'), Inl(x)> & <x',x>:r)   |      
   21.12 +                    (\<exists>y' y. z = <Inr(y'), Inr(y)> & <y',y>:s)}"
   21.13  
   21.14  definition
   21.15    (*lexicographic product of two relations; underlies ordinal multiplication*)
   21.16    rmult   :: "[i,i,i,i]=>i"  where
   21.17      "rmult(A,r,B,s) == 
   21.18                  {z: (A*B) * (A*B).  
   21.19 -                    EX x' y' x y. z = <<x',y'>, <x,y>> &         
   21.20 +                    \<exists>x' y' x y. z = <<x',y'>, <x,y>> &         
   21.21                         (<x',x>: r | (x'=x & <y',y>: s))}"
   21.22  
   21.23  definition
   21.24    (*inverse image of a relation*)
   21.25    rvimage :: "[i,i,i]=>i"  where
   21.26 -    "rvimage(A,f,r) == {z: A*A. EX x y. z = <x,y> & <f`x,f`y>: r}"
   21.27 +    "rvimage(A,f,r) == {z: A*A. \<exists>x y. z = <x,y> & <f`x,f`y>: r}"
   21.28  
   21.29  definition
   21.30    measure :: "[i, i\<Rightarrow>i] \<Rightarrow> i"  where
   21.31 @@ -39,19 +39,19 @@
   21.32  subsubsection{*Rewrite rules.  Can be used to obtain introduction rules*}
   21.33  
   21.34  lemma radd_Inl_Inr_iff [iff]: 
   21.35 -    "<Inl(a), Inr(b)> : radd(A,r,B,s)  <->  a:A & b:B"
   21.36 +    "<Inl(a), Inr(b)> \<in> radd(A,r,B,s)  <->  a:A & b:B"
   21.37  by (unfold radd_def, blast)
   21.38  
   21.39  lemma radd_Inl_iff [iff]: 
   21.40 -    "<Inl(a'), Inl(a)> : radd(A,r,B,s)  <->  a':A & a:A & <a',a>:r"
   21.41 +    "<Inl(a'), Inl(a)> \<in> radd(A,r,B,s)  <->  a':A & a:A & <a',a>:r"
   21.42  by (unfold radd_def, blast)
   21.43  
   21.44  lemma radd_Inr_iff [iff]: 
   21.45 -    "<Inr(b'), Inr(b)> : radd(A,r,B,s) <->  b':B & b:B & <b',b>:s"
   21.46 +    "<Inr(b'), Inr(b)> \<in> radd(A,r,B,s) <->  b':B & b:B & <b',b>:s"
   21.47  by (unfold radd_def, blast)
   21.48  
   21.49  lemma radd_Inr_Inl_iff [simp]: 
   21.50 -    "<Inr(b), Inl(a)> : radd(A,r,B,s) <-> False"
   21.51 +    "<Inr(b), Inl(a)> \<in> radd(A,r,B,s) <-> False"
   21.52  by (unfold radd_def, blast)
   21.53  
   21.54  declare radd_Inr_Inl_iff [THEN iffD1, dest!] 
   21.55 @@ -59,7 +59,7 @@
   21.56  subsubsection{*Elimination Rule*}
   21.57  
   21.58  lemma raddE:
   21.59 -    "[| <p',p> : radd(A,r,B,s);                  
   21.60 +    "[| <p',p> \<in> radd(A,r,B,s);                  
   21.61          !!x y. [| p'=Inl(x); x:A; p=Inr(y); y:B |] ==> Q;        
   21.62          !!x' x. [| p'=Inl(x'); p=Inl(x); <x',x>: r; x':A; x:A |] ==> Q;  
   21.63          !!y' y. [| p'=Inr(y'); p=Inr(y); <y',y>: s; y':B; y:B |] ==> Q   
   21.64 @@ -68,7 +68,7 @@
   21.65  
   21.66  subsubsection{*Type checking*}
   21.67  
   21.68 -lemma radd_type: "radd(A,r,B,s) <= (A+B) * (A+B)"
   21.69 +lemma radd_type: "radd(A,r,B,s) \<subseteq> (A+B) * (A+B)"
   21.70  apply (unfold radd_def)
   21.71  apply (rule Collect_subset)
   21.72  done
   21.73 @@ -86,10 +86,10 @@
   21.74  
   21.75  lemma wf_on_radd: "[| wf[A](r);  wf[B](s) |] ==> wf[A+B](radd(A,r,B,s))"
   21.76  apply (rule wf_onI2)
   21.77 -apply (subgoal_tac "ALL x:A. Inl (x) : Ba")
   21.78 +apply (subgoal_tac "\<forall>x\<in>A. Inl (x) \<in> Ba")
   21.79   --{*Proving the lemma, which is needed twice!*}
   21.80   prefer 2
   21.81 - apply (erule_tac V = "y : A + B" in thin_rl)
   21.82 + apply (erule_tac V = "y \<in> A + B" in thin_rl)
   21.83   apply (rule_tac ballI)
   21.84   apply (erule_tac r = r and a = x in wf_on_induct, assumption)
   21.85   apply blast 
   21.86 @@ -116,7 +116,7 @@
   21.87  
   21.88  lemma sum_bij:
   21.89       "[| f: bij(A,C);  g: bij(B,D) |]
   21.90 -      ==> (lam z:A+B. case(%x. Inl(f`x), %y. Inr(g`y), z)) : bij(A+B, C+D)"
   21.91 +      ==> (\<lambda>z\<in>A+B. case(%x. Inl(f`x), %y. Inr(g`y), z)) \<in> bij(A+B, C+D)"
   21.92  apply (rule_tac d = "case (%x. Inl (converse(f)`x), %y. Inr(converse(g)`y))" 
   21.93         in lam_bijective)
   21.94  apply (typecheck add: bij_is_inj inj_is_fun) 
   21.95 @@ -125,8 +125,8 @@
   21.96  
   21.97  lemma sum_ord_iso_cong: 
   21.98      "[| f: ord_iso(A,r,A',r');  g: ord_iso(B,s,B',s') |] ==>      
   21.99 -            (lam z:A+B. case(%x. Inl(f`x), %y. Inr(g`y), z))             
  21.100 -            : ord_iso(A+B, radd(A,r,B,s), A'+B', radd(A',r',B',s'))"
  21.101 +            (\<lambda>z\<in>A+B. case(%x. Inl(f`x), %y. Inr(g`y), z))             
  21.102 +            \<in> ord_iso(A+B, radd(A,r,B,s), A'+B', radd(A',r',B',s'))"
  21.103  apply (unfold ord_iso_def)
  21.104  apply (safe intro!: sum_bij)
  21.105  (*Do the beta-reductions now*)
  21.106 @@ -134,9 +134,9 @@
  21.107  done
  21.108  
  21.109  (*Could we prove an ord_iso result?  Perhaps 
  21.110 -     ord_iso(A+B, radd(A,r,B,s), A Un B, r Un s) *)
  21.111 -lemma sum_disjoint_bij: "A Int B = 0 ==>      
  21.112 -            (lam z:A+B. case(%x. x, %y. y, z)) : bij(A+B, A Un B)"
  21.113 +     ord_iso(A+B, radd(A,r,B,s), A \<union> B, r \<union> s) *)
  21.114 +lemma sum_disjoint_bij: "A \<inter> B = 0 ==>      
  21.115 +            (\<lambda>z\<in>A+B. case(%x. x, %y. y, z)) \<in> bij(A+B, A \<union> B)"
  21.116  apply (rule_tac d = "%z. if z:A then Inl (z) else Inr (z) " in lam_bijective)
  21.117  apply auto
  21.118  done
  21.119 @@ -144,16 +144,16 @@
  21.120  subsubsection{*Associativity*}
  21.121  
  21.122  lemma sum_assoc_bij:
  21.123 -     "(lam z:(A+B)+C. case(case(Inl, %y. Inr(Inl(y))), %y. Inr(Inr(y)), z))  
  21.124 -      : bij((A+B)+C, A+(B+C))"
  21.125 +     "(\<lambda>z\<in>(A+B)+C. case(case(Inl, %y. Inr(Inl(y))), %y. Inr(Inr(y)), z))  
  21.126 +      \<in> bij((A+B)+C, A+(B+C))"
  21.127  apply (rule_tac d = "case (%x. Inl (Inl (x)), case (%x. Inl (Inr (x)), Inr))" 
  21.128         in lam_bijective)
  21.129  apply auto
  21.130  done
  21.131  
  21.132  lemma sum_assoc_ord_iso:
  21.133 -     "(lam z:(A+B)+C. case(case(Inl, %y. Inr(Inl(y))), %y. Inr(Inr(y)), z))  
  21.134 -      : ord_iso((A+B)+C, radd(A+B, radd(A,r,B,s), C, t),     
  21.135 +     "(\<lambda>z\<in>(A+B)+C. case(case(Inl, %y. Inr(Inl(y))), %y. Inr(Inr(y)), z))  
  21.136 +      \<in> ord_iso((A+B)+C, radd(A+B, radd(A,r,B,s), C, t),     
  21.137                  A+(B+C), radd(A, r, B+C, radd(B,s,C,t)))"
  21.138  by (rule sum_assoc_bij [THEN ord_isoI], auto)
  21.139  
  21.140 @@ -163,14 +163,14 @@
  21.141  subsubsection{*Rewrite rule.  Can be used to obtain introduction rules*}
  21.142  
  21.143  lemma  rmult_iff [iff]: 
  21.144 -    "<<a',b'>, <a,b>> : rmult(A,r,B,s) <->        
  21.145 +    "<<a',b'>, <a,b>> \<in> rmult(A,r,B,s) <->        
  21.146              (<a',a>: r  & a':A & a:A & b': B & b: B) |   
  21.147              (<b',b>: s  & a'=a & a:A & b': B & b: B)"
  21.148  
  21.149  by (unfold rmult_def, blast)
  21.150  
  21.151  lemma rmultE: 
  21.152 -    "[| <<a',b'>, <a,b>> : rmult(A,r,B,s);               
  21.153 +    "[| <<a',b'>, <a,b>> \<in> rmult(A,r,B,s);               
  21.154          [| <a',a>: r;  a':A;  a:A;  b':B;  b:B |] ==> Q;         
  21.155          [| <b',b>: s;  a:A;  a'=a;  b':B;  b:B |] ==> Q  
  21.156       |] ==> Q"
  21.157 @@ -178,7 +178,7 @@
  21.158  
  21.159  subsubsection{*Type checking*}
  21.160  
  21.161 -lemma rmult_type: "rmult(A,r,B,s) <= (A*B) * (A*B)"
  21.162 +lemma rmult_type: "rmult(A,r,B,s) \<subseteq> (A*B) * (A*B)"
  21.163  by (unfold rmult_def, rule Collect_subset)
  21.164  
  21.165  lemmas field_rmult = rmult_type [THEN field_rel_subset]
  21.166 @@ -195,7 +195,7 @@
  21.167  apply (rule wf_onI2)
  21.168  apply (erule SigmaE)
  21.169  apply (erule ssubst)
  21.170 -apply (subgoal_tac "ALL b:B. <x,b>: Ba", blast)
  21.171 +apply (subgoal_tac "\<forall>b\<in>B. <x,b>: Ba", blast)
  21.172  apply (erule_tac a = x in wf_on_induct, assumption)
  21.173  apply (rule ballI)
  21.174  apply (erule_tac a = b in wf_on_induct, assumption)
  21.175 @@ -221,7 +221,7 @@
  21.176  
  21.177  lemma prod_bij:
  21.178       "[| f: bij(A,C);  g: bij(B,D) |] 
  21.179 -      ==> (lam <x,y>:A*B. <f`x, g`y>) : bij(A*B, C*D)"
  21.180 +      ==> (lam <x,y>:A*B. <f`x, g`y>) \<in> bij(A*B, C*D)"
  21.181  apply (rule_tac d = "%<x,y>. <converse (f) `x, converse (g) `y>" 
  21.182         in lam_bijective)
  21.183  apply (typecheck add: bij_is_inj inj_is_fun) 
  21.184 @@ -231,20 +231,20 @@
  21.185  lemma prod_ord_iso_cong: 
  21.186      "[| f: ord_iso(A,r,A',r');  g: ord_iso(B,s,B',s') |]      
  21.187       ==> (lam <x,y>:A*B. <f`x, g`y>)                                  
  21.188 -         : ord_iso(A*B, rmult(A,r,B,s), A'*B', rmult(A',r',B',s'))"
  21.189 +         \<in> ord_iso(A*B, rmult(A,r,B,s), A'*B', rmult(A',r',B',s'))"
  21.190  apply (unfold ord_iso_def)
  21.191  apply (safe intro!: prod_bij)
  21.192  apply (simp_all add: bij_is_fun [THEN apply_type])
  21.193  apply (blast intro: bij_is_inj [THEN inj_apply_equality])
  21.194  done
  21.195  
  21.196 -lemma singleton_prod_bij: "(lam z:A. <x,z>) : bij(A, {x}*A)"
  21.197 +lemma singleton_prod_bij: "(\<lambda>z\<in>A. <x,z>) \<in> bij(A, {x}*A)"
  21.198  by (rule_tac d = snd in lam_bijective, auto)
  21.199  
  21.200  (*Used??*)
  21.201  lemma singleton_prod_ord_iso:
  21.202       "well_ord({x},xr) ==>   
  21.203 -          (lam z:A. <x,z>) : ord_iso(A, r, {x}*A, rmult({x}, xr, A, r))"
  21.204 +          (\<lambda>z\<in>A. <x,z>) \<in> ord_iso(A, r, {x}*A, rmult({x}, xr, A, r))"
  21.205  apply (rule singleton_prod_bij [THEN ord_isoI])
  21.206  apply (simp (no_asm_simp))
  21.207  apply (blast dest: well_ord_is_wf [THEN wf_on_not_refl])
  21.208 @@ -253,9 +253,9 @@
  21.209  (*Here we build a complicated function term, then simplify it using
  21.210    case_cong, id_conv, comp_lam, case_case.*)
  21.211  lemma prod_sum_singleton_bij:
  21.212 -     "a~:C ==>  
  21.213 -       (lam x:C*B + D. case(%x. x, %y.<a,y>, x))  
  21.214 -       : bij(C*B + D, C*B Un {a}*D)"
  21.215 +     "a\<notin>C ==>  
  21.216 +       (\<lambda>x\<in>C*B + D. case(%x. x, %y.<a,y>, x))  
  21.217 +       \<in> bij(C*B + D, C*B \<union> {a}*D)"
  21.218  apply (rule subst_elem)
  21.219  apply (rule id_bij [THEN sum_bij, THEN comp_bij])
  21.220  apply (rule singleton_prod_bij)
  21.221 @@ -268,10 +268,10 @@
  21.222  
  21.223  lemma prod_sum_singleton_ord_iso:
  21.224   "[| a:A;  well_ord(A,r) |] ==>  
  21.225 -    (lam x:pred(A,a,r)*B + pred(B,b,s). case(%x. x, %y.<a,y>, x))  
  21.226 -    : ord_iso(pred(A,a,r)*B + pred(B,b,s),               
  21.227 +    (\<lambda>x\<in>pred(A,a,r)*B + pred(B,b,s). case(%x. x, %y.<a,y>, x))  
  21.228 +    \<in> ord_iso(pred(A,a,r)*B + pred(B,b,s),               
  21.229                    radd(A*B, rmult(A,r,B,s), B, s),       
  21.230 -              pred(A,a,r)*B Un {a}*pred(B,b,s), rmult(A,r,B,s))"
  21.231 +              pred(A,a,r)*B \<union> {a}*pred(B,b,s), rmult(A,r,B,s))"
  21.232  apply (rule prod_sum_singleton_bij [THEN ord_isoI])
  21.233  apply (simp (no_asm_simp) add: pred_iff well_ord_is_wf [THEN wf_on_not_refl])
  21.234  apply (auto elim!: well_ord_is_wf [THEN wf_on_asym] predE)
  21.235 @@ -281,25 +281,25 @@
  21.236  
  21.237  lemma sum_prod_distrib_bij:
  21.238       "(lam <x,z>:(A+B)*C. case(%y. Inl(<y,z>), %y. Inr(<y,z>), x))  
  21.239 -      : bij((A+B)*C, (A*C)+(B*C))"
  21.240 +      \<in> bij((A+B)*C, (A*C)+(B*C))"
  21.241  by (rule_tac d = "case (%<x,y>.<Inl (x),y>, %<x,y>.<Inr (x),y>) " 
  21.242      in lam_bijective, auto)
  21.243  
  21.244  lemma sum_prod_distrib_ord_iso:
  21.245   "(lam <x,z>:(A+B)*C. case(%y. Inl(<y,z>), %y. Inr(<y,z>), x))  
  21.246 -  : ord_iso((A+B)*C, rmult(A+B, radd(A,r,B,s), C, t),  
  21.247 +  \<in> ord_iso((A+B)*C, rmult(A+B, radd(A,r,B,s), C, t),  
  21.248              (A*C)+(B*C), radd(A*C, rmult(A,r,C,t), B*C, rmult(B,s,C,t)))"
  21.249  by (rule sum_prod_distrib_bij [THEN ord_isoI], auto)
  21.250  
  21.251  subsubsection{*Associativity*}
  21.252  
  21.253  lemma prod_assoc_bij:
  21.254 -     "(lam <<x,y>, z>:(A*B)*C. <x,<y,z>>) : bij((A*B)*C, A*(B*C))"
  21.255 +     "(lam <<x,y>, z>:(A*B)*C. <x,<y,z>>) \<in> bij((A*B)*C, A*(B*C))"
  21.256  by (rule_tac d = "%<x, <y,z>>. <<x,y>, z>" in lam_bijective, auto)
  21.257  
  21.258  lemma prod_assoc_ord_iso:
  21.259   "(lam <<x,y>, z>:(A*B)*C. <x,<y,z>>)                    
  21.260 -  : ord_iso((A*B)*C, rmult(A*B, rmult(A,r,B,s), C, t),   
  21.261 +  \<in> ord_iso((A*B)*C, rmult(A*B, rmult(A,r,B,s), C, t),   
  21.262              A*(B*C), rmult(A, r, B*C, rmult(B,s,C,t)))"
  21.263  by (rule prod_assoc_bij [THEN ord_isoI], auto)
  21.264  
  21.265 @@ -307,12 +307,12 @@
  21.266  
  21.267  subsubsection{*Rewrite rule*}
  21.268  
  21.269 -lemma rvimage_iff: "<a,b> : rvimage(A,f,r)  <->  <f`a,f`b>: r & a:A & b:A"
  21.270 +lemma rvimage_iff: "<a,b> \<in> rvimage(A,f,r)  <->  <f`a,f`b>: r & a:A & b:A"
  21.271  by (unfold rvimage_def, blast)
  21.272  
  21.273  subsubsection{*Type checking*}
  21.274  
  21.275 -lemma rvimage_type: "rvimage(A,f,r) <= A*A"
  21.276 +lemma rvimage_type: "rvimage(A,f,r) \<subseteq> A*A"
  21.277  by (unfold rvimage_def, rule Collect_subset)
  21.278  
  21.279  lemmas field_rvimage = rvimage_type [THEN field_rel_subset]
  21.280 @@ -361,7 +361,7 @@
  21.281  lemma wf_rvimage [intro!]: "wf(r) ==> wf(rvimage(A,f,r))"
  21.282  apply (simp (no_asm_use) add: rvimage_def wf_eq_minimal)
  21.283  apply clarify
  21.284 -apply (subgoal_tac "EX w. w : {w: {f`x. x:Q}. EX x. x: Q & (f`x = w) }")
  21.285 +apply (subgoal_tac "\<exists>w. w \<in> {w: {f`x. x:Q}. \<exists>x. x: Q & (f`x = w) }")
  21.286   apply (erule allE)
  21.287   apply (erule impE)
  21.288   apply assumption
  21.289 @@ -373,7 +373,7 @@
  21.290   @{text wf_rvimage} gives @{prop "wf(r) ==> wf[C](rvimage(A,f,r))"}*}
  21.291  lemma wf_on_rvimage: "[| f: A->B;  wf[B](r) |] ==> wf[A](rvimage(A,f,r))"
  21.292  apply (rule wf_onI2)
  21.293 -apply (subgoal_tac "ALL z:A. f`z=f`y --> z: Ba")
  21.294 +apply (subgoal_tac "\<forall>z\<in>A. f`z=f`y \<longrightarrow> z: Ba")
  21.295   apply blast
  21.296  apply (erule_tac a = "f`y" in wf_on_induct)
  21.297   apply (blast intro!: apply_funtype)
  21.298 @@ -396,7 +396,7 @@
  21.299  done
  21.300  
  21.301  lemma ord_iso_rvimage_eq: 
  21.302 -    "f: ord_iso(A,r, B,s) ==> rvimage(A,f,s) = r Int A*A"
  21.303 +    "f: ord_iso(A,r, B,s) ==> rvimage(A,f,s) = r \<inter> A*A"
  21.304  by (unfold ord_iso_def rvimage_def, blast)
  21.305  
  21.306  
  21.307 @@ -440,7 +440,7 @@
  21.308  
  21.309  
  21.310  lemma wf_imp_subset_rvimage:
  21.311 -     "[|wf(r); r \<subseteq> A*A|] ==> \<exists>i f. Ord(i) & r <= rvimage(A, f, Memrel(i))"
  21.312 +     "[|wf(r); r \<subseteq> A*A|] ==> \<exists>i f. Ord(i) & r \<subseteq> rvimage(A, f, Memrel(i))"
  21.313  apply (rule_tac x="wftype(r)" in exI)
  21.314  apply (rule_tac x="\<lambda>x\<in>A. wfrank(r,x)" in exI)
  21.315  apply (simp add: Ord_wftype, clarify)
  21.316 @@ -450,25 +450,25 @@
  21.317  done
  21.318  
  21.319  theorem wf_iff_subset_rvimage:
  21.320 -  "relation(r) ==> wf(r) <-> (\<exists>i f A. Ord(i) & r <= rvimage(A, f, Memrel(i)))"
  21.321 +  "relation(r) ==> wf(r) <-> (\<exists>i f A. Ord(i) & r \<subseteq> rvimage(A, f, Memrel(i)))"
  21.322  by (blast dest!: relation_field_times_field wf_imp_subset_rvimage
  21.323            intro: wf_rvimage_Ord [THEN wf_subset])
  21.324  
  21.325  
  21.326  subsection{*Other Results*}
  21.327  
  21.328 -lemma wf_times: "A Int B = 0 ==> wf(A*B)"
  21.329 +lemma wf_times: "A \<inter> B = 0 ==> wf(A*B)"
  21.330  by (simp add: wf_def, blast)
  21.331  
  21.332  text{*Could also be used to prove @{text wf_radd}*}
  21.333  lemma wf_Un:
  21.334 -     "[| range(r) Int domain(s) = 0; wf(r);  wf(s) |] ==> wf(r Un s)"
  21.335 +     "[| range(r) \<inter> domain(s) = 0; wf(r);  wf(s) |] ==> wf(r \<union> s)"
  21.336  apply (simp add: wf_def, clarify) 
  21.337  apply (rule equalityI) 
  21.338   prefer 2 apply blast 
  21.339  apply clarify 
  21.340  apply (drule_tac x=Z in spec)
  21.341 -apply (drule_tac x="Z Int domain(s)" in spec)
  21.342 +apply (drule_tac x="Z \<inter> domain(s)" in spec)
  21.343  apply simp 
  21.344  apply (blast intro: elim: equalityE) 
  21.345  done
  21.346 @@ -496,7 +496,7 @@
  21.347  lemma wf_measure [iff]: "wf(measure(A,f))"
  21.348  by (simp (no_asm) add: measure_eq_rvimage_Memrel wf_Memrel wf_rvimage)
  21.349  
  21.350 -lemma measure_iff [iff]: "<x,y> : measure(A,f) <-> x:A & y:A & f(x)<f(y)"
  21.351 +lemma measure_iff [iff]: "<x,y> \<in> measure(A,f) <-> x:A & y:A & f(x)<f(y)"
  21.352  by (simp (no_asm) add: measure_def)
  21.353  
  21.354  lemma linear_measure: 
  21.355 @@ -521,7 +521,7 @@
  21.356  apply (blast intro: linear_measure Ordf inj) 
  21.357  done
  21.358  
  21.359 -lemma measure_type: "measure(A,f) <= A*A"
  21.360 +lemma measure_type: "measure(A,f) \<subseteq> A*A"
  21.361  by (auto simp add: measure_def)
  21.362  
  21.363  subsubsection{*Well-foundedness of Unions*}
  21.364 @@ -549,7 +549,7 @@
  21.365  lemma Pow_sum_bij:
  21.366      "(\<lambda>Z \<in> Pow(A+B). <{x \<in> A. Inl(x) \<in> Z}, {y \<in> B. Inr(y) \<in> Z}>)  
  21.367       \<in> bij(Pow(A+B), Pow(A)*Pow(B))"
  21.368 -apply (rule_tac d = "%<X,Y>. {Inl (x). x \<in> X} Un {Inr (y). y \<in> Y}" 
  21.369 +apply (rule_tac d = "%<X,Y>. {Inl (x). x \<in> X} \<union> {Inr (y). y \<in> Y}" 
  21.370         in lam_bijective)
  21.371  apply force+
  21.372  done
    22.1 --- a/src/ZF/OrderType.thy	Sun Mar 04 23:20:43 2012 +0100
    22.2 +++ b/src/ZF/OrderType.thy	Tue Mar 06 15:15:49 2012 +0000
    22.3 @@ -11,44 +11,44 @@
    22.4  Ordinal arithmetic is traditionally defined in terms of order types, as it is
    22.5  here.  But a definition by transfinite recursion would be much simpler!*}
    22.6  
    22.7 -definition  
    22.8 +definition
    22.9    ordermap  :: "[i,i]=>i"  where
   22.10 -   "ordermap(A,r) == lam x:A. wfrec[A](r, x, %x f. f `` pred(A,x,r))"
   22.11 +   "ordermap(A,r) == \<lambda>x\<in>A. wfrec[A](r, x, %x f. f `` pred(A,x,r))"
   22.12  
   22.13 -definition  
   22.14 +definition
   22.15    ordertype :: "[i,i]=>i"  where
   22.16     "ordertype(A,r) == ordermap(A,r)``A"
   22.17  
   22.18 -definition  
   22.19 +definition
   22.20    (*alternative definition of ordinal numbers*)
   22.21    Ord_alt   :: "i => o"  where
   22.22 -   "Ord_alt(X) == well_ord(X, Memrel(X)) & (ALL u:X. u=pred(X, u, Memrel(X)))"
   22.23 +   "Ord_alt(X) == well_ord(X, Memrel(X)) & (\<forall>u\<in>X. u=pred(X, u, Memrel(X)))"
   22.24  
   22.25 -definition  
   22.26 +definition
   22.27    (*coercion to ordinal: if not, just 0*)
   22.28    ordify    :: "i=>i"  where
   22.29      "ordify(x) == if Ord(x) then x else 0"
   22.30  
   22.31 -definition  
   22.32 +definition
   22.33    (*ordinal multiplication*)
   22.34    omult      :: "[i,i]=>i"           (infixl "**" 70)  where
   22.35     "i ** j == ordertype(j*i, rmult(j,Memrel(j),i,Memrel(i)))"
   22.36  
   22.37 -definition  
   22.38 +definition
   22.39    (*ordinal addition*)
   22.40    raw_oadd   :: "[i,i]=>i"  where
   22.41      "raw_oadd(i,j) == ordertype(i+j, radd(i,Memrel(i),j,Memrel(j)))"
   22.42  
   22.43 -definition  
   22.44 +definition
   22.45    oadd      :: "[i,i]=>i"           (infixl "++" 65)  where
   22.46      "i ++ j == raw_oadd(ordify(i),ordify(j))"
   22.47  
   22.48 -definition  
   22.49 +definition
   22.50    (*ordinal subtraction*)
   22.51    odiff      :: "[i,i]=>i"           (infixl "--" 65)  where
   22.52      "i -- j == ordertype(i-j, Memrel(i))"
   22.53  
   22.54 -  
   22.55 +
   22.56  notation (xsymbols)
   22.57    omult  (infixl "\<times>\<times>" 70)
   22.58  
   22.59 @@ -58,7 +58,7 @@
   22.60  
   22.61  subsection{*Proofs needing the combination of Ordinal.thy and Order.thy*}
   22.62  
   22.63 -lemma le_well_ord_Memrel: "j le i ==> well_ord(j, Memrel(i))"
   22.64 +lemma le_well_ord_Memrel: "j \<le> i ==> well_ord(j, Memrel(i))"
   22.65  apply (rule well_ordI)
   22.66  apply (rule wf_Memrel [THEN wf_imp_wf_on])
   22.67  apply (simp add: ltD lt_Ord linear_def
   22.68 @@ -72,22 +72,22 @@
   22.69  
   22.70  (*Kunen's Theorem 7.3 (i), page 16;  see also Ordinal/Ord_in_Ord
   22.71    The smaller ordinal is an initial segment of the larger *)
   22.72 -lemma lt_pred_Memrel: 
   22.73 +lemma lt_pred_Memrel:
   22.74      "j<i ==> pred(i, j, Memrel(i)) = j"
   22.75  apply (unfold pred_def lt_def)
   22.76  apply (simp (no_asm_simp))
   22.77  apply (blast intro: Ord_trans)
   22.78  done
   22.79  
   22.80 -lemma pred_Memrel: 
   22.81 -      "x:A ==> pred(A, x, Memrel(A)) = A Int x"
   22.82 +lemma pred_Memrel:
   22.83 +      "x:A ==> pred(A, x, Memrel(A)) = A \<inter> x"
   22.84  by (unfold pred_def Memrel_def, blast)
   22.85  
   22.86  lemma Ord_iso_implies_eq_lemma:
   22.87       "[| j<i;  f: ord_iso(i,Memrel(i),j,Memrel(j)) |] ==> R"
   22.88  apply (frule lt_pred_Memrel)
   22.89  apply (erule ltE)
   22.90 -apply (rule well_ord_Memrel [THEN well_ord_iso_predE, of i f j], auto) 
   22.91 +apply (rule well_ord_Memrel [THEN well_ord_iso_predE, of i f j], auto)
   22.92  apply (unfold ord_iso_def)
   22.93  (*Combining the two simplifications causes looping*)
   22.94  apply (simp (no_asm_simp))
   22.95 @@ -96,7 +96,7 @@
   22.96  
   22.97  (*Kunen's Theorem 7.3 (ii), page 16.  Isomorphic ordinals are equal*)
   22.98  lemma Ord_iso_implies_eq:
   22.99 -     "[| Ord(i);  Ord(j);  f:  ord_iso(i,Memrel(i),j,Memrel(j)) |]     
  22.100 +     "[| Ord(i);  Ord(j);  f:  ord_iso(i,Memrel(i),j,Memrel(j)) |]
  22.101        ==> i=j"
  22.102  apply (rule_tac i = i and j = j in Ord_linear_lt)
  22.103  apply (blast intro: ord_iso_sym Ord_iso_implies_eq_lemma)+
  22.104 @@ -105,8 +105,8 @@
  22.105  
  22.106  subsection{*Ordermap and ordertype*}
  22.107  
  22.108 -lemma ordermap_type: 
  22.109 -    "ordermap(A,r) : A -> ordertype(A,r)"
  22.110 +lemma ordermap_type:
  22.111 +    "ordermap(A,r) \<in> A -> ordertype(A,r)"
  22.112  apply (unfold ordermap_def ordertype_def)
  22.113  apply (rule lam_type)
  22.114  apply (rule lamI [THEN imageI], assumption+)
  22.115 @@ -115,7 +115,7 @@
  22.116  subsubsection{*Unfolding of ordermap *}
  22.117  
  22.118  (*Useful for cardinality reasoning; see CardinalArith.ML*)
  22.119 -lemma ordermap_eq_image: 
  22.120 +lemma ordermap_eq_image:
  22.121      "[| wf[A](r);  x:A |]
  22.122       ==> ordermap(A,r) ` x = ordermap(A,r) `` pred(A,x,r)"
  22.123  apply (unfold ordermap_def pred_def)
  22.124 @@ -127,23 +127,23 @@
  22.125  (*Useful for rewriting PROVIDED pred is not unfolded until later!*)
  22.126  lemma ordermap_pred_unfold:
  22.127       "[| wf[A](r);  x:A |]
  22.128 -      ==> ordermap(A,r) ` x = {ordermap(A,r)`y . y : pred(A,x,r)}"
  22.129 +      ==> ordermap(A,r) ` x = {ordermap(A,r)`y . y \<in> pred(A,x,r)}"
  22.130  by (simp add: ordermap_eq_image pred_subset ordermap_type [THEN image_fun])
  22.131  
  22.132  (*pred-unfolded version.  NOT suitable for rewriting -- loops!*)
  22.133 -lemmas ordermap_unfold = ordermap_pred_unfold [simplified pred_def] 
  22.134 +lemmas ordermap_unfold = ordermap_pred_unfold [simplified pred_def]
  22.135  
  22.136 -(*The theorem above is 
  22.137 +(*The theorem above is
  22.138  
  22.139 -[| wf[A](r); x : A |]
  22.140 -==> ordermap(A,r) ` x = {ordermap(A,r) ` y . y: {y: A . <y,x> : r}}
  22.141 +[| wf[A](r); x \<in> A |]
  22.142 +==> ordermap(A,r) ` x = {ordermap(A,r) ` y . y: {y: A . <y,x> \<in> r}}
  22.143  
  22.144  NOTE: the definition of ordermap used here delivers ordinals only if r is
  22.145  transitive.  If r is the predecessor relation on the naturals then
  22.146  ordermap(nat,predr) ` n equals {n-1} and not n.  A more complicated definition,
  22.147  like
  22.148  
  22.149 -  ordermap(A,r) ` x = Union{succ(ordermap(A,r) ` y) . y: {y: A . <y,x> : r}},
  22.150 +  ordermap(A,r) ` x = Union{succ(ordermap(A,r) ` y) . y: {y: A . <y,x> \<in> r}},
  22.151  
  22.152  might eliminate the need for r to be transitive.
  22.153  *)
  22.154 @@ -151,7 +151,7 @@
  22.155  
  22.156  subsubsection{*Showing that ordermap, ordertype yield ordinals *}
  22.157  
  22.158 -lemma Ord_ordermap: 
  22.159 +lemma Ord_ordermap:
  22.160      "[| well_ord(A,r);  x:A |] ==> Ord(ordermap(A,r) ` x)"
  22.161  apply (unfold well_ord_def tot_ord_def part_ord_def, safe)
  22.162  apply (rule_tac a=x in wf_on_induct, assumption+)
  22.163 @@ -159,10 +159,10 @@
  22.164  apply (rule OrdI [OF _ Ord_is_Transset])
  22.165  apply (unfold pred_def Transset_def)
  22.166  apply (blast intro: trans_onD
  22.167 -             dest!: ordermap_unfold [THEN equalityD1])+ 
  22.168 +             dest!: ordermap_unfold [THEN equalityD1])+
  22.169  done
  22.170  
  22.171 -lemma Ord_ordertype: 
  22.172 +lemma Ord_ordertype:
  22.173      "well_ord(A,r) ==> Ord(ordertype(A,r))"
  22.174  apply (unfold ordertype_def)
  22.175  apply (subst image_fun [OF ordermap_type subset_refl])
  22.176 @@ -178,38 +178,38 @@
  22.177  
  22.178  lemma ordermap_mono:
  22.179       "[| <w,x>: r;  wf[A](r);  w: A; x: A |]
  22.180 -      ==> ordermap(A,r)`w : ordermap(A,r)`x"
  22.181 +      ==> ordermap(A,r)`w \<in> ordermap(A,r)`x"
  22.182  apply (erule_tac x1 = x in ordermap_unfold [THEN ssubst], assumption, blast)
  22.183  done
  22.184  
  22.185  (*linearity of r is crucial here*)
  22.186 -lemma converse_ordermap_mono: 
  22.187 -    "[| ordermap(A,r)`w : ordermap(A,r)`x;  well_ord(A,r); w: A; x: A |]
  22.188 +lemma converse_ordermap_mono:
  22.189 +    "[| ordermap(A,r)`w \<in> ordermap(A,r)`x;  well_ord(A,r); w: A; x: A |]
  22.190       ==> <w,x>: r"
  22.191  apply (unfold well_ord_def tot_ord_def, safe)
  22.192 -apply (erule_tac x=w and y=x in linearE, assumption+) 
  22.193 +apply (erule_tac x=w and y=x in linearE, assumption+)
  22.194  apply (blast elim!: mem_not_refl [THEN notE])
  22.195 -apply (blast dest: ordermap_mono intro: mem_asym) 
  22.196 +apply (blast dest: ordermap_mono intro: mem_asym)
  22.197  done
  22.198  
  22.199 -lemmas ordermap_surj = 
  22.200 +lemmas ordermap_surj =
  22.201      ordermap_type [THEN surj_image, unfolded ordertype_def [symmetric]]
  22.202  
  22.203 -lemma ordermap_bij: 
  22.204 -    "well_ord(A,r) ==> ordermap(A,r) : bij(A, ordertype(A,r))"
  22.205 +lemma ordermap_bij:
  22.206 +    "well_ord(A,r) ==> ordermap(A,r) \<in> bij(A, ordertype(A,r))"
  22.207  apply (unfold well_ord_def tot_ord_def bij_def inj_def)
  22.208 -apply (force intro!: ordermap_type ordermap_surj 
  22.209 -             elim: linearE dest: ordermap_mono 
  22.210 +apply (force intro!: ordermap_type ordermap_surj
  22.211 +             elim: linearE dest: ordermap_mono
  22.212               simp add: mem_not_refl)
  22.213  done
  22.214  
  22.215  subsubsection{*Isomorphisms involving ordertype *}
  22.216  
  22.217 -lemma ordertype_ord_iso: 
  22.218 +lemma ordertype_ord_iso:
  22.219   "well_ord(A,r)
  22.220 -  ==> ordermap(A,r) : ord_iso(A,r, ordertype(A,r), Memrel(ordertype(A,r)))"
  22.221 +  ==> ordermap(A,r) \<in> ord_iso(A,r, ordertype(A,r), Memrel(ordertype(A,r)))"
  22.222  apply (unfold ord_iso_def)
  22.223 -apply (safe elim!: well_ord_is_wf 
  22.224 +apply (safe elim!: well_ord_is_wf
  22.225              intro!: ordermap_type [THEN apply_type] ordermap_mono ordermap_bij)
  22.226  apply (blast dest!: converse_ordermap_mono)
  22.227  done
  22.228 @@ -223,8 +223,8 @@
  22.229  done
  22.230  
  22.231  lemma ordertype_eq_imp_ord_iso:
  22.232 -     "[| ordertype(A,r) = ordertype(B,s); well_ord(A,r);  well_ord(B,s) |] 
  22.233 -      ==> EX f. f: ord_iso(A,r,B,s)"
  22.234 +     "[| ordertype(A,r) = ordertype(B,s); well_ord(A,r);  well_ord(B,s) |]
  22.235 +      ==> \<exists>f. f: ord_iso(A,r,B,s)"
  22.236  apply (rule exI)
  22.237  apply (rule ordertype_ord_iso [THEN ord_iso_trans], assumption)
  22.238  apply (erule ssubst)
  22.239 @@ -234,7 +234,7 @@
  22.240  subsubsection{*Basic equalities for ordertype *}
  22.241  
  22.242  (*Ordertype of Memrel*)
  22.243 -lemma le_ordertype_Memrel: "j le i ==> ordertype(j,Memrel(i)) = j"
  22.244 +lemma le_ordertype_Memrel: "j \<le> i ==> ordertype(j,Memrel(i)) = j"
  22.245  apply (rule Ord_iso_implies_eq [symmetric])
  22.246  apply (erule ltE, assumption)
  22.247  apply (blast intro: le_well_ord_Memrel Ord_ordertype)
  22.248 @@ -277,16 +277,16 @@
  22.249  apply (fast elim!: trans_onD)
  22.250  done
  22.251  
  22.252 -lemma ordertype_unfold: 
  22.253 -    "ordertype(A,r) = {ordermap(A,r)`y . y : A}"
  22.254 +lemma ordertype_unfold:
  22.255 +    "ordertype(A,r) = {ordermap(A,r)`y . y \<in> A}"
  22.256  apply (unfold ordertype_def)
  22.257  apply (rule image_fun [OF ordermap_type subset_refl])
  22.258  done
  22.259  
  22.260  text{*Theorems by Krzysztof Grabczewski; proofs simplified by lcp *}
  22.261  
  22.262 -lemma ordertype_pred_subset: "[| well_ord(A,r);  x:A |] ==>              
  22.263 -          ordertype(pred(A,x,r),r) <= ordertype(A,r)"
  22.264 +lemma ordertype_pred_subset: "[| well_ord(A,r);  x:A |] ==>
  22.265 +          ordertype(pred(A,x,r),r) \<subseteq> ordertype(A,r)"
  22.266  apply (simp add: ordertype_unfold well_ord_subset [OF _ pred_subset])
  22.267  apply (fast intro: ordermap_pred_eq_ordermap elim: predE)
  22.268  done
  22.269 @@ -321,13 +321,13 @@
  22.270  apply (unfold Ord_alt_def)
  22.271  apply (rule conjI)
  22.272  apply (erule well_ord_Memrel)
  22.273 -apply (unfold Ord_def Transset_def pred_def Memrel_def, blast) 
  22.274 +apply (unfold Ord_def Transset_def pred_def Memrel_def, blast)
  22.275  done
  22.276  
  22.277  (*proof by lcp*)
  22.278 -lemma Ord_alt_is_Ord: 
  22.279 +lemma Ord_alt_is_Ord:
  22.280      "Ord_alt(i) ==> Ord(i)"
  22.281 -apply (unfold Ord_alt_def Ord_def Transset_def well_ord_def 
  22.282 +apply (unfold Ord_alt_def Ord_def Transset_def well_ord_def
  22.283                       tot_ord_def part_ord_def trans_on_def)
  22.284  apply (simp add: pred_Memrel)
  22.285  apply (blast elim!: equalityE)
  22.286 @@ -340,7 +340,7 @@
  22.287  
  22.288  text{*Addition with 0 *}
  22.289  
  22.290 -lemma bij_sum_0: "(lam z:A+0. case(%x. x, %y. y, z)) : bij(A+0, A)"
  22.291 +lemma bij_sum_0: "(\<lambda>z\<in>A+0. case(%x. x, %y. y, z)) \<in> bij(A+0, A)"
  22.292  apply (rule_tac d = Inl in lam_bijective, safe)
  22.293  apply (simp_all (no_asm_simp))
  22.294  done
  22.295 @@ -352,7 +352,7 @@
  22.296  apply force
  22.297  done
  22.298  
  22.299 -lemma bij_0_sum: "(lam z:0+A. case(%x. x, %y. y, z)) : bij(0+A, A)"
  22.300 +lemma bij_0_sum: "(\<lambda>z\<in>0+A. case(%x. x, %y. y, z)) \<in> bij(0+A, A)"
  22.301  apply (rule_tac d = Inr in lam_bijective, safe)
  22.302  apply (simp_all (no_asm_simp))
  22.303  done
  22.304 @@ -367,9 +367,9 @@
  22.305  text{*Initial segments of radd.  Statements by Grabczewski *}
  22.306  
  22.307  (*In fact, pred(A+B, Inl(a), radd(A,r,B,s)) = pred(A,a,r)+0 *)
  22.308 -lemma pred_Inl_bij: 
  22.309 - "a:A ==> (lam x:pred(A,a,r). Inl(x))     
  22.310 -          : bij(pred(A,a,r), pred(A+B, Inl(a), radd(A,r,B,s)))"
  22.311 +lemma pred_Inl_bij:
  22.312 + "a:A ==> (\<lambda>x\<in>pred(A,a,r). Inl(x))
  22.313 +          \<in> bij(pred(A,a,r), pred(A+B, Inl(a), radd(A,r,B,s)))"
  22.314  apply (unfold pred_def)
  22.315  apply (rule_tac d = "case (%x. x, %y. y) " in lam_bijective)
  22.316  apply auto
  22.317 @@ -377,24 +377,24 @@
  22.318  
  22.319  lemma ordertype_pred_Inl_eq:
  22.320       "[| a:A;  well_ord(A,r) |]
  22.321 -      ==> ordertype(pred(A+B, Inl(a), radd(A,r,B,s)), radd(A,r,B,s)) =  
  22.322 +      ==> ordertype(pred(A+B, Inl(a), radd(A,r,B,s)), radd(A,r,B,s)) =
  22.323            ordertype(pred(A,a,r), r)"
  22.324  apply (rule pred_Inl_bij [THEN ord_isoI, THEN ord_iso_sym, THEN ordertype_eq])
  22.325  apply (simp_all add: well_ord_subset [OF _ pred_subset])
  22.326  apply (simp add: pred_def)
  22.327  done
  22.328  
  22.329 -lemma pred_Inr_bij: 
  22.330 - "b:B ==>   
  22.331 -         id(A+pred(B,b,s))       
  22.332 -         : bij(A+pred(B,b,s), pred(A+B, Inr(b), radd(A,r,B,s)))"
  22.333 +lemma pred_Inr_bij:
  22.334 + "b:B ==>
  22.335 +         id(A+pred(B,b,s))
  22.336 +         \<in> bij(A+pred(B,b,s), pred(A+B, Inr(b), radd(A,r,B,s)))"
  22.337  apply (unfold pred_def id_def)
  22.338 -apply (rule_tac d = "%z. z" in lam_bijective, auto) 
  22.339 +apply (rule_tac d = "%z. z" in lam_bijective, auto)
  22.340  done
  22.341  
  22.342  lemma ordertype_pred_Inr_eq:
  22.343       "[| b:B;  well_ord(A,r);  well_ord(B,s) |]
  22.344 -      ==> ordertype(pred(A+B, Inr(b), radd(A,r,B,s)), radd(A,r,B,s)) =  
  22.345 +      ==> ordertype(pred(A+B, Inr(b), radd(A,r,B,s)), radd(A,r,B,s)) =
  22.346            ordertype(A+pred(B,b,s), radd(A,r,pred(B,b,s),s))"
  22.347  apply (rule pred_Inr_bij [THEN ord_isoI, THEN ord_iso_sym, THEN ordertype_eq])
  22.348  prefer 2 apply (force simp add: pred_def id_def, assumption)
  22.349 @@ -441,7 +441,7 @@
  22.350  
  22.351  
  22.352  lemma oadd_eq_if_raw_oadd:
  22.353 -     "i++j = (if Ord(i) then (if Ord(j) then raw_oadd(i,j) else i)  
  22.354 +     "i++j = (if Ord(i) then (if Ord(j) then raw_oadd(i,j) else i)
  22.355                else (if Ord(j) then j else 0))"
  22.356  by (simp add: oadd_def ordify_def raw_oadd_0_left raw_oadd_0)
  22.357  
  22.358 @@ -462,15 +462,15 @@
  22.359  apply (blast intro: Ord_ordertype well_ord_radd well_ord_Memrel)
  22.360  done
  22.361  
  22.362 -(*Thus also we obtain the rule  i++j = k ==> i le k *)
  22.363 -lemma oadd_le_self: "Ord(i) ==> i le i++j"
  22.364 +(*Thus also we obtain the rule  @{term"i++j = k ==> i \<le> k"} *)
  22.365 +lemma oadd_le_self: "Ord(i) ==> i \<le> i++j"
  22.366  apply (rule all_lt_imp_le)
  22.367 -apply (auto simp add: Ord_oadd lt_oadd1) 
  22.368 +apply (auto simp add: Ord_oadd lt_oadd1)
  22.369  done
  22.370  
  22.371  text{*Various other results *}
  22.372  
  22.373 -lemma id_ord_iso_Memrel: "A<=B ==> id(A) : ord_iso(A, Memrel(A), A, Memrel(B))"
  22.374 +lemma id_ord_iso_Memrel: "A<=B ==> id(A) \<in> ord_iso(A, Memrel(A), A, Memrel(B))"
  22.375  apply (rule id_bij [THEN ord_isoI])
  22.376  apply (simp (no_asm_simp))
  22.377  apply blast
  22.378 @@ -478,32 +478,32 @@
  22.379  
  22.380  lemma subset_ord_iso_Memrel:
  22.381       "[| f: ord_iso(A,Memrel(B),C,r); A<=B |] ==> f: ord_iso(A,Memrel(A),C,r)"
  22.382 -apply (frule ord_iso_is_bij [THEN bij_is_fun, THEN fun_is_rel]) 
  22.383 -apply (frule ord_iso_trans [OF id_ord_iso_Memrel], assumption) 
  22.384 -apply (simp add: right_comp_id) 
  22.385 +apply (frule ord_iso_is_bij [THEN bij_is_fun, THEN fun_is_rel])
  22.386 +apply (frule ord_iso_trans [OF id_ord_iso_Memrel], assumption)
  22.387 +apply (simp add: right_comp_id)
  22.388  done
  22.389  
  22.390  lemma restrict_ord_iso:
  22.391 -     "[| f \<in> ord_iso(i, Memrel(i), Order.pred(A,a,r), r);  a \<in> A; j < i; 
  22.392 +     "[| f \<in> ord_iso(i, Memrel(i), Order.pred(A,a,r), r);  a \<in> A; j < i;
  22.393         trans[A](r) |]
  22.394        ==> restrict(f,j) \<in> ord_iso(j, Memrel(j), Order.pred(A,f`j,r), r)"
  22.395 -apply (frule ltD) 
  22.396 -apply (frule ord_iso_is_bij [THEN bij_is_fun, THEN apply_type], assumption) 
  22.397 -apply (frule ord_iso_restrict_pred, assumption) 
  22.398 +apply (frule ltD)
  22.399 +apply (frule ord_iso_is_bij [THEN bij_is_fun, THEN apply_type], assumption)
  22.400 +apply (frule ord_iso_restrict_pred, assumption)
  22.401  apply (simp add: pred_iff trans_pred_pred_eq lt_pred_Memrel)
  22.402 -apply (blast intro!: subset_ord_iso_Memrel le_imp_subset [OF leI]) 
  22.403 +apply (blast intro!: subset_ord_iso_Memrel le_imp_subset [OF leI])
  22.404  done
  22.405  
  22.406  lemma restrict_ord_iso2:
  22.407 -     "[| f \<in> ord_iso(Order.pred(A,a,r), r, i, Memrel(i));  a \<in> A; 
  22.408 +     "[| f \<in> ord_iso(Order.pred(A,a,r), r, i, Memrel(i));  a \<in> A;
  22.409         j < i; trans[A](r) |]
  22.410 -      ==> converse(restrict(converse(f), j)) 
  22.411 +      ==> converse(restrict(converse(f), j))
  22.412            \<in> ord_iso(Order.pred(A, converse(f)`j, r), r, j, Memrel(j))"
  22.413  by (blast intro: restrict_ord_iso ord_iso_sym ltI)
  22.414  
  22.415  lemma ordertype_sum_Memrel:
  22.416       "[| well_ord(A,r);  k<j |]
  22.417 -      ==> ordertype(A+k, radd(A, r, k, Memrel(j))) =  
  22.418 +      ==> ordertype(A+k, radd(A, r, k, Memrel(j))) =
  22.419            ordertype(A+k, radd(A, r, k, Memrel(k)))"
  22.420  apply (erule ltE)
  22.421  apply (rule ord_iso_refl [THEN sum_ord_iso_cong, THEN ordertype_eq])
  22.422 @@ -528,7 +528,7 @@
  22.423   prefer 2
  22.424   apply (frule_tac i = i and j = j in oadd_le_self)
  22.425   apply (simp (asm_lr) add: oadd_def ordify_def lt_Ord not_lt_iff_le [THEN iff_sym])
  22.426 -apply (rule Ord_linear_lt, auto) 
  22.427 +apply (rule Ord_linear_lt, auto)
  22.428  apply (simp_all add: raw_oadd_eq_oadd)
  22.429  apply (blast dest: oadd_lt_mono2 elim: lt_irrefl lt_asym)+
  22.430  done
  22.431 @@ -539,18 +539,18 @@
  22.432  lemma oadd_inject: "[| i++j = i++k;  Ord(j); Ord(k) |] ==> j=k"
  22.433  apply (simp add: oadd_eq_if_raw_oadd split add: split_if_asm)
  22.434  apply (simp add: raw_oadd_eq_oadd)
  22.435 -apply (rule Ord_linear_lt, auto) 
  22.436 +apply (rule Ord_linear_lt, auto)
  22.437  apply (force dest: oadd_lt_mono2 [of concl: i] simp add: lt_not_refl)+
  22.438  done
  22.439  
  22.440 -lemma lt_oadd_disj: "k < i++j ==> k<i | (EX l:j. k = i++l )"
  22.441 +lemma lt_oadd_disj: "k < i++j ==> k<i | (\<exists>l\<in>j. k = i++l )"
  22.442  apply (simp add: Ord_in_Ord' [of _ j] oadd_eq_if_raw_oadd
  22.443              split add: split_if_asm)
  22.444   prefer 2
  22.445   apply (simp add: Ord_in_Ord' [of _ j] lt_def)
  22.446  apply (simp add: ordertype_pred_unfold well_ord_radd well_ord_Memrel raw_oadd_def)
  22.447  apply (erule ltD [THEN RepFunE])
  22.448 -apply (force simp add: ordertype_pred_Inl_eq well_ord_Memrel ltI 
  22.449 +apply (force simp add: ordertype_pred_Inl_eq well_ord_Memrel ltI
  22.450                         lt_pred_Memrel le_ordertype_Memrel leI
  22.451                         ordertype_pred_Inr_eq ordertype_sum_Memrel)
  22.452  done
  22.453 @@ -562,7 +562,7 @@
  22.454  apply (simp add: oadd_eq_if_raw_oadd Ord_raw_oadd raw_oadd_0 raw_oadd_0_left, clarify)
  22.455  apply (simp add: raw_oadd_def)
  22.456  apply (rule ordertype_eq [THEN trans])
  22.457 -apply (rule sum_ord_iso_cong [OF ordertype_ord_iso [THEN ord_iso_sym] 
  22.458 +apply (rule sum_ord_iso_cong [OF ordertype_ord_iso [THEN ord_iso_sym]
  22.459                                   ord_iso_refl])
  22.460  apply (simp_all add: Ord_ordertype well_ord_radd well_ord_Memrel)
  22.461  apply (rule sum_assoc_ord_iso [THEN ordertype_eq, THEN trans])
  22.462 @@ -571,11 +571,11 @@
  22.463  apply (blast intro: Ord_ordertype well_ord_radd well_ord_Memrel)+
  22.464  done
  22.465  
  22.466 -lemma oadd_unfold: "[| Ord(i);  Ord(j) |] ==> i++j = i Un (\<Union>k\<in>j. {i++k})"
  22.467 +lemma oadd_unfold: "[| Ord(i);  Ord(j) |] ==> i++j = i \<union> (\<Union>k\<in>j. {i++k})"
  22.468  apply (rule subsetI [THEN equalityI])
  22.469  apply (erule ltI [THEN lt_oadd_disj, THEN disjE])
  22.470 -apply (blast intro: Ord_oadd) 
  22.471 -apply (blast elim!: ltE, blast) 
  22.472 +apply (blast intro: Ord_oadd)
  22.473 +apply (blast elim!: ltE, blast)
  22.474  apply (force intro: lt_oadd1 oadd_lt_mono2 simp add: Ord_mem_iff_lt)
  22.475  done
  22.476  
  22.477 @@ -597,13 +597,13 @@
  22.478  lemma oadd_UN:
  22.479       "[| !!x. x:A ==> Ord(j(x));  a:A |]
  22.480        ==> i ++ (\<Union>x\<in>A. j(x)) = (\<Union>x\<in>A. i++j(x))"
  22.481 -by (blast intro: ltI Ord_UN Ord_oadd lt_oadd1 [THEN ltD] 
  22.482 -                 oadd_lt_mono2 [THEN ltD] 
  22.483 +by (blast intro: ltI Ord_UN Ord_oadd lt_oadd1 [THEN ltD]
  22.484 +                 oadd_lt_mono2 [THEN ltD]
  22.485            elim!: ltE dest!: ltI [THEN lt_oadd_disj])
  22.486  
  22.487  lemma oadd_Limit: "Limit(j) ==> i++j = (\<Union>k\<in>j. i++k)"
  22.488  apply (frule Limit_has_0 [THEN ltD])
  22.489 -apply (simp add: Limit_is_Ord [THEN Ord_in_Ord] oadd_UN [symmetric] 
  22.490 +apply (simp add: Limit_is_Ord [THEN Ord_in_Ord] oadd_UN [symmetric]
  22.491                   Union_eq_UN [symmetric] Limit_Union_eq)
  22.492  done
  22.493  
  22.494 @@ -626,12 +626,12 @@
  22.495                          Limit_is_Ord [of j, THEN Ord_in_Ord], auto)
  22.496  apply (rule_tac x="succ(y)" in bexI)
  22.497   apply (simp add: ltI Limit_is_Ord [of j, THEN Ord_in_Ord])
  22.498 -apply (simp add: Limit_def lt_def) 
  22.499 +apply (simp add: Limit_def lt_def)
  22.500  done
  22.501  
  22.502  text{*Order/monotonicity properties of ordinal addition *}
  22.503  
  22.504 -lemma oadd_le_self2: "Ord(i) ==> i le j++i"
  22.505 +lemma oadd_le_self2: "Ord(i) ==> i \<le> j++i"
  22.506  apply (erule_tac i = i in trans_induct3)
  22.507  apply (simp (no_asm_simp) add: Ord_0_le)
  22.508  apply (simp (no_asm_simp) add: oadd_succ succ_leI)
  22.509 @@ -643,7 +643,7 @@
  22.510  apply (simp add: Union_eq_UN [symmetric] Limit_Union_eq le_refl Limit_is_Ord)
  22.511  done
  22.512  
  22.513 -lemma oadd_le_mono1: "k le j ==> k++i le j++i"
  22.514 +lemma oadd_le_mono1: "k \<le> j ==> k++i \<le> j++i"
  22.515  apply (frule lt_Ord)
  22.516  apply (frule le_Ord2)
  22.517  apply (simp add: oadd_eq_if_raw_oadd, clarify)
  22.518 @@ -655,31 +655,31 @@
  22.519  apply (rule le_implies_UN_le_UN, blast)
  22.520  done
  22.521  
  22.522 -lemma oadd_lt_mono: "[| i' le i;  j'<j |] ==> i'++j' < i++j"
  22.523 +lemma oadd_lt_mono: "[| i' \<le> i;  j'<j |] ==> i'++j' < i++j"
  22.524  by (blast intro: lt_trans1 oadd_le_mono1 oadd_lt_mono2 Ord_succD elim: ltE)
  22.525  
  22.526 -lemma oadd_le_mono: "[| i' le i;  j' le j |] ==> i'++j' le i++j"
  22.527 +lemma oadd_le_mono: "[| i' \<le> i;  j' \<le> j |] ==> i'++j' \<le> i++j"
  22.528  by (simp del: oadd_succ add: oadd_succ [symmetric] le_Ord2 oadd_lt_mono)
  22.529  
  22.530 -lemma oadd_le_iff2: "[| Ord(j); Ord(k) |] ==> i++j le i++k <-> j le k"
  22.531 +lemma oadd_le_iff2: "[| Ord(j); Ord(k) |] ==> i++j \<le> i++k <-> j \<le> k"
  22.532  by (simp del: oadd_succ add: oadd_lt_iff2 oadd_succ [symmetric] Ord_succ)
  22.533  
  22.534  lemma oadd_lt_self: "[| Ord(i);  0<j |] ==> i < i++j"
  22.535 -apply (rule lt_trans2) 
  22.536 -apply (erule le_refl) 
  22.537 -apply (simp only: lt_Ord2  oadd_1 [of i, symmetric]) 
  22.538 +apply (rule lt_trans2)
  22.539 +apply (erule le_refl)
  22.540 +apply (simp only: lt_Ord2  oadd_1 [of i, symmetric])
  22.541  apply (blast intro: succ_leI oadd_le_mono)
  22.542  done
  22.543  
  22.544  text{*Every ordinal is exceeded by some limit ordinal.*}
  22.545  lemma Ord_imp_greater_Limit: "Ord(i) ==> \<exists>k. i<k & Limit(k)"
  22.546 -apply (rule_tac x="i ++ nat" in exI) 
  22.547 +apply (rule_tac x="i ++ nat" in exI)
  22.548  apply (blast intro: oadd_LimitI  oadd_lt_self  Limit_nat [THEN Limit_has_0])
  22.549  done
  22.550  
  22.551  lemma Ord2_imp_greater_Limit: "[|Ord(i); Ord(j)|] ==> \<exists>k. i<k & j<k & Limit(k)"
  22.552 -apply (insert Ord_Un [of i j, THEN Ord_imp_greater_Limit]) 
  22.553 -apply (simp add: Un_least_lt_iff) 
  22.554 +apply (insert Ord_Un [of i j, THEN Ord_imp_greater_Limit])
  22.555 +apply (simp add: Un_least_lt_iff)
  22.556  done
  22.557  
  22.558  
  22.559 @@ -689,7 +689,7 @@
  22.560      It's probably simpler to define the difference recursively!*}
  22.561  
  22.562  lemma bij_sum_Diff:
  22.563 -     "A<=B ==> (lam y:B. if(y:A, Inl(y), Inr(y))) : bij(B, A+(B-A))"
  22.564 +     "A<=B ==> (\<lambda>y\<in>B. if(y:A, Inl(y), Inr(y))) \<in> bij(B, A+(B-A))"
  22.565  apply (rule_tac d = "case (%x. x, %y. y) " in lam_bijective)
  22.566  apply (blast intro!: if_type)
  22.567  apply (fast intro!: case_type)
  22.568 @@ -698,8 +698,8 @@
  22.569  done
  22.570  
  22.571  lemma ordertype_sum_Diff:
  22.572 -     "i le j ==>   
  22.573 -            ordertype(i+(j-i), radd(i,Memrel(j),j-i,Memrel(j))) =        
  22.574 +     "i \<le> j ==>
  22.575 +            ordertype(i+(j-i), radd(i,Memrel(j),j-i,Memrel(j))) =
  22.576              ordertype(j, Memrel(j))"
  22.577  apply (safe dest!: le_subset_iff [THEN iffD1])
  22.578  apply (rule bij_sum_Diff [THEN ord_isoI, THEN ord_iso_sym, THEN ordertype_eq])
  22.579 @@ -711,15 +711,15 @@
  22.580  apply (blast intro: lt_trans2 lt_trans)
  22.581  done
  22.582  
  22.583 -lemma Ord_odiff [simp,TC]: 
  22.584 +lemma Ord_odiff [simp,TC]:
  22.585      "[| Ord(i);  Ord(j) |] ==> Ord(i--j)"
  22.586  apply (unfold odiff_def)
  22.587  apply (blast intro: Ord_ordertype Diff_subset well_ord_subset well_ord_Memrel)
  22.588  done
  22.589  
  22.590  
  22.591 -lemma raw_oadd_ordertype_Diff: 
  22.592 -   "i le j   
  22.593 +lemma raw_oadd_ordertype_Diff:
  22.594 +   "i \<le> j
  22.595      ==> raw_oadd(i,j--i) = ordertype(i+(j-i), radd(i,Memrel(j),j-i,Memrel(j)))"
  22.596  apply (simp add: raw_oadd_def odiff_def)
  22.597  apply (safe dest!: le_subset_iff [THEN iffD1])
  22.598 @@ -729,7 +729,7 @@
  22.599  apply (blast intro: well_ord_radd Diff_subset well_ord_subset well_ord_Memrel)+
  22.600  done
  22.601  
  22.602 -lemma oadd_odiff_inverse: "i le j ==> i ++ (j--i) = j"
  22.603 +lemma oadd_odiff_inverse: "i \<le> j ==> i ++ (j--i) = j"
  22.604  by (simp add: lt_Ord le_Ord2 oadd_def ordify_def raw_oadd_ordertype_Diff
  22.605                ordertype_sum_Diff ordertype_Memrel lt_Ord2 [THEN Ord_succD])
  22.606  
  22.607 @@ -741,7 +741,7 @@
  22.608  apply (blast intro: Ord_ordertype Ord_oadd Ord_odiff)+
  22.609  done
  22.610  
  22.611 -lemma odiff_lt_mono2: "[| i<j;  k le i |] ==> i--k < j--k"
  22.612 +lemma odiff_lt_mono2: "[| i<j;  k \<le> i |] ==> i--k < j--k"
  22.613  apply (rule_tac i = k in oadd_lt_cancel2)
  22.614  apply (simp add: oadd_odiff_inverse)
  22.615  apply (subst oadd_odiff_inverse)
  22.616 @@ -752,7 +752,7 @@
  22.617  
  22.618  subsection{*Ordinal Multiplication*}
  22.619  
  22.620 -lemma Ord_omult [simp,TC]: 
  22.621 +lemma Ord_omult [simp,TC]:
  22.622      "[| Ord(i);  Ord(j) |] ==> Ord(i**j)"
  22.623  apply (unfold omult_def)
  22.624  apply (blast intro: Ord_ordertype well_ord_rmult well_ord_Memrel)
  22.625 @@ -760,67 +760,67 @@
  22.626  
  22.627  subsubsection{*A useful unfolding law *}
  22.628  
  22.629 -lemma pred_Pair_eq: 
  22.630 - "[| a:A;  b:B |] ==> pred(A*B, <a,b>, rmult(A,r,B,s)) =      
  22.631 -                      pred(A,a,r)*B Un ({a} * pred(B,b,s))"
  22.632 +lemma pred_Pair_eq:
  22.633 + "[| a:A;  b:B |] ==> pred(A*B, <a,b>, rmult(A,r,B,s)) =
  22.634 +                      pred(A,a,r)*B \<union> ({a} * pred(B,b,s))"
  22.635  apply (unfold pred_def, blast)
  22.636  done
  22.637  
  22.638  lemma ordertype_pred_Pair_eq:
  22.639 -     "[| a:A;  b:B;  well_ord(A,r);  well_ord(B,s) |] ==>            
  22.640 -         ordertype(pred(A*B, <a,b>, rmult(A,r,B,s)), rmult(A,r,B,s)) =  
  22.641 -         ordertype(pred(A,a,r)*B + pred(B,b,s),                         
  22.642 +     "[| a:A;  b:B;  well_ord(A,r);  well_ord(B,s) |] ==>
  22.643 +         ordertype(pred(A*B, <a,b>, rmult(A,r,B,s)), rmult(A,r,B,s)) =
  22.644 +         ordertype(pred(A,a,r)*B + pred(B,b,s),
  22.645                    radd(A*B, rmult(A,r,B,s), B, s))"
  22.646  apply (simp (no_asm_simp) add: pred_Pair_eq)
  22.647  apply (rule ordertype_eq [symmetric])
  22.648  apply (rule prod_sum_singleton_ord_iso)
  22.649  apply (simp_all add: pred_subset well_ord_rmult [THEN well_ord_subset])
  22.650 -apply (blast intro: pred_subset well_ord_rmult [THEN well_ord_subset] 
  22.651 +apply (blast intro: pred_subset well_ord_rmult [THEN well_ord_subset]
  22.652               elim!: predE)
  22.653  done
  22.654  
  22.655 -lemma ordertype_pred_Pair_lemma: 
  22.656 +lemma ordertype_pred_Pair_lemma:
  22.657      "[| i'<i;  j'<j |]
  22.658 -     ==> ordertype(pred(i*j, <i',j'>, rmult(i,Memrel(i),j,Memrel(j))),  
  22.659 -                   rmult(i,Memrel(i),j,Memrel(j))) =                    
  22.660 +     ==> ordertype(pred(i*j, <i',j'>, rmult(i,Memrel(i),j,Memrel(j))),
  22.661 +                   rmult(i,Memrel(i),j,Memrel(j))) =
  22.662           raw_oadd (j**i', j')"
  22.663  apply (unfold raw_oadd_def omult_def)
  22.664 -apply (simp add: ordertype_pred_Pair_eq lt_pred_Memrel ltD lt_Ord2 
  22.665 +apply (simp add: ordertype_pred_Pair_eq lt_pred_Memrel ltD lt_Ord2
  22.666                   well_ord_Memrel)
  22.667  apply (rule trans)
  22.668 - apply (rule_tac [2] ordertype_ord_iso 
  22.669 + apply (rule_tac [2] ordertype_ord_iso
  22.670                        [THEN sum_ord_iso_cong, THEN ordertype_eq])
  22.671    apply (rule_tac [3] ord_iso_refl)
  22.672  apply (rule id_bij [THEN ord_isoI, THEN ordertype_eq])
  22.673  apply (elim SigmaE sumE ltE ssubst)
  22.674  apply (simp_all add: well_ord_rmult well_ord_radd well_ord_Memrel
  22.675 -                     Ord_ordertype lt_Ord lt_Ord2) 
  22.676 +                     Ord_ordertype lt_Ord lt_Ord2)
  22.677  apply (blast intro: Ord_trans)+
  22.678  done
  22.679  
  22.680 -lemma lt_omult: 
  22.681 +lemma lt_omult:
  22.682   "[| Ord(i);  Ord(j);  k<j**i |]
  22.683 -  ==> EX j' i'. k = j**i' ++ j' & j'<j & i'<i"
  22.684 +  ==> \<exists>j' i'. k = j**i' ++ j' & j'<j & i'<i"
  22.685  apply (unfold omult_def)
  22.686  apply (simp add: ordertype_pred_unfold well_ord_rmult well_ord_Memrel)
  22.687  apply (safe elim!: ltE)
  22.688 -apply (simp add: ordertype_pred_Pair_lemma ltI raw_oadd_eq_oadd 
  22.689 +apply (simp add: ordertype_pred_Pair_lemma ltI raw_oadd_eq_oadd
  22.690              omult_def [symmetric] Ord_in_Ord' [of _ i] Ord_in_Ord' [of _ j])
  22.691  apply (blast intro: ltI)
  22.692  done
  22.693  
  22.694 -lemma omult_oadd_lt: 
  22.695 +lemma omult_oadd_lt:
  22.696       "[| j'<j;  i'<i |] ==> j**i' ++ j'  <  j**i"
  22.697  apply (unfold omult_def)
  22.698  apply (rule ltI)
  22.699   prefer 2
  22.700   apply (simp add: Ord_ordertype well_ord_rmult well_ord_Memrel lt_Ord2)
  22.701  apply (simp add: ordertype_pred_unfold well_ord_rmult well_ord_Memrel lt_Ord2)
  22.702 -apply (rule bexI [of _ i']) 
  22.703 -apply (rule bexI [of _ j']) 
  22.704 +apply (rule bexI [of _ i'])
  22.705 +apply (rule bexI [of _ j'])
  22.706  apply (simp add: ordertype_pred_Pair_lemma ltI omult_def [symmetric])
  22.707  apply (simp add: lt_Ord lt_Ord2 raw_oadd_eq_oadd)
  22.708 -apply (simp_all add: lt_def) 
  22.709 +apply (simp_all add: lt_def)
  22.710  done
  22.711  
  22.712  lemma omult_unfold:
  22.713 @@ -828,7 +828,7 @@
  22.714  apply (rule subsetI [THEN equalityI])
  22.715  apply (rule lt_omult [THEN exE])
  22.716  apply (erule_tac [3] ltI)
  22.717 -apply (simp_all add: Ord_omult) 
  22.718 +apply (simp_all add: Ord_omult)
  22.719  apply (blast elim!: ltE)
  22.720  apply (blast intro: omult_oadd_lt [THEN ltD] ltI)
  22.721  done
  22.722 @@ -851,7 +851,7 @@
  22.723  
  22.724  lemma omult_1 [simp]: "Ord(i) ==> i**1 = i"
  22.725  apply (unfold omult_def)
  22.726 -apply (rule_tac s1="Memrel(i)" 
  22.727 +apply (rule_tac s1="Memrel(i)"
  22.728         in ord_isoI [THEN ordertype_eq, THEN trans])
  22.729  apply (rule_tac c = snd and d = "%z.<0,z>"  in lam_bijective)
  22.730  apply (auto elim!: snd_type well_ord_Memrel ordertype_Memrel)
  22.731 @@ -859,7 +859,7 @@
  22.732  
  22.733  lemma omult_1_left [simp]: "Ord(i) ==> 1**i = i"
  22.734  apply (unfold omult_def)
  22.735 -apply (rule_tac s1="Memrel(i)" 
  22.736 +apply (rule_tac s1="Memrel(i)"
  22.737         in ord_isoI [THEN ordertype_eq, THEN trans])
  22.738  apply (rule_tac c = fst and d = "%z.<z,0>" in lam_bijective)
  22.739  apply (auto elim!: fst_type well_ord_Memrel ordertype_Memrel)
  22.740 @@ -872,14 +872,14 @@
  22.741  apply (simp add: oadd_eq_if_raw_oadd)
  22.742  apply (simp add: omult_def raw_oadd_def)
  22.743  apply (rule ordertype_eq [THEN trans])
  22.744 -apply (rule prod_ord_iso_cong [OF ordertype_ord_iso [THEN ord_iso_sym] 
  22.745 +apply (rule prod_ord_iso_cong [OF ordertype_ord_iso [THEN ord_iso_sym]
  22.746                                    ord_iso_refl])
  22.747 -apply (simp_all add: well_ord_rmult well_ord_radd well_ord_Memrel 
  22.748 +apply (simp_all add: well_ord_rmult well_ord_radd well_ord_Memrel
  22.749                       Ord_ordertype)
  22.750  apply (rule sum_prod_distrib_ord_iso [THEN ordertype_eq, THEN trans])
  22.751  apply (rule_tac [2] ordertype_eq)
  22.752  apply (rule_tac [2] sum_ord_iso_cong [OF ordertype_ord_iso ordertype_ord_iso])
  22.753 -apply (simp_all add: well_ord_rmult well_ord_radd well_ord_Memrel 
  22.754 +apply (simp_all add: well_ord_rmult well_ord_radd well_ord_Memrel
  22.755                       Ord_ordertype)
  22.756  done
  22.757  
  22.758 @@ -888,14 +888,14 @@
  22.759  
  22.760  text{*Associative law *}
  22.761  
  22.762 -lemma omult_assoc: 
  22.763 +lemma omult_assoc:
  22.764      "[| Ord(i);  Ord(j);  Ord(k) |] ==> (i**j)**k = i**(j**k)"
  22.765  apply (unfold omult_def)
  22.766  apply (rule ordertype_eq [THEN trans])
  22.767 -apply (rule prod_ord_iso_cong [OF ord_iso_refl 
  22.768 +apply (rule prod_ord_iso_cong [OF ord_iso_refl
  22.769                                    ordertype_ord_iso [THEN ord_iso_sym]])
  22.770  apply (blast intro: well_ord_rmult well_ord_Memrel)+
  22.771 -apply (rule prod_assoc_ord_iso 
  22.772 +apply (rule prod_assoc_ord_iso
  22.773               [THEN ord_iso_sym, THEN ordertype_eq, THEN trans])
  22.774  apply (rule_tac [2] ordertype_eq)
  22.775  apply (rule_tac [2] prod_ord_iso_cong [OF ordertype_ord_iso ord_iso_refl])
  22.776 @@ -905,13 +905,13 @@
  22.777  
  22.778  text{*Ordinal multiplication with limit ordinals *}
  22.779  
  22.780 -lemma omult_UN: 
  22.781 +lemma omult_UN:
  22.782       "[| Ord(i);  !!x. x:A ==> Ord(j(x)) |]
  22.783        ==> i ** (\<Union>x\<in>A. j(x)) = (\<Union>x\<in>A. i**j(x))"
  22.784  by (simp (no_asm_simp) add: Ord_UN omult_unfold, blast)
  22.785  
  22.786  lemma omult_Limit: "[| Ord(i);  Limit(j) |] ==> i**j = (\<Union>k\<in>j. i**k)"
  22.787 -by (simp add: Limit_is_Ord [THEN Ord_in_Ord] omult_UN [symmetric] 
  22.788 +by (simp add: Limit_is_Ord [THEN Ord_in_Ord] omult_UN [symmetric]
  22.789                Union_eq_UN [symmetric] Limit_Union_eq)
  22.790  
  22.791  
  22.792 @@ -923,10 +923,10 @@
  22.793  apply (force simp add: omult_unfold)
  22.794  done
  22.795  
  22.796 -lemma omult_le_self: "[| Ord(i);  0<j |] ==> i le i**j"
  22.797 +lemma omult_le_self: "[| Ord(i);  0<j |] ==> i \<le> i**j"
  22.798  by (blast intro: all_lt_imp_le Ord_omult lt_omult1 lt_Ord2)
  22.799  
  22.800 -lemma omult_le_mono1: "[| k le j;  Ord(i) |] ==> k**i le j**i"
  22.801 +lemma omult_le_mono1: "[| k \<le> j;  Ord(i) |] ==> k**i \<le> j**i"
  22.802  apply (frule lt_Ord)
  22.803  apply (frule le_Ord2)
  22.804  apply (erule trans_induct3)
  22.805 @@ -943,20 +943,20 @@
  22.806  apply (force simp add: Ord_omult)
  22.807  done
  22.808  
  22.809 -lemma omult_le_mono2: "[| k le j;  Ord(i) |] ==> i**k le i**j"
  22.810 +lemma omult_le_mono2: "[| k \<le> j;  Ord(i) |] ==> i**k \<le> i**j"
  22.811  apply (rule subset_imp_le)
  22.812  apply (safe elim!: ltE dest!: Ord_succD intro!: Ord_omult)
  22.813  apply (simp add: omult_unfold)
  22.814 -apply (blast intro: Ord_trans) 
  22.815 +apply (blast intro: Ord_trans)
  22.816  done
  22.817  
  22.818 -lemma omult_le_mono: "[| i' le i;  j' le j |] ==> i'**j' le i**j"
  22.819 +lemma omult_le_mono: "[| i' \<le> i;  j' \<le> j |] ==> i'**j' \<le> i**j"
  22.820  by (blast intro: le_trans omult_le_mono1 omult_le_mono2 Ord_succD elim: ltE)
  22.821  
  22.822 -lemma omult_lt_mono: "[| i' le i;  j'<j;  0<i |] ==> i'**j' < i**j"
  22.823 +lemma omult_lt_mono: "[| i' \<le> i;  j'<j;  0<i |] ==> i'**j' < i**j"
  22.824  by (blast intro: lt_trans1 omult_le_mono1 omult_lt_mono2 Ord_succD elim: ltE)
  22.825  
  22.826 -lemma omult_le_self2: "[| Ord(i);  0<j |] ==> i le j**i"
  22.827 +lemma omult_le_self2: "[| Ord(i);  0<j |] ==> i \<le> j**i"
  22.828  apply (frule lt_Ord2)
  22.829  apply (erule_tac i = i in trans_induct3)
  22.830  apply (simp (no_asm_simp))
  22.831 @@ -977,32 +977,32 @@
  22.832  lemma omult_inject: "[| i**j = i**k;  0<i;  Ord(j);  Ord(k) |] ==> j=k"
  22.833  apply (rule Ord_linear_lt)
  22.834  prefer 4 apply assumption
  22.835 -apply auto 
  22.836 +apply auto
  22.837  apply (force dest: omult_lt_mono2 simp add: lt_not_refl)+
  22.838  done
  22.839  
  22.840  subsection{*The Relation @{term Lt}*}
  22.841  
  22.842  lemma wf_Lt: "wf(Lt)"
  22.843 -apply (rule wf_subset) 
  22.844 -apply (rule wf_Memrel) 
  22.845 -apply (auto simp add: Lt_def Memrel_def lt_def) 
  22.846 +apply (rule wf_subset)
  22.847 +apply (rule wf_Memrel)
  22.848 +apply (auto simp add: Lt_def Memrel_def lt_def)
  22.849  done
  22.850  
  22.851  lemma irrefl_Lt: "irrefl(A,Lt)"
  22.852  by (auto simp add: Lt_def irrefl_def)
  22.853  
  22.854  lemma trans_Lt: "trans[A](Lt)"
  22.855 -apply (simp add: Lt_def trans_on_def) 
  22.856 -apply (blast intro: lt_trans) 
  22.857 +apply (simp add: Lt_def trans_on_def)
  22.858 +apply (blast intro: lt_trans)
  22.859  done
  22.860  
  22.861  lemma part_ord_Lt: "part_ord(A,Lt)"
  22.862  by (simp add: part_ord_def irrefl_Lt trans_Lt)
  22.863  
  22.864  lemma linear_Lt: "linear(nat,Lt)"
  22.865 -apply (auto dest!: not_lt_imp_le simp add: Lt_def linear_def le_iff) 
  22.866 -apply (drule lt_asym, auto) 
  22.867 +apply (auto dest!: not_lt_imp_le simp add: Lt_def linear_def le_iff)
  22.868 +apply (drule lt_asym, auto)
  22.869  done
  22.870  
  22.871  lemma tot_ord_Lt: "tot_ord(nat,Lt)"
    23.1 --- a/src/ZF/Ordinal.thy	Sun Mar 04 23:20:43 2012 +0100
    23.2 +++ b/src/ZF/Ordinal.thy	Tue Mar 06 15:15:49 2012 +0000
    23.3 @@ -9,15 +9,15 @@
    23.4  
    23.5  definition
    23.6    Memrel        :: "i=>i"  where
    23.7 -    "Memrel(A)   == {z: A*A . EX x y. z=<x,y> & x:y }"
    23.8 +    "Memrel(A)   == {z: A*A . \<exists>x y. z=<x,y> & x:y }"
    23.9  
   23.10  definition
   23.11    Transset  :: "i=>o"  where
   23.12 -    "Transset(i) == ALL x:i. x<=i"
   23.13 +    "Transset(i) == \<forall>x\<in>i. x<=i"
   23.14  
   23.15  definition
   23.16    Ord  :: "i=>o"  where
   23.17 -    "Ord(i)      == Transset(i) & (ALL x:i. Transset(x))"
   23.18 +    "Ord(i)      == Transset(i) & (\<forall>x\<in>i. Transset(x))"
   23.19  
   23.20  definition
   23.21    lt        :: "[i,i] => o"  (infixl "<" 50)   (*less-than on ordinals*)  where
   23.22 @@ -25,7 +25,7 @@
   23.23  
   23.24  definition
   23.25    Limit         :: "i=>o"  where
   23.26 -    "Limit(i)    == Ord(i) & 0<i & (ALL y. y<i --> succ(y)<i)"
   23.27 +    "Limit(i)    == Ord(i) & 0<i & (\<forall>y. y<i \<longrightarrow> succ(y)<i)"
   23.28  
   23.29  abbreviation
   23.30    le  (infixl "le" 50) where
   23.31 @@ -45,17 +45,17 @@
   23.32  lemma Transset_iff_Pow: "Transset(A) <-> A<=Pow(A)"
   23.33  by (unfold Transset_def, blast)
   23.34  
   23.35 -lemma Transset_iff_Union_succ: "Transset(A) <-> Union(succ(A)) = A"
   23.36 +lemma Transset_iff_Union_succ: "Transset(A) <-> \<Union>(succ(A)) = A"
   23.37  apply (unfold Transset_def)
   23.38  apply (blast elim!: equalityE)
   23.39  done
   23.40  
   23.41 -lemma Transset_iff_Union_subset: "Transset(A) <-> Union(A) <= A"
   23.42 +lemma Transset_iff_Union_subset: "Transset(A) <-> \<Union>(A) \<subseteq> A"
   23.43  by (unfold Transset_def, blast)
   23.44  
   23.45  subsubsection{*Consequences of Downwards Closure*}
   23.46  
   23.47 -lemma Transset_doubleton_D: 
   23.48 +lemma Transset_doubleton_D:
   23.49      "[| Transset(C); {a,b}: C |] ==> a:C & b: C"
   23.50  by (unfold Transset_def, blast)
   23.51  
   23.52 @@ -66,11 +66,11 @@
   23.53  done
   23.54  
   23.55  lemma Transset_includes_domain:
   23.56 -    "[| Transset(C); A*B <= C; b: B |] ==> A <= C"
   23.57 +    "[| Transset(C); A*B \<subseteq> C; b: B |] ==> A \<subseteq> C"
   23.58  by (blast dest: Transset_Pair_D)
   23.59  
   23.60  lemma Transset_includes_range:
   23.61 -    "[| Transset(C); A*B <= C; a: A |] ==> B <= C"
   23.62 +    "[| Transset(C); A*B \<subseteq> C; a: A |] ==> B \<subseteq> C"
   23.63  by (blast dest: Transset_Pair_D)
   23.64  
   23.65  subsubsection{*Closure Properties*}
   23.66 @@ -78,12 +78,12 @@
   23.67  lemma Transset_0: "Transset(0)"
   23.68  by (unfold Transset_def, blast)
   23.69  
   23.70 -lemma Transset_Un: 
   23.71 -    "[| Transset(i);  Transset(j) |] ==> Transset(i Un j)"
   23.72 +lemma Transset_Un:
   23.73 +    "[| Transset(i);  Transset(j) |] ==> Transset(i \<union> j)"
   23.74  by (unfold Transset_def, blast)
   23.75  
   23.76 -lemma Transset_Int: 
   23.77 -    "[| Transset(i);  Transset(j) |] ==> Transset(i Int j)"
   23.78 +lemma Transset_Int:
   23.79 +    "[| Transset(i);  Transset(j) |] ==> Transset(i \<inter> j)"
   23.80  by (unfold Transset_def, blast)
   23.81  
   23.82  lemma Transset_succ: "Transset(i) ==> Transset(succ(i))"
   23.83 @@ -92,36 +92,36 @@
   23.84  lemma Transset_Pow: "Transset(i) ==> Transset(Pow(i))"
   23.85  by (unfold Transset_def, blast)
   23.86  
   23.87 -lemma Transset_Union: "Transset(A) ==> Transset(Union(A))"
   23.88 +lemma Transset_Union: "Transset(A) ==> Transset(\<Union>(A))"
   23.89  by (unfold Transset_def, blast)
   23.90  
   23.91 -lemma Transset_Union_family: 
   23.92 -    "[| !!i. i:A ==> Transset(i) |] ==> Transset(Union(A))"
   23.93 +lemma Transset_Union_family:
   23.94 +    "[| !!i. i:A ==> Transset(i) |] ==> Transset(\<Union>(A))"
   23.95  by (unfold Transset_def, blast)
   23.96  
   23.97 -lemma Transset_Inter_family: 
   23.98 -    "[| !!i. i:A ==> Transset(i) |] ==> Transset(Inter(A))"
   23.99 +lemma Transset_Inter_family:
  23.100 +    "[| !!i. i:A ==> Transset(i) |] ==> Transset(\<Inter>(A))"
  23.101  by (unfold Inter_def Transset_def, blast)
  23.102  
  23.103  lemma Transset_UN:
  23.104       "(!!x. x \<in> A ==> Transset(B(x))) ==> Transset (\<Union>x\<in>A. B(x))"
  23.105 -by (rule Transset_Union_family, auto) 
  23.106 +by (rule Transset_Union_family, auto)
  23.107  
  23.108  lemma Transset_INT:
  23.109       "(!!x. x \<in> A ==> Transset(B(x))) ==> Transset (\<Inter>x\<in>A. B(x))"
  23.110 -by (rule Transset_Inter_family, auto) 
  23.111 +by (rule Transset_Inter_family, auto)
  23.112  
  23.113  
  23.114  subsection{*Lemmas for Ordinals*}