src/HOL/Set.ML

added dest_conj;

(*  Title:      HOL/set
    ID:         $Id$
    Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
    Copyright   1991  University of Cambridge

Set theory for higher-order logic.  A set is simply a predicate.
*)

section "Relating predicates and sets";

Addsimps [Collect_mem_eq];
AddIffs  [mem_Collect_eq];

Goal "P(a) ==> a : {x. P(x)}";
by (Asm_simp_tac 1);
qed "CollectI";

Goal "a : {x. P(x)} ==> P(a)";
by (Asm_full_simp_tac 1);
qed "CollectD";

bind_thm ("CollectE", make_elim CollectD);

val [prem] = Goal "[| !!x. (x:A) = (x:B) |] ==> A = B";
by (rtac (prem RS ext RS arg_cong RS box_equals) 1);
by (rtac Collect_mem_eq 1);
by (rtac Collect_mem_eq 1);
qed "set_ext";

val [prem] = Goal "[| !!x. P(x)=Q(x) |] ==> {x. P(x)} = {x. Q(x)}";
by (rtac (prem RS ext RS arg_cong) 1);
qed "Collect_cong";

val CollectE = make_elim CollectD;

AddSIs [CollectI];
AddSEs [CollectE];


section "Bounded quantifiers";

val prems = Goalw [Ball_def]
    "[| !!x. x:A ==> P(x) |] ==> ! x:A. P(x)";
by (REPEAT (ares_tac (prems @ [allI,impI]) 1));
qed "ballI";

Goalw [Ball_def] "[| ! x:A. P(x);  x:A |] ==> P(x)";
by (Blast_tac 1);
qed "bspec";

val major::prems = Goalw [Ball_def]
    "[| ! x:A. P(x);  P(x) ==> Q;  x~:A ==> Q |] ==> Q";
by (rtac (major RS spec RS impCE) 1);
by (REPEAT (eresolve_tac prems 1));
qed "ballE";

(*Takes assumptions ! x:A.P(x) and a:A; creates assumption P(a)*)
fun ball_tac i = etac ballE i THEN contr_tac (i+1);

AddSIs [ballI];
AddEs  [ballE];
AddXDs [bspec];
(* gives better instantiation for bound: *)
claset_ref() := claset() addWrapper ("bspec", fn tac2 =>
			 (dtac bspec THEN' atac) APPEND' tac2);

(*Normally the best argument order: P(x) constrains the choice of x:A*)
Goalw [Bex_def] "[| P(x);  x:A |] ==> ? x:A. P(x)";
by (Blast_tac 1);
qed "bexI";

(*The best argument order when there is only one x:A*)
Goalw [Bex_def] "[| x:A;  P(x) |] ==> ? x:A. P(x)";
by (Blast_tac 1);
qed "rev_bexI";

val prems = Goal 
   "[| ! x:A. ~P(x) ==> P(a);  a:A |] ==> ? x:A. P(x)";
by (rtac classical 1);
by (REPEAT (ares_tac (prems@[bexI,ballI,notI,notE]) 1))  ;
qed "bexCI";

val major::prems = Goalw [Bex_def]
    "[| ? x:A. P(x);  !!x. [| x:A; P(x) |] ==> Q  |] ==> Q";
by (rtac (major RS exE) 1);
by (REPEAT (eresolve_tac (prems @ [asm_rl,conjE]) 1));
qed "bexE";

AddIs  [bexI];
AddSEs [bexE];

(*Trival rewrite rule*)
Goal "(! x:A. P) = ((? x. x:A) --> P)";
by (simp_tac (simpset() addsimps [Ball_def]) 1);
qed "ball_triv";

(*Dual form for existentials*)
Goal "(? x:A. P) = ((? x. x:A) & P)";
by (simp_tac (simpset() addsimps [Bex_def]) 1);
qed "bex_triv";

Addsimps [ball_triv, bex_triv];

(** Congruence rules **)

val prems = Goalw [Ball_def]
    "[| A=B;  !!x. x:B ==> P(x) = Q(x) |] ==> \
\    (! x:A. P(x)) = (! x:B. Q(x))";
by (asm_simp_tac (simpset() addsimps prems) 1);
qed "ball_cong";

val prems = Goalw [Bex_def]
    "[| A=B;  !!x. x:B ==> P(x) = Q(x) |] ==> \
\    (? x:A. P(x)) = (? x:B. Q(x))";
by (asm_simp_tac (simpset() addcongs [conj_cong] addsimps prems) 1);
qed "bex_cong";

Addcongs [ball_cong,bex_cong];

section "Subsets";

val prems = Goalw [subset_def] "(!!x. x:A ==> x:B) ==> A <= B";
by (REPEAT (ares_tac (prems @ [ballI]) 1));
qed "subsetI";

(*Map the type ('a set => anything) to just 'a.
  For overloading constants whose first argument has type "'a set" *)
fun overload_1st_set s = Blast.overloaded (s, HOLogic.dest_setT o domain_type);

(*While (:) is not, its type must be kept
  for overloading of = to work.*)
Blast.overloaded ("op :", domain_type);

overload_1st_set "Ball";		(*need UNION, INTER also?*)
overload_1st_set "Bex";

(*Image: retain the type of the set being expressed*)
Blast.overloaded ("image", domain_type);

(*Rule in Modus Ponens style*)
Goalw [subset_def] "[| A <= B;  c:A |] ==> c:B";
by (Blast_tac 1);
qed "subsetD";
AddXIs [subsetD];

(*The same, with reversed premises for use with etac -- cf rev_mp*)
Goal "[| c:A;  A <= B |] ==> c:B";
by (REPEAT (ares_tac [subsetD] 1)) ;
qed "rev_subsetD";
AddXIs [rev_subsetD];

(*Converts A<=B to x:A ==> x:B*)
fun impOfSubs th = th RSN (2, rev_subsetD);

Goal "[| A <= B; c ~: B |] ==> c ~: A";
by (REPEAT (eresolve_tac [asm_rl, contrapos, subsetD] 1)) ;
qed "contra_subsetD";

Goal "[| c ~: B;  A <= B |] ==> c ~: A";
by (REPEAT (eresolve_tac [asm_rl, contrapos, subsetD] 1)) ;
qed "rev_contra_subsetD";

(*Classical elimination rule*)
val major::prems = Goalw [subset_def] 
    "[| A <= B;  c~:A ==> P;  c:B ==> P |] ==> P";
by (rtac (major RS ballE) 1);
by (REPEAT (eresolve_tac prems 1));
qed "subsetCE";

(*Takes assumptions A<=B; c:A and creates the assumption c:B *)
fun set_mp_tac i = etac subsetCE i  THEN  mp_tac i;

AddSIs [subsetI];
AddEs  [subsetD, subsetCE];

Goal "A <= (A::'a set)";
by (Fast_tac 1);
qed "subset_refl";		(*Blast_tac would try order_refl and fail*)

Goal "[| A<=B;  B<=C |] ==> A<=(C::'a set)";
by (Blast_tac 1);
qed "subset_trans";


section "Equality";

(*Anti-symmetry of the subset relation*)
Goal "[| A <= B;  B <= A |] ==> A = (B::'a set)";
by (rtac set_ext 1);
by (blast_tac (claset() addIs [subsetD]) 1);
qed "subset_antisym";
val equalityI = subset_antisym;

AddSIs [equalityI];

(* Equality rules from ZF set theory -- are they appropriate here? *)
Goal "A = B ==> A<=(B::'a set)";
by (etac ssubst 1);
by (rtac subset_refl 1);
qed "equalityD1";

Goal "A = B ==> B<=(A::'a set)";
by (etac ssubst 1);
by (rtac subset_refl 1);
qed "equalityD2";

val prems = Goal
    "[| A = B;  [| A<=B; B<=(A::'a set) |] ==> P |]  ==>  P";
by (resolve_tac prems 1);
by (REPEAT (resolve_tac (prems RL [equalityD1,equalityD2]) 1));
qed "equalityE";

val major::prems = Goal
    "[| A = B;  [| c:A; c:B |] ==> P;  [| c~:A; c~:B |] ==> P |]  ==>  P";
by (rtac (major RS equalityE) 1);
by (REPEAT (contr_tac 1 ORELSE eresolve_tac ([asm_rl,subsetCE]@prems) 1));
qed "equalityCE";

(*Lemma for creating induction formulae -- for "pattern matching" on p
  To make the induction hypotheses usable, apply "spec" or "bspec" to
  put universal quantifiers over the free variables in p. *)
val prems = Goal 
    "[| p:A;  !!z. z:A ==> p=z --> R |] ==> R";
by (rtac mp 1);
by (REPEAT (resolve_tac (refl::prems) 1));
qed "setup_induction";

Goal "A = B ==> (x : A) = (x : B)";
by (Asm_simp_tac 1);
qed "eqset_imp_iff";


section "The universal set -- UNIV";

Goalw [UNIV_def] "x : UNIV";
by (rtac CollectI 1);
by (rtac TrueI 1);
qed "UNIV_I";

Addsimps [UNIV_I];
AddIs    [UNIV_I];  (*unsafe makes it less likely to cause problems*)

Goal "A <= UNIV";
by (rtac subsetI 1);
by (rtac UNIV_I 1);
qed "subset_UNIV";

(** Eta-contracting these two rules (to remove P) causes them to be ignored
    because of their interaction with congruence rules. **)

Goalw [Ball_def] "Ball UNIV P = All P";
by (Simp_tac 1);
qed "ball_UNIV";

Goalw [Bex_def] "Bex UNIV P = Ex P";
by (Simp_tac 1);
qed "bex_UNIV";
Addsimps [ball_UNIV, bex_UNIV];


section "The empty set -- {}";

Goalw [empty_def] "(c : {}) = False";
by (Blast_tac 1) ;
qed "empty_iff";

Addsimps [empty_iff];

Goal "a:{} ==> P";
by (Full_simp_tac 1);
qed "emptyE";

AddSEs [emptyE];

Goal "{} <= A";
by (Blast_tac 1) ;
qed "empty_subsetI";

(*One effect is to delete the ASSUMPTION {} <= A*)
AddIffs [empty_subsetI];

val [prem]= Goal "[| !!y. y:A ==> False |] ==> A={}";
by (blast_tac (claset() addIs [prem RS FalseE]) 1) ;
qed "equals0I";

(*Use for reasoning about disjointness: A Int B = {} *)
Goal "A={} ==> a ~: A";
by (Blast_tac 1) ;
qed "equals0D";

AddDs [equals0D, sym RS equals0D];

Goalw [Ball_def] "Ball {} P = True";
by (Simp_tac 1);
qed "ball_empty";

Goalw [Bex_def] "Bex {} P = False";
by (Simp_tac 1);
qed "bex_empty";
Addsimps [ball_empty, bex_empty];

Goal "UNIV ~= {}";
by (blast_tac (claset() addEs [equalityE]) 1);
qed "UNIV_not_empty";
AddIffs [UNIV_not_empty];



section "The Powerset operator -- Pow";

Goalw [Pow_def] "(A : Pow(B)) = (A <= B)";
by (Asm_simp_tac 1);
qed "Pow_iff";

AddIffs [Pow_iff]; 

Goalw [Pow_def] "A <= B ==> A : Pow(B)";
by (etac CollectI 1);
qed "PowI";

Goalw [Pow_def] "A : Pow(B)  ==>  A<=B";
by (etac CollectD 1);
qed "PowD";


val Pow_bottom = empty_subsetI RS PowI;        (* {}: Pow(B) *)
val Pow_top = subset_refl RS PowI;             (* A : Pow(A) *)


section "Set complement";

Goalw [Compl_def] "(c : -A) = (c~:A)";
by (Blast_tac 1);
qed "Compl_iff";

Addsimps [Compl_iff];

val prems = Goalw [Compl_def] "[| c:A ==> False |] ==> c : -A";
by (REPEAT (ares_tac (prems @ [CollectI,notI]) 1));
qed "ComplI";

(*This form, with negated conclusion, works well with the Classical prover.
  Negated assumptions behave like formulae on the right side of the notional
  turnstile...*)
Goalw [Compl_def] "c : -A ==> c~:A";
by (etac CollectD 1);
qed "ComplD";

val ComplE = make_elim ComplD;

AddSIs [ComplI];
AddSEs [ComplE];


section "Binary union -- Un";

Goalw [Un_def] "(c : A Un B) = (c:A | c:B)";
by (Blast_tac 1);
qed "Un_iff";
Addsimps [Un_iff];

Goal "c:A ==> c : A Un B";
by (Asm_simp_tac 1);
qed "UnI1";

Goal "c:B ==> c : A Un B";
by (Asm_simp_tac 1);
qed "UnI2";

(*Classical introduction rule: no commitment to A vs B*)

val prems = Goal "(c~:B ==> c:A) ==> c : A Un B";
by (Simp_tac 1);
by (REPEAT (ares_tac (prems@[disjCI]) 1)) ;
qed "UnCI";

val major::prems = Goalw [Un_def]
    "[| c : A Un B;  c:A ==> P;  c:B ==> P |] ==> P";
by (rtac (major RS CollectD RS disjE) 1);
by (REPEAT (eresolve_tac prems 1));
qed "UnE";

AddSIs [UnCI];
AddSEs [UnE];


section "Binary intersection -- Int";

Goalw [Int_def] "(c : A Int B) = (c:A & c:B)";
by (Blast_tac 1);
qed "Int_iff";
Addsimps [Int_iff];

Goal "[| c:A;  c:B |] ==> c : A Int B";
by (Asm_simp_tac 1);
qed "IntI";

Goal "c : A Int B ==> c:A";
by (Asm_full_simp_tac 1);
qed "IntD1";

Goal "c : A Int B ==> c:B";
by (Asm_full_simp_tac 1);
qed "IntD2";

val [major,minor] = Goal
    "[| c : A Int B;  [| c:A; c:B |] ==> P |] ==> P";
by (rtac minor 1);
by (rtac (major RS IntD1) 1);
by (rtac (major RS IntD2) 1);
qed "IntE";

AddSIs [IntI];
AddSEs [IntE];

section "Set difference";

Goalw [set_diff_def] "(c : A-B) = (c:A & c~:B)";
by (Blast_tac 1);
qed "Diff_iff";
Addsimps [Diff_iff];

Goal "[| c : A;  c ~: B |] ==> c : A - B";
by (Asm_simp_tac 1) ;
qed "DiffI";

Goal "c : A - B ==> c : A";
by (Asm_full_simp_tac 1) ;
qed "DiffD1";

Goal "[| c : A - B;  c : B |] ==> P";
by (Asm_full_simp_tac 1) ;
qed "DiffD2";

val prems = Goal "[| c : A - B;  [| c:A; c~:B |] ==> P |] ==> P";
by (resolve_tac prems 1);
by (REPEAT (ares_tac (prems RL [DiffD1, DiffD2 RS notI]) 1)) ;
qed "DiffE";

AddSIs [DiffI];
AddSEs [DiffE];


section "Augmenting a set -- insert";

Goalw [insert_def] "a : insert b A = (a=b | a:A)";
by (Blast_tac 1);
qed "insert_iff";
Addsimps [insert_iff];

Goal "a : insert a B";
by (Simp_tac 1);
qed "insertI1";

Goal "!!a. a : B ==> a : insert b B";
by (Asm_simp_tac 1);
qed "insertI2";

val major::prems = Goalw [insert_def]
    "[| a : insert b A;  a=b ==> P;  a:A ==> P |] ==> P";
by (rtac (major RS UnE) 1);
by (REPEAT (eresolve_tac (prems @ [CollectE]) 1));
qed "insertE";

(*Classical introduction rule*)
val prems = Goal "(a~:B ==> a=b) ==> a: insert b B";
by (Simp_tac 1);
by (REPEAT (ares_tac (prems@[disjCI]) 1)) ;
qed "insertCI";

AddSIs [insertCI]; 
AddSEs [insertE];

Goal "A <= insert x B ==> A <= B & x ~: A | (? B'. A = insert x B' & B' <= B)";
by (case_tac "x:A" 1);
by  (Fast_tac 2);
by (rtac disjI2 1);
by (res_inst_tac [("x","A-{x}")] exI 1);
by (Fast_tac 1);
qed "subset_insertD";

section "Singletons, using insert";

Goal "a : {a}";
by (rtac insertI1 1) ;
qed "singletonI";

Goal "b : {a} ==> b=a";
by (Blast_tac 1);
qed "singletonD";

bind_thm ("singletonE", make_elim singletonD);

Goal "(b : {a}) = (b=a)";
by (Blast_tac 1);
qed "singleton_iff";

Goal "{a}={b} ==> a=b";
by (blast_tac (claset() addEs [equalityE]) 1);
qed "singleton_inject";

(*Redundant? But unlike insertCI, it proves the subgoal immediately!*)
AddSIs [singletonI];   
AddSDs [singleton_inject];
AddSEs [singletonE];

Goal "{b} = insert a A = (a = b & A <= {b})";
by (safe_tac (claset() addSEs [equalityE]));
by   (ALLGOALS Blast_tac);
qed "singleton_insert_inj_eq";

Goal "(insert a A = {b} ) = (a = b & A <= {b})";
by (rtac (singleton_insert_inj_eq RS (eq_sym_conv RS trans)) 1);
qed "singleton_insert_inj_eq'";

Goal "A <= {x} ==> A={} | A = {x}";
by (Fast_tac 1);
qed "subset_singletonD";

Goal "{x. x=a} = {a}";
by (Blast_tac 1);
qed "singleton_conv";
Addsimps [singleton_conv];

Goal "{x. a=x} = {a}";
by (Blast_tac 1);
qed "singleton_conv2";
Addsimps [singleton_conv2];


section "Unions of families -- UNION x:A. B(x) is Union(B``A)";

Goalw [UNION_def] "(b: (UN x:A. B(x))) = (EX x:A. b: B(x))";
by (Blast_tac 1);
qed "UN_iff";

Addsimps [UN_iff];

(*The order of the premises presupposes that A is rigid; b may be flexible*)
Goal "[| a:A;  b: B(a) |] ==> b: (UN x:A. B(x))";
by Auto_tac;
qed "UN_I";

val major::prems = Goalw [UNION_def]
    "[| b : (UN x:A. B(x));  !!x.[| x:A;  b: B(x) |] ==> R |] ==> R";
by (rtac (major RS CollectD RS bexE) 1);
by (REPEAT (ares_tac prems 1));
qed "UN_E";

AddIs  [UN_I];
AddSEs [UN_E];

val prems = Goalw [UNION_def]
    "[| A=B;  !!x. x:B ==> C(x) = D(x) |] ==> \
\    (UN x:A. C(x)) = (UN x:B. D(x))";
by (asm_simp_tac (simpset() addsimps prems) 1);
qed "UN_cong";


section "Intersections of families -- INTER x:A. B(x) is Inter(B``A)";

Goalw [INTER_def] "(b: (INT x:A. B(x))) = (ALL x:A. b: B(x))";
by Auto_tac;
qed "INT_iff";

Addsimps [INT_iff];

val prems = Goalw [INTER_def]
    "(!!x. x:A ==> b: B(x)) ==> b : (INT x:A. B(x))";
by (REPEAT (ares_tac ([CollectI,ballI] @ prems) 1));
qed "INT_I";

Goal "[| b : (INT x:A. B(x));  a:A |] ==> b: B(a)";
by Auto_tac;
qed "INT_D";

(*"Classical" elimination -- by the Excluded Middle on a:A *)
val major::prems = Goalw [INTER_def]
    "[| b : (INT x:A. B(x));  b: B(a) ==> R;  a~:A ==> R |] ==> R";
by (rtac (major RS CollectD RS ballE) 1);
by (REPEAT (eresolve_tac prems 1));
qed "INT_E";

AddSIs [INT_I];
AddEs  [INT_D, INT_E];

val prems = Goalw [INTER_def]
    "[| A=B;  !!x. x:B ==> C(x) = D(x) |] ==> \
\    (INT x:A. C(x)) = (INT x:B. D(x))";
by (asm_simp_tac (simpset() addsimps prems) 1);
qed "INT_cong";


section "Union";

Goalw [Union_def] "(A : Union(C)) = (EX X:C. A:X)";
by (Blast_tac 1);
qed "Union_iff";

Addsimps [Union_iff];

(*The order of the premises presupposes that C is rigid; A may be flexible*)
Goal "[| X:C;  A:X |] ==> A : Union(C)";
by Auto_tac;
qed "UnionI";

val major::prems = Goalw [Union_def]
    "[| A : Union(C);  !!X.[| A:X;  X:C |] ==> R |] ==> R";
by (rtac (major RS UN_E) 1);
by (REPEAT (ares_tac prems 1));
qed "UnionE";

AddIs  [UnionI];
AddSEs [UnionE];


section "Inter";

Goalw [Inter_def] "(A : Inter(C)) = (ALL X:C. A:X)";
by (Blast_tac 1);
qed "Inter_iff";

Addsimps [Inter_iff];

val prems = Goalw [Inter_def]
    "[| !!X. X:C ==> A:X |] ==> A : Inter(C)";
by (REPEAT (ares_tac ([INT_I] @ prems) 1));
qed "InterI";

(*A "destruct" rule -- every X in C contains A as an element, but
  A:X can hold when X:C does not!  This rule is analogous to "spec". *)
Goal "[| A : Inter(C);  X:C |] ==> A:X";
by Auto_tac;
qed "InterD";

(*"Classical" elimination rule -- does not require proving X:C *)
val major::prems = Goalw [Inter_def]
    "[| A : Inter(C);  X~:C ==> R;  A:X ==> R |] ==> R";
by (rtac (major RS INT_E) 1);
by (REPEAT (eresolve_tac prems 1));
qed "InterE";

AddSIs [InterI];
AddEs  [InterD, InterE];


(*** Image of a set under a function ***)

(*Frequently b does not have the syntactic form of f(x).*)
Goalw [image_def] "[| b=f(x);  x:A |] ==> b : f``A";
by (Blast_tac 1);
qed "image_eqI";
Addsimps [image_eqI];

bind_thm ("imageI", refl RS image_eqI);

(*This version's more effective when we already have the required x*)
Goalw [image_def] "[| x:A;  b=f(x) |] ==> b : f``A";
by (Blast_tac 1);
qed "rev_image_eqI";

(*The eta-expansion gives variable-name preservation.*)
val major::prems = Goalw [image_def]
    "[| b : (%x. f(x))``A;  !!x.[| b=f(x);  x:A |] ==> P |] ==> P"; 
by (rtac (major RS CollectD RS bexE) 1);
by (REPEAT (ares_tac prems 1));
qed "imageE";

AddIs  [image_eqI];
AddSEs [imageE]; 

Goal "f``(A Un B) = f``A Un f``B";
by (Blast_tac 1);
qed "image_Un";

Goal "(z : f``A) = (EX x:A. z = f x)";
by (Blast_tac 1);
qed "image_iff";

(*This rewrite rule would confuse users if made default.*)
Goal "(f``A <= B) = (ALL x:A. f(x): B)";
by (Blast_tac 1);
qed "image_subset_iff";

(*Replaces the three steps subsetI, imageE, hyp_subst_tac, but breaks too
  many existing proofs.*)
val prems = Goal "(!!x. x:A ==> f(x) : B) ==> f``A <= B";
by (blast_tac (claset() addIs prems) 1);
qed "image_subsetI";


(*** Range of a function -- just a translation for image! ***)

Goal "b=f(x) ==> b : range(f)";
by (EVERY1 [etac image_eqI, rtac UNIV_I]);
bind_thm ("range_eqI", UNIV_I RSN (2,image_eqI));

bind_thm ("rangeI", UNIV_I RS imageI);

val [major,minor] = Goal 
    "[| b : range(%x. f(x));  !!x. b=f(x) ==> P |] ==> P"; 
by (rtac (major RS imageE) 1);
by (etac minor 1);
qed "rangeE";


(*** Set reasoning tools ***)


(** Rewrite rules for boolean case-splitting: faster than 
	addsplits[split_if]
**)

bind_thm ("split_if_eq1", read_instantiate [("P", "%x. x = ?b")] split_if);
bind_thm ("split_if_eq2", read_instantiate [("P", "%x. ?a = x")] split_if);

(*Split ifs on either side of the membership relation.
	Not for Addsimps -- can cause goals to blow up!*)
bind_thm ("split_if_mem1", 
    read_instantiate_sg (Theory.sign_of Set.thy) [("P", "%x. x : ?b")] split_if);
bind_thm ("split_if_mem2", 
    read_instantiate_sg (Theory.sign_of Set.thy) [("P", "%x. ?a : x")] split_if);

val split_ifs = [if_bool_eq_conj, split_if_eq1, split_if_eq2,
		  split_if_mem1, split_if_mem2];


(*Each of these has ALREADY been added to simpset() above.*)
val mem_simps = [insert_iff, empty_iff, Un_iff, Int_iff, Compl_iff, Diff_iff, 
                 mem_Collect_eq, UN_iff, Union_iff, INT_iff, Inter_iff];

val mksimps_pairs = ("Ball",[bspec]) :: mksimps_pairs;

simpset_ref() := simpset() setmksimps (mksimps mksimps_pairs);

Addsimps[subset_UNIV, subset_refl];


(*** The 'proper subset' relation (<) ***)

Goalw [psubset_def] "!!A::'a set. [| A <= B; A ~= B |] ==> A<B";
by (Blast_tac 1);
qed "psubsetI";
AddXIs [psubsetI];

Goalw [psubset_def] "A < insert x B ==> (x ~: A) & A<=B | x:A & A-{x}<B";
by Auto_tac;
qed "psubset_insertD";

bind_thm ("psubset_eq", psubset_def RS meta_eq_to_obj_eq);

bind_thm ("psubset_imp_subset", psubset_eq RS iffD1 RS conjunct1);

Goal"[| (A::'a set) < B; B <= C |] ==> A < C";
by (auto_tac (claset(), simpset() addsimps [psubset_eq]));
qed "psubset_subset_trans";

Goal"[| (A::'a set) <= B; B < C|] ==> A < C";
by (auto_tac (claset(), simpset() addsimps [psubset_eq]));
qed "subset_psubset_trans";

Goalw [psubset_def] "A < B ==> EX b. b : (B - A)";
by (Blast_tac 1);
qed "psubset_imp_ex_mem";


(* attributes *)

local

fun gen_rulify_prems x =
  Attrib.no_args (Drule.rule_attribute (fn _ => (standard o
    rule_by_tactic (REPEAT (ALLGOALS (resolve_tac [allI, ballI, impI])))))) x;

in

val rulify_prems_attrib_setup =
 [Attrib.add_attributes
  [("rulify_prems", (gen_rulify_prems, gen_rulify_prems), "put theorem into standard rule form")]];

end;