isabelle: doc-src/Logics/ZF.tex@6b62a6ddbe15 (annotated)

104 d8205bb279a7 Initial revision lcp parents: diff changeset	1	%% $Id$
d8205bb279a7 Initial revision lcp parents: diff changeset	2	%%%See grant/bra/Lib/ZF.tex for lfp figure
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	3	\chapter{Zermelo-Fraenkel Set Theory}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	4	The directory~\ttindexbold{ZF} implements Zermelo-Fraenkel set
d8205bb279a7 Initial revision lcp parents: diff changeset	5	theory~\cite{halmos60,suppes72} as an extension of~\ttindex{FOL}, classical
d8205bb279a7 Initial revision lcp parents: diff changeset	6	first-order logic. The theory includes a collection of derived natural
d8205bb279a7 Initial revision lcp parents: diff changeset	7	deduction rules, for use with Isabelle's classical reasoning module. Much
d8205bb279a7 Initial revision lcp parents: diff changeset	8	of it is based on the work of No\"el~\cite{noel}. The theory has the {\ML}
d8205bb279a7 Initial revision lcp parents: diff changeset	9	identifier \ttindexbold{ZF.thy}. However, many further theories
d8205bb279a7 Initial revision lcp parents: diff changeset	10	are defined, introducing the natural numbers, etc.
d8205bb279a7 Initial revision lcp parents: diff changeset	11
d8205bb279a7 Initial revision lcp parents: diff changeset	12	A tremendous amount of set theory has been formally developed, including
d8205bb279a7 Initial revision lcp parents: diff changeset	13	the basic properties of relations, functions and ordinals. Significant
d8205bb279a7 Initial revision lcp parents: diff changeset	14	results have been proved, such as the Schr\"oder-Bernstein Theorem and the
d8205bb279a7 Initial revision lcp parents: diff changeset	15	Recursion Theorem. General methods have been developed for solving
d8205bb279a7 Initial revision lcp parents: diff changeset	16	recursion equations over monotonic functors; these have been applied to
d8205bb279a7 Initial revision lcp parents: diff changeset	17	yield constructions of lists and trees. Thus, we may even regard set
d8205bb279a7 Initial revision lcp parents: diff changeset	18	theory as a computational logic. It admits recursive definitions of
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	19	functions and types. It has much in common with Martin-L\"of type theory,
104 d8205bb279a7 Initial revision lcp parents: diff changeset	20	although of course it is classical.
d8205bb279a7 Initial revision lcp parents: diff changeset	21
d8205bb279a7 Initial revision lcp parents: diff changeset	22	Because {\ZF} is an extension of {\FOL}, it provides the same packages,
d8205bb279a7 Initial revision lcp parents: diff changeset	23	namely \ttindex{hyp_subst_tac}, the simplifier, and the classical reasoning
d8205bb279a7 Initial revision lcp parents: diff changeset	24	module. The main simplification set is called \ttindexbold{ZF_ss}.
d8205bb279a7 Initial revision lcp parents: diff changeset	25	Several classical rule sets are defined, including \ttindexbold{lemmas_cs},
d8205bb279a7 Initial revision lcp parents: diff changeset	26	\ttindexbold{upair_cs} and~\ttindexbold{ZF_cs}. See the files on directory
d8205bb279a7 Initial revision lcp parents: diff changeset	27	{\tt ZF} for details.
d8205bb279a7 Initial revision lcp parents: diff changeset	28
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	29	Isabelle/ZF now has a flexible package for handling inductive definitions,
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	30	such as inference systems, and datatype definitions, such as lists and
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	31	trees. Moreover it also handles co-inductive definitions, such as
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	32	bisimulation relations, and co-datatype definitions, such as streams. A
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	33	recent paper describes the package~\cite{paulson-fixedpt}.
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	34
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	35	Recent reports describe Isabelle/ZF less formally than this
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	36	chapter~\cite{paulson-set-I,paulson-set-II}. Isabelle/ZF employs a novel
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	37	treatment of non-well-founded data structures within the standard ZF axioms
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	38	including the Axiom of Foundation, but no report describes this treatment.
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	39
104 d8205bb279a7 Initial revision lcp parents: diff changeset	40
d8205bb279a7 Initial revision lcp parents: diff changeset	41	\section{Which version of axiomatic set theory?}
d8205bb279a7 Initial revision lcp parents: diff changeset	42	Resolution theorem provers can work in set theory, using the
d8205bb279a7 Initial revision lcp parents: diff changeset	43	Bernays-G\"odel axiom system~(BG) because it is
d8205bb279a7 Initial revision lcp parents: diff changeset	44	finite~\cite{boyer86,quaife92}. {\ZF} does not have a finite axiom system
d8205bb279a7 Initial revision lcp parents: diff changeset	45	(because of its Axiom Scheme of Replacement) and is therefore unsuitable
d8205bb279a7 Initial revision lcp parents: diff changeset	46	for classical resolution. Since Isabelle has no difficulty with axiom
d8205bb279a7 Initial revision lcp parents: diff changeset	47	schemes, we may adopt either axiom system.
d8205bb279a7 Initial revision lcp parents: diff changeset	48
d8205bb279a7 Initial revision lcp parents: diff changeset	49	These two theories differ in their treatment of {\bf classes}, which are
d8205bb279a7 Initial revision lcp parents: diff changeset	50	collections that are ``too big'' to be sets. The class of all sets,~$V$,
d8205bb279a7 Initial revision lcp parents: diff changeset	51	cannot be a set without admitting Russell's Paradox. In BG, both classes
d8205bb279a7 Initial revision lcp parents: diff changeset	52	and sets are individuals; $x\in V$ expresses that $x$ is a set. In {\ZF}, all
d8205bb279a7 Initial revision lcp parents: diff changeset	53	variables denote sets; classes are identified with unary predicates. The
d8205bb279a7 Initial revision lcp parents: diff changeset	54	two systems define essentially the same sets and classes, with similar
d8205bb279a7 Initial revision lcp parents: diff changeset	55	properties. In particular, a class cannot belong to another class (let
d8205bb279a7 Initial revision lcp parents: diff changeset	56	alone a set).
d8205bb279a7 Initial revision lcp parents: diff changeset	57
d8205bb279a7 Initial revision lcp parents: diff changeset	58	Modern set theorists tend to prefer {\ZF} because they are mainly concerned
d8205bb279a7 Initial revision lcp parents: diff changeset	59	with sets, rather than classes. BG requires tiresome proofs that various
d8205bb279a7 Initial revision lcp parents: diff changeset	60	collections are sets; for instance, showing $x\in\{x\}$ requires showing that
d8205bb279a7 Initial revision lcp parents: diff changeset	61	$x$ is a set. {\ZF} does not have this problem.
d8205bb279a7 Initial revision lcp parents: diff changeset	62
d8205bb279a7 Initial revision lcp parents: diff changeset	63
d8205bb279a7 Initial revision lcp parents: diff changeset	64	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	65	\begin{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	66	\begin{tabular}{rrr}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	67	\it name &\it meta-type & \it description \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	68	\idx{0} & $i$ & empty set\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	69	\idx{cons} & $[i,i]\To i$ & finite set constructor\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	70	\idx{Upair} & $[i,i]\To i$ & unordered pairing\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	71	\idx{Pair} & $[i,i]\To i$ & ordered pairing\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	72	\idx{Inf} & $i$ & infinite set\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	73	\idx{Pow} & $i\To i$ & powerset\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	74	\idx{Union} \idx{Inter} & $i\To i$ & set union/intersection \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	75	\idx{split} & $[[i,i]\To i, i] \To i$ & generalized projection\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	76	\idx{fst} \idx{snd} & $i\To i$ & projections\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	77	\idx{converse}& $i\To i$ & converse of a relation\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	78	\idx{succ} & $i\To i$ & successor\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	79	\idx{Collect} & $[i,i\To o]\To i$ & separation\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	80	\idx{Replace} & $[i, [i,i]\To o] \To i$ & replacement\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	81	\idx{PrimReplace} & $[i, [i,i]\To o] \To i$ & primitive replacement\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	82	\idx{RepFun} & $[i, i\To i] \To i$ & functional replacement\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	83	\idx{Pi} \idx{Sigma} & $[i,i\To i]\To i$ & general product/sum\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	84	\idx{domain} & $i\To i$ & domain of a relation\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	85	\idx{range} & $i\To i$ & range of a relation\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	86	\idx{field} & $i\To i$ & field of a relation\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	87	\idx{Lambda} & $[i, i\To i]\To i$ & $\lambda$-abstraction\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	88	\idx{restrict}& $[i, i] \To i$ & restriction of a function\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	89	\idx{The} & $[i\To o]\To i$ & definite description\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	90	\idx{if} & $[o,i,i]\To i$ & conditional\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	91	\idx{Ball} \idx{Bex} & $[i, i\To o]\To o$ & bounded quantifiers
104 d8205bb279a7 Initial revision lcp parents: diff changeset	92	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	93	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	94	\subcaption{Constants}
d8205bb279a7 Initial revision lcp parents: diff changeset	95
d8205bb279a7 Initial revision lcp parents: diff changeset	96	\begin{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	97	\indexbold{*"`"`}
d8205bb279a7 Initial revision lcp parents: diff changeset	98	\indexbold{*"-"`"`}
d8205bb279a7 Initial revision lcp parents: diff changeset	99	\indexbold{*"`}
d8205bb279a7 Initial revision lcp parents: diff changeset	100	\indexbold{*"-}
d8205bb279a7 Initial revision lcp parents: diff changeset	101	\indexbold{*":}
d8205bb279a7 Initial revision lcp parents: diff changeset	102	\indexbold{*"<"=}
d8205bb279a7 Initial revision lcp parents: diff changeset	103	\begin{tabular}{rrrr}
d8205bb279a7 Initial revision lcp parents: diff changeset	104	\it symbol & \it meta-type & \it precedence & \it description \\
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	105	\tt `` & $[i,i]\To i$ & Left 90 & image \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	106	\tt -`` & $[i,i]\To i$ & Left 90 & inverse image \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	107	\tt ` & $[i,i]\To i$ & Left 90 & application \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	108	\idx{Int} & $[i,i]\To i$ & Left 70 & intersection ($\inter$) \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	109	\idx{Un} & $[i,i]\To i$ & Left 65 & union ($\union$) \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	110	\tt - & $[i,i]\To i$ & Left 65 & set difference ($-$) \\[1ex]
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	111	\tt: & $[i,i]\To o$ & Left 50 & membership ($\in$) \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	112	\tt <= & $[i,i]\To o$ & Left 50 & subset ($\subseteq$)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	113	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	114	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	115	\subcaption{Infixes}
d8205bb279a7 Initial revision lcp parents: diff changeset	116	\caption{Constants of {\ZF}} \label{ZF-constants}
d8205bb279a7 Initial revision lcp parents: diff changeset	117	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	118
d8205bb279a7 Initial revision lcp parents: diff changeset	119
d8205bb279a7 Initial revision lcp parents: diff changeset	120	\section{The syntax of set theory}
d8205bb279a7 Initial revision lcp parents: diff changeset	121	The language of set theory, as studied by logicians, has no constants. The
d8205bb279a7 Initial revision lcp parents: diff changeset	122	traditional axioms merely assert the existence of empty sets, unions,
d8205bb279a7 Initial revision lcp parents: diff changeset	123	powersets, etc.; this would be intolerable for practical reasoning. The
d8205bb279a7 Initial revision lcp parents: diff changeset	124	Isabelle theory declares constants for primitive sets. It also extends
d8205bb279a7 Initial revision lcp parents: diff changeset	125	{\tt FOL} with additional syntax for finite sets, ordered pairs,
d8205bb279a7 Initial revision lcp parents: diff changeset	126	comprehension, general union/intersection, general sums/products, and
d8205bb279a7 Initial revision lcp parents: diff changeset	127	bounded quantifiers. In most other respects, Isabelle implements precisely
d8205bb279a7 Initial revision lcp parents: diff changeset	128	Zermelo-Fraenkel set theory.
d8205bb279a7 Initial revision lcp parents: diff changeset	129
d8205bb279a7 Initial revision lcp parents: diff changeset	130	Figure~\ref{ZF-constants} lists the constants and infixes of~\ZF, while
d8205bb279a7 Initial revision lcp parents: diff changeset	131	Figure~\ref{ZF-trans} presents the syntax translations. Finally,
d8205bb279a7 Initial revision lcp parents: diff changeset	132	Figure~\ref{ZF-syntax} presents the full grammar for set theory, including
d8205bb279a7 Initial revision lcp parents: diff changeset	133	the constructs of \FOL.
d8205bb279a7 Initial revision lcp parents: diff changeset	134
d8205bb279a7 Initial revision lcp parents: diff changeset	135	Set theory does not use polymorphism. All terms in {\ZF} have type~{\it
d8205bb279a7 Initial revision lcp parents: diff changeset	136	i}, which is the type of individuals and lies in class {\it logic}.
d8205bb279a7 Initial revision lcp parents: diff changeset	137	The type of first-order formulae,
d8205bb279a7 Initial revision lcp parents: diff changeset	138	remember, is~{\it o}.
d8205bb279a7 Initial revision lcp parents: diff changeset	139
d8205bb279a7 Initial revision lcp parents: diff changeset	140	Infix operators include union and intersection ($A\union B$ and $A\inter
d8205bb279a7 Initial revision lcp parents: diff changeset	141	B$), and the subset and membership relations. Note that $a$\verb\|~:\|$b$ is
d8205bb279a7 Initial revision lcp parents: diff changeset	142	translated to \verb\|~(\|$a$:$b$\verb\|)\|. The union and intersection
d8205bb279a7 Initial revision lcp parents: diff changeset	143	operators ($\bigcup A$ and $\bigcap A$) form the union or intersection of a
d8205bb279a7 Initial revision lcp parents: diff changeset	144	set of sets; $\bigcup A$ means the same as $\bigcup@{x\in A}x$. Of these
d8205bb279a7 Initial revision lcp parents: diff changeset	145	operators, only $\bigcup A$ is primitive.
d8205bb279a7 Initial revision lcp parents: diff changeset	146
d8205bb279a7 Initial revision lcp parents: diff changeset	147	The constant \ttindexbold{Upair} constructs unordered pairs; thus {\tt
d8205bb279a7 Initial revision lcp parents: diff changeset	148	Upair($A$,$B$)} denotes the set~$\{A,B\}$ and {\tt Upair($A$,$A$)} denotes
d8205bb279a7 Initial revision lcp parents: diff changeset	149	the singleton~$\{A\}$. As usual in {\ZF}, general union is used to define
d8205bb279a7 Initial revision lcp parents: diff changeset	150	binary union. The Isabelle version goes on to define the constant
d8205bb279a7 Initial revision lcp parents: diff changeset	151	\ttindexbold{cons}:
d8205bb279a7 Initial revision lcp parents: diff changeset	152	\begin{eqnarray*}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	153	A\cup B & \equiv & \bigcup({\tt Upair}(A,B)) \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	154	{\tt cons}(a,B) & \equiv & {\tt Upair}(a,a) \union B
104 d8205bb279a7 Initial revision lcp parents: diff changeset	155	\end{eqnarray*}
d8205bb279a7 Initial revision lcp parents: diff changeset	156	The {\tt\{\ldots\}} notation abbreviates finite sets constructed in the
d8205bb279a7 Initial revision lcp parents: diff changeset	157	obvious manner using~{\tt cons} and~$\emptyset$ (the empty set):
d8205bb279a7 Initial revision lcp parents: diff changeset	158	\begin{eqnarray*}
d8205bb279a7 Initial revision lcp parents: diff changeset	159	\{a,b,c\} & \equiv & {\tt cons}(a,{\tt cons}(b,{\tt cons}(c,\emptyset)))
d8205bb279a7 Initial revision lcp parents: diff changeset	160	\end{eqnarray*}
d8205bb279a7 Initial revision lcp parents: diff changeset	161
d8205bb279a7 Initial revision lcp parents: diff changeset	162	The constant \ttindexbold{Pair} constructs ordered pairs, as in {\tt
d8205bb279a7 Initial revision lcp parents: diff changeset	163	Pair($a$,$b$)}. Ordered pairs may also be written within angle brackets,
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	164	as {\tt<$a$,$b$>}. The $n$-tuple {\tt<$a@1$,\ldots,$a@{n-1}$,$a@n$>}
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	165	abbreviates the nest of pairs
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	166	\begin{quote}
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	167	\tt Pair($a@1$,\ldots,Pair($a@{n-1}$,$a@n$)\ldots).
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	168	\end{quote}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	169
d8205bb279a7 Initial revision lcp parents: diff changeset	170	In {\ZF}, a function is a set of pairs. A {\ZF} function~$f$ is simply an
d8205bb279a7 Initial revision lcp parents: diff changeset	171	individual as far as Isabelle is concerned: its Isabelle type is~$i$, not
d8205bb279a7 Initial revision lcp parents: diff changeset	172	say $i\To i$. The infix operator~{\tt`} denotes the application of a
d8205bb279a7 Initial revision lcp parents: diff changeset	173	function set to its argument; we must write~$f{\tt`}x$, not~$f(x)$. The
d8205bb279a7 Initial revision lcp parents: diff changeset	174	syntax for image is~$f{\tt``}A$ and that for inverse image is~$f{\tt-``}A$.
d8205bb279a7 Initial revision lcp parents: diff changeset	175
d8205bb279a7 Initial revision lcp parents: diff changeset	176
d8205bb279a7 Initial revision lcp parents: diff changeset	177	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	178	\indexbold{*"-">}
d8205bb279a7 Initial revision lcp parents: diff changeset	179	\indexbold{"}
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	180	\begin{center} \footnotesize\tt\frenchspacing
104 d8205bb279a7 Initial revision lcp parents: diff changeset	181	\begin{tabular}{rrr}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	182	\it external & \it internal & \it description \\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	183	$a$ \ttilde: $b$ & \ttilde($a$ : $b$) & \rm negated membership\\
d8205bb279a7 Initial revision lcp parents: diff changeset	184	\{$a@1$, $\ldots$, $a@n$\} & cons($a@1$,$\cdots$,cons($a@n$,0)) &
d8205bb279a7 Initial revision lcp parents: diff changeset	185	\rm finite set \\
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	186	<$a@1$, $\ldots$, $a@{n-1}$, $a@n$> &
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	187	Pair($a@1$,\ldots,Pair($a@{n-1}$,$a@n$)\ldots) &
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	188	\rm ordered $n$-tuple \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	189	\{$x$:$A . P[x]$\} & Collect($A$,$\lambda x.P[x]$) &
104 d8205bb279a7 Initial revision lcp parents: diff changeset	190	\rm separation \\
d8205bb279a7 Initial revision lcp parents: diff changeset	191	\{$y . x$:$A$, $Q[x,y]$\} & Replace($A$,$\lambda x\,y.Q[x,y]$) &
d8205bb279a7 Initial revision lcp parents: diff changeset	192	\rm replacement \\
d8205bb279a7 Initial revision lcp parents: diff changeset	193	\{$b[x] . x$:$A$\} & RepFun($A$,$\lambda x.b[x]$) &
d8205bb279a7 Initial revision lcp parents: diff changeset	194	\rm functional replacement \\
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	195	\idx{INT} $x$:$A . B[x]$ & Inter(\{$B[x] . x$:$A$\}) &
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	196	\rm general intersection \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	197	\idx{UN} $x$:$A . B[x]$ & Union(\{$B[x] . x$:$A$\}) &
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	198	\rm general union \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	199	\idx{PROD} $x$:$A . B[x]$ & Pi($A$,$\lambda x.B[x]$) &
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	200	\rm general product \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	201	\idx{SUM} $x$:$A . B[x]$ & Sigma($A$,$\lambda x.B[x]$) &
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	202	\rm general sum \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	203	$A$ -> $B$ & Pi($A$,$\lambda x.B$) &
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	204	\rm function space \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	205	$A$ * $B$ & Sigma($A$,$\lambda x.B$) &
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	206	\rm binary product \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	207	\idx{THE} $x . P[x]$ & The($\lambda x.P[x]$) &
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	208	\rm definite description \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	209	\idx{lam} $x$:$A . b[x]$ & Lambda($A$,$\lambda x.b[x]$) &
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	210	\rm $\lambda$-abstraction\\[1ex]
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	211	\idx{ALL} $x$:$A . P[x]$ & Ball($A$,$\lambda x.P[x]$) &
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	212	\rm bounded $\forall$ \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	213	\idx{EX} $x$:$A . P[x]$ & Bex($A$,$\lambda x.P[x]$) &
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	214	\rm bounded $\exists$
104 d8205bb279a7 Initial revision lcp parents: diff changeset	215	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	216	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	217	\caption{Translations for {\ZF}} \label{ZF-trans}
d8205bb279a7 Initial revision lcp parents: diff changeset	218	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	219
d8205bb279a7 Initial revision lcp parents: diff changeset	220
d8205bb279a7 Initial revision lcp parents: diff changeset	221	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	222	\dquotes
d8205bb279a7 Initial revision lcp parents: diff changeset	223	\[\begin{array}{rcl}
d8205bb279a7 Initial revision lcp parents: diff changeset	224	term & = & \hbox{expression of type~$i$} \\
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	225	& \| & "\{ " term\; ("," term)^* " \}" \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	226	& \| & "< " term ", " term " >" \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	227	& \| & "\{ " id ":" term " . " formula " \}" \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	228	& \| & "\{ " id " . " id ":" term "," formula " \}" \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	229	& \| & "\{ " term " . " id ":" term " \}" \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	230	& \| & term " `` " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	231	& \| & term " -`` " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	232	& \| & term " ` " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	233	& \| & term " * " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	234	& \| & term " Int " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	235	& \| & term " Un " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	236	& \| & term " - " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	237	& \| & term " -> " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	238	& \| & "THE~~" id " . " formula\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	239	& \| & "lam~~" id ":" term " . " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	240	& \| & "INT~~" id ":" term " . " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	241	& \| & "UN~~~" id ":" term " . " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	242	& \| & "PROD~" id ":" term " . " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	243	& \| & "SUM~~" id ":" term " . " term \\[2ex]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	244	formula & = & \hbox{expression of type~$o$} \\
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	245	& \| & term " : " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	246	& \| & term " <= " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	247	& \| & term " = " term \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	248	& \| & "\ttilde\ " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	249	& \| & formula " \& " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	250	& \| & formula " \| " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	251	& \| & formula " --> " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	252	& \| & formula " <-> " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	253	& \| & "ALL " id ":" term " . " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	254	& \| & "EX~~" id ":" term " . " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	255	& \| & "ALL~" id~id^* " . " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	256	& \| & "EX~~" id~id^* " . " formula \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	257	& \| & "EX!~" id~id^* " . " formula
104 d8205bb279a7 Initial revision lcp parents: diff changeset	258	\end{array}
d8205bb279a7 Initial revision lcp parents: diff changeset	259	\]
d8205bb279a7 Initial revision lcp parents: diff changeset	260	\caption{Full grammar for {\ZF}} \label{ZF-syntax}
d8205bb279a7 Initial revision lcp parents: diff changeset	261	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	262
d8205bb279a7 Initial revision lcp parents: diff changeset	263
d8205bb279a7 Initial revision lcp parents: diff changeset	264	\section{Binding operators}
d8205bb279a7 Initial revision lcp parents: diff changeset	265	The constant \ttindexbold{Collect} constructs sets by the principle of {\bf
d8205bb279a7 Initial revision lcp parents: diff changeset	266	separation}. The syntax for separation is \hbox{\tt\{$x$:$A$.$P[x]$\}},
d8205bb279a7 Initial revision lcp parents: diff changeset	267	where $P[x]$ is a formula that may contain free occurrences of~$x$. It
d8205bb279a7 Initial revision lcp parents: diff changeset	268	abbreviates the set {\tt Collect($A$,$\lambda x.P$[x])}, which consists of
d8205bb279a7 Initial revision lcp parents: diff changeset	269	all $x\in A$ that satisfy~$P[x]$. Note that {\tt Collect} is an
d8205bb279a7 Initial revision lcp parents: diff changeset	270	unfortunate choice of name: some set theories adopt a set-formation
d8205bb279a7 Initial revision lcp parents: diff changeset	271	principle, related to replacement, called collection.
d8205bb279a7 Initial revision lcp parents: diff changeset	272
d8205bb279a7 Initial revision lcp parents: diff changeset	273	The constant \ttindexbold{Replace} constructs sets by the principle of {\bf
d8205bb279a7 Initial revision lcp parents: diff changeset	274	replacement}. The syntax for replacement is
d8205bb279a7 Initial revision lcp parents: diff changeset	275	\hbox{\tt\{$y$.$x$:$A$,$Q[x,y]$\}}. It denotes the set {\tt
d8205bb279a7 Initial revision lcp parents: diff changeset	276	Replace($A$,$\lambda x\,y.Q$[x,y])} consisting of all $y$ such that there
d8205bb279a7 Initial revision lcp parents: diff changeset	277	exists $x\in A$ satisfying~$Q[x,y]$. The Replacement Axiom has the
d8205bb279a7 Initial revision lcp parents: diff changeset	278	condition that $Q$ must be single-valued over~$A$: for all~$x\in A$ there
d8205bb279a7 Initial revision lcp parents: diff changeset	279	exists at most one $y$ satisfying~$Q[x,y]$. A single-valued binary
d8205bb279a7 Initial revision lcp parents: diff changeset	280	predicate is also called a {\bf class function}.
d8205bb279a7 Initial revision lcp parents: diff changeset	281
d8205bb279a7 Initial revision lcp parents: diff changeset	282	The constant \ttindexbold{RepFun} expresses a special case of replacement,
d8205bb279a7 Initial revision lcp parents: diff changeset	283	where $Q[x,y]$ has the form $y=b[x]$. Such a $Q$ is trivially
d8205bb279a7 Initial revision lcp parents: diff changeset	284	single-valued, since it is just the graph of the meta-level
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	285	function~$\lambda x.b[x]$. The resulting set consists of all $b[x]$
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	286	for~$x\in A$. This is analogous to the \ML{} functional {\tt map}, since
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	287	it applies a function to every element of a set. The syntax is
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	288	\hbox{\tt\{$b[x]$.$x$:$A$\}}, which expands to {\tt RepFun($A$,$\lambda
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	289	x.b[x]$)}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	290
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	291
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	292	\indexbold{INT}\indexbold{UN}
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	293	General unions and intersections of indexed
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	294	families of sets, namely $\bigcup@{x\in A}B[x]$ and $\bigcap@{x\in A}B[x]$,
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	295	are written \hbox{\tt UN $x$:$A$.$B[x]$} and \hbox{\tt INT $x$:$A$.$B[x]$}.
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	296	Their meaning is expressed using {\tt RepFun} as
104 d8205bb279a7 Initial revision lcp parents: diff changeset	297	\[ \bigcup(\{B[x]. x\in A\}) \qquad\hbox{and}\qquad
d8205bb279a7 Initial revision lcp parents: diff changeset	298	\bigcap(\{B[x]. x\in A\}).
d8205bb279a7 Initial revision lcp parents: diff changeset	299	\]
d8205bb279a7 Initial revision lcp parents: diff changeset	300	General sums $\sum@{x\in A}B[x]$ and products $\prod@{x\in A}B[x]$ can be
d8205bb279a7 Initial revision lcp parents: diff changeset	301	constructed in set theory, where $B[x]$ is a family of sets over~$A$. They
d8205bb279a7 Initial revision lcp parents: diff changeset	302	have as special cases $A\times B$ and $A\to B$, where $B$ is simply a set.
d8205bb279a7 Initial revision lcp parents: diff changeset	303	This is similar to the situation in Constructive Type Theory (set theory
d8205bb279a7 Initial revision lcp parents: diff changeset	304	has ``dependent sets'') and calls for similar syntactic conventions. The
d8205bb279a7 Initial revision lcp parents: diff changeset	305	constants~\ttindexbold{Sigma} and~\ttindexbold{Pi} construct general sums and
d8205bb279a7 Initial revision lcp parents: diff changeset	306	products. Instead of {\tt Sigma($A$,$B$)} and {\tt Pi($A$,$B$)} we may write
d8205bb279a7 Initial revision lcp parents: diff changeset	307	\hbox{\tt SUM $x$:$A$.$B[x]$} and \hbox{\tt PROD $x$:$A$.$B[x]$}.
d8205bb279a7 Initial revision lcp parents: diff changeset	308	\indexbold{SUM}\indexbold{PROD}%
d8205bb279a7 Initial revision lcp parents: diff changeset	309	The special cases as \hbox{\tt$A$*$B$} and \hbox{\tt$A$->$B$} abbreviate
d8205bb279a7 Initial revision lcp parents: diff changeset	310	general sums and products over a constant family.\footnote{Unlike normal
d8205bb279a7 Initial revision lcp parents: diff changeset	311	infix operators, {\tt*} and {\tt->} merely define abbreviations; there are
d8205bb279a7 Initial revision lcp parents: diff changeset	312	no constants~{\tt op~*} and~\hbox{\tt op~->}.} Isabelle accepts these
d8205bb279a7 Initial revision lcp parents: diff changeset	313	abbreviations in parsing and uses them whenever possible for printing.
d8205bb279a7 Initial revision lcp parents: diff changeset	314
d8205bb279a7 Initial revision lcp parents: diff changeset	315	\indexbold{*THE}
d8205bb279a7 Initial revision lcp parents: diff changeset	316	As mentioned above, whenever the axioms assert the existence and uniqueness
d8205bb279a7 Initial revision lcp parents: diff changeset	317	of a set, Isabelle's set theory declares a constant for that set. These
d8205bb279a7 Initial revision lcp parents: diff changeset	318	constants can express the {\bf definite description} operator~$\iota
d8205bb279a7 Initial revision lcp parents: diff changeset	319	x.P[x]$, which stands for the unique~$a$ satisfying~$P[a]$, if such exists.
d8205bb279a7 Initial revision lcp parents: diff changeset	320	Since all terms in {\ZF} denote something, a description is always
d8205bb279a7 Initial revision lcp parents: diff changeset	321	meaningful, but we do not know its value unless $P[x]$ defines it uniquely.
d8205bb279a7 Initial revision lcp parents: diff changeset	322	Using the constant~\ttindexbold{The}, we may write descriptions as {\tt
d8205bb279a7 Initial revision lcp parents: diff changeset	323	The($\lambda x.P[x]$)} or use the syntax \hbox{\tt THE $x$.$P[x]$}.
d8205bb279a7 Initial revision lcp parents: diff changeset	324
d8205bb279a7 Initial revision lcp parents: diff changeset	325	\indexbold{*lam}
d8205bb279a7 Initial revision lcp parents: diff changeset	326	Function sets may be written in $\lambda$-notation; $\lambda x\in A.b[x]$
d8205bb279a7 Initial revision lcp parents: diff changeset	327	stands for the set of all pairs $\pair{x,b[x]}$ for $x\in A$. In order for
d8205bb279a7 Initial revision lcp parents: diff changeset	328	this to be a set, the function's domain~$A$ must be given. Using the
d8205bb279a7 Initial revision lcp parents: diff changeset	329	constant~\ttindexbold{Lambda}, we may express function sets as {\tt
d8205bb279a7 Initial revision lcp parents: diff changeset	330	Lambda($A$,$\lambda x.b[x]$)} or use the syntax \hbox{\tt lam $x$:$A$.$b[x]$}.
d8205bb279a7 Initial revision lcp parents: diff changeset	331
d8205bb279a7 Initial revision lcp parents: diff changeset	332	Isabelle's set theory defines two {\bf bounded quantifiers}:
d8205bb279a7 Initial revision lcp parents: diff changeset	333	\begin{eqnarray*}
d8205bb279a7 Initial revision lcp parents: diff changeset	334	\forall x\in A.P[x] &\hbox{which abbreviates}& \forall x. x\in A\imp P[x] \\
d8205bb279a7 Initial revision lcp parents: diff changeset	335	\exists x\in A.P[x] &\hbox{which abbreviates}& \exists x. x\in A\conj P[x]
d8205bb279a7 Initial revision lcp parents: diff changeset	336	\end{eqnarray*}
d8205bb279a7 Initial revision lcp parents: diff changeset	337	The constants~\ttindexbold{Ball} and~\ttindexbold{Bex} are defined
d8205bb279a7 Initial revision lcp parents: diff changeset	338	accordingly. Instead of {\tt Ball($A$,$P$)} and {\tt Bex($A$,$P$)} we may
d8205bb279a7 Initial revision lcp parents: diff changeset	339	write
d8205bb279a7 Initial revision lcp parents: diff changeset	340	\hbox{\tt ALL $x$:$A$.$P[x]$} and \hbox{\tt EX $x$:$A$.$P[x]$}.
d8205bb279a7 Initial revision lcp parents: diff changeset	341
d8205bb279a7 Initial revision lcp parents: diff changeset	342
d8205bb279a7 Initial revision lcp parents: diff changeset	343	%%%% zf.thy
d8205bb279a7 Initial revision lcp parents: diff changeset	344
d8205bb279a7 Initial revision lcp parents: diff changeset	345	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	346	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	347	\idx{Ball_def} Ball(A,P) == ALL x. x:A --> P(x)
d8205bb279a7 Initial revision lcp parents: diff changeset	348	\idx{Bex_def} Bex(A,P) == EX x. x:A & P(x)
d8205bb279a7 Initial revision lcp parents: diff changeset	349
d8205bb279a7 Initial revision lcp parents: diff changeset	350	\idx{subset_def} A <= B == ALL x:A. x:B
d8205bb279a7 Initial revision lcp parents: diff changeset	351	\idx{extension} A = B <-> A <= B & B <= A
d8205bb279a7 Initial revision lcp parents: diff changeset	352
d8205bb279a7 Initial revision lcp parents: diff changeset	353	\idx{union_iff} A : Union(C) <-> (EX B:C. A:B)
d8205bb279a7 Initial revision lcp parents: diff changeset	354	\idx{power_set} A : Pow(B) <-> A <= B
d8205bb279a7 Initial revision lcp parents: diff changeset	355	\idx{foundation} A=0 \| (EX x:A. ALL y:x. ~ y:A)
d8205bb279a7 Initial revision lcp parents: diff changeset	356
d8205bb279a7 Initial revision lcp parents: diff changeset	357	\idx{replacement} (ALL x:A. ALL y z. P(x,y) & P(x,z) --> y=z) ==>
d8205bb279a7 Initial revision lcp parents: diff changeset	358	b : PrimReplace(A,P) <-> (EX x:A. P(x,b))
d8205bb279a7 Initial revision lcp parents: diff changeset	359	\subcaption{The Zermelo-Fraenkel Axioms}
d8205bb279a7 Initial revision lcp parents: diff changeset	360
d8205bb279a7 Initial revision lcp parents: diff changeset	361	\idx{Replace_def} Replace(A,P) ==
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	362	PrimReplace(A, \%x y. (EX!z.P(x,z)) & P(x,y))
104 d8205bb279a7 Initial revision lcp parents: diff changeset	363	\idx{RepFun_def} RepFun(A,f) == \{y . x:A, y=f(x)\}
d8205bb279a7 Initial revision lcp parents: diff changeset	364	\idx{the_def} The(P) == Union(\{y . x:\{0\}, P(y)\})
d8205bb279a7 Initial revision lcp parents: diff changeset	365	\idx{if_def} if(P,a,b) == THE z. P & z=a \| ~P & z=b
d8205bb279a7 Initial revision lcp parents: diff changeset	366	\idx{Collect_def} Collect(A,P) == \{y . x:A, x=y & P(x)\}
d8205bb279a7 Initial revision lcp parents: diff changeset	367	\idx{Upair_def} Upair(a,b) ==
d8205bb279a7 Initial revision lcp parents: diff changeset	368	\{y. x:Pow(Pow(0)), (x=0 & y=a) \| (x=Pow(0) & y=b)\}
d8205bb279a7 Initial revision lcp parents: diff changeset	369	\subcaption{Consequences of replacement}
d8205bb279a7 Initial revision lcp parents: diff changeset	370
d8205bb279a7 Initial revision lcp parents: diff changeset	371	\idx{Inter_def} Inter(A) == \{ x:Union(A) . ALL y:A. x:y\}
d8205bb279a7 Initial revision lcp parents: diff changeset	372	\idx{Un_def} A Un B == Union(Upair(A,B))
d8205bb279a7 Initial revision lcp parents: diff changeset	373	\idx{Int_def} A Int B == Inter(Upair(A,B))
d8205bb279a7 Initial revision lcp parents: diff changeset	374	\idx{Diff_def} A - B == \{ x:A . ~(x:B) \}
d8205bb279a7 Initial revision lcp parents: diff changeset	375	\subcaption{Union, intersection, difference}
d8205bb279a7 Initial revision lcp parents: diff changeset	376	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	377	\caption{Rules and axioms of {\ZF}} \label{ZF-rules}
d8205bb279a7 Initial revision lcp parents: diff changeset	378	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	379
d8205bb279a7 Initial revision lcp parents: diff changeset	380
d8205bb279a7 Initial revision lcp parents: diff changeset	381	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	382	\begin{ttbox}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	383	\idx{cons_def} cons(a,A) == Upair(a,a) Un A
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	384	\idx{succ_def} succ(i) == cons(i,i)
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	385	\idx{infinity} 0:Inf & (ALL y:Inf. succ(y): Inf)
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	386	\subcaption{Finite and infinite sets}
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	387
104 d8205bb279a7 Initial revision lcp parents: diff changeset	388	\idx{Pair_def} <a,b> == \{\{a,a\}, \{a,b\}\}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	389	\idx{split_def} split(c,p) == THE y. EX a b. p=<a,b> & y=c(a,b)
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	390	\idx{fst_def} fst(A) == split(\%x y.x, p)
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	391	\idx{snd_def} snd(A) == split(\%x y.y, p)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	392	\idx{Sigma_def} Sigma(A,B) == UN x:A. UN y:B(x). \{<x,y>\}
d8205bb279a7 Initial revision lcp parents: diff changeset	393	\subcaption{Ordered pairs and Cartesian products}
d8205bb279a7 Initial revision lcp parents: diff changeset	394
d8205bb279a7 Initial revision lcp parents: diff changeset	395	\idx{converse_def} converse(r) == \{z. w:r, EX x y. w=<x,y> & z=<y,x>\}
d8205bb279a7 Initial revision lcp parents: diff changeset	396	\idx{domain_def} domain(r) == \{x. w:r, EX y. w=<x,y>\}
d8205bb279a7 Initial revision lcp parents: diff changeset	397	\idx{range_def} range(r) == domain(converse(r))
d8205bb279a7 Initial revision lcp parents: diff changeset	398	\idx{field_def} field(r) == domain(r) Un range(r)
d8205bb279a7 Initial revision lcp parents: diff changeset	399	\idx{image_def} r `` A == \{y : range(r) . EX x:A. <x,y> : r\}
d8205bb279a7 Initial revision lcp parents: diff changeset	400	\idx{vimage_def} r -`` A == converse(r)``A
d8205bb279a7 Initial revision lcp parents: diff changeset	401	\subcaption{Operations on relations}
d8205bb279a7 Initial revision lcp parents: diff changeset	402
d8205bb279a7 Initial revision lcp parents: diff changeset	403	\idx{lam_def} Lambda(A,b) == \{<x,b(x)> . x:A\}
d8205bb279a7 Initial revision lcp parents: diff changeset	404	\idx{apply_def} f`a == THE y. <a,y> : f
d8205bb279a7 Initial revision lcp parents: diff changeset	405	\idx{Pi_def} Pi(A,B) == \{f: Pow(Sigma(A,B)). ALL x:A. EX! y. <x,y>: f\}
d8205bb279a7 Initial revision lcp parents: diff changeset	406	\idx{restrict_def} restrict(f,A) == lam x:A.f`x
d8205bb279a7 Initial revision lcp parents: diff changeset	407	\subcaption{Functions and general product}
d8205bb279a7 Initial revision lcp parents: diff changeset	408	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	409	\caption{Further definitions of {\ZF}} \label{ZF-defs}
d8205bb279a7 Initial revision lcp parents: diff changeset	410	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	411
d8205bb279a7 Initial revision lcp parents: diff changeset	412
d8205bb279a7 Initial revision lcp parents: diff changeset	413	%%%% zf.ML
d8205bb279a7 Initial revision lcp parents: diff changeset	414
d8205bb279a7 Initial revision lcp parents: diff changeset	415	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	416	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	417	\idx{ballI} [\| !!x. x:A ==> P(x) \|] ==> ALL x:A. P(x)
d8205bb279a7 Initial revision lcp parents: diff changeset	418	\idx{bspec} [\| ALL x:A. P(x); x: A \|] ==> P(x)
d8205bb279a7 Initial revision lcp parents: diff changeset	419	\idx{ballE} [\| ALL x:A. P(x); P(x) ==> Q; ~ x:A ==> Q \|] ==> Q
d8205bb279a7 Initial revision lcp parents: diff changeset	420
d8205bb279a7 Initial revision lcp parents: diff changeset	421	\idx{ball_cong} [\| A=A'; !!x. x:A' ==> P(x) <-> P'(x) \|] ==>
d8205bb279a7 Initial revision lcp parents: diff changeset	422	(ALL x:A. P(x)) <-> (ALL x:A'. P'(x))
d8205bb279a7 Initial revision lcp parents: diff changeset	423
d8205bb279a7 Initial revision lcp parents: diff changeset	424	\idx{bexI} [\| P(x); x: A \|] ==> EX x:A. P(x)
d8205bb279a7 Initial revision lcp parents: diff changeset	425	\idx{bexCI} [\| ALL x:A. ~P(x) ==> P(a); a: A \|] ==> EX x:A.P(x)
d8205bb279a7 Initial revision lcp parents: diff changeset	426	\idx{bexE} [\| EX x:A. P(x); !!x. [\| x:A; P(x) \|] ==> Q \|] ==> Q
d8205bb279a7 Initial revision lcp parents: diff changeset	427
d8205bb279a7 Initial revision lcp parents: diff changeset	428	\idx{bex_cong} [\| A=A'; !!x. x:A' ==> P(x) <-> P'(x) \|] ==>
d8205bb279a7 Initial revision lcp parents: diff changeset	429	(EX x:A. P(x)) <-> (EX x:A'. P'(x))
d8205bb279a7 Initial revision lcp parents: diff changeset	430	\subcaption{Bounded quantifiers}
d8205bb279a7 Initial revision lcp parents: diff changeset	431
d8205bb279a7 Initial revision lcp parents: diff changeset	432	\idx{subsetI} (!!x.x:A ==> x:B) ==> A <= B
d8205bb279a7 Initial revision lcp parents: diff changeset	433	\idx{subsetD} [\| A <= B; c:A \|] ==> c:B
d8205bb279a7 Initial revision lcp parents: diff changeset	434	\idx{subsetCE} [\| A <= B; ~(c:A) ==> P; c:B ==> P \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	435	\idx{subset_refl} A <= A
d8205bb279a7 Initial revision lcp parents: diff changeset	436	\idx{subset_trans} [\| A<=B; B<=C \|] ==> A<=C
d8205bb279a7 Initial revision lcp parents: diff changeset	437
d8205bb279a7 Initial revision lcp parents: diff changeset	438	\idx{equalityI} [\| A <= B; B <= A \|] ==> A = B
d8205bb279a7 Initial revision lcp parents: diff changeset	439	\idx{equalityD1} A = B ==> A<=B
d8205bb279a7 Initial revision lcp parents: diff changeset	440	\idx{equalityD2} A = B ==> B<=A
d8205bb279a7 Initial revision lcp parents: diff changeset	441	\idx{equalityE} [\| A = B; [\| A<=B; B<=A \|] ==> P \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	442	\subcaption{Subsets and extensionality}
d8205bb279a7 Initial revision lcp parents: diff changeset	443
d8205bb279a7 Initial revision lcp parents: diff changeset	444	\idx{emptyE} a:0 ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	445	\idx{empty_subsetI} 0 <= A
d8205bb279a7 Initial revision lcp parents: diff changeset	446	\idx{equals0I} [\| !!y. y:A ==> False \|] ==> A=0
d8205bb279a7 Initial revision lcp parents: diff changeset	447	\idx{equals0D} [\| A=0; a:A \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	448
d8205bb279a7 Initial revision lcp parents: diff changeset	449	\idx{PowI} A <= B ==> A : Pow(B)
d8205bb279a7 Initial revision lcp parents: diff changeset	450	\idx{PowD} A : Pow(B) ==> A<=B
d8205bb279a7 Initial revision lcp parents: diff changeset	451	\subcaption{The empty set; power sets}
d8205bb279a7 Initial revision lcp parents: diff changeset	452	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	453	\caption{Basic derived rules for {\ZF}} \label{ZF-lemmas1}
d8205bb279a7 Initial revision lcp parents: diff changeset	454	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	455
d8205bb279a7 Initial revision lcp parents: diff changeset	456
d8205bb279a7 Initial revision lcp parents: diff changeset	457
d8205bb279a7 Initial revision lcp parents: diff changeset	458	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	459	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	460	\idx{ReplaceI} [\| x: A; P(x,b); !!y. P(x,y) ==> y=b \|] ==>
d8205bb279a7 Initial revision lcp parents: diff changeset	461	b : \{y. x:A, P(x,y)\}
d8205bb279a7 Initial revision lcp parents: diff changeset	462
d8205bb279a7 Initial revision lcp parents: diff changeset	463	\idx{ReplaceE} [\| b : \{y. x:A, P(x,y)\};
d8205bb279a7 Initial revision lcp parents: diff changeset	464	!!x. [\| x: A; P(x,b); ALL y. P(x,y)-->y=b \|] ==> R
d8205bb279a7 Initial revision lcp parents: diff changeset	465	\|] ==> R
d8205bb279a7 Initial revision lcp parents: diff changeset	466
d8205bb279a7 Initial revision lcp parents: diff changeset	467	\idx{RepFunI} [\| a : A \|] ==> f(a) : \{f(x). x:A\}
d8205bb279a7 Initial revision lcp parents: diff changeset	468	\idx{RepFunE} [\| b : \{f(x). x:A\};
d8205bb279a7 Initial revision lcp parents: diff changeset	469	!!x.[\| x:A; b=f(x) \|] ==> P \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	470
d8205bb279a7 Initial revision lcp parents: diff changeset	471	\idx{separation} a : \{x:A. P(x)\} <-> a:A & P(a)
d8205bb279a7 Initial revision lcp parents: diff changeset	472	\idx{CollectI} [\| a:A; P(a) \|] ==> a : \{x:A. P(x)\}
d8205bb279a7 Initial revision lcp parents: diff changeset	473	\idx{CollectE} [\| a : \{x:A. P(x)\}; [\| a:A; P(a) \|] ==> R \|] ==> R
d8205bb279a7 Initial revision lcp parents: diff changeset	474	\idx{CollectD1} a : \{x:A. P(x)\} ==> a:A
d8205bb279a7 Initial revision lcp parents: diff changeset	475	\idx{CollectD2} a : \{x:A. P(x)\} ==> P(a)
d8205bb279a7 Initial revision lcp parents: diff changeset	476	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	477	\caption{Replacement and separation} \label{ZF-lemmas2}
d8205bb279a7 Initial revision lcp parents: diff changeset	478	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	479
d8205bb279a7 Initial revision lcp parents: diff changeset	480
d8205bb279a7 Initial revision lcp parents: diff changeset	481	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	482	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	483	\idx{UnionI} [\| B: C; A: B \|] ==> A: Union(C)
d8205bb279a7 Initial revision lcp parents: diff changeset	484	\idx{UnionE} [\| A : Union(C); !!B.[\| A: B; B: C \|] ==> R \|] ==> R
d8205bb279a7 Initial revision lcp parents: diff changeset	485
d8205bb279a7 Initial revision lcp parents: diff changeset	486	\idx{InterI} [\| !!x. x: C ==> A: x; c:C \|] ==> A : Inter(C)
d8205bb279a7 Initial revision lcp parents: diff changeset	487	\idx{InterD} [\| A : Inter(C); B : C \|] ==> A : B
d8205bb279a7 Initial revision lcp parents: diff changeset	488	\idx{InterE} [\| A : Inter(C); A:B ==> R; ~ B:C ==> R \|] ==> R
d8205bb279a7 Initial revision lcp parents: diff changeset	489
d8205bb279a7 Initial revision lcp parents: diff changeset	490	\idx{UN_I} [\| a: A; b: B(a) \|] ==> b: (UN x:A. B(x))
d8205bb279a7 Initial revision lcp parents: diff changeset	491	\idx{UN_E} [\| b : (UN x:A. B(x)); !!x.[\| x: A; b: B(x) \|] ==> R
d8205bb279a7 Initial revision lcp parents: diff changeset	492	\|] ==> R
d8205bb279a7 Initial revision lcp parents: diff changeset	493
d8205bb279a7 Initial revision lcp parents: diff changeset	494	\idx{INT_I} [\| !!x. x: A ==> b: B(x); a: A \|] ==> b: (INT x:A. B(x))
d8205bb279a7 Initial revision lcp parents: diff changeset	495	\idx{INT_E} [\| b : (INT x:A. B(x)); a: A \|] ==> b : B(a)
d8205bb279a7 Initial revision lcp parents: diff changeset	496	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	497	\caption{General Union and Intersection} \label{ZF-lemmas3}
d8205bb279a7 Initial revision lcp parents: diff changeset	498	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	499
d8205bb279a7 Initial revision lcp parents: diff changeset	500
d8205bb279a7 Initial revision lcp parents: diff changeset	501	\section{The Zermelo-Fraenkel axioms}
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	502	The axioms appear in Fig.\ts \ref{ZF-rules}. They resemble those
104 d8205bb279a7 Initial revision lcp parents: diff changeset	503	presented by Suppes~\cite{suppes72}. Most of the theory consists of
d8205bb279a7 Initial revision lcp parents: diff changeset	504	definitions. In particular, bounded quantifiers and the subset relation
d8205bb279a7 Initial revision lcp parents: diff changeset	505	appear in other axioms. Object-level quantifiers and implications have
d8205bb279a7 Initial revision lcp parents: diff changeset	506	been replaced by meta-level ones wherever possible, to simplify use of the
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	507	axioms. See the file {\tt ZF/zf.thy} for details.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	508
d8205bb279a7 Initial revision lcp parents: diff changeset	509	The traditional replacement axiom asserts
d8205bb279a7 Initial revision lcp parents: diff changeset	510	\[ y \in {\tt PrimReplace}(A,P) \bimp (\exists x\in A. P(x,y)) \]
d8205bb279a7 Initial revision lcp parents: diff changeset	511	subject to the condition that $P(x,y)$ is single-valued for all~$x\in A$.
d8205bb279a7 Initial revision lcp parents: diff changeset	512	The Isabelle theory defines \ttindex{Replace} to apply
d8205bb279a7 Initial revision lcp parents: diff changeset	513	\ttindexbold{PrimReplace} to the single-valued part of~$P$, namely
d8205bb279a7 Initial revision lcp parents: diff changeset	514	\[ (\exists!z.P(x,z)) \conj P(x,y). \]
d8205bb279a7 Initial revision lcp parents: diff changeset	515	Thus $y\in {\tt Replace}(A,P)$ if and only if there is some~$x$ such that
d8205bb279a7 Initial revision lcp parents: diff changeset	516	$P(x,-)$ holds uniquely for~$y$. Because the equivalence is unconditional,
d8205bb279a7 Initial revision lcp parents: diff changeset	517	{\tt Replace} is much easier to use than {\tt PrimReplace}; it defines the
d8205bb279a7 Initial revision lcp parents: diff changeset	518	same set, if $P(x,y)$ is single-valued. The nice syntax for replacement
d8205bb279a7 Initial revision lcp parents: diff changeset	519	expands to {\tt Replace}.
d8205bb279a7 Initial revision lcp parents: diff changeset	520
d8205bb279a7 Initial revision lcp parents: diff changeset	521	Other consequences of replacement include functional replacement
d8205bb279a7 Initial revision lcp parents: diff changeset	522	(\ttindexbold{RepFun}) and definite descriptions (\ttindexbold{The}).
d8205bb279a7 Initial revision lcp parents: diff changeset	523	Axioms for separation (\ttindexbold{Collect}) and unordered pairs
d8205bb279a7 Initial revision lcp parents: diff changeset	524	(\ttindexbold{Upair}) are traditionally assumed, but they actually follow
d8205bb279a7 Initial revision lcp parents: diff changeset	525	from replacement~\cite[pages 237--8]{suppes72}.
d8205bb279a7 Initial revision lcp parents: diff changeset	526
d8205bb279a7 Initial revision lcp parents: diff changeset	527	The definitions of general intersection, etc., are straightforward. Note
d8205bb279a7 Initial revision lcp parents: diff changeset	528	the definition of \ttindex{cons}, which underlies the finite set notation.
d8205bb279a7 Initial revision lcp parents: diff changeset	529	The axiom of infinity gives us a set that contains~0 and is closed under
d8205bb279a7 Initial revision lcp parents: diff changeset	530	successor (\ttindexbold{succ}). Although this set is not uniquely defined,
d8205bb279a7 Initial revision lcp parents: diff changeset	531	the theory names it (\ttindexbold{Inf}) in order to simplify the
d8205bb279a7 Initial revision lcp parents: diff changeset	532	construction of the natural numbers.
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	533
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	534	Further definitions appear in Fig.\ts\ref{ZF-defs}. Ordered pairs are
104 d8205bb279a7 Initial revision lcp parents: diff changeset	535	defined in the standard way, $\pair{a,b}\equiv\{\{a\},\{a,b\}\}$. Recall
d8205bb279a7 Initial revision lcp parents: diff changeset	536	that \ttindexbold{Sigma}$(A,B)$ generalizes the Cartesian product of two
d8205bb279a7 Initial revision lcp parents: diff changeset	537	sets. It is defined to be the union of all singleton sets
d8205bb279a7 Initial revision lcp parents: diff changeset	538	$\{\pair{x,y}\}$, for $x\in A$ and $y\in B(x)$. This is a typical usage of
d8205bb279a7 Initial revision lcp parents: diff changeset	539	general union.
d8205bb279a7 Initial revision lcp parents: diff changeset	540
d8205bb279a7 Initial revision lcp parents: diff changeset	541	The projections involve definite descriptions. The \ttindex{split}
d8205bb279a7 Initial revision lcp parents: diff changeset	542	operation is like the similar operation in Martin-L\"of Type Theory, and is
d8205bb279a7 Initial revision lcp parents: diff changeset	543	often easier to use than \ttindex{fst} and~\ttindex{snd}. It is defined
d8205bb279a7 Initial revision lcp parents: diff changeset	544	using a description for convenience, but could equivalently be defined by
d8205bb279a7 Initial revision lcp parents: diff changeset	545	\begin{ttbox}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	546	split(c,p) == c(fst(p),snd(p))
104 d8205bb279a7 Initial revision lcp parents: diff changeset	547	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	548	Operations on relations include converse, domain, range, and image. The
d8205bb279a7 Initial revision lcp parents: diff changeset	549	set ${\tt Pi}(A,B)$ generalizes the space of functions between two sets.
d8205bb279a7 Initial revision lcp parents: diff changeset	550	Note the simple definitions of $\lambda$-abstraction (using
d8205bb279a7 Initial revision lcp parents: diff changeset	551	\ttindex{RepFun}) and application (using a definite description). The
d8205bb279a7 Initial revision lcp parents: diff changeset	552	function \ttindex{restrict}$(f,A)$ has the same values as~$f$, but only
d8205bb279a7 Initial revision lcp parents: diff changeset	553	over the domain~$A$.
d8205bb279a7 Initial revision lcp parents: diff changeset	554
d8205bb279a7 Initial revision lcp parents: diff changeset	555	No axiom of choice is provided. It is traditional to include this axiom
d8205bb279a7 Initial revision lcp parents: diff changeset	556	only where it is needed --- mainly in the theory of cardinal numbers, which
d8205bb279a7 Initial revision lcp parents: diff changeset	557	Isabelle does not formalize at present.
d8205bb279a7 Initial revision lcp parents: diff changeset	558
d8205bb279a7 Initial revision lcp parents: diff changeset	559
d8205bb279a7 Initial revision lcp parents: diff changeset	560	\section{From basic lemmas to function spaces}
d8205bb279a7 Initial revision lcp parents: diff changeset	561	Faced with so many definitions, it is essential to prove lemmas. Even
d8205bb279a7 Initial revision lcp parents: diff changeset	562	trivial theorems like $A\inter B=B\inter A$ would be difficult to prove
d8205bb279a7 Initial revision lcp parents: diff changeset	563	from the definitions alone. Isabelle's set theory derives many rules using
d8205bb279a7 Initial revision lcp parents: diff changeset	564	a natural deduction style. Ideally, a natural deduction rule should
d8205bb279a7 Initial revision lcp parents: diff changeset	565	introduce or eliminate just one operator, but this is not always practical.
d8205bb279a7 Initial revision lcp parents: diff changeset	566	For most operators, we may forget its definition and use its derived rules
d8205bb279a7 Initial revision lcp parents: diff changeset	567	instead.
d8205bb279a7 Initial revision lcp parents: diff changeset	568
d8205bb279a7 Initial revision lcp parents: diff changeset	569	\subsection{Fundamental lemmas}
d8205bb279a7 Initial revision lcp parents: diff changeset	570	Figure~\ref{ZF-lemmas1} presents the derived rules for the most basic
d8205bb279a7 Initial revision lcp parents: diff changeset	571	operators. The rules for the bounded quantifiers resemble those for the
d8205bb279a7 Initial revision lcp parents: diff changeset	572	ordinary quantifiers, but note that \ttindex{BallE} uses a negated
d8205bb279a7 Initial revision lcp parents: diff changeset	573	assumption in the style of Isabelle's classical module. The congruence rules
d8205bb279a7 Initial revision lcp parents: diff changeset	574	\ttindex{ball_cong} and \ttindex{bex_cong} are required by Isabelle's
d8205bb279a7 Initial revision lcp parents: diff changeset	575	simplifier, but have few other uses. Congruence rules must be specially
d8205bb279a7 Initial revision lcp parents: diff changeset	576	derived for all binding operators, and henceforth will not be shown.
d8205bb279a7 Initial revision lcp parents: diff changeset	577
d8205bb279a7 Initial revision lcp parents: diff changeset	578	Figure~\ref{ZF-lemmas1} also shows rules for the subset and equality
d8205bb279a7 Initial revision lcp parents: diff changeset	579	relations (proof by extensionality), and rules about the empty set and the
d8205bb279a7 Initial revision lcp parents: diff changeset	580	power set operator.
d8205bb279a7 Initial revision lcp parents: diff changeset	581
d8205bb279a7 Initial revision lcp parents: diff changeset	582	Figure~\ref{ZF-lemmas2} presents rules for replacement and separation.
d8205bb279a7 Initial revision lcp parents: diff changeset	583	The rules for \ttindex{Replace} and \ttindex{RepFun} are much simpler than
d8205bb279a7 Initial revision lcp parents: diff changeset	584	comparable rules for {\tt PrimReplace} would be. The principle of
d8205bb279a7 Initial revision lcp parents: diff changeset	585	separation is proved explicitly, although most proofs should use the
d8205bb279a7 Initial revision lcp parents: diff changeset	586	natural deduction rules for \ttindex{Collect}. The elimination rule
d8205bb279a7 Initial revision lcp parents: diff changeset	587	\ttindex{CollectE} is equivalent to the two destruction rules
d8205bb279a7 Initial revision lcp parents: diff changeset	588	\ttindex{CollectD1} and \ttindex{CollectD2}, but each rule is suited to
d8205bb279a7 Initial revision lcp parents: diff changeset	589	particular circumstances. Although too many rules can be confusing, there
d8205bb279a7 Initial revision lcp parents: diff changeset	590	is no reason to aim for a minimal set of rules. See the file
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	591	{\tt ZF/zf.ML} for a complete listing.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	592
d8205bb279a7 Initial revision lcp parents: diff changeset	593	Figure~\ref{ZF-lemmas3} presents rules for general union and intersection.
d8205bb279a7 Initial revision lcp parents: diff changeset	594	The empty intersection should be undefined. We cannot have
d8205bb279a7 Initial revision lcp parents: diff changeset	595	$\bigcap(\emptyset)=V$ because $V$, the universal class, is not a set. All
d8205bb279a7 Initial revision lcp parents: diff changeset	596	expressions denote something in {\ZF} set theory; the definition of
d8205bb279a7 Initial revision lcp parents: diff changeset	597	intersection implies $\bigcap(\emptyset)=\emptyset$, but this value is
d8205bb279a7 Initial revision lcp parents: diff changeset	598	arbitrary. The rule \ttindexbold{InterI} must have a premise to exclude
d8205bb279a7 Initial revision lcp parents: diff changeset	599	the empty intersection. Some of the laws governing intersections require
d8205bb279a7 Initial revision lcp parents: diff changeset	600	similar premises.
d8205bb279a7 Initial revision lcp parents: diff changeset	601
d8205bb279a7 Initial revision lcp parents: diff changeset	602
d8205bb279a7 Initial revision lcp parents: diff changeset	603	%%% upair.ML
d8205bb279a7 Initial revision lcp parents: diff changeset	604
d8205bb279a7 Initial revision lcp parents: diff changeset	605	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	606	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	607	\idx{pairing} a:Upair(b,c) <-> (a=b \| a=c)
d8205bb279a7 Initial revision lcp parents: diff changeset	608	\idx{UpairI1} a : Upair(a,b)
d8205bb279a7 Initial revision lcp parents: diff changeset	609	\idx{UpairI2} b : Upair(a,b)
d8205bb279a7 Initial revision lcp parents: diff changeset	610	\idx{UpairE} [\| a : Upair(b,c); a = b ==> P; a = c ==> P \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	611	\subcaption{Unordered pairs}
d8205bb279a7 Initial revision lcp parents: diff changeset	612
d8205bb279a7 Initial revision lcp parents: diff changeset	613	\idx{UnI1} c : A ==> c : A Un B
d8205bb279a7 Initial revision lcp parents: diff changeset	614	\idx{UnI2} c : B ==> c : A Un B
d8205bb279a7 Initial revision lcp parents: diff changeset	615	\idx{UnCI} (~c : B ==> c : A) ==> c : A Un B
d8205bb279a7 Initial revision lcp parents: diff changeset	616	\idx{UnE} [\| c : A Un B; c:A ==> P; c:B ==> P \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	617
d8205bb279a7 Initial revision lcp parents: diff changeset	618	\idx{IntI} [\| c : A; c : B \|] ==> c : A Int B
d8205bb279a7 Initial revision lcp parents: diff changeset	619	\idx{IntD1} c : A Int B ==> c : A
d8205bb279a7 Initial revision lcp parents: diff changeset	620	\idx{IntD2} c : A Int B ==> c : B
d8205bb279a7 Initial revision lcp parents: diff changeset	621	\idx{IntE} [\| c : A Int B; [\| c:A; c:B \|] ==> P \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	622
d8205bb279a7 Initial revision lcp parents: diff changeset	623	\idx{DiffI} [\| c : A; ~ c : B \|] ==> c : A - B
d8205bb279a7 Initial revision lcp parents: diff changeset	624	\idx{DiffD1} c : A - B ==> c : A
d8205bb279a7 Initial revision lcp parents: diff changeset	625	\idx{DiffD2} [\| c : A - B; c : B \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	626	\idx{DiffE} [\| c : A - B; [\| c:A; ~ c:B \|] ==> P \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	627	\subcaption{Union, intersection, difference}
d8205bb279a7 Initial revision lcp parents: diff changeset	628	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	629	\caption{Unordered pairs and their consequences} \label{ZF-upair1}
d8205bb279a7 Initial revision lcp parents: diff changeset	630	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	631
d8205bb279a7 Initial revision lcp parents: diff changeset	632
d8205bb279a7 Initial revision lcp parents: diff changeset	633	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	634	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	635	\idx{consI1} a : cons(a,B)
d8205bb279a7 Initial revision lcp parents: diff changeset	636	\idx{consI2} a : B ==> a : cons(b,B)
d8205bb279a7 Initial revision lcp parents: diff changeset	637	\idx{consCI} (~ a:B ==> a=b) ==> a: cons(b,B)
d8205bb279a7 Initial revision lcp parents: diff changeset	638	\idx{consE} [\| a : cons(b,A); a=b ==> P; a:A ==> P \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	639
d8205bb279a7 Initial revision lcp parents: diff changeset	640	\idx{singletonI} a : \{a\}
d8205bb279a7 Initial revision lcp parents: diff changeset	641	\idx{singletonE} [\| a : \{b\}; a=b ==> P \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	642	\subcaption{Finite and singleton sets}
d8205bb279a7 Initial revision lcp parents: diff changeset	643
d8205bb279a7 Initial revision lcp parents: diff changeset	644	\idx{succI1} i : succ(i)
d8205bb279a7 Initial revision lcp parents: diff changeset	645	\idx{succI2} i : j ==> i : succ(j)
d8205bb279a7 Initial revision lcp parents: diff changeset	646	\idx{succCI} (~ i:j ==> i=j) ==> i: succ(j)
d8205bb279a7 Initial revision lcp parents: diff changeset	647	\idx{succE} [\| i : succ(j); i=j ==> P; i:j ==> P \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	648	\idx{succ_neq_0} [\| succ(n)=0 \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	649	\idx{succ_inject} succ(m) = succ(n) ==> m=n
d8205bb279a7 Initial revision lcp parents: diff changeset	650	\subcaption{The successor function}
d8205bb279a7 Initial revision lcp parents: diff changeset	651
d8205bb279a7 Initial revision lcp parents: diff changeset	652	\idx{the_equality} [\| P(a); !!x. P(x) ==> x=a \|] ==> (THE x. P(x)) = a
d8205bb279a7 Initial revision lcp parents: diff changeset	653	\idx{theI} EX! x. P(x) ==> P(THE x. P(x))
d8205bb279a7 Initial revision lcp parents: diff changeset	654
d8205bb279a7 Initial revision lcp parents: diff changeset	655	\idx{if_P} P ==> if(P,a,b) = a
d8205bb279a7 Initial revision lcp parents: diff changeset	656	\idx{if_not_P} ~P ==> if(P,a,b) = b
d8205bb279a7 Initial revision lcp parents: diff changeset	657
d8205bb279a7 Initial revision lcp parents: diff changeset	658	\idx{mem_anti_sym} [\| a:b; b:a \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	659	\idx{mem_anti_refl} a:a ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	660	\subcaption{Descriptions; non-circularity}
d8205bb279a7 Initial revision lcp parents: diff changeset	661	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	662	\caption{Finite sets and their consequences} \label{ZF-upair2}
d8205bb279a7 Initial revision lcp parents: diff changeset	663	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	664
d8205bb279a7 Initial revision lcp parents: diff changeset	665
d8205bb279a7 Initial revision lcp parents: diff changeset	666	\subsection{Unordered pairs and finite sets}
d8205bb279a7 Initial revision lcp parents: diff changeset	667	Figure~\ref{ZF-upair1} presents the principle of unordered pairing, along
d8205bb279a7 Initial revision lcp parents: diff changeset	668	with its derived rules. Binary union and intersection are defined in terms
d8205bb279a7 Initial revision lcp parents: diff changeset	669	of ordered pairs, and set difference is included for completeness. The
d8205bb279a7 Initial revision lcp parents: diff changeset	670	rule \ttindexbold{UnCI} is useful for classical reasoning about unions,
d8205bb279a7 Initial revision lcp parents: diff changeset	671	like {\tt disjCI}\@; it supersedes \ttindexbold{UnI1} and
d8205bb279a7 Initial revision lcp parents: diff changeset	672	\ttindexbold{UnI2}, but these rules are often easier to work with. For
d8205bb279a7 Initial revision lcp parents: diff changeset	673	intersection and difference we have both elimination and destruction rules.
d8205bb279a7 Initial revision lcp parents: diff changeset	674	Again, there is no reason to provide a minimal rule set.
d8205bb279a7 Initial revision lcp parents: diff changeset	675
d8205bb279a7 Initial revision lcp parents: diff changeset	676	Figure~\ref{ZF-upair2} is concerned with finite sets. It presents rules
d8205bb279a7 Initial revision lcp parents: diff changeset	677	for~\ttindex{cons}, the finite set constructor, and rules for singleton
d8205bb279a7 Initial revision lcp parents: diff changeset	678	sets. Because the successor function is defined in terms of~{\tt cons},
d8205bb279a7 Initial revision lcp parents: diff changeset	679	its derived rules appear here.
d8205bb279a7 Initial revision lcp parents: diff changeset	680
d8205bb279a7 Initial revision lcp parents: diff changeset	681	Definite descriptions (\ttindex{THE}) are defined in terms of the singleton
d8205bb279a7 Initial revision lcp parents: diff changeset	682	set $\{0\}$, but their derived rules fortunately hide this. The
d8205bb279a7 Initial revision lcp parents: diff changeset	683	rule~\ttindex{theI} can be difficult to apply, because $\Var{P}$ must be
d8205bb279a7 Initial revision lcp parents: diff changeset	684	instantiated correctly. However, \ttindex{the_equality} does not have this
d8205bb279a7 Initial revision lcp parents: diff changeset	685	problem and the files contain many examples of its use.
d8205bb279a7 Initial revision lcp parents: diff changeset	686
d8205bb279a7 Initial revision lcp parents: diff changeset	687	Finally, the impossibility of having both $a\in b$ and $b\in a$
d8205bb279a7 Initial revision lcp parents: diff changeset	688	(\ttindex{mem_anti_sym}) is proved by applying the axiom of foundation to
d8205bb279a7 Initial revision lcp parents: diff changeset	689	the set $\{a,b\}$. The impossibility of $a\in a$ is a trivial consequence.
d8205bb279a7 Initial revision lcp parents: diff changeset	690
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	691	See the file {\tt ZF/upair.ML} for full details.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	692
d8205bb279a7 Initial revision lcp parents: diff changeset	693
d8205bb279a7 Initial revision lcp parents: diff changeset	694	%%% subset.ML
d8205bb279a7 Initial revision lcp parents: diff changeset	695
d8205bb279a7 Initial revision lcp parents: diff changeset	696	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	697	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	698	\idx{Union_upper} B:A ==> B <= Union(A)
d8205bb279a7 Initial revision lcp parents: diff changeset	699	\idx{Union_least} [\| !!x. x:A ==> x<=C \|] ==> Union(A) <= C
d8205bb279a7 Initial revision lcp parents: diff changeset	700
d8205bb279a7 Initial revision lcp parents: diff changeset	701	\idx{Inter_lower} B:A ==> Inter(A) <= B
d8205bb279a7 Initial revision lcp parents: diff changeset	702	\idx{Inter_greatest} [\| a:A; !!x. x:A ==> C<=x \|] ==> C <= Inter(A)
d8205bb279a7 Initial revision lcp parents: diff changeset	703
d8205bb279a7 Initial revision lcp parents: diff changeset	704	\idx{Un_upper1} A <= A Un B
d8205bb279a7 Initial revision lcp parents: diff changeset	705	\idx{Un_upper2} B <= A Un B
d8205bb279a7 Initial revision lcp parents: diff changeset	706	\idx{Un_least} [\| A<=C; B<=C \|] ==> A Un B <= C
d8205bb279a7 Initial revision lcp parents: diff changeset	707
d8205bb279a7 Initial revision lcp parents: diff changeset	708	\idx{Int_lower1} A Int B <= A
d8205bb279a7 Initial revision lcp parents: diff changeset	709	\idx{Int_lower2} A Int B <= B
d8205bb279a7 Initial revision lcp parents: diff changeset	710	\idx{Int_greatest} [\| C<=A; C<=B \|] ==> C <= A Int B
d8205bb279a7 Initial revision lcp parents: diff changeset	711
d8205bb279a7 Initial revision lcp parents: diff changeset	712	\idx{Diff_subset} A-B <= A
d8205bb279a7 Initial revision lcp parents: diff changeset	713	\idx{Diff_contains} [\| C<=A; C Int B = 0 \|] ==> C <= A-B
d8205bb279a7 Initial revision lcp parents: diff changeset	714
d8205bb279a7 Initial revision lcp parents: diff changeset	715	\idx{Collect_subset} Collect(A,P) <= A
d8205bb279a7 Initial revision lcp parents: diff changeset	716	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	717	\caption{Subset and lattice properties} \label{ZF-subset}
d8205bb279a7 Initial revision lcp parents: diff changeset	718	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	719
d8205bb279a7 Initial revision lcp parents: diff changeset	720
d8205bb279a7 Initial revision lcp parents: diff changeset	721	\subsection{Subset and lattice properties}
d8205bb279a7 Initial revision lcp parents: diff changeset	722	Figure~\ref{ZF-subset} shows that the subset relation is a complete
d8205bb279a7 Initial revision lcp parents: diff changeset	723	lattice. Unions form least upper bounds; non-empty intersections form
d8205bb279a7 Initial revision lcp parents: diff changeset	724	greatest lower bounds. A few other laws involving subsets are included.
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	725	See the file {\tt ZF/subset.ML}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	726
d8205bb279a7 Initial revision lcp parents: diff changeset	727	%%% pair.ML
d8205bb279a7 Initial revision lcp parents: diff changeset	728
d8205bb279a7 Initial revision lcp parents: diff changeset	729	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	730	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	731	\idx{Pair_inject1} <a,b> = <c,d> ==> a=c
d8205bb279a7 Initial revision lcp parents: diff changeset	732	\idx{Pair_inject2} <a,b> = <c,d> ==> b=d
d8205bb279a7 Initial revision lcp parents: diff changeset	733	\idx{Pair_inject} [\| <a,b> = <c,d>; [\| a=c; b=d \|] ==> P \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	734	\idx{Pair_neq_0} <a,b>=0 ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	735
d8205bb279a7 Initial revision lcp parents: diff changeset	736	\idx{fst} fst(<a,b>) = a
d8205bb279a7 Initial revision lcp parents: diff changeset	737	\idx{snd} snd(<a,b>) = b
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	738	\idx{split} split(\%x y.c(x,y), <a,b>) = c(a,b)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	739
d8205bb279a7 Initial revision lcp parents: diff changeset	740	\idx{SigmaI} [\| a:A; b:B(a) \|] ==> <a,b> : Sigma(A,B)
d8205bb279a7 Initial revision lcp parents: diff changeset	741
d8205bb279a7 Initial revision lcp parents: diff changeset	742	\idx{SigmaE} [\| c: Sigma(A,B);
d8205bb279a7 Initial revision lcp parents: diff changeset	743	!!x y.[\| x:A; y:B(x); c=<x,y> \|] ==> P \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	744
d8205bb279a7 Initial revision lcp parents: diff changeset	745	\idx{SigmaE2} [\| <a,b> : Sigma(A,B);
d8205bb279a7 Initial revision lcp parents: diff changeset	746	[\| a:A; b:B(a) \|] ==> P \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	747	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	748	\caption{Ordered pairs; projections; general sums} \label{ZF-pair}
d8205bb279a7 Initial revision lcp parents: diff changeset	749	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	750
d8205bb279a7 Initial revision lcp parents: diff changeset	751
d8205bb279a7 Initial revision lcp parents: diff changeset	752	\subsection{Ordered pairs}
d8205bb279a7 Initial revision lcp parents: diff changeset	753	Figure~\ref{ZF-pair} presents the rules governing ordered pairs,
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	754	projections and general sums. File {\tt ZF/pair.ML} contains the
104 d8205bb279a7 Initial revision lcp parents: diff changeset	755	full (and tedious) proof that $\{\{a\},\{a,b\}\}$ functions as an ordered
d8205bb279a7 Initial revision lcp parents: diff changeset	756	pair. This property is expressed as two destruction rules,
d8205bb279a7 Initial revision lcp parents: diff changeset	757	\ttindexbold{Pair_inject1} and \ttindexbold{Pair_inject2}, and equivalently
d8205bb279a7 Initial revision lcp parents: diff changeset	758	as the elimination rule \ttindexbold{Pair_inject}.
d8205bb279a7 Initial revision lcp parents: diff changeset	759
114 96c627d2815e Misc updates lcp parents: 111 diff changeset	760	The rule \ttindexbold{Pair_neq_0} asserts $\pair{a,b}\neq\emptyset$. This
96c627d2815e Misc updates lcp parents: 111 diff changeset	761	is a property of $\{\{a\},\{a,b\}\}$, and need not hold for other
96c627d2815e Misc updates lcp parents: 111 diff changeset	762	encoding of ordered pairs. The non-standard ordered pairs mentioned below
96c627d2815e Misc updates lcp parents: 111 diff changeset	763	satisfy $\pair{\emptyset;\emptyset}=\emptyset$.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	764
d8205bb279a7 Initial revision lcp parents: diff changeset	765	The natural deduction rules \ttindexbold{SigmaI} and \ttindexbold{SigmaE}
d8205bb279a7 Initial revision lcp parents: diff changeset	766	assert that \ttindex{Sigma}$(A,B)$ consists of all pairs of the form
d8205bb279a7 Initial revision lcp parents: diff changeset	767	$\pair{x,y}$, for $x\in A$ and $y\in B(x)$. The rule \ttindexbold{SigmaE2}
d8205bb279a7 Initial revision lcp parents: diff changeset	768	merely states that $\pair{a,b}\in {\tt Sigma}(A,B)$ implies $a\in A$ and
d8205bb279a7 Initial revision lcp parents: diff changeset	769	$b\in B(a)$.
d8205bb279a7 Initial revision lcp parents: diff changeset	770
d8205bb279a7 Initial revision lcp parents: diff changeset	771
d8205bb279a7 Initial revision lcp parents: diff changeset	772	%%% domrange.ML
d8205bb279a7 Initial revision lcp parents: diff changeset	773
d8205bb279a7 Initial revision lcp parents: diff changeset	774	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	775	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	776	\idx{domainI} <a,b>: r ==> a : domain(r)
d8205bb279a7 Initial revision lcp parents: diff changeset	777	\idx{domainE} [\| a : domain(r); !!y. <a,y>: r ==> P \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	778	\idx{domain_subset} domain(Sigma(A,B)) <= A
d8205bb279a7 Initial revision lcp parents: diff changeset	779
d8205bb279a7 Initial revision lcp parents: diff changeset	780	\idx{rangeI} <a,b>: r ==> b : range(r)
d8205bb279a7 Initial revision lcp parents: diff changeset	781	\idx{rangeE} [\| b : range(r); !!x. <x,b>: r ==> P \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	782	\idx{range_subset} range(A*B) <= B
d8205bb279a7 Initial revision lcp parents: diff changeset	783
d8205bb279a7 Initial revision lcp parents: diff changeset	784	\idx{fieldI1} <a,b>: r ==> a : field(r)
d8205bb279a7 Initial revision lcp parents: diff changeset	785	\idx{fieldI2} <a,b>: r ==> b : field(r)
d8205bb279a7 Initial revision lcp parents: diff changeset	786	\idx{fieldCI} (~ <c,a>:r ==> <a,b>: r) ==> a : field(r)
d8205bb279a7 Initial revision lcp parents: diff changeset	787
d8205bb279a7 Initial revision lcp parents: diff changeset	788	\idx{fieldE} [\| a : field(r);
d8205bb279a7 Initial revision lcp parents: diff changeset	789	!!x. <a,x>: r ==> P;
d8205bb279a7 Initial revision lcp parents: diff changeset	790	!!x. <x,a>: r ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	791	\|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	792
d8205bb279a7 Initial revision lcp parents: diff changeset	793	\idx{field_subset} field(A*A) <= A
d8205bb279a7 Initial revision lcp parents: diff changeset	794	\subcaption{Domain, range and field of a Relation}
d8205bb279a7 Initial revision lcp parents: diff changeset	795
d8205bb279a7 Initial revision lcp parents: diff changeset	796	\idx{imageI} [\| <a,b>: r; a:A \|] ==> b : r``A
d8205bb279a7 Initial revision lcp parents: diff changeset	797	\idx{imageE} [\| b: r``A; !!x.[\| <x,b>: r; x:A \|] ==> P \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	798
d8205bb279a7 Initial revision lcp parents: diff changeset	799	\idx{vimageI} [\| <a,b>: r; b:B \|] ==> a : r-``B
d8205bb279a7 Initial revision lcp parents: diff changeset	800	\idx{vimageE} [\| a: r-``B; !!x.[\| <a,x>: r; x:B \|] ==> P \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	801	\subcaption{Image and inverse image}
d8205bb279a7 Initial revision lcp parents: diff changeset	802	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	803	\caption{Relations} \label{ZF-domrange}
d8205bb279a7 Initial revision lcp parents: diff changeset	804	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	805
d8205bb279a7 Initial revision lcp parents: diff changeset	806
d8205bb279a7 Initial revision lcp parents: diff changeset	807	\subsection{Relations}
d8205bb279a7 Initial revision lcp parents: diff changeset	808	Figure~\ref{ZF-domrange} presents rules involving relations, which are sets
d8205bb279a7 Initial revision lcp parents: diff changeset	809	of ordered pairs. The converse of a relation~$r$ is the set of all pairs
d8205bb279a7 Initial revision lcp parents: diff changeset	810	$\pair{y,x}$ such that $\pair{x,y}\in r$; if $r$ is a function, then
d8205bb279a7 Initial revision lcp parents: diff changeset	811	{\ttindex{converse}$(r)$} is its inverse. The rules for the domain
d8205bb279a7 Initial revision lcp parents: diff changeset	812	operation, \ttindex{domainI} and~\ttindex{domainE}, assert that
d8205bb279a7 Initial revision lcp parents: diff changeset	813	\ttindex{domain}$(r)$ consists of every element~$a$ such that $r$ contains
d8205bb279a7 Initial revision lcp parents: diff changeset	814	some pair of the form~$\pair{x,y}$. The range operation is similar, and
d8205bb279a7 Initial revision lcp parents: diff changeset	815	the field of a relation is merely the union of its domain and range. Note
d8205bb279a7 Initial revision lcp parents: diff changeset	816	that image and inverse image are generalizations of range and domain,
d8205bb279a7 Initial revision lcp parents: diff changeset	817	respectively. See the file
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	818	{\tt ZF/domrange.ML} for derivations of the rules.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	819
d8205bb279a7 Initial revision lcp parents: diff changeset	820
d8205bb279a7 Initial revision lcp parents: diff changeset	821	%%% func.ML
d8205bb279a7 Initial revision lcp parents: diff changeset	822
d8205bb279a7 Initial revision lcp parents: diff changeset	823	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	824	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	825	\idx{fun_is_rel} f: Pi(A,B) ==> f <= Sigma(A,B)
d8205bb279a7 Initial revision lcp parents: diff changeset	826
d8205bb279a7 Initial revision lcp parents: diff changeset	827	\idx{apply_equality} [\| <a,b>: f; f: Pi(A,B) \|] ==> f`a = b
d8205bb279a7 Initial revision lcp parents: diff changeset	828	\idx{apply_equality2} [\| <a,b>: f; <a,c>: f; f: Pi(A,B) \|] ==> b=c
d8205bb279a7 Initial revision lcp parents: diff changeset	829
d8205bb279a7 Initial revision lcp parents: diff changeset	830	\idx{apply_type} [\| f: Pi(A,B); a:A \|] ==> f`a : B(a)
d8205bb279a7 Initial revision lcp parents: diff changeset	831	\idx{apply_Pair} [\| f: Pi(A,B); a:A \|] ==> <a,f`a>: f
d8205bb279a7 Initial revision lcp parents: diff changeset	832	\idx{apply_iff} f: Pi(A,B) ==> <a,b>: f <-> a:A & f`a = b
d8205bb279a7 Initial revision lcp parents: diff changeset	833
d8205bb279a7 Initial revision lcp parents: diff changeset	834	\idx{fun_extension} [\| f : Pi(A,B); g: Pi(A,D);
d8205bb279a7 Initial revision lcp parents: diff changeset	835	!!x. x:A ==> f`x = g`x \|] ==> f=g
d8205bb279a7 Initial revision lcp parents: diff changeset	836
d8205bb279a7 Initial revision lcp parents: diff changeset	837	\idx{domain_type} [\| <a,b> : f; f: Pi(A,B) \|] ==> a : A
d8205bb279a7 Initial revision lcp parents: diff changeset	838	\idx{range_type} [\| <a,b> : f; f: Pi(A,B) \|] ==> b : B(a)
d8205bb279a7 Initial revision lcp parents: diff changeset	839
d8205bb279a7 Initial revision lcp parents: diff changeset	840	\idx{Pi_type} [\| f: A->C; !!x. x:A ==> f`x: B(x) \|] ==> f: Pi(A,B)
d8205bb279a7 Initial revision lcp parents: diff changeset	841	\idx{domain_of_fun} f: Pi(A,B) ==> domain(f)=A
d8205bb279a7 Initial revision lcp parents: diff changeset	842	\idx{range_of_fun} f: Pi(A,B) ==> f: A->range(f)
d8205bb279a7 Initial revision lcp parents: diff changeset	843
d8205bb279a7 Initial revision lcp parents: diff changeset	844	\idx{restrict} a : A ==> restrict(f,A) ` a = f`a
d8205bb279a7 Initial revision lcp parents: diff changeset	845	\idx{restrict_type} [\| !!x. x:A ==> f`x: B(x) \|] ==>
d8205bb279a7 Initial revision lcp parents: diff changeset	846	restrict(f,A) : Pi(A,B)
d8205bb279a7 Initial revision lcp parents: diff changeset	847
d8205bb279a7 Initial revision lcp parents: diff changeset	848	\idx{lamI} a:A ==> <a,b(a)> : (lam x:A. b(x))
d8205bb279a7 Initial revision lcp parents: diff changeset	849	\idx{lamE} [\| p: (lam x:A. b(x)); !!x.[\| x:A; p=<x,b(x)> \|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	850	\|] ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	851
d8205bb279a7 Initial revision lcp parents: diff changeset	852	\idx{lam_type} [\| !!x. x:A ==> b(x): B(x) \|] ==> (lam x:A.b(x)) : Pi(A,B)
d8205bb279a7 Initial revision lcp parents: diff changeset	853
d8205bb279a7 Initial revision lcp parents: diff changeset	854	\idx{beta} a : A ==> (lam x:A.b(x)) ` a = b(a)
d8205bb279a7 Initial revision lcp parents: diff changeset	855	\idx{eta} f : Pi(A,B) ==> (lam x:A. f`x) = f
d8205bb279a7 Initial revision lcp parents: diff changeset	856
d8205bb279a7 Initial revision lcp parents: diff changeset	857	\idx{lam_theI} (!!x. x:A ==> EX! y. Q(x,y)) ==> EX h. ALL x:A. Q(x, h`x)
d8205bb279a7 Initial revision lcp parents: diff changeset	858	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	859	\caption{Functions and $\lambda$-abstraction} \label{ZF-func1}
d8205bb279a7 Initial revision lcp parents: diff changeset	860	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	861
d8205bb279a7 Initial revision lcp parents: diff changeset	862
d8205bb279a7 Initial revision lcp parents: diff changeset	863	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	864	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	865	\idx{fun_empty} 0: 0->0
d8205bb279a7 Initial revision lcp parents: diff changeset	866	\idx{fun_single} \{<a,b>\} : \{a\} -> \{b\}
d8205bb279a7 Initial revision lcp parents: diff changeset	867
d8205bb279a7 Initial revision lcp parents: diff changeset	868	\idx{fun_disjoint_Un} [\| f: A->B; g: C->D; A Int C = 0 \|] ==>
d8205bb279a7 Initial revision lcp parents: diff changeset	869	(f Un g) : (A Un C) -> (B Un D)
d8205bb279a7 Initial revision lcp parents: diff changeset	870
d8205bb279a7 Initial revision lcp parents: diff changeset	871	\idx{fun_disjoint_apply1} [\| a:A; f: A->B; g: C->D; A Int C = 0 \|] ==>
d8205bb279a7 Initial revision lcp parents: diff changeset	872	(f Un g)`a = f`a
d8205bb279a7 Initial revision lcp parents: diff changeset	873
d8205bb279a7 Initial revision lcp parents: diff changeset	874	\idx{fun_disjoint_apply2} [\| c:C; f: A->B; g: C->D; A Int C = 0 \|] ==>
d8205bb279a7 Initial revision lcp parents: diff changeset	875	(f Un g)`c = g`c
d8205bb279a7 Initial revision lcp parents: diff changeset	876	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	877	\caption{Constructing functions from smaller sets} \label{ZF-func2}
d8205bb279a7 Initial revision lcp parents: diff changeset	878	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	879
d8205bb279a7 Initial revision lcp parents: diff changeset	880
d8205bb279a7 Initial revision lcp parents: diff changeset	881	\subsection{Functions}
d8205bb279a7 Initial revision lcp parents: diff changeset	882	Functions, represented by graphs, are notoriously difficult to reason
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	883	about. The file {\tt ZF/func.ML} derives many rules, which overlap
104 d8205bb279a7 Initial revision lcp parents: diff changeset	884	more than they ought. One day these rules will be tidied up; this section
d8205bb279a7 Initial revision lcp parents: diff changeset	885	presents only the more important ones.
d8205bb279a7 Initial revision lcp parents: diff changeset	886
d8205bb279a7 Initial revision lcp parents: diff changeset	887	Figure~\ref{ZF-func1} presents the basic properties of \ttindex{Pi}$(A,B)$,
d8205bb279a7 Initial revision lcp parents: diff changeset	888	the generalized function space. For example, if $f$ is a function and
d8205bb279a7 Initial revision lcp parents: diff changeset	889	$\pair{a,b}\in f$, then $f`a=b$ (\ttindex{apply_equality}). Two functions
d8205bb279a7 Initial revision lcp parents: diff changeset	890	are equal provided they have equal domains and deliver equals results
d8205bb279a7 Initial revision lcp parents: diff changeset	891	(\ttindex{fun_extension}).
d8205bb279a7 Initial revision lcp parents: diff changeset	892
d8205bb279a7 Initial revision lcp parents: diff changeset	893	By \ttindex{Pi_type}, a function typing of the form $f\in A\to C$ can be
d8205bb279a7 Initial revision lcp parents: diff changeset	894	refined to the dependent typing $f\in\prod@{x\in A}B(x)$, given a suitable
d8205bb279a7 Initial revision lcp parents: diff changeset	895	family of sets $\{B(x)\}@{x\in A}$. Conversely, by \ttindex{range_of_fun},
d8205bb279a7 Initial revision lcp parents: diff changeset	896	any dependent typing can be flattened to yield a function type of the form
d8205bb279a7 Initial revision lcp parents: diff changeset	897	$A\to C$; here, $C={\tt range}(f)$.
d8205bb279a7 Initial revision lcp parents: diff changeset	898
d8205bb279a7 Initial revision lcp parents: diff changeset	899	Among the laws for $\lambda$-abstraction, \ttindex{lamI} and \ttindex{lamE}
d8205bb279a7 Initial revision lcp parents: diff changeset	900	describe the graph of the generated function, while \ttindex{beta} and
d8205bb279a7 Initial revision lcp parents: diff changeset	901	\ttindex{eta} are the standard conversions. We essentially have a
d8205bb279a7 Initial revision lcp parents: diff changeset	902	dependently-typed $\lambda$-calculus.
d8205bb279a7 Initial revision lcp parents: diff changeset	903
d8205bb279a7 Initial revision lcp parents: diff changeset	904	Figure~\ref{ZF-func2} presents some rules that can be used to construct
d8205bb279a7 Initial revision lcp parents: diff changeset	905	functions explicitly. We start with functions consisting of at most one
d8205bb279a7 Initial revision lcp parents: diff changeset	906	pair, and may form the union of two functions provided their domains are
d8205bb279a7 Initial revision lcp parents: diff changeset	907	disjoint.
d8205bb279a7 Initial revision lcp parents: diff changeset	908
d8205bb279a7 Initial revision lcp parents: diff changeset	909
d8205bb279a7 Initial revision lcp parents: diff changeset	910	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	911	\begin{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	912	\begin{tabular}{rrr}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	913	\it name &\it meta-type & \it description \\
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	914	\idx{id} & $\To i$ & identity function \\
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	915	\idx{inj} & $[i,i]\To i$ & injective function space\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	916	\idx{surj} & $[i,i]\To i$ & surjective function space\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	917	\idx{bij} & $[i,i]\To i$ & bijective function space
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	918	\\[1ex]
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	919	\idx{1} & $i$ & $\{\emptyset\}$ \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	920	\idx{bool} & $i$ & the set $\{\emptyset,1\}$ \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	921	\idx{cond} & $[i,i,i]\To i$ & conditional for {\tt bool}
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	922	\\[1ex]
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	923	\idx{Inl}~~\idx{Inr} & $i\To i$ & injections\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	924	\idx{case} & $[i\To i,i\To i, i]\To i$ & conditional for $+$
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	925	\\[1ex]
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	926	\idx{nat} & $i$ & set of natural numbers \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	927	\idx{nat_case}& $[i,i\To i,i]\To i$ & conditional for $nat$\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	928	\idx{rec} & $[i,i,[i,i]\To i]\To i$ & recursor for $nat$
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	929	\\[1ex]
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	930	\idx{list} & $i\To i$ & lists over some set\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	931	\idx{list_case} & $[i, [i,i]\To i, i] \To i$ & conditional for $list(A)$ \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	932	\idx{list_rec} & $[i, i, [i,i,i]\To i] \To i$ & recursor for $list(A)$ \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	933	\idx{map} & $[i\To i, i] \To i$ & mapping functional\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	934	\idx{length} & $i\To i$ & length of a list\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	935	\idx{rev} & $i\To i$ & reverse of a list\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	936	\idx{flat} & $i\To i$ & flatting a list of lists\\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	937	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	938	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	939	\subcaption{Constants}
d8205bb279a7 Initial revision lcp parents: diff changeset	940
d8205bb279a7 Initial revision lcp parents: diff changeset	941	\begin{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	942	\indexbold{*"+}
d8205bb279a7 Initial revision lcp parents: diff changeset	943	\index{#@{\tt\#}\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	944	\index{*div\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	945	\index{*mod\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	946	\index{#+@{\tt\#+}\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	947	\index{#-@{\tt\#-}\|bold}
d8205bb279a7 Initial revision lcp parents: diff changeset	948	\begin{tabular}{rrrr}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	949	\idx{O} & $[i,i]\To i$ & Right 60 & composition ($\circ$) \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	950	\tt + & $[i,i]\To i$ & Right 65 & disjoint union \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	951	\tt \#* & $[i,i]\To i$ & Left 70 & multiplication \\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	952	\tt div & $[i,i]\To i$ & Left 70 & division\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	953	\tt mod & $[i,i]\To i$ & Left 70 & modulus\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	954	\tt \#+ & $[i,i]\To i$ & Left 65 & addition\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	955	\tt \#- & $[i,i]\To i$ & Left 65 & subtraction\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	956	\tt \@ & $[i,i]\To i$ & Right 60 & append for lists
104 d8205bb279a7 Initial revision lcp parents: diff changeset	957	\end{tabular}
d8205bb279a7 Initial revision lcp parents: diff changeset	958	\end{center}
d8205bb279a7 Initial revision lcp parents: diff changeset	959	\subcaption{Infixes}
d8205bb279a7 Initial revision lcp parents: diff changeset	960	\caption{Further constants for {\ZF}} \label{ZF-further-constants}
d8205bb279a7 Initial revision lcp parents: diff changeset	961	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	962
d8205bb279a7 Initial revision lcp parents: diff changeset	963
d8205bb279a7 Initial revision lcp parents: diff changeset	964	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	965	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	966	\idx{Int_absorb} A Int A = A
d8205bb279a7 Initial revision lcp parents: diff changeset	967	\idx{Int_commute} A Int B = B Int A
d8205bb279a7 Initial revision lcp parents: diff changeset	968	\idx{Int_assoc} (A Int B) Int C = A Int (B Int C)
d8205bb279a7 Initial revision lcp parents: diff changeset	969	\idx{Int_Un_distrib} (A Un B) Int C = (A Int C) Un (B Int C)
d8205bb279a7 Initial revision lcp parents: diff changeset	970
d8205bb279a7 Initial revision lcp parents: diff changeset	971	\idx{Un_absorb} A Un A = A
d8205bb279a7 Initial revision lcp parents: diff changeset	972	\idx{Un_commute} A Un B = B Un A
d8205bb279a7 Initial revision lcp parents: diff changeset	973	\idx{Un_assoc} (A Un B) Un C = A Un (B Un C)
d8205bb279a7 Initial revision lcp parents: diff changeset	974	\idx{Un_Int_distrib} (A Int B) Un C = (A Un C) Int (B Un C)
d8205bb279a7 Initial revision lcp parents: diff changeset	975
d8205bb279a7 Initial revision lcp parents: diff changeset	976	\idx{Diff_cancel} A-A = 0
d8205bb279a7 Initial revision lcp parents: diff changeset	977	\idx{Diff_disjoint} A Int (B-A) = 0
d8205bb279a7 Initial revision lcp parents: diff changeset	978	\idx{Diff_partition} A<=B ==> A Un (B-A) = B
d8205bb279a7 Initial revision lcp parents: diff changeset	979	\idx{double_complement} [\| A<=B; B<= C \|] ==> (B - (C-A)) = A
d8205bb279a7 Initial revision lcp parents: diff changeset	980	\idx{Diff_Un} A - (B Un C) = (A-B) Int (A-C)
d8205bb279a7 Initial revision lcp parents: diff changeset	981	\idx{Diff_Int} A - (B Int C) = (A-B) Un (A-C)
d8205bb279a7 Initial revision lcp parents: diff changeset	982
d8205bb279a7 Initial revision lcp parents: diff changeset	983	\idx{Union_Un_distrib} Union(A Un B) = Union(A) Un Union(B)
d8205bb279a7 Initial revision lcp parents: diff changeset	984	\idx{Inter_Un_distrib} [\| a:A; b:B \|] ==>
d8205bb279a7 Initial revision lcp parents: diff changeset	985	Inter(A Un B) = Inter(A) Int Inter(B)
d8205bb279a7 Initial revision lcp parents: diff changeset	986
d8205bb279a7 Initial revision lcp parents: diff changeset	987	\idx{Int_Union_RepFun} A Int Union(B) = (UN C:B. A Int C)
d8205bb279a7 Initial revision lcp parents: diff changeset	988
d8205bb279a7 Initial revision lcp parents: diff changeset	989	\idx{Un_Inter_RepFun} b:B ==>
d8205bb279a7 Initial revision lcp parents: diff changeset	990	A Un Inter(B) = (INT C:B. A Un C)
d8205bb279a7 Initial revision lcp parents: diff changeset	991
d8205bb279a7 Initial revision lcp parents: diff changeset	992	\idx{SUM_Un_distrib1} (SUM x:A Un B. C(x)) =
d8205bb279a7 Initial revision lcp parents: diff changeset	993	(SUM x:A. C(x)) Un (SUM x:B. C(x))
d8205bb279a7 Initial revision lcp parents: diff changeset	994
d8205bb279a7 Initial revision lcp parents: diff changeset	995	\idx{SUM_Un_distrib2} (SUM x:C. A(x) Un B(x)) =
d8205bb279a7 Initial revision lcp parents: diff changeset	996	(SUM x:C. A(x)) Un (SUM x:C. B(x))
d8205bb279a7 Initial revision lcp parents: diff changeset	997
d8205bb279a7 Initial revision lcp parents: diff changeset	998	\idx{SUM_Int_distrib1} (SUM x:A Int B. C(x)) =
d8205bb279a7 Initial revision lcp parents: diff changeset	999	(SUM x:A. C(x)) Int (SUM x:B. C(x))
d8205bb279a7 Initial revision lcp parents: diff changeset	1000
d8205bb279a7 Initial revision lcp parents: diff changeset	1001	\idx{SUM_Int_distrib2} (SUM x:C. A(x) Int B(x)) =
d8205bb279a7 Initial revision lcp parents: diff changeset	1002	(SUM x:C. A(x)) Int (SUM x:C. B(x))
d8205bb279a7 Initial revision lcp parents: diff changeset	1003	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1004	\caption{Equalities} \label{zf-equalities}
d8205bb279a7 Initial revision lcp parents: diff changeset	1005	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	1006
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1007
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1008	\begin{figure}
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1009	\begin{ttbox}
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1010	\idx{bnd_mono_def} bnd_mono(D,h) ==
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1011	h(D)<=D & (ALL W X. W<=X --> X<=D --> h(W) <= h(X))
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1012
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1013	\idx{lfp_def} lfp(D,h) == Inter({X: Pow(D). h(X) <= X})
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1014	\idx{gfp_def} gfp(D,h) == Union({X: Pow(D). X <= h(X)})
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1015	\subcaption{Definitions}
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1016
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1017	\idx{lfp_lowerbound} [\| h(A) <= A; A<=D \|] ==> lfp(D,h) <= A
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1018
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1019	\idx{lfp_subset} lfp(D,h) <= D
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1020
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1021	\idx{lfp_greatest} [\| bnd_mono(D,h);
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1022	!!X. [\| h(X) <= X; X<=D \|] ==> A<=X
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1023	\|] ==> A <= lfp(D,h)
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1024
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1025	\idx{lfp_Tarski} bnd_mono(D,h) ==> lfp(D,h) = h(lfp(D,h))
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1026
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1027	\idx{induct} [\| a : lfp(D,h); bnd_mono(D,h);
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1028	!!x. x : h(Collect(lfp(D,h),P)) ==> P(x)
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1029	\|] ==> P(a)
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1030
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1031	\idx{lfp_mono} [\| bnd_mono(D,h); bnd_mono(E,i);
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1032	!!X. X<=D ==> h(X) <= i(X)
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1033	\|] ==> lfp(D,h) <= lfp(E,i)
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1034
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1035	\idx{gfp_upperbound} [\| A <= h(A); A<=D \|] ==> A <= gfp(D,h)
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1036
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1037	\idx{gfp_subset} gfp(D,h) <= D
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1038
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1039	\idx{gfp_least} [\| bnd_mono(D,h);
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1040	!!X. [\| X <= h(X); X<=D \|] ==> X<=A
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1041	\|] ==> gfp(D,h) <= A
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1042
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1043	\idx{gfp_Tarski} bnd_mono(D,h) ==> gfp(D,h) = h(gfp(D,h))
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1044
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1045	\idx{coinduct} [\| bnd_mono(D,h); a: X; X <= h(X Un gfp(D,h)); X <= D
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1046	\|] ==> a : gfp(D,h)
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1047
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1048	\idx{gfp_mono} [\| bnd_mono(D,h); D <= E;
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1049	!!X. X<=D ==> h(X) <= i(X)
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1050	\|] ==> gfp(D,h) <= gfp(E,i)
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1051	\end{ttbox}
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1052	\caption{Least and greatest fixedpoints} \label{zf-fixedpt}
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1053	\end{figure}
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1054
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1055
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1056	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	1057	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1058	\idx{comp_def} r O s == \{xz : domain(s)*range(r) .
d8205bb279a7 Initial revision lcp parents: diff changeset	1059	EX x y z. xz=<x,z> & <x,y>:s & <y,z>:r\}
d8205bb279a7 Initial revision lcp parents: diff changeset	1060	\idx{id_def} id(A) == (lam x:A. x)
d8205bb279a7 Initial revision lcp parents: diff changeset	1061	\idx{inj_def} inj(A,B) == \{ f: A->B. ALL w:A. ALL x:A. f`w=f`x --> w=x\}
d8205bb279a7 Initial revision lcp parents: diff changeset	1062	\idx{surj_def} surj(A,B) == \{ f: A->B . ALL y:B. EX x:A. f`x=y\}
d8205bb279a7 Initial revision lcp parents: diff changeset	1063	\idx{bij_def} bij(A,B) == inj(A,B) Int surj(A,B)
d8205bb279a7 Initial revision lcp parents: diff changeset	1064	\subcaption{Definitions}
d8205bb279a7 Initial revision lcp parents: diff changeset	1065
d8205bb279a7 Initial revision lcp parents: diff changeset	1066	\idx{left_inverse} [\| f: inj(A,B); a: A \|] ==> converse(f)`(f`a) = a
d8205bb279a7 Initial revision lcp parents: diff changeset	1067	\idx{right_inverse} [\| f: inj(A,B); b: range(f) \|] ==>
d8205bb279a7 Initial revision lcp parents: diff changeset	1068	f`(converse(f)`b) = b
d8205bb279a7 Initial revision lcp parents: diff changeset	1069
d8205bb279a7 Initial revision lcp parents: diff changeset	1070	\idx{inj_converse_inj} f: inj(A,B) ==> converse(f): inj(range(f), A)
d8205bb279a7 Initial revision lcp parents: diff changeset	1071	\idx{bij_converse_bij} f: bij(A,B) ==> converse(f): bij(B,A)
d8205bb279a7 Initial revision lcp parents: diff changeset	1072
d8205bb279a7 Initial revision lcp parents: diff changeset	1073	\idx{comp_type} [\| s<=AB; r<=BC \|] ==> (r O s) <= A*C
d8205bb279a7 Initial revision lcp parents: diff changeset	1074	\idx{comp_assoc} (r O s) O t = r O (s O t)
d8205bb279a7 Initial revision lcp parents: diff changeset	1075
d8205bb279a7 Initial revision lcp parents: diff changeset	1076	\idx{left_comp_id} r<=A*B ==> id(B) O r = r
d8205bb279a7 Initial revision lcp parents: diff changeset	1077	\idx{right_comp_id} r<=A*B ==> r O id(A) = r
d8205bb279a7 Initial revision lcp parents: diff changeset	1078
d8205bb279a7 Initial revision lcp parents: diff changeset	1079	\idx{comp_func} [\| g:A->B; f:B->C \|] ==> (f O g):A->C
d8205bb279a7 Initial revision lcp parents: diff changeset	1080	\idx{comp_func_apply} [\| g:A->B; f:B->C; a:A \|] ==> (f O g)`a = f`(g`a)
d8205bb279a7 Initial revision lcp parents: diff changeset	1081
d8205bb279a7 Initial revision lcp parents: diff changeset	1082	\idx{comp_inj} [\| g:inj(A,B); f:inj(B,C) \|] ==> (f O g):inj(A,C)
d8205bb279a7 Initial revision lcp parents: diff changeset	1083	\idx{comp_surj} [\| g:surj(A,B); f:surj(B,C) \|] ==> (f O g):surj(A,C)
d8205bb279a7 Initial revision lcp parents: diff changeset	1084	\idx{comp_bij} [\| g:bij(A,B); f:bij(B,C) \|] ==> (f O g):bij(A,C)
d8205bb279a7 Initial revision lcp parents: diff changeset	1085
d8205bb279a7 Initial revision lcp parents: diff changeset	1086	\idx{left_comp_inverse} f: inj(A,B) ==> converse(f) O f = id(A)
d8205bb279a7 Initial revision lcp parents: diff changeset	1087	\idx{right_comp_inverse} f: surj(A,B) ==> f O converse(f) = id(B)
d8205bb279a7 Initial revision lcp parents: diff changeset	1088
d8205bb279a7 Initial revision lcp parents: diff changeset	1089	\idx{bij_disjoint_Un}
d8205bb279a7 Initial revision lcp parents: diff changeset	1090	[\| f: bij(A,B); g: bij(C,D); A Int C = 0; B Int D = 0 \|] ==>
d8205bb279a7 Initial revision lcp parents: diff changeset	1091	(f Un g) : bij(A Un C, B Un D)
d8205bb279a7 Initial revision lcp parents: diff changeset	1092
d8205bb279a7 Initial revision lcp parents: diff changeset	1093	\idx{restrict_bij} [\| f:inj(A,B); C<=A \|] ==> restrict(f,C): bij(C, f``C)
d8205bb279a7 Initial revision lcp parents: diff changeset	1094	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1095	\caption{Permutations} \label{zf-perm}
d8205bb279a7 Initial revision lcp parents: diff changeset	1096	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	1097
d8205bb279a7 Initial revision lcp parents: diff changeset	1098	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	1099	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1100	\idx{one_def} 1 == succ(0)
d8205bb279a7 Initial revision lcp parents: diff changeset	1101	\idx{bool_def} bool == {0,1}
d8205bb279a7 Initial revision lcp parents: diff changeset	1102	\idx{cond_def} cond(b,c,d) == if(b=1,c,d)
131 bb0caac13eff Documents not, and, or, xor: boolean ops lcp parents: 114 diff changeset	1103	\idx{not_def} not(b) == cond(b,0,1)
bb0caac13eff Documents not, and, or, xor: boolean ops lcp parents: 114 diff changeset	1104	\idx{and_def} a and b == cond(a,b,0)
bb0caac13eff Documents not, and, or, xor: boolean ops lcp parents: 114 diff changeset	1105	\idx{or_def} a or b == cond(a,1,b)
bb0caac13eff Documents not, and, or, xor: boolean ops lcp parents: 114 diff changeset	1106	\idx{xor_def} a xor b == cond(a,not(b),b)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1107
d8205bb279a7 Initial revision lcp parents: diff changeset	1108	\idx{sum_def} A+B == \{0\}A Un \{1\}B
d8205bb279a7 Initial revision lcp parents: diff changeset	1109	\idx{Inl_def} Inl(a) == <0,a>
d8205bb279a7 Initial revision lcp parents: diff changeset	1110	\idx{Inr_def} Inr(b) == <1,b>
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1111	\idx{case_def} case(c,d,u) == split(\%y z. cond(y, d(z), c(z)), u)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1112	\subcaption{Definitions}
d8205bb279a7 Initial revision lcp parents: diff changeset	1113
d8205bb279a7 Initial revision lcp parents: diff changeset	1114	\idx{bool_1I} 1 : bool
d8205bb279a7 Initial revision lcp parents: diff changeset	1115	\idx{bool_0I} 0 : bool
d8205bb279a7 Initial revision lcp parents: diff changeset	1116
131 bb0caac13eff Documents not, and, or, xor: boolean ops lcp parents: 114 diff changeset	1117	\idx{boolE} [\| c: bool; c=1 ==> P; c=0 ==> P \|] ==> P
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1118	\idx{cond_1} cond(1,c,d) = c
d8205bb279a7 Initial revision lcp parents: diff changeset	1119	\idx{cond_0} cond(0,c,d) = d
d8205bb279a7 Initial revision lcp parents: diff changeset	1120
d8205bb279a7 Initial revision lcp parents: diff changeset	1121	\idx{sum_InlI} a : A ==> Inl(a) : A+B
d8205bb279a7 Initial revision lcp parents: diff changeset	1122	\idx{sum_InrI} b : B ==> Inr(b) : A+B
d8205bb279a7 Initial revision lcp parents: diff changeset	1123
d8205bb279a7 Initial revision lcp parents: diff changeset	1124	\idx{Inl_inject} Inl(a)=Inl(b) ==> a=b
d8205bb279a7 Initial revision lcp parents: diff changeset	1125	\idx{Inr_inject} Inr(a)=Inr(b) ==> a=b
d8205bb279a7 Initial revision lcp parents: diff changeset	1126	\idx{Inl_neq_Inr} Inl(a)=Inr(b) ==> P
d8205bb279a7 Initial revision lcp parents: diff changeset	1127
d8205bb279a7 Initial revision lcp parents: diff changeset	1128	\idx{sumE2} u: A+B ==> (EX x. x:A & u=Inl(x)) \| (EX y. y:B & u=Inr(y))
d8205bb279a7 Initial revision lcp parents: diff changeset	1129
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1130	\idx{case_Inl} case(c,d,Inl(a)) = c(a)
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1131	\idx{case_Inr} case(c,d,Inr(b)) = d(b)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1132	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1133	\caption{Booleans and disjoint unions} \label{zf-sum}
d8205bb279a7 Initial revision lcp parents: diff changeset	1134	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	1135
d8205bb279a7 Initial revision lcp parents: diff changeset	1136	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	1137	\begin{ttbox}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1138	\idx{QPair_def} <a;b> == a+b
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1139	\idx{qsplit_def} qsplit(c,p) == THE y. EX a b. p=<a;b> & y=c(a,b)
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1140	\idx{qfsplit_def} qfsplit(R,z) == EX x y. z=<x;y> & R(x,y)
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1141	\idx{qconverse_def} qconverse(r) == {z. w:r, EX x y. w=<x;y> & z=<y;x>}
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1142	\idx{QSigma_def} QSigma(A,B) == UN x:A. UN y:B(x). {<x;y>}
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1143
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1144	\idx{qsum_def} A <+> B == (\{0\} <> A) Un (\{1\} <> B)
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1145	\idx{QInl_def} QInl(a) == <0;a>
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1146	\idx{QInr_def} QInr(b) == <1;b>
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1147	\idx{qcase_def} qcase(c,d) == qsplit(\%y z. cond(y, d(z), c(z)))
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1148	\end{ttbox}
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1149	\caption{Non-standard pairs, products and sums} \label{zf-qpair}
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1150	\end{figure}
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1151
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1152
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1153	\begin{figure}
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1154	\begin{ttbox}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1155	\idx{nat_def} nat == lfp(lam r: Pow(Inf). \{0\} Un \{succ(x). x:r\}
d8205bb279a7 Initial revision lcp parents: diff changeset	1156
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1157	\idx{nat_case_def} nat_case(a,b,k) ==
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1158	THE y. k=0 & y=a \| (EX x. k=succ(x) & y=b(x))
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1159
d8205bb279a7 Initial revision lcp parents: diff changeset	1160	\idx{rec_def} rec(k,a,b) ==
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1161	transrec(k, \%n f. nat_case(a, \%m. b(m, f`m), n))
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1162
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1163	\idx{add_def} m#+n == rec(m, n, \%u v.succ(v))
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1164	\idx{diff_def} m#-n == rec(n, m, \%u v. rec(v, 0, \%x y.x))
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1165	\idx{mult_def} m#*n == rec(m, 0, \%u v. n #+ v)
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1166	\idx{mod_def} m mod n == transrec(m, \%j f. if(j:n, j, f`(j#-n)))
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1167	\idx{div_def} m div n == transrec(m, \%j f. if(j:n, 0, succ(f`(j#-n))))
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1168	\subcaption{Definitions}
d8205bb279a7 Initial revision lcp parents: diff changeset	1169
d8205bb279a7 Initial revision lcp parents: diff changeset	1170	\idx{nat_0I} 0 : nat
d8205bb279a7 Initial revision lcp parents: diff changeset	1171	\idx{nat_succI} n : nat ==> succ(n) : nat
d8205bb279a7 Initial revision lcp parents: diff changeset	1172
d8205bb279a7 Initial revision lcp parents: diff changeset	1173	\idx{nat_induct}
d8205bb279a7 Initial revision lcp parents: diff changeset	1174	[\| n: nat; P(0); !!x. [\| x: nat; P(x) \|] ==> P(succ(x))
d8205bb279a7 Initial revision lcp parents: diff changeset	1175	\|] ==> P(n)
d8205bb279a7 Initial revision lcp parents: diff changeset	1176
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1177	\idx{nat_case_0} nat_case(a,b,0) = a
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1178	\idx{nat_case_succ} nat_case(a,b,succ(m)) = b(m)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1179
d8205bb279a7 Initial revision lcp parents: diff changeset	1180	\idx{rec_0} rec(0,a,b) = a
d8205bb279a7 Initial revision lcp parents: diff changeset	1181	\idx{rec_succ} rec(succ(m),a,b) = b(m, rec(m,a,b))
d8205bb279a7 Initial revision lcp parents: diff changeset	1182
d8205bb279a7 Initial revision lcp parents: diff changeset	1183	\idx{mult_type} [\| m:nat; n:nat \|] ==> m #* n : nat
d8205bb279a7 Initial revision lcp parents: diff changeset	1184	\idx{mult_0} 0 #* n = 0
d8205bb279a7 Initial revision lcp parents: diff changeset	1185	\idx{mult_succ} succ(m) #* n = n #+ (m #* n)
d8205bb279a7 Initial revision lcp parents: diff changeset	1186	\idx{mult_commute} [\| m:nat; n:nat \|] ==> m #* n = n #* m
d8205bb279a7 Initial revision lcp parents: diff changeset	1187	\idx{add_mult_dist}
d8205bb279a7 Initial revision lcp parents: diff changeset	1188	[\| m:nat; k:nat \|] ==> (m #+ n) #* k = (m #* k) #+ (n #* k)
d8205bb279a7 Initial revision lcp parents: diff changeset	1189	\idx{mult_assoc}
d8205bb279a7 Initial revision lcp parents: diff changeset	1190	[\| m:nat; n:nat; k:nat \|] ==> (m #* n) #* k = m #* (n #* k)
d8205bb279a7 Initial revision lcp parents: diff changeset	1191
d8205bb279a7 Initial revision lcp parents: diff changeset	1192	\idx{mod_quo_equality}
d8205bb279a7 Initial revision lcp parents: diff changeset	1193	[\| 0:n; m:nat; n:nat \|] ==> (m div n)#*n #+ m mod n = m
d8205bb279a7 Initial revision lcp parents: diff changeset	1194	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1195	\caption{The natural numbers} \label{zf-nat}
d8205bb279a7 Initial revision lcp parents: diff changeset	1196	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	1197
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1198	\begin{figure}
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1199	\begin{ttbox}
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1200	\idx{Fin_0I} 0 : Fin(A)
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1201	\idx{Fin_consI} [\| a: A; b: Fin(A) \|] ==> cons(a,b) : Fin(A)
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1202
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1203	\idx{Fin_induct}
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1204	[\| b: Fin(A);
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1205	P(0);
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1206	!!x y. [\| x: A; y: Fin(A); x~:y; P(y) \|] ==> P(cons(x,y))
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1207	\|] ==> P(b)
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1208
114 96c627d2815e Misc updates lcp parents: 111 diff changeset	1209	\idx{Fin_mono} A<=B ==> Fin(A) <= Fin(B)
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1210	\idx{Fin_UnI} [\| b: Fin(A); c: Fin(A) \|] ==> b Un c : Fin(A)
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1211	\idx{Fin_UnionI} C : Fin(Fin(A)) ==> Union(C) : Fin(A)
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1212	\idx{Fin_subset} [\| c<=b; b: Fin(A) \|] ==> c: Fin(A)
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1213	\end{ttbox}
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1214	\caption{The finite set operator} \label{zf-fin}
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1215	\end{figure}
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1216
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1217	\begin{figure}\underscoreon %%because @ is used here
d8205bb279a7 Initial revision lcp parents: diff changeset	1218	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1219	\idx{list_rec_def} list_rec(l,c,h) ==
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1220	Vrec(l, \%l g.list_case(c, \%x xs. h(x, xs, g`xs), l))
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1221
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1222	\idx{map_def} map(f,l) == list_rec(l, 0, \%x xs r. <f(x), r>)
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1223	\idx{length_def} length(l) == list_rec(l, 0, \%x xs r. succ(r))
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1224	\idx{app_def} xs@ys == list_rec(xs, ys, \%x xs r. <x,r>)
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1225	\idx{rev_def} rev(l) == list_rec(l, 0, \%x xs r. r @ <x,0>)
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1226	\idx{flat_def} flat(ls) == list_rec(ls, 0, \%l ls r. l @ r)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1227	\subcaption{Definitions}
d8205bb279a7 Initial revision lcp parents: diff changeset	1228
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1229	\idx{NilI} Nil : list(A)
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1230	\idx{ConsI} [\| a: A; l: list(A) \|] ==> Cons(a,l) : list(A)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1231
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1232	\idx{List.induct}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1233	[\| l: list(A);
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1234	P(Nil);
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1235	!!x y. [\| x: A; y: list(A); P(y) \|] ==> P(Cons(x,y))
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1236	\|] ==> P(l)
d8205bb279a7 Initial revision lcp parents: diff changeset	1237
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1238	\idx{Cons_iff} Cons(a,l)=Cons(a',l') <-> a=a' & l=l'
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1239	\idx{Nil_Cons_iff} ~ Nil=Cons(a,l)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1240
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1241	\idx{list_mono} A<=B ==> list(A) <= list(B)
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1242
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1243	\idx{list_rec_Nil} list_rec(Nil,c,h) = c
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1244	\idx{list_rec_Cons} list_rec(Cons(a,l), c, h) = h(a, l, list_rec(l,c,h))
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1245
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1246	\idx{map_ident} l: list(A) ==> map(\%u.u, l) = l
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1247	\idx{map_compose} l: list(A) ==> map(h, map(j,l)) = map(\%u.h(j(u)), l)
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1248	\idx{map_app_distrib} xs: list(A) ==> map(h, xs@ys) = map(h,xs) @ map(h,ys)
d8205bb279a7 Initial revision lcp parents: diff changeset	1249	\idx{map_type}
d8205bb279a7 Initial revision lcp parents: diff changeset	1250	[\| l: list(A); !!x. x: A ==> h(x): B \|] ==> map(h,l) : list(B)
d8205bb279a7 Initial revision lcp parents: diff changeset	1251	\idx{map_flat}
d8205bb279a7 Initial revision lcp parents: diff changeset	1252	ls: list(list(A)) ==> map(h, flat(ls)) = flat(map(map(h),ls))
d8205bb279a7 Initial revision lcp parents: diff changeset	1253	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1254	\caption{Lists} \label{zf-list}
d8205bb279a7 Initial revision lcp parents: diff changeset	1255	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	1256
d8205bb279a7 Initial revision lcp parents: diff changeset	1257	\section{Further developments}
d8205bb279a7 Initial revision lcp parents: diff changeset	1258	The next group of developments is complex and extensive, and only
d8205bb279a7 Initial revision lcp parents: diff changeset	1259	highlights can be covered here. Figure~\ref{ZF-further-constants} lists
d8205bb279a7 Initial revision lcp parents: diff changeset	1260	some of the further constants and infixes that are declared in the various
d8205bb279a7 Initial revision lcp parents: diff changeset	1261	theory extensions.
d8205bb279a7 Initial revision lcp parents: diff changeset	1262
114 96c627d2815e Misc updates lcp parents: 111 diff changeset	1263	Figure~\ref{zf-equalities} presents commutative, associative, distributive,
96c627d2815e Misc updates lcp parents: 111 diff changeset	1264	and idempotency laws of union and intersection, along with other equations.
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1265	See file {\tt ZF/equalities.ML}.
114 96c627d2815e Misc updates lcp parents: 111 diff changeset	1266
131 bb0caac13eff Documents not, and, or, xor: boolean ops lcp parents: 114 diff changeset	1267	Figure~\ref{zf-sum} defines $\{0,1\}$ as a set of booleans, with the usual
bb0caac13eff Documents not, and, or, xor: boolean ops lcp parents: 114 diff changeset	1268	operators including a conditional. It also defines the disjoint union of
bb0caac13eff Documents not, and, or, xor: boolean ops lcp parents: 114 diff changeset	1269	two sets, with injections and a case analysis operator. See files
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1270	{\tt ZF/bool.ML} and {\tt ZF/sum.ML}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1271
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1272	Figure~\ref{zf-qpair} defines a notion of ordered pair that admits
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1273	non-well-founded tupling. Such pairs are written {\tt<$a$;$b$>}. It also
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1274	defines the eliminator \ttindexbold{qsplit}, the converse operator
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1275	\ttindexbold{qconverse}, and the summation operator \ttindexbold{QSigma}.
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1276	These are completely analogous to the corresponding versions for standard
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1277	ordered pairs. The theory goes on to define a non-standard notion of
114 96c627d2815e Misc updates lcp parents: 111 diff changeset	1278	disjoint sum using non-standard pairs. This will support co-inductive
96c627d2815e Misc updates lcp parents: 111 diff changeset	1279	definitions, for example of infinite lists. See file \ttindexbold{qpair.thy}.
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1280
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1281	Monotonicity properties of most of the set-forming operations are proved.
d8205bb279a7 Initial revision lcp parents: diff changeset	1282	These are useful for applying the Knaster-Tarski Fixedpoint Theorem.
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1283	See file {\tt ZF/mono.ML}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1284
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1285	Figure~\ref{zf-fixedpt} presents the Knaster-Tarski Fixedpoint Theorem, proved
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1286	for the lattice of subsets of a set. The theory defines least and greatest
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1287	fixedpoint operators with corresponding induction and co-induction rules.
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1288	Later definitions use these, such as the natural numbers and
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1289	the transitive closure operator. The (co-)inductive definition
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1290	package also uses them. See file {\tt ZF/fixedpt.ML}.
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1291
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1292	Figure~\ref{zf-perm} defines composition and injective, surjective and
d8205bb279a7 Initial revision lcp parents: diff changeset	1293	bijective function spaces, with proofs of many of their properties.
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1294	See file {\tt ZF/perm.ML}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1295
d8205bb279a7 Initial revision lcp parents: diff changeset	1296	Figure~\ref{zf-nat} presents the natural numbers, with induction and a
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1297	primitive recursion operator. See file {\tt ZF/nat.ML}. File
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1298	{\tt ZF/arith.ML} develops arithmetic on the natural numbers. It
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1299	defines addition, multiplication, subtraction, division, and remainder,
d8205bb279a7 Initial revision lcp parents: diff changeset	1300	proving the theorem $a \bmod b + (a/b)\times b = a$. Division and
d8205bb279a7 Initial revision lcp parents: diff changeset	1301	remainder are defined by repeated subtraction, which requires well-founded
d8205bb279a7 Initial revision lcp parents: diff changeset	1302	rather than primitive recursion.
d8205bb279a7 Initial revision lcp parents: diff changeset	1303
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1304	The file {\tt ZF/univ.ML} defines a ``universe'' ${\tt univ}(A)$,
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1305	for constructing datatypes such as trees. This set contains $A$ and the
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1306	natural numbers. Vitally, it is closed under finite products: ${\tt
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1307	univ}(A)\times{\tt univ}(A)\subseteq{\tt univ}(A)$. This file also
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1308	defines set theory's cumulative hierarchy, traditionally written $V@\alpha$
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1309	where $\alpha$ is any ordinal.
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1310
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1311	The file {\tt ZF/quniv.ML} defines a ``universe'' ${\tt quniv}(A)$,
114 96c627d2815e Misc updates lcp parents: 111 diff changeset	1312	for constructing co-datatypes such as streams. It is analogous to ${\tt
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1313	univ}(A)$ but is closed under the non-standard product and sum.
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1314
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1315	Figure~\ref{zf-fin} presents the finite set operator; ${\tt Fin}(A)$ is the
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1316	set of all finite sets over~$A$. The definition employs Isabelle's
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1317	inductive definition package, which proves the introduction rules
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1318	automatically. The induction rule shown is stronger than the one proved by
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1319	the package. See file {\tt ZF/fin.ML}.
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1320
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1321	Figure~\ref{zf-list} presents the set of lists over~$A$, ${\tt list}(A)$.
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1322	The definition employs Isabelle's datatype package, which defines the
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1323	introduction and induction rules automatically, as well as the constructors
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1324	and case operator (\verb\|list_case\|). See file {\tt ZF/list.ML}.
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1325	The file {\tt ZF/listfn.thy} proceeds to define structural
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1326	recursion and the usual list functions.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1327
d8205bb279a7 Initial revision lcp parents: diff changeset	1328	The constructions of the natural numbers and lists make use of a suite of
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1329	operators for handling recursive function definitions. The developments are
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1330	summarized below:
d8205bb279a7 Initial revision lcp parents: diff changeset	1331	\begin{description}
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1332	\item[{\tt ZF/trancl.ML}]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1333	defines the transitive closure of a relation (as a least fixedpoint).
d8205bb279a7 Initial revision lcp parents: diff changeset	1334
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1335	\item[{\tt ZF/wf.ML}]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1336	proves the Well-Founded Recursion Theorem, using an elegant
d8205bb279a7 Initial revision lcp parents: diff changeset	1337	approach of Tobias Nipkow. This theorem permits general recursive
d8205bb279a7 Initial revision lcp parents: diff changeset	1338	definitions within set theory.
d8205bb279a7 Initial revision lcp parents: diff changeset	1339
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1340	\item[{\tt ZF/ord.ML}] defines the notions of transitive set and
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1341	ordinal number. It derives transfinite induction. A key definition is
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1342	{\bf less than}: $i<j$ if and only if $i$ and $j$ are both ordinals and
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1343	$i\in j$. As a special case, it includes less than on the natural
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1344	numbers.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1345
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1346	\item[{\tt ZF/epsilon.ML}]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1347	derives $\epsilon$-induction and $\epsilon$-recursion, which are
d8205bb279a7 Initial revision lcp parents: diff changeset	1348	generalizations of transfinite induction. It also defines
d8205bb279a7 Initial revision lcp parents: diff changeset	1349	\ttindexbold{rank}$(x)$, which is the least ordinal $\alpha$ such that $x$
d8205bb279a7 Initial revision lcp parents: diff changeset	1350	is constructed at stage $\alpha$ of the cumulative hierarchy (thus $x\in
d8205bb279a7 Initial revision lcp parents: diff changeset	1351	V@{\alpha+1}$).
d8205bb279a7 Initial revision lcp parents: diff changeset	1352	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	1353
d8205bb279a7 Initial revision lcp parents: diff changeset	1354
d8205bb279a7 Initial revision lcp parents: diff changeset	1355	\begin{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	1356	\begin{eqnarray*}
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1357	a\in \emptyset & \bimp & \bot\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1358	a \in A \union B & \bimp & a\in A \disj a\in B\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1359	a \in A \inter B & \bimp & a\in A \conj a\in B\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1360	a \in A-B & \bimp & a\in A \conj \neg (a\in B)\\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1361	a \in {\tt cons}(b,B) & \bimp & a=b \disj a\in B\\
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1362	i \in {\tt succ}(j) & \bimp & i=j \disj i\in j\\
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1363	\pair{a,b}\in {\tt Sigma}(A,B)
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1364	& \bimp & a\in A \conj b\in B(a)\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1365	a \in {\tt Collect}(A,P) & \bimp & a\in A \conj P(a)\\
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1366	(\forall x \in A. \top) & \bimp & \top
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1367	\end{eqnarray*}
d8205bb279a7 Initial revision lcp parents: diff changeset	1368	\caption{Rewrite rules for set theory} \label{ZF-simpdata}
d8205bb279a7 Initial revision lcp parents: diff changeset	1369	\end{figure}
d8205bb279a7 Initial revision lcp parents: diff changeset	1370
d8205bb279a7 Initial revision lcp parents: diff changeset	1371
d8205bb279a7 Initial revision lcp parents: diff changeset	1372	\section{Simplification rules}
d8205bb279a7 Initial revision lcp parents: diff changeset	1373	{\ZF} does not merely inherit simplification from \FOL, but instantiates
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1374	the rewriting package new. File {\tt ZF/simpdata.ML} contains the
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1375	details; here is a summary of the key differences:
d8205bb279a7 Initial revision lcp parents: diff changeset	1376	\begin{itemize}
d8205bb279a7 Initial revision lcp parents: diff changeset	1377	\item
d8205bb279a7 Initial revision lcp parents: diff changeset	1378	\ttindexbold{mk_rew_rules} is given as a function that can
d8205bb279a7 Initial revision lcp parents: diff changeset	1379	strip bounded universal quantifiers from a formula. For example, $\forall
d8205bb279a7 Initial revision lcp parents: diff changeset	1380	x\in A.f(x)=g(x)$ yields the conditional rewrite rule $x\in A \Imp
d8205bb279a7 Initial revision lcp parents: diff changeset	1381	f(x)=g(x)$.
d8205bb279a7 Initial revision lcp parents: diff changeset	1382	\item
d8205bb279a7 Initial revision lcp parents: diff changeset	1383	\ttindexbold{ZF_ss} contains congruence rules for all the operators of
d8205bb279a7 Initial revision lcp parents: diff changeset	1384	{\ZF}, including the binding operators. It contains all the conversion
d8205bb279a7 Initial revision lcp parents: diff changeset	1385	rules, such as \ttindex{fst} and \ttindex{snd}, as well as the
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1386	rewrites shown in Fig.\ts\ref{ZF-simpdata}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1387	\item
d8205bb279a7 Initial revision lcp parents: diff changeset	1388	\ttindexbold{FOL_ss} is redeclared with the same {\FOL} rules as the
d8205bb279a7 Initial revision lcp parents: diff changeset	1389	previous version, so that it may still be used.
d8205bb279a7 Initial revision lcp parents: diff changeset	1390	\end{itemize}
d8205bb279a7 Initial revision lcp parents: diff changeset	1391
d8205bb279a7 Initial revision lcp parents: diff changeset	1392
d8205bb279a7 Initial revision lcp parents: diff changeset	1393	\section{The examples directory}
d8205bb279a7 Initial revision lcp parents: diff changeset	1394	This directory contains further developments in {\ZF} set theory. Here is
d8205bb279a7 Initial revision lcp parents: diff changeset	1395	an overview; see the files themselves for more details.
d8205bb279a7 Initial revision lcp parents: diff changeset	1396	\begin{description}
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1397	\item[{\tt ZF/ex/misc.ML}] contains miscellaneous examples such as
111 1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1398	Cantor's Theorem, the Schr\"oder-Bernstein Theorem. and the
1b3cddf41b2d Various updates for Isabelle-93 lcp parents: 104 diff changeset	1399	``Composition of homomorphisms'' challenge~\cite{boyer86}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1400
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1401	\item[{\tt ZF/ex/ramsey.ML}]
114 96c627d2815e Misc updates lcp parents: 111 diff changeset	1402	proves the finite exponent 2 version of Ramsey's Theorem, following Basin
96c627d2815e Misc updates lcp parents: 111 diff changeset	1403	and Kaufmann's presentation~\cite{basin91}.
96c627d2815e Misc updates lcp parents: 111 diff changeset	1404
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1405	\item[{\tt ZF/ex/equiv.ML}]
114 96c627d2815e Misc updates lcp parents: 111 diff changeset	1406	develops a ZF theory of equivalence classes, not using the Axiom of Choice.
96c627d2815e Misc updates lcp parents: 111 diff changeset	1407
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1408	\item[{\tt ZF/ex/integ.ML}]
114 96c627d2815e Misc updates lcp parents: 111 diff changeset	1409	develops a theory of the integers as equivalence classes of pairs of
96c627d2815e Misc updates lcp parents: 111 diff changeset	1410	natural numbers.
96c627d2815e Misc updates lcp parents: 111 diff changeset	1411
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1412	\item[{\tt ZF/ex/bin.ML}]
114 96c627d2815e Misc updates lcp parents: 111 diff changeset	1413	defines a datatype for two's complement binary integers. File
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1414	{\tt binfn.ML} then develops rewrite rules for binary
114 96c627d2815e Misc updates lcp parents: 111 diff changeset	1415	arithmetic. For instance, $1359\times {-}2468 = {-}3354012$ takes under
96c627d2815e Misc updates lcp parents: 111 diff changeset	1416	14 seconds.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1417
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1418	\item[{\tt ZF/ex/bt.ML}]
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1419	defines the recursive data structure ${\tt bt}(A)$, labelled binary trees.
d8205bb279a7 Initial revision lcp parents: diff changeset	1420
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1421	\item[{\tt ZF/ex/term.ML}]
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1422	and {\tt termfn.ML} define a recursive data structure for
114 96c627d2815e Misc updates lcp parents: 111 diff changeset	1423	terms and term lists. These are simply finite branching trees.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1424
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1425	\item[{\tt ZF/ex/tf.ML}]
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1426	and {\tt tf_fn.ML} define primitives for solving mutually
114 96c627d2815e Misc updates lcp parents: 111 diff changeset	1427	recursive equations over sets. It constructs sets of trees and forests
96c627d2815e Misc updates lcp parents: 111 diff changeset	1428	as an example, including induction and recursion rules that handle the
96c627d2815e Misc updates lcp parents: 111 diff changeset	1429	mutual recursion.
96c627d2815e Misc updates lcp parents: 111 diff changeset	1430
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1431	\item[{\tt ZF/ex/prop.ML}]
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1432	and {\tt proplog.ML} proves soundness and completeness of
114 96c627d2815e Misc updates lcp parents: 111 diff changeset	1433	propositional logic. This illustrates datatype definitions, inductive
96c627d2815e Misc updates lcp parents: 111 diff changeset	1434	definitions, structural induction and rule induction.
96c627d2815e Misc updates lcp parents: 111 diff changeset	1435
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1436	\item[{\tt ZF/ex/listn.ML}]
114 96c627d2815e Misc updates lcp parents: 111 diff changeset	1437	presents the inductive definition of the lists of $n$ elements~\cite{paulin92}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1438
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1439	\item[{\tt ZF/ex/acc.ML}]
114 96c627d2815e Misc updates lcp parents: 111 diff changeset	1440	presents the inductive definition of the accessible part of a
96c627d2815e Misc updates lcp parents: 111 diff changeset	1441	relation~\cite{paulin92}.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1442
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1443	\item[{\tt ZF/ex/comb.ML}]
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1444	presents the datatype definition of combinators. The file
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1445	{\tt contract0.ML} defines contraction, while file
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1446	{\tt parcontract.ML} defines parallel contraction and
114 96c627d2815e Misc updates lcp parents: 111 diff changeset	1447	proves the Church-Rosser Theorem. This case study follows Camilleri and
96c627d2815e Misc updates lcp parents: 111 diff changeset	1448	Melham~\cite{camilleri92}.
96c627d2815e Misc updates lcp parents: 111 diff changeset	1449
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1450	\item[{\tt ZF/ex/llist.ML}]
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1451	and {\tt llist_eq.ML} develop lazy lists in ZF and a notion
114 96c627d2815e Misc updates lcp parents: 111 diff changeset	1452	of co-induction for proving equations between them.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1453	\end{description}
d8205bb279a7 Initial revision lcp parents: diff changeset	1454
d8205bb279a7 Initial revision lcp parents: diff changeset	1455
d8205bb279a7 Initial revision lcp parents: diff changeset	1456	\section{A proof about powersets}
114 96c627d2815e Misc updates lcp parents: 111 diff changeset	1457	To demonstrate high-level reasoning about subsets, let us prove the
96c627d2815e Misc updates lcp parents: 111 diff changeset	1458	equation ${{\tt Pow}(A)\cap {\tt Pow}(B)}= {\tt Pow}(A\cap B)$. Compared
96c627d2815e Misc updates lcp parents: 111 diff changeset	1459	with first-order logic, set theory involves a maze of rules, and theorems
96c627d2815e Misc updates lcp parents: 111 diff changeset	1460	have many different proofs. Attempting other proofs of the theorem might
96c627d2815e Misc updates lcp parents: 111 diff changeset	1461	be instructive. This proof exploits the lattice properties of
96c627d2815e Misc updates lcp parents: 111 diff changeset	1462	intersection. It also uses the monotonicity of the powerset operation,
96c627d2815e Misc updates lcp parents: 111 diff changeset	1463	from {\tt ZF/mono.ML}:
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1464	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1465	\idx{Pow_mono} A<=B ==> Pow(A) <= Pow(B)
d8205bb279a7 Initial revision lcp parents: diff changeset	1466	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1467	We enter the goal and make the first step, which breaks the equation into
d8205bb279a7 Initial revision lcp parents: diff changeset	1468	two inclusions by extensionality:\index{equalityI}
d8205bb279a7 Initial revision lcp parents: diff changeset	1469	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1470	goal ZF.thy "Pow(A Int B) = Pow(A) Int Pow(B)";
d8205bb279a7 Initial revision lcp parents: diff changeset	1471	{\out Level 0}
d8205bb279a7 Initial revision lcp parents: diff changeset	1472	{\out Pow(A Int B) = Pow(A) Int Pow(B)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1473	{\out 1. Pow(A Int B) = Pow(A) Int Pow(B)}
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1474	\ttbreak
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1475	by (resolve_tac [equalityI] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1476	{\out Level 1}
d8205bb279a7 Initial revision lcp parents: diff changeset	1477	{\out Pow(A Int B) = Pow(A) Int Pow(B)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1478	{\out 1. Pow(A Int B) <= Pow(A) Int Pow(B)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1479	{\out 2. Pow(A) Int Pow(B) <= Pow(A Int B)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1480	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1481	Both inclusions could be tackled straightforwardly using {\tt subsetI}.
d8205bb279a7 Initial revision lcp parents: diff changeset	1482	A shorter proof results from noting that intersection forms the greatest
d8205bb279a7 Initial revision lcp parents: diff changeset	1483	lower bound:\index{*Int_greatest}
d8205bb279a7 Initial revision lcp parents: diff changeset	1484	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1485	by (resolve_tac [Int_greatest] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1486	{\out Level 2}
d8205bb279a7 Initial revision lcp parents: diff changeset	1487	{\out Pow(A Int B) = Pow(A) Int Pow(B)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1488	{\out 1. Pow(A Int B) <= Pow(A)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1489	{\out 2. Pow(A Int B) <= Pow(B)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1490	{\out 3. Pow(A) Int Pow(B) <= Pow(A Int B)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1491	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1492	Subgoal~1 follows by applying the monotonicity of {\tt Pow} to $A\inter
d8205bb279a7 Initial revision lcp parents: diff changeset	1493	B\subseteq A$; subgoal~2 follows similarly:
d8205bb279a7 Initial revision lcp parents: diff changeset	1494	\index{Int_lower1}\index{Int_lower2}
d8205bb279a7 Initial revision lcp parents: diff changeset	1495	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1496	by (resolve_tac [Int_lower1 RS Pow_mono] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1497	{\out Level 3}
d8205bb279a7 Initial revision lcp parents: diff changeset	1498	{\out Pow(A Int B) = Pow(A) Int Pow(B)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1499	{\out 1. Pow(A Int B) <= Pow(B)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1500	{\out 2. Pow(A) Int Pow(B) <= Pow(A Int B)}
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1501	\ttbreak
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1502	by (resolve_tac [Int_lower2 RS Pow_mono] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1503	{\out Level 4}
d8205bb279a7 Initial revision lcp parents: diff changeset	1504	{\out Pow(A Int B) = Pow(A) Int Pow(B)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1505	{\out 1. Pow(A) Int Pow(B) <= Pow(A Int B)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1506	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1507	We are left with the opposite inclusion, which we tackle in the
d8205bb279a7 Initial revision lcp parents: diff changeset	1508	straightforward way:\index{*subsetI}
d8205bb279a7 Initial revision lcp parents: diff changeset	1509	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1510	by (resolve_tac [subsetI] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1511	{\out Level 5}
d8205bb279a7 Initial revision lcp parents: diff changeset	1512	{\out Pow(A Int B) = Pow(A) Int Pow(B)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1513	{\out 1. !!x. x : Pow(A) Int Pow(B) ==> x : Pow(A Int B)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1514	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1515	The subgoal is to show $x\in {\tt Pow}(A\cap B)$ assuming $x\in{\tt
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1516	Pow}(A)\cap {\tt Pow}(B)$; eliminating this assumption produces two
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1517	subgoals. The rule \ttindex{IntE} treats the intersection like a conjunction
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1518	instead of unfolding its definition.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1519	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1520	by (eresolve_tac [IntE] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1521	{\out Level 6}
d8205bb279a7 Initial revision lcp parents: diff changeset	1522	{\out Pow(A Int B) = Pow(A) Int Pow(B)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1523	{\out 1. !!x. [\| x : Pow(A); x : Pow(B) \|] ==> x : Pow(A Int B)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1524	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1525	The next step replaces the {\tt Pow} by the subset
d8205bb279a7 Initial revision lcp parents: diff changeset	1526	relation~($\subseteq$).\index{*PowI}
d8205bb279a7 Initial revision lcp parents: diff changeset	1527	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1528	by (resolve_tac [PowI] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1529	{\out Level 7}
d8205bb279a7 Initial revision lcp parents: diff changeset	1530	{\out Pow(A Int B) = Pow(A) Int Pow(B)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1531	{\out 1. !!x. [\| x : Pow(A); x : Pow(B) \|] ==> x <= A Int B}
d8205bb279a7 Initial revision lcp parents: diff changeset	1532	\end{ttbox}
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1533	We perform the same replacement in the assumptions. This is a good
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1534	demonstration of the tactic \ttindex{dresolve_tac}:\index{*PowD}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1535	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1536	by (REPEAT (dresolve_tac [PowD] 1));
d8205bb279a7 Initial revision lcp parents: diff changeset	1537	{\out Level 8}
d8205bb279a7 Initial revision lcp parents: diff changeset	1538	{\out Pow(A Int B) = Pow(A) Int Pow(B)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1539	{\out 1. !!x. [\| x <= A; x <= B \|] ==> x <= A Int B}
d8205bb279a7 Initial revision lcp parents: diff changeset	1540	\end{ttbox}
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1541	The assumptions are that $x$ is a lower bound of both $A$ and~$B$, but
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1542	$A\inter B$ is the greatest lower bound:\index{*Int_greatest}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1543	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1544	by (resolve_tac [Int_greatest] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1545	{\out Level 9}
d8205bb279a7 Initial revision lcp parents: diff changeset	1546	{\out Pow(A Int B) = Pow(A) Int Pow(B)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1547	{\out 1. !!x. [\| x <= A; x <= B \|] ==> x <= A}
d8205bb279a7 Initial revision lcp parents: diff changeset	1548	{\out 2. !!x. [\| x <= A; x <= B \|] ==> x <= B}
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1549	\end{ttbox}
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1550	To conclude the proof, we clear up the trivial subgoals:
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1551	\begin{ttbox}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1552	by (REPEAT (assume_tac 1));
d8205bb279a7 Initial revision lcp parents: diff changeset	1553	{\out Level 10}
d8205bb279a7 Initial revision lcp parents: diff changeset	1554	{\out Pow(A Int B) = Pow(A) Int Pow(B)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1555	{\out No subgoals!}
d8205bb279a7 Initial revision lcp parents: diff changeset	1556	\end{ttbox}
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1557	\medskip
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1558	We could have performed this proof in one step by applying
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1559	\ttindex{fast_tac} with the classical rule set \ttindex{ZF_cs}. Let us
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1560	go back to the start:
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1561	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1562	choplev 0;
d8205bb279a7 Initial revision lcp parents: diff changeset	1563	{\out Level 0}
d8205bb279a7 Initial revision lcp parents: diff changeset	1564	{\out Pow(A Int B) = Pow(A) Int Pow(B)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1565	{\out 1. Pow(A Int B) = Pow(A) Int Pow(B)}
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1566	\end{ttbox}
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1567	We must add \ttindex{equalityI} to {\tt ZF_cs} as an introduction rule.
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1568	Extensionality is not used by default because many equalities can be proved
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1569	by rewriting.
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1570	\begin{ttbox}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1571	by (fast_tac (ZF_cs addIs [equalityI]) 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1572	{\out Level 1}
d8205bb279a7 Initial revision lcp parents: diff changeset	1573	{\out Pow(A Int B) = Pow(A) Int Pow(B)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1574	{\out No subgoals!}
d8205bb279a7 Initial revision lcp parents: diff changeset	1575	\end{ttbox}
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1576	In the past this was regarded as a difficult proof, as indeed it is if all
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1577	the symbols are replaced by their definitions.
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1578	\goodbreak
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1579
d8205bb279a7 Initial revision lcp parents: diff changeset	1580	\section{Monotonicity of the union operator}
d8205bb279a7 Initial revision lcp parents: diff changeset	1581	For another example, we prove that general union is monotonic:
d8205bb279a7 Initial revision lcp parents: diff changeset	1582	${C\subseteq D}$ implies $\bigcup(C)\subseteq \bigcup(D)$. To begin, we
d8205bb279a7 Initial revision lcp parents: diff changeset	1583	tackle the inclusion using \ttindex{subsetI}:
d8205bb279a7 Initial revision lcp parents: diff changeset	1584	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1585	val [prem] = goal ZF.thy "C<=D ==> Union(C) <= Union(D)";
d8205bb279a7 Initial revision lcp parents: diff changeset	1586	{\out Level 0}
d8205bb279a7 Initial revision lcp parents: diff changeset	1587	{\out Union(C) <= Union(D)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1588	{\out 1. Union(C) <= Union(D)}
114 96c627d2815e Misc updates lcp parents: 111 diff changeset	1589	{\out val prem = "C <= D [C <= D]" : thm}
96c627d2815e Misc updates lcp parents: 111 diff changeset	1590	\ttbreak
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1591	by (resolve_tac [subsetI] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1592	{\out Level 1}
d8205bb279a7 Initial revision lcp parents: diff changeset	1593	{\out Union(C) <= Union(D)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1594	{\out 1. !!x. x : Union(C) ==> x : Union(D)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1595	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1596	Big union is like an existential quantifier --- the occurrence in the
d8205bb279a7 Initial revision lcp parents: diff changeset	1597	assumptions must be eliminated early, since it creates parameters.
d8205bb279a7 Initial revision lcp parents: diff changeset	1598	\index{*UnionE}
d8205bb279a7 Initial revision lcp parents: diff changeset	1599	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1600	by (eresolve_tac [UnionE] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1601	{\out Level 2}
d8205bb279a7 Initial revision lcp parents: diff changeset	1602	{\out Union(C) <= Union(D)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1603	{\out 1. !!x B. [\| x : B; B : C \|] ==> x : Union(D)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1604	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1605	Now we may apply \ttindex{UnionI}, which creates an unknown involving the
d8205bb279a7 Initial revision lcp parents: diff changeset	1606	parameters. To show $x\in \bigcup(D)$ it suffices to show that $x$ belongs
d8205bb279a7 Initial revision lcp parents: diff changeset	1607	to some element, say~$\Var{B2}(x,B)$, of~$D$.
d8205bb279a7 Initial revision lcp parents: diff changeset	1608	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1609	by (resolve_tac [UnionI] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1610	{\out Level 3}
d8205bb279a7 Initial revision lcp parents: diff changeset	1611	{\out Union(C) <= Union(D)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1612	{\out 1. !!x B. [\| x : B; B : C \|] ==> ?B2(x,B) : D}
d8205bb279a7 Initial revision lcp parents: diff changeset	1613	{\out 2. !!x B. [\| x : B; B : C \|] ==> x : ?B2(x,B)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1614	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1615	Combining \ttindex{subsetD} with the premise $C\subseteq D$ yields
d8205bb279a7 Initial revision lcp parents: diff changeset	1616	$\Var{a}\in C \Imp \Var{a}\in D$, which reduces subgoal~1:
d8205bb279a7 Initial revision lcp parents: diff changeset	1617	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1618	by (resolve_tac [prem RS subsetD] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1619	{\out Level 4}
d8205bb279a7 Initial revision lcp parents: diff changeset	1620	{\out Union(C) <= Union(D)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1621	{\out 1. !!x B. [\| x : B; B : C \|] ==> ?B2(x,B) : C}
d8205bb279a7 Initial revision lcp parents: diff changeset	1622	{\out 2. !!x B. [\| x : B; B : C \|] ==> x : ?B2(x,B)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1623	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1624	The rest is routine. Note how~$\Var{B2}(x,B)$ is instantiated.
d8205bb279a7 Initial revision lcp parents: diff changeset	1625	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1626	by (assume_tac 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1627	{\out Level 5}
d8205bb279a7 Initial revision lcp parents: diff changeset	1628	{\out Union(C) <= Union(D)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1629	{\out 1. !!x B. [\| x : B; B : C \|] ==> x : B}
d8205bb279a7 Initial revision lcp parents: diff changeset	1630	by (assume_tac 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1631	{\out Level 6}
d8205bb279a7 Initial revision lcp parents: diff changeset	1632	{\out Union(C) <= Union(D)}
d8205bb279a7 Initial revision lcp parents: diff changeset	1633	{\out No subgoals!}
d8205bb279a7 Initial revision lcp parents: diff changeset	1634	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1635	Again, \ttindex{fast_tac} with \ttindex{ZF_cs} can do this proof in one
d8205bb279a7 Initial revision lcp parents: diff changeset	1636	step, provided we somehow supply it with~{\tt prem}. We can either add
d8205bb279a7 Initial revision lcp parents: diff changeset	1637	this premise to the assumptions using \ttindex{cut_facts_tac}, or add
d8205bb279a7 Initial revision lcp parents: diff changeset	1638	\hbox{\tt prem RS subsetD} to \ttindex{ZF_cs} as an introduction rule.
d8205bb279a7 Initial revision lcp parents: diff changeset	1639
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1640	The file {\tt ZF/equalities.ML} has many similar proofs.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1641	Reasoning about general intersection can be difficult because of its anomalous
d8205bb279a7 Initial revision lcp parents: diff changeset	1642	behavior on the empty set. However, \ttindex{fast_tac} copes well with
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1643	these. Here is a typical example, borrowed from Devlin[page 12]{devlin79}:
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1644	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1645	a:C ==> (INT x:C. A(x) Int B(x)) = (INT x:C.A(x)) Int (INT x:C.B(x))
d8205bb279a7 Initial revision lcp parents: diff changeset	1646	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1647	In traditional notation this is
d8205bb279a7 Initial revision lcp parents: diff changeset	1648	\[ a\in C \,\Imp\, \bigcap@{x\in C} \Bigl(A(x) \inter B(x)\Bigr) =
d8205bb279a7 Initial revision lcp parents: diff changeset	1649	\Bigl(\bigcap@{x\in C} A(x)\Bigr) \inter
d8205bb279a7 Initial revision lcp parents: diff changeset	1650	\Bigl(\bigcap@{x\in C} B(x)\Bigr) \]
d8205bb279a7 Initial revision lcp parents: diff changeset	1651
d8205bb279a7 Initial revision lcp parents: diff changeset	1652	\section{Low-level reasoning about functions}
d8205bb279a7 Initial revision lcp parents: diff changeset	1653	The derived rules {\tt lamI}, {\tt lamE}, {\tt lam_type}, {\tt beta}
d8205bb279a7 Initial revision lcp parents: diff changeset	1654	and {\tt eta} support reasoning about functions in a
d8205bb279a7 Initial revision lcp parents: diff changeset	1655	$\lambda$-calculus style. This is generally easier than regarding
d8205bb279a7 Initial revision lcp parents: diff changeset	1656	functions as sets of ordered pairs. But sometimes we must look at the
d8205bb279a7 Initial revision lcp parents: diff changeset	1657	underlying representation, as in the following proof
d8205bb279a7 Initial revision lcp parents: diff changeset	1658	of~\ttindex{fun_disjoint_apply1}. This states that if $f$ and~$g$ are
d8205bb279a7 Initial revision lcp parents: diff changeset	1659	functions with disjoint domains~$A$ and~$C$, and if $a\in A$, then
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1660	$(f\un g)`a = f`a$:
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1661	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1662	val prems = goal ZF.thy
d8205bb279a7 Initial revision lcp parents: diff changeset	1663	"[\| a:A; f: A->B; g: C->D; A Int C = 0 \|] ==> \ttback
d8205bb279a7 Initial revision lcp parents: diff changeset	1664	\ttback (f Un g)`a = f`a";
d8205bb279a7 Initial revision lcp parents: diff changeset	1665	{\out Level 0}
d8205bb279a7 Initial revision lcp parents: diff changeset	1666	{\out (f Un g) ` a = f ` a}
d8205bb279a7 Initial revision lcp parents: diff changeset	1667	{\out 1. (f Un g) ` a = f ` a}
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1668	\end{ttbox}
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1669	Isabelle has produced the output above; the \ML{} top-level now echoes the
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1670	binding of {\tt prems}.
6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1671	\begin{ttbox}
114 96c627d2815e Misc updates lcp parents: 111 diff changeset	1672	{\out val prems = ["a : A [a : A]",}
96c627d2815e Misc updates lcp parents: 111 diff changeset	1673	{\out "f : A -> B [f : A -> B]",}
96c627d2815e Misc updates lcp parents: 111 diff changeset	1674	{\out "g : C -> D [g : C -> D]",}
96c627d2815e Misc updates lcp parents: 111 diff changeset	1675	{\out "A Int C = 0 [A Int C = 0]"] : thm list}
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1676	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1677	Using \ttindex{apply_equality}, we reduce the equality to reasoning about
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1678	ordered pairs. The second subgoal is to verify that $f\un g$ is a function.
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1679	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1680	by (resolve_tac [apply_equality] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1681	{\out Level 1}
d8205bb279a7 Initial revision lcp parents: diff changeset	1682	{\out (f Un g) ` a = f ` a}
d8205bb279a7 Initial revision lcp parents: diff changeset	1683	{\out 1. <a,f ` a> : f Un g}
d8205bb279a7 Initial revision lcp parents: diff changeset	1684	{\out 2. f Un g : (PROD x:?A. ?B(x))}
d8205bb279a7 Initial revision lcp parents: diff changeset	1685	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1686	We must show that the pair belongs to~$f$ or~$g$; by~\ttindex{UnI1} we
d8205bb279a7 Initial revision lcp parents: diff changeset	1687	choose~$f$:
d8205bb279a7 Initial revision lcp parents: diff changeset	1688	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1689	by (resolve_tac [UnI1] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1690	{\out Level 2}
d8205bb279a7 Initial revision lcp parents: diff changeset	1691	{\out (f Un g) ` a = f ` a}
d8205bb279a7 Initial revision lcp parents: diff changeset	1692	{\out 1. <a,f ` a> : f}
d8205bb279a7 Initial revision lcp parents: diff changeset	1693	{\out 2. f Un g : (PROD x:?A. ?B(x))}
d8205bb279a7 Initial revision lcp parents: diff changeset	1694	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1695	To show $\pair{a,f`a}\in f$ we use \ttindex{apply_Pair}, which is
d8205bb279a7 Initial revision lcp parents: diff changeset	1696	essentially the converse of \ttindex{apply_equality}:
d8205bb279a7 Initial revision lcp parents: diff changeset	1697	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1698	by (resolve_tac [apply_Pair] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1699	{\out Level 3}
d8205bb279a7 Initial revision lcp parents: diff changeset	1700	{\out (f Un g) ` a = f ` a}
d8205bb279a7 Initial revision lcp parents: diff changeset	1701	{\out 1. f : (PROD x:?A2. ?B2(x))}
d8205bb279a7 Initial revision lcp parents: diff changeset	1702	{\out 2. a : ?A2}
d8205bb279a7 Initial revision lcp parents: diff changeset	1703	{\out 3. f Un g : (PROD x:?A. ?B(x))}
d8205bb279a7 Initial revision lcp parents: diff changeset	1704	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1705	Using the premises $f\in A\to B$ and $a\in A$, we solve the two subgoals
d8205bb279a7 Initial revision lcp parents: diff changeset	1706	from \ttindex{apply_Pair}. Recall that a $\Pi$-set is merely a generalized
d8205bb279a7 Initial revision lcp parents: diff changeset	1707	function space, and observe that~{\tt?A2} is instantiated to~{\tt A}.
d8205bb279a7 Initial revision lcp parents: diff changeset	1708	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1709	by (resolve_tac prems 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1710	{\out Level 4}
d8205bb279a7 Initial revision lcp parents: diff changeset	1711	{\out (f Un g) ` a = f ` a}
d8205bb279a7 Initial revision lcp parents: diff changeset	1712	{\out 1. a : A}
d8205bb279a7 Initial revision lcp parents: diff changeset	1713	{\out 2. f Un g : (PROD x:?A. ?B(x))}
d8205bb279a7 Initial revision lcp parents: diff changeset	1714	by (resolve_tac prems 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1715	{\out Level 5}
d8205bb279a7 Initial revision lcp parents: diff changeset	1716	{\out (f Un g) ` a = f ` a}
d8205bb279a7 Initial revision lcp parents: diff changeset	1717	{\out 1. f Un g : (PROD x:?A. ?B(x))}
d8205bb279a7 Initial revision lcp parents: diff changeset	1718	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1719	To construct functions of the form $f\union g$, we apply
d8205bb279a7 Initial revision lcp parents: diff changeset	1720	\ttindex{fun_disjoint_Un}:
d8205bb279a7 Initial revision lcp parents: diff changeset	1721	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1722	by (resolve_tac [fun_disjoint_Un] 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1723	{\out Level 6}
d8205bb279a7 Initial revision lcp parents: diff changeset	1724	{\out (f Un g) ` a = f ` a}
d8205bb279a7 Initial revision lcp parents: diff changeset	1725	{\out 1. f : ?A3 -> ?B3}
d8205bb279a7 Initial revision lcp parents: diff changeset	1726	{\out 2. g : ?C3 -> ?D3}
d8205bb279a7 Initial revision lcp parents: diff changeset	1727	{\out 3. ?A3 Int ?C3 = 0}
d8205bb279a7 Initial revision lcp parents: diff changeset	1728	\end{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1729	The remaining subgoals are instances of the premises. Again, observe how
d8205bb279a7 Initial revision lcp parents: diff changeset	1730	unknowns are instantiated:
d8205bb279a7 Initial revision lcp parents: diff changeset	1731	\begin{ttbox}
d8205bb279a7 Initial revision lcp parents: diff changeset	1732	by (resolve_tac prems 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1733	{\out Level 7}
d8205bb279a7 Initial revision lcp parents: diff changeset	1734	{\out (f Un g) ` a = f ` a}
d8205bb279a7 Initial revision lcp parents: diff changeset	1735	{\out 1. g : ?C3 -> ?D3}
d8205bb279a7 Initial revision lcp parents: diff changeset	1736	{\out 2. A Int ?C3 = 0}
d8205bb279a7 Initial revision lcp parents: diff changeset	1737	by (resolve_tac prems 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1738	{\out Level 8}
d8205bb279a7 Initial revision lcp parents: diff changeset	1739	{\out (f Un g) ` a = f ` a}
d8205bb279a7 Initial revision lcp parents: diff changeset	1740	{\out 1. A Int C = 0}
d8205bb279a7 Initial revision lcp parents: diff changeset	1741	by (resolve_tac prems 1);
d8205bb279a7 Initial revision lcp parents: diff changeset	1742	{\out Level 9}
d8205bb279a7 Initial revision lcp parents: diff changeset	1743	{\out (f Un g) ` a = f ` a}
d8205bb279a7 Initial revision lcp parents: diff changeset	1744	{\out No subgoals!}
d8205bb279a7 Initial revision lcp parents: diff changeset	1745	\end{ttbox}
287 6b62a6ddbe15 first draft of Springer book lcp parents: 131 diff changeset	1746	See the files {\tt ZF/func.ML} and {\tt ZF/wf.ML} for more
104 d8205bb279a7 Initial revision lcp parents: diff changeset	1747	examples of reasoning about functions.

author	lcp
	Mon, 21 Mar 1994 11:41:41 +0100
changeset 287	6b62a6ddbe15
parent 131	bb0caac13eff
child 317	8a96a64e0b35
permissions	-rw-r--r--