src/ZF/AC/WO6_WO1.ML

Added some simprules proofs.
Converted theories CardinalArith and OrdQuant to Isar style

(*  Title:      ZF/AC/WO6_WO1.ML
    ID:         $Id$
    Author:     Krzysztof Grabczewski

  Proofs needed to state that formulations WO1,...,WO6 are all equivalent.
  The only hard one is WO6 ==> WO1.

  Every proof (except WO6 ==> WO1 and WO1 ==> WO2) are described as "clear"
  by Rubin & Rubin (page 2). 
  They refer reader to a book by Gödel to see the proof WO1 ==> WO2.
  Fortunately order types made this proof also very easy.
*)

(* ********************************************************************** *)

Goalw WO_defs "WO2 ==> WO3";
by (Fast_tac 1);
qed "WO2_WO3";

(* ********************************************************************** *)

Goalw (eqpoll_def::WO_defs) "WO3 ==> WO1";
by (fast_tac (claset() addSEs [bij_is_inj RS well_ord_rvimage, 
			      well_ord_Memrel RS well_ord_subset]) 1);
qed "WO3_WO1";

(* ********************************************************************** *)

Goalw (eqpoll_def::WO_defs) "WO1 ==> WO2";
by (fast_tac (claset() addSIs [Ord_ordertype, ordermap_bij]) 1);
qed "WO1_WO2";

(* ********************************************************************** *)

Goal "f \\<in> A->B ==> (\\<lambda>x \\<in> A. {f`x}): A -> {{b}. b \\<in> B}";
by (fast_tac (claset() addSIs [lam_type, apply_type]) 1);
qed "lam_sets";

Goalw [surj_def] "f \\<in> surj(A,B) ==> (\\<Union>a \\<in> A. {f`a}) = B";
by (fast_tac (claset() addSEs [apply_type]) 1);
qed "surj_imp_eq_";

Goal "[| f \\<in> surj(A,B); Ord(A) |] ==> (\\<Union>a<A. {f`a}) = B";
by (fast_tac (claset() addSDs [surj_imp_eq_]
                addSIs [ltI] addSEs [ltE]) 1);
qed "surj_imp_eq";

Goalw WO_defs "WO1 ==> WO4(1)";
by (rtac allI 1);
by (eres_inst_tac [("x","A")] allE 1);
by (etac exE 1);
by (REPEAT (resolve_tac [exI, conjI] 1));
by (etac Ord_ordertype 1);
by (rtac conjI 1);
by (eresolve_tac [ordermap_bij RS bij_converse_bij RS bij_is_fun RS
                lam_sets RS domain_of_fun] 1);
by (asm_simp_tac (simpset() addsimps [singleton_eqpoll_1 RS eqpoll_imp_lepoll,
                  Ord_ordertype RSN (2, ordermap_bij RS bij_converse_bij RS
                        bij_is_surj RS surj_imp_eq)]) 1);
qed "WO1_WO4";

(* ********************************************************************** *)

Goalw WO_defs "[| m le n; WO4(m) |] ==> WO4(n)";
by (blast_tac (claset() addSDs [spec] 
                        addIs [le_imp_lepoll RSN (2, lepoll_trans)]) 1);
qed "WO4_mono";

(* ********************************************************************** *)

Goalw WO_defs "[| m \\<in> nat; 1 le m; WO4(m) |] ==> WO5";
by (Blast_tac 1);
qed "WO4_WO5";

(* ********************************************************************** *)

Goalw WO_defs "WO5 ==> WO6";
by (Blast_tac 1);
qed "WO5_WO6";


(* ********************************************************************** 
    The proof of "WO6 ==> WO1".  Simplified by L C Paulson.

    From the book "Equivalents of the Axiom of Choice" by Rubin & Rubin,
    pages 2-5
************************************************************************* *)

goal OrderType.thy 
      "!!i j k. [| k < i++j;  Ord(i);  Ord(j) |] ==>  \
\                  k < i  |  (~ k<i & k = i ++ (k--i) & (k--i)<j)";
by (res_inst_tac [("i","k"),("j","i")] Ord_linear2 1);
by (dtac odiff_lt_mono2 4 THEN assume_tac 4);
by (asm_full_simp_tac
    (simpset() addsimps [oadd_odiff_inverse, odiff_oadd_inverse]) 4);
by (safe_tac (claset() addSEs [lt_Ord]));
qed "lt_oadd_odiff_disj";

(*The corresponding elimination rule*)
val lt_oadd_odiff_cases = rule_by_tactic Safe_tac
                                         (lt_oadd_odiff_disj RS disjE);

(* ********************************************************************** *)
(* The most complicated part of the proof - lemma ii - p. 2-4             *)
(* ********************************************************************** *)

(* ********************************************************************** *)
(* some properties of relation uu(beta, gamma, delta) - p. 2              *)
(* ********************************************************************** *)

Goalw [uu_def] "domain(uu(f,b,g,d)) \\<subseteq> f`b";
by (Blast_tac 1);
qed "domain_uu_subset";

Goal "\\<forall>b<a. f`b lepoll m ==> \
\               \\<forall>b<a. \\<forall>g<a. \\<forall>d<a. domain(uu(f,b,g,d)) lepoll m";
by (fast_tac (claset() addSEs
        [domain_uu_subset RS subset_imp_lepoll RS lepoll_trans]) 1);
qed "quant_domain_uu_lepoll_m";

Goalw [uu_def] "uu(f,b,g,d) \\<subseteq> f`b * f`g";
by (Blast_tac 1);
qed "uu_subset1";

Goalw [uu_def] "uu(f,b,g,d) \\<subseteq> f`d";
by (Blast_tac 1);
qed "uu_subset2";

Goal "[| \\<forall>b<a. f`b lepoll m;  d<a |] ==> uu(f,b,g,d) lepoll m";
by (fast_tac (claset()
        addSEs [uu_subset2 RS subset_imp_lepoll RS lepoll_trans]) 1);
qed "uu_lepoll_m";

(* ********************************************************************** *)
(* Two cases for lemma ii                                                 *)
(* ********************************************************************** *)
Goalw [lesspoll_def] 
     "\\<forall>b<a. \\<forall>g<a. \\<forall>d<a. u(f,b,g,d) lepoll m  \
\     ==> (\\<forall>b<a. f`b \\<noteq> 0 --> \
\                 (\\<exists>g<a. \\<exists>d<a. u(f,b,g,d) \\<noteq> 0 & u(f,b,g,d) lesspoll m)) \
\       | (\\<exists>b<a. f`b \\<noteq> 0 & (\\<forall>g<a. \\<forall>d<a. u(f,b,g,d) \\<noteq> 0 -->  \
\                                       u(f,b,g,d) eqpoll m))";
by (Asm_simp_tac 1);
by (blast_tac (claset() delrules [equalityI]) 1);
qed "cases";

(* ********************************************************************** *)
(* Lemmas used in both cases                                              *)
(* ********************************************************************** *)
Goal "Ord(a) ==> (\\<Union>b<a++a. C(b)) = (\\<Union>b<a. C(b) Un C(a++b))";
by (fast_tac (claset() addSIs [equalityI] addIs [ltI] 
                    addSDs [lt_oadd_disj]
                    addSEs [lt_oadd1, oadd_lt_mono2]) 1);
qed "UN_oadd";


(* ********************************************************************** *)
(* Case 1 \\<in> lemmas                                                        *)
(* ********************************************************************** *)

Goalw [vv1_def] "vv1(f,m,b) \\<subseteq> f`b";
by (rtac (LetI RS LetI) 1);
by (simp_tac (simpset() addsimps [domain_uu_subset]) 1);
qed "vv1_subset";

(* ********************************************************************** *)
(* Case 1 \\<in> Union of images is the whole "y"                              *)
(* ********************************************************************** *)
Goalw [gg1_def]
  "!! a f y. [| Ord(a);  m \\<in> nat |] ==>   \
\            (\\<Union>b<a++a. gg1(f,a,m)`b) = (\\<Union>b<a. f`b)";
by (asm_simp_tac
    (simpset() addsimps [UN_oadd, lt_oadd1,
                           oadd_le_self RS le_imp_not_lt, lt_Ord,
                           odiff_oadd_inverse, ltD,
                           vv1_subset RS Diff_partition, ww1_def]) 1);
qed "UN_gg1_eq";

Goal "domain(gg1(f,a,m)) = a++a";
by (simp_tac (simpset() addsimps [lam_funtype RS domain_of_fun, gg1_def]) 1);
qed "domain_gg1";

(* ********************************************************************** *)
(* every value of defined function is less than or equipollent to m       *)
(* ********************************************************************** *)
Goal "[| P(a, b);  Ord(a);  Ord(b);  \
\               Least_a = (LEAST a. \\<exists>x. Ord(x) & P(a, x)) |]  \
\               ==> P(Least_a, LEAST b. P(Least_a, b))";
by (etac ssubst 1);
by (res_inst_tac [("Q","%z. P(z, LEAST b. P(z, b))")] LeastI2 1);
by (REPEAT (fast_tac (claset() addSEs [LeastI]) 1));
qed "nested_LeastI";

bind_thm ("nested_Least_instance",
	  inst "P" 
               "%g d. domain(uu(f,b,g,d)) \\<noteq> 0 & domain(uu(f,b,g,d)) lepoll m" 
	  nested_LeastI);

Goalw [gg1_def]
    "!!a. [| Ord(a);  m \\<in> nat;  \
\            \\<forall>b<a. f`b \\<noteq>0 -->                                       \
\            (\\<exists>g<a. \\<exists>d<a. domain(uu(f,b,g,d)) \\<noteq> 0  &               \
\                             domain(uu(f,b,g,d)) lepoll m);            \
\            \\<forall>b<a. f`b lepoll succ(m);  b<a++a                       \
\         |] ==> gg1(f,a,m)`b lepoll m";
by (Asm_simp_tac 1);
by (safe_tac (claset() addSEs [lt_oadd_odiff_cases]));
(*Case b<a   \\<in> show vv1(f,m,b) lepoll m *)
by (asm_simp_tac (simpset() addsimps [vv1_def, Let_def]) 1);
by (fast_tac (claset() addIs [nested_Least_instance RS conjunct2]
                addSEs [lt_Ord]
                addSIs [empty_lepollI]) 1);
(*Case a le b \\<in> show ww1(f,m,b--a) lepoll m *)
by (asm_simp_tac (simpset() addsimps [ww1_def]) 1);
by (excluded_middle_tac "f`(b--a) = 0" 1);
by (asm_simp_tac (simpset() addsimps [empty_lepollI]) 2);
by (rtac Diff_lepoll 1);
by (Blast_tac 1);
by (rtac vv1_subset 1);
by (dtac (ospec RS mp) 1);
by (REPEAT (eresolve_tac [asm_rl, oexE, conjE] 1));
by (asm_simp_tac (simpset()
        addsimps [vv1_def, Let_def, lt_Ord, 
                  nested_Least_instance RS conjunct1]) 1);
qed "gg1_lepoll_m";

(* ********************************************************************** *)
(* Case 2 \\<in> lemmas                                                        *)
(* ********************************************************************** *)

(* ********************************************************************** *)
(* Case 2 \\<in> vv2_subset                                                    *)
(* ********************************************************************** *)

Goalw [uu_def] "[| b<a;  g<a;  f`b\\<noteq>0;  f`g\\<noteq>0;        \
\                  y*y \\<subseteq> y;  (\\<Union>b<a. f`b)=y          \
\               |] ==> \\<exists>d<a. uu(f,b,g,d) \\<noteq> 0";
by (fast_tac (claset() addSIs [not_emptyI] 
                    addSDs [SigmaI RSN (2, subsetD)]
                    addSEs [not_emptyE]) 1);
qed "ex_d_uu_not_empty";

Goal "[| b<a; g<a; f`b\\<noteq>0; f`g\\<noteq>0;  \
\        y*y \\<subseteq> y; (\\<Union>b<a. f`b)=y |]  \
\     ==> uu(f,b,g,LEAST d. (uu(f,b,g,d) \\<noteq> 0)) \\<noteq> 0";
by (dtac ex_d_uu_not_empty 1 THEN REPEAT (assume_tac 1));
by (fast_tac (claset() addSEs [LeastI, lt_Ord]) 1);
qed "uu_not_empty";

Goal "[| r \\<subseteq> A*B; r\\<noteq>0 |] ==> domain(r)\\<noteq>0";
by (Blast_tac 1);
qed "not_empty_rel_imp_domain";

Goal "[| b<a; g<a; f`b\\<noteq>0; f`g\\<noteq>0;  \
\        y*y \\<subseteq> y; (\\<Union>b<a. f`b)=y |]  \
\     ==> (LEAST d. uu(f,b,g,d) \\<noteq> 0) < a";
by (eresolve_tac [ex_d_uu_not_empty RS oexE] 1
        THEN REPEAT (assume_tac 1));
by (resolve_tac [Least_le RS lt_trans1] 1
        THEN (REPEAT (ares_tac [lt_Ord] 1)));
qed "Least_uu_not_empty_lt_a";

Goal "[| B \\<subseteq> A; a\\<notin>B |] ==> B \\<subseteq> A-{a}";
by (Blast_tac 1);
qed "subset_Diff_sing";

(*Could this be proved more directly?*)
Goal "[| A lepoll m; m lepoll B; B \\<subseteq> A; m \\<in> nat |] ==> A=B";
by (etac natE 1);
by (fast_tac (claset() addSDs [lepoll_0_is_0] addSIs [equalityI]) 1);
by (safe_tac (claset() addSIs [equalityI])); 
by (rtac ccontr 1);
by (etac (subset_Diff_sing RS subset_imp_lepoll 
	  RSN (2, Diff_sing_lepoll RSN (3, lepoll_trans RS lepoll_trans)) RS 
	  succ_lepoll_natE) 1
        THEN REPEAT (assume_tac 1));
qed "supset_lepoll_imp_eq";

Goal "[| \\<forall>g<a. \\<forall>d<a. domain(uu(f, b, g, d))\\<noteq>0 -->               \
\         domain(uu(f, b, g, d)) eqpoll succ(m);                        \
\         \\<forall>b<a. f`b lepoll succ(m);  y*y \\<subseteq> y;                       \
\         (\\<Union>b<a. f`b)=y;  b<a;  g<a;  d<a;                            \
\         f`b\\<noteq>0;  f`g\\<noteq>0;  m \\<in> nat;  s \\<in> f`b                               \
\      |] ==> uu(f, b, g, LEAST d. uu(f,b,g,d)\\<noteq>0) \\<in> f`b -> f`g";
by (dres_inst_tac [("x2","g")] (ospec RS ospec RS mp) 1);
by (rtac ([uu_subset1, uu_not_empty] MRS not_empty_rel_imp_domain) 3);
by (rtac Least_uu_not_empty_lt_a 2 THEN TRYALL assume_tac);
by (resolve_tac [eqpoll_sym RS eqpoll_imp_lepoll RS 
        (Least_uu_not_empty_lt_a RSN (2, uu_lepoll_m) RSN (2, 
        uu_subset1 RSN (4, rel_is_fun)))] 1
        THEN TRYALL assume_tac);
by (rtac (eqpoll_sym RS eqpoll_imp_lepoll RSN (2, supset_lepoll_imp_eq)) 1);
by (REPEAT_FIRST assume_tac);
by (REPEAT (fast_tac (claset() addSIs [domain_uu_subset]) 1));
qed "uu_Least_is_fun";

Goalw [vv2_def]
    "!!a. [| \\<forall>g<a. \\<forall>d<a. domain(uu(f, b, g, d))\\<noteq>0 -->            \
\            domain(uu(f, b, g, d)) eqpoll succ(m);                     \
\            \\<forall>b<a. f`b lepoll succ(m); y*y \\<subseteq> y;                     \
\            (\\<Union>b<a. f`b)=y;  b<a;  g<a;  m \\<in> nat;  s \\<in> f`b                \
\          |] ==> vv2(f,b,g,s) \\<subseteq> f`g";
by (split_tac [split_if] 1);
by Safe_tac;
by (etac (uu_Least_is_fun RS apply_type) 1);
by (REPEAT_SOME (fast_tac (claset() addSIs [not_emptyI, singleton_subsetI])));
qed "vv2_subset";

(* ********************************************************************** *)
(* Case 2 \\<in> Union of images is the whole "y"                              *)
(* ********************************************************************** *)
Goalw [gg2_def]
    "!!a. [| \\<forall>g<a. \\<forall>d<a. domain(uu(f,b,g,d)) \\<noteq> 0 -->             \
\            domain(uu(f,b,g,d)) eqpoll succ(m);                        \
\            \\<forall>b<a. f`b lepoll succ(m); y*y \\<subseteq> y;                       \
\            (\\<Union>b<a. f`b)=y;  Ord(a);  m \\<in> nat;  s \\<in> f`b;  b<a              \
\         |] ==> (\\<Union>g<a++a. gg2(f,a,b,s) ` g) = y";
by (dtac sym 1);
by (asm_simp_tac
    (simpset() addsimps [UN_oadd, lt_oadd1,
                           oadd_le_self RS le_imp_not_lt, lt_Ord,
                           odiff_oadd_inverse, ww2_def,
                           vv2_subset RS Diff_partition]) 1);
qed "UN_gg2_eq";

Goal "domain(gg2(f,a,b,s)) = a++a";
by (simp_tac (simpset() addsimps [lam_funtype RS domain_of_fun, gg2_def]) 1);
qed "domain_gg2";

(* ********************************************************************** *)
(* every value of defined function is less than or equipollent to m       *)
(* ********************************************************************** *)

Goalw [vv2_def] "[| m \\<in> nat; m\\<noteq>0 |] ==> vv2(f,b,g,s) lepoll m";
by (asm_simp_tac (simpset() addsimps [empty_lepollI]) 1);
by (fast_tac (claset()
        addSDs [le_imp_subset RS subset_imp_lepoll RS lepoll_0_is_0]
        addSIs [singleton_eqpoll_1 RS eqpoll_imp_lepoll RS lepoll_trans,
                not_lt_imp_le RS le_imp_subset RS subset_imp_lepoll,
                nat_into_Ord, nat_1I]) 1);
qed "vv2_lepoll";

Goalw [ww2_def]
    "[| \\<forall>b<a. f`b lepoll succ(m);  g<a;  m \\<in> nat;  vv2(f,b,g,d) \\<subseteq> f`g |] \
\    ==> ww2(f,b,g,d) lepoll m";
by (excluded_middle_tac "f`g = 0" 1);
by (asm_simp_tac (simpset() addsimps [empty_lepollI]) 2);
by (dtac ospec 1 THEN (assume_tac 1));
by (rtac Diff_lepoll 1 THEN (TRYALL assume_tac));
by (asm_simp_tac (simpset() addsimps [vv2_def, not_emptyI]) 1);
qed "ww2_lepoll";

Goalw [gg2_def]
    "!!a. [| \\<forall>g<a. \\<forall>d<a. domain(uu(f,b,g,d)) \\<noteq> 0 -->             \
\            domain(uu(f,b,g,d)) eqpoll succ(m);                        \
\            \\<forall>b<a. f`b lepoll succ(m);  y*y \\<subseteq> y;                    \
\            (\\<Union>b<a. f`b)=y;  b<a;  s \\<in> f`b;  m \\<in> nat;  m\\<noteq> 0;  g<a++a     \
\         |] ==> gg2(f,a,b,s) ` g lepoll m";
by (Asm_simp_tac 1);
by (safe_tac (claset() addSEs [lt_oadd_odiff_cases, lt_Ord2]));
by (asm_simp_tac (simpset() addsimps [vv2_lepoll]) 1);
by (asm_simp_tac (simpset() addsimps [ww2_lepoll, vv2_subset]) 1);
qed "gg2_lepoll_m";

(* ********************************************************************** *)
(* lemma ii                                                               *)
(* ********************************************************************** *)
Goalw [NN_def] "[| succ(m) \\<in> NN(y); y*y \\<subseteq> y; m \\<in> nat; m\\<noteq>0 |] ==> m \\<in> NN(y)";
by (REPEAT (eresolve_tac [CollectE, exE, conjE] 1));
by (resolve_tac [quant_domain_uu_lepoll_m RS cases RS disjE] 1
    THEN (assume_tac 1));
(* case 1 *)
by (asm_full_simp_tac (simpset() addsimps [lesspoll_succ_iff]) 1);
by (res_inst_tac [("x","a++a")] exI 1);
by (fast_tac (claset() addSIs [Ord_oadd, domain_gg1, UN_gg1_eq, 
                                  gg1_lepoll_m]) 1);
(* case 2 *)
by (REPEAT (eresolve_tac [oexE, conjE] 1));
by (res_inst_tac [("A","f`?B")] not_emptyE 1 THEN (assume_tac 1));
by (rtac CollectI 1);
by (etac succ_natD 1);
by (res_inst_tac [("x","a++a")] exI 1);
by (res_inst_tac [("x","gg2(f,a,b,x)")] exI 1);
(*Calling fast_tac might get rid of the res_inst_tac calls, but it
  is just too slow.*)
by (asm_simp_tac (simpset() addsimps 
                  [Ord_oadd, domain_gg2, UN_gg2_eq, gg2_lepoll_m]) 1);
qed "lemma_ii";


(* ********************************************************************** *)
(* lemma iv - p. 4 \\<in>                                                      *)
(* For every set x there is a set y such that   x Un (y * y) \\<subseteq> y         *)
(* ********************************************************************** *)

(* the quantifier \\<forall>looks inelegant but makes the proofs shorter  *)
(* (used only in the following two lemmas)                          *)

Goal "\\<forall>n \\<in> nat. rec(n, x, %k r. r Un r*r) \\<subseteq>  \
\                    rec(succ(n), x, %k r. r Un r*r)";
by (fast_tac (claset() addIs [rec_succ RS ssubst]) 1);
qed "z_n_subset_z_succ_n";

Goal "[| \\<forall>n \\<in> nat. f(n)<=f(succ(n)); n le m; n \\<in> nat; m \\<in> nat |]  \
\     ==> f(n)<=f(m)";
by (eres_inst_tac [("P","n le m")] rev_mp 1);
by (res_inst_tac [("P","%z. n le z --> f(n) \\<subseteq> f(z)")] nat_induct 1);
by (REPEAT (fast_tac le_cs 1));
qed "le_subsets";

Goal "[| n le m; m \\<in> nat |] ==>  \
\       rec(n, x, %k r. r Un r*r) \\<subseteq> rec(m, x, %k r. r Un r*r)";
by (resolve_tac [z_n_subset_z_succ_n RS le_subsets] 1 
    THEN (TRYALL assume_tac));
by (eresolve_tac [Ord_nat RSN (2, ltI) RSN (2, lt_trans1) RS ltD] 1
    THEN (assume_tac 1));
qed "le_imp_rec_subset";

Goal "\\<exists>y. x Un y*y \\<subseteq> y";
by (res_inst_tac [("x","\\<Union>n \\<in> nat. rec(n, x, %k r. r Un r*r)")] exI 1);
by Safe_tac;
by (rtac (nat_0I RS UN_I) 1);
by (Asm_simp_tac 1);
by (res_inst_tac [("a","succ(n Un na)")] UN_I 1);
by (eresolve_tac [Un_nat_type RS nat_succI] 1 THEN (assume_tac 1));
by (fast_tac (ZF_cs addIs [le_imp_rec_subset RS subsetD]
                addSIs [Un_upper1_le, Un_upper2_le, Un_nat_type]
                addSEs [nat_into_Ord] addss (simpset())) 1);
qed "lemma_iv";

(* ********************************************************************** *)
(* Rubin & Rubin wrote \\<in>                                                  *)
(* "It follows from (ii) and mathematical induction that if y*y \\<subseteq> y then *)
(* y can be well-ordered"                                                 *)

(* In fact we have to prove \\<in>                                             *)
(*      * WO6 ==> NN(y) \\<noteq> 0                                              *)
(*      * reverse induction which lets us infer that 1 \\<in> NN(y)            *)
(*      * 1 \\<in> NN(y) ==> y can be well-ordered                             *)
(* ********************************************************************** *)

(* ********************************************************************** *)
(*      WO6 ==> NN(y) \\<noteq> 0                                                *)
(* ********************************************************************** *)

Goalw [WO6_def, NN_def] "WO6 ==> NN(y) \\<noteq> 0";
by (fast_tac ZF_cs 1);  (*SLOW if current claset is used*)
qed "WO6_imp_NN_not_empty";

(* ********************************************************************** *)
(*      1 \\<in> NN(y) ==> y can be well-ordered                               *)
(* ********************************************************************** *)

Goal "[| (\\<Union>b<a. f`b)=y; x \\<in> y; \\<forall>b<a. f`b lepoll 1; Ord(a) |]  \
\     ==> \\<exists>c<a. f`c = {x}";
by (fast_tac (claset() addSEs [lepoll_1_is_sing]) 1);
val lemma1 = result();

Goal "[| (\\<Union>b<a. f`b)=y; x \\<in> y; \\<forall>b<a. f`b lepoll 1; Ord(a) |]  \
\     ==> f` (LEAST i. f`i = {x}) = {x}";
by (dtac lemma1 1 THEN REPEAT (assume_tac 1));
by (fast_tac (claset() addSEs [lt_Ord] addIs [LeastI]) 1);
val lemma2 = result();

Goalw [NN_def] "1 \\<in> NN(y) ==> \\<exists>a f. Ord(a) & f \\<in> inj(y, a)";
by (etac CollectE 1);
by (REPEAT (eresolve_tac [exE, conjE] 1));
by (res_inst_tac [("x","a")] exI 1);
by (res_inst_tac [("x","\\<lambda>x \\<in> y. LEAST i. f`i = {x}")] exI 1);
by (rtac conjI 1 THEN (assume_tac 1));
by (res_inst_tac [("d","%i. THE x. x \\<in> f`i")] lam_injective 1);
by (dtac lemma1 1 THEN REPEAT (assume_tac 1));
by (fast_tac (claset() addSEs [Least_le RS lt_trans1 RS ltD, lt_Ord]) 1);
by (resolve_tac [lemma2 RS ssubst] 1 THEN REPEAT (assume_tac 1));
by (Blast_tac 1);
qed "NN_imp_ex_inj";

Goal "[| y*y \\<subseteq> y; 1 \\<in> NN(y) |] ==> \\<exists>r. well_ord(y, r)";
by (dtac NN_imp_ex_inj 1);
by (fast_tac (claset() addSEs [well_ord_Memrel RSN (2,  well_ord_rvimage)]) 1);
qed "y_well_ord";

(* ********************************************************************** *)
(*      reverse induction which lets us infer that 1 \\<in> NN(y)              *)
(* ********************************************************************** *)

val [prem1, prem2] = goal thy
        "[| n \\<in> nat; !!m. [| m \\<in> nat; m\\<noteq>0; P(succ(m)) |] ==> P(m) |]  \
\       ==> n\\<noteq>0 --> P(n) --> P(1)";
by (rtac (prem1 RS nat_induct) 1);
by (Blast_tac 1);
by (excluded_middle_tac "x=0" 1);
by (Blast_tac 2);
by (fast_tac (claset() addSIs [prem2]) 1);
qed "rev_induct_lemma";

val prems = 
Goal    "[| P(n); n \\<in> nat; n\\<noteq>0;  \
\           !!m. [| m \\<in> nat; m\\<noteq>0; P(succ(m)) |] ==> P(m) |]  \
\        ==> P(1)";
by (resolve_tac [rev_induct_lemma RS impE] 1);
by (etac impE 4 THEN (assume_tac 5));
by (REPEAT (ares_tac prems 1));
qed "rev_induct";

Goalw [NN_def] "n \\<in> NN(y) ==> n \\<in> nat";
by (etac CollectD1 1);
qed "NN_into_nat";

Goal "[| n \\<in> NN(y); y*y \\<subseteq> y; n\\<noteq>0 |] ==> 1 \\<in> NN(y)";
by (rtac rev_induct 1 THEN REPEAT (ares_tac [NN_into_nat] 1));
by (rtac lemma_ii 1 THEN REPEAT (assume_tac 1));
val lemma3 = result();

(* ********************************************************************** *)
(* Main theorem "WO6 ==> WO1"                                             *)
(* ********************************************************************** *)

(* another helpful lemma *)
Goalw [NN_def] "0 \\<in> NN(y) ==> y=0";
by (fast_tac (claset() addSIs [equalityI] 
                       addSDs [lepoll_0_is_0] addEs [subst]) 1);
qed "NN_y_0";

Goalw [WO1_def] "WO6 ==> WO1";
by (rtac allI 1);
by (excluded_middle_tac "A=0" 1);
by (fast_tac (claset() addSIs [well_ord_Memrel, nat_0I RS nat_into_Ord]) 2);
by (res_inst_tac [("x1","A")] (lemma_iv RS revcut_rl) 1);
by (etac exE 1);
by (dtac WO6_imp_NN_not_empty 1);
by (eresolve_tac [Un_subset_iff RS iffD1 RS conjE] 1);
by (eres_inst_tac [("A","NN(y)")] not_emptyE 1);
by (ftac y_well_ord 1);
by (fast_tac (claset() addEs [well_ord_subset]) 2);
by (fast_tac (claset() addSIs [lemma3] addSDs [NN_y_0] addSEs [not_emptyE]) 1);
qed "WO6_imp_WO1";