520 \<forall>p[M]. p \<in> r \<longleftrightarrow> (\<exists>x[M]. x\<in>A & (\<exists>y[M]. y\<in>A & x\<in>y & pair(M,x,y,p)))" |
522 \<forall>p[M]. p \<in> r \<longleftrightarrow> (\<exists>x[M]. x\<in>A & (\<exists>y[M]. y\<in>A & x\<in>y & pair(M,x,y,p)))" |
521 |
523 |
522 |
524 |
523 subsection\<open>Introducing a Transitive Class Model\<close> |
525 subsection\<open>Introducing a Transitive Class Model\<close> |
524 |
526 |
|
527 text\<open>The class M is assumed to be transitive and inhabited\<close> |
|
528 locale M_trans = |
|
529 fixes M |
|
530 assumes transM: "[| y\<in>x; M(x) |] ==> M(y)" |
|
531 and M_inhabited: "\<exists>x . M(x)" |
|
532 |
|
533 lemma (in M_trans) nonempty [simp]: "M(0)" |
|
534 proof - |
|
535 have "M(x) \<longrightarrow> M(0)" for x |
|
536 proof (rule_tac P="\<lambda>w. M(w) \<longrightarrow> M(0)" in eps_induct) |
|
537 { |
|
538 fix x |
|
539 assume "\<forall>y\<in>x. M(y) \<longrightarrow> M(0)" "M(x)" |
|
540 consider (a) "\<exists>y. y\<in>x" | (b) "x=0" by auto |
|
541 then |
|
542 have "M(x) \<longrightarrow> M(0)" |
|
543 proof cases |
|
544 case a |
|
545 then show ?thesis using \<open>\<forall>y\<in>x._\<close> \<open>M(x)\<close> transM by auto |
|
546 next |
|
547 case b |
|
548 then show ?thesis by simp |
|
549 qed |
|
550 } |
|
551 then show "M(x) \<longrightarrow> M(0)" if "\<forall>y\<in>x. M(y) \<longrightarrow> M(0)" for x |
|
552 using that by auto |
|
553 qed |
|
554 with M_inhabited |
|
555 show "M(0)" using M_inhabited by blast |
|
556 qed |
|
557 |
525 text\<open>The class M is assumed to be transitive and to satisfy some |
558 text\<open>The class M is assumed to be transitive and to satisfy some |
526 relativized ZF axioms\<close> |
559 relativized ZF axioms\<close> |
527 locale M_trivial = |
560 locale M_trivial = M_trans + |
528 fixes M |
561 assumes upair_ax: "upair_ax(M)" |
529 assumes transM: "[| y\<in>x; M(x) |] ==> M(y)" |
|
530 and upair_ax: "upair_ax(M)" |
|
531 and Union_ax: "Union_ax(M)" |
562 and Union_ax: "Union_ax(M)" |
532 and power_ax: "power_ax(M)" |
563 |
533 and replacement: "replacement(M,P)" |
564 lemma (in M_trans) rall_abs [simp]: |
534 and M_nat [iff]: "M(nat)" (*i.e. the axiom of infinity*) |
|
535 |
|
536 |
|
537 text\<open>Automatically discovers the proof using \<open>transM\<close>, \<open>nat_0I\<close> |
|
538 and \<open>M_nat\<close>.\<close> |
|
539 lemma (in M_trivial) nonempty [simp]: "M(0)" |
|
540 by (blast intro: transM) |
|
541 |
|
542 lemma (in M_trivial) rall_abs [simp]: |
|
543 "M(A) ==> (\<forall>x[M]. x\<in>A \<longrightarrow> P(x)) \<longleftrightarrow> (\<forall>x\<in>A. P(x))" |
565 "M(A) ==> (\<forall>x[M]. x\<in>A \<longrightarrow> P(x)) \<longleftrightarrow> (\<forall>x\<in>A. P(x))" |
544 by (blast intro: transM) |
566 by (blast intro: transM) |
545 |
567 |
546 lemma (in M_trivial) rex_abs [simp]: |
568 lemma (in M_trans) rex_abs [simp]: |
547 "M(A) ==> (\<exists>x[M]. x\<in>A & P(x)) \<longleftrightarrow> (\<exists>x\<in>A. P(x))" |
569 "M(A) ==> (\<exists>x[M]. x\<in>A & P(x)) \<longleftrightarrow> (\<exists>x\<in>A. P(x))" |
548 by (blast intro: transM) |
570 by (blast intro: transM) |
549 |
571 |
550 lemma (in M_trivial) ball_iff_equiv: |
572 lemma (in M_trans) ball_iff_equiv: |
551 "M(A) ==> (\<forall>x[M]. (x\<in>A \<longleftrightarrow> P(x))) \<longleftrightarrow> |
573 "M(A) ==> (\<forall>x[M]. (x\<in>A \<longleftrightarrow> P(x))) \<longleftrightarrow> |
552 (\<forall>x\<in>A. P(x)) & (\<forall>x. P(x) \<longrightarrow> M(x) \<longrightarrow> x\<in>A)" |
574 (\<forall>x\<in>A. P(x)) & (\<forall>x. P(x) \<longrightarrow> M(x) \<longrightarrow> x\<in>A)" |
553 by (blast intro: transM) |
575 by (blast intro: transM) |
554 |
576 |
555 text\<open>Simplifies proofs of equalities when there's an iff-equality |
577 text\<open>Simplifies proofs of equalities when there's an iff-equality |
556 available for rewriting, universally quantified over M. |
578 available for rewriting, universally quantified over M. |
557 But it's not the only way to prove such equalities: its |
579 But it's not the only way to prove such equalities: its |
558 premises \<^term>\<open>M(A)\<close> and \<^term>\<open>M(B)\<close> can be too strong.\<close> |
580 premises \<^term>\<open>M(A)\<close> and \<^term>\<open>M(B)\<close> can be too strong.\<close> |
559 lemma (in M_trivial) M_equalityI: |
581 lemma (in M_trans) M_equalityI: |
560 "[| !!x. M(x) ==> x\<in>A \<longleftrightarrow> x\<in>B; M(A); M(B) |] ==> A=B" |
582 "[| !!x. M(x) ==> x\<in>A \<longleftrightarrow> x\<in>B; M(A); M(B) |] ==> A=B" |
561 by (blast intro!: equalityI dest: transM) |
583 by (blast dest: transM) |
562 |
584 |
563 |
585 |
564 subsubsection\<open>Trivial Absoluteness Proofs: Empty Set, Pairs, etc.\<close> |
586 subsubsection\<open>Trivial Absoluteness Proofs: Empty Set, Pairs, etc.\<close> |
565 |
587 |
566 lemma (in M_trivial) empty_abs [simp]: |
588 lemma (in M_trans) empty_abs [simp]: |
567 "M(z) ==> empty(M,z) \<longleftrightarrow> z=0" |
589 "M(z) ==> empty(M,z) \<longleftrightarrow> z=0" |
568 apply (simp add: empty_def) |
590 apply (simp add: empty_def) |
569 apply (blast intro: transM) |
591 apply (blast intro: transM) |
570 done |
592 done |
571 |
593 |
572 lemma (in M_trivial) subset_abs [simp]: |
594 lemma (in M_trans) subset_abs [simp]: |
573 "M(A) ==> subset(M,A,B) \<longleftrightarrow> A \<subseteq> B" |
595 "M(A) ==> subset(M,A,B) \<longleftrightarrow> A \<subseteq> B" |
574 apply (simp add: subset_def) |
596 apply (simp add: subset_def) |
575 apply (blast intro: transM) |
597 apply (blast intro: transM) |
576 done |
598 done |
577 |
599 |
578 lemma (in M_trivial) upair_abs [simp]: |
600 lemma (in M_trans) upair_abs [simp]: |
579 "M(z) ==> upair(M,a,b,z) \<longleftrightarrow> z={a,b}" |
601 "M(z) ==> upair(M,a,b,z) \<longleftrightarrow> z={a,b}" |
580 apply (simp add: upair_def) |
602 apply (simp add: upair_def) |
581 apply (blast intro: transM) |
603 apply (blast intro: transM) |
582 done |
604 done |
583 |
605 |
584 lemma (in M_trivial) upair_in_M_iff [iff]: |
606 lemma (in M_trivial) upair_in_MI [intro!]: |
585 "M({a,b}) \<longleftrightarrow> M(a) & M(b)" |
607 " M(a) & M(b) \<Longrightarrow> M({a,b})" |
586 apply (insert upair_ax, simp add: upair_ax_def) |
608 by (insert upair_ax, simp add: upair_ax_def) |
587 apply (blast intro: transM) |
609 |
588 done |
610 lemma (in M_trans) upair_in_MD [dest!]: |
589 |
611 "M({a,b}) \<Longrightarrow> M(a) & M(b)" |
590 lemma (in M_trivial) singleton_in_M_iff [iff]: |
612 by (blast intro: transM) |
|
613 |
|
614 lemma (in M_trivial) upair_in_M_iff [simp]: |
|
615 "M({a,b}) \<longleftrightarrow> M(a) & M(b)" |
|
616 by blast |
|
617 |
|
618 lemma (in M_trivial) singleton_in_MI [intro!]: |
|
619 "M(a) \<Longrightarrow> M({a})" |
|
620 by (insert upair_in_M_iff [of a a], simp) |
|
621 |
|
622 lemma (in M_trans) singleton_in_MD [dest!]: |
|
623 "M({a}) \<Longrightarrow> M(a)" |
|
624 by (insert upair_in_MD [of a a], simp) |
|
625 |
|
626 lemma (in M_trivial) singleton_in_M_iff [simp]: |
591 "M({a}) \<longleftrightarrow> M(a)" |
627 "M({a}) \<longleftrightarrow> M(a)" |
592 by (insert upair_in_M_iff [of a a], simp) |
628 by blast |
593 |
629 |
594 lemma (in M_trivial) pair_abs [simp]: |
630 lemma (in M_trans) pair_abs [simp]: |
595 "M(z) ==> pair(M,a,b,z) \<longleftrightarrow> z=<a,b>" |
631 "M(z) ==> pair(M,a,b,z) \<longleftrightarrow> z=<a,b>" |
596 apply (simp add: pair_def Pair_def) |
632 apply (simp add: pair_def Pair_def) |
597 apply (blast intro: transM) |
633 apply (blast intro: transM) |
598 done |
634 done |
599 |
635 |
600 lemma (in M_trivial) pair_in_M_iff [iff]: |
636 lemma (in M_trans) pair_in_MD [dest!]: |
|
637 "M(<a,b>) \<Longrightarrow> M(a) & M(b)" |
|
638 by (simp add: Pair_def, blast intro: transM) |
|
639 |
|
640 lemma (in M_trivial) pair_in_MI [intro!]: |
|
641 "M(a) & M(b) \<Longrightarrow> M(<a,b>)" |
|
642 by (simp add: Pair_def) |
|
643 |
|
644 lemma (in M_trivial) pair_in_M_iff [simp]: |
601 "M(<a,b>) \<longleftrightarrow> M(a) & M(b)" |
645 "M(<a,b>) \<longleftrightarrow> M(a) & M(b)" |
602 by (simp add: Pair_def) |
646 by blast |
603 |
647 |
604 lemma (in M_trivial) pair_components_in_M: |
648 lemma (in M_trans) pair_components_in_M: |
605 "[| <x,y> \<in> A; M(A) |] ==> M(x) & M(y)" |
649 "[| <x,y> \<in> A; M(A) |] ==> M(x) & M(y)" |
606 apply (simp add: Pair_def) |
650 by (blast dest: transM) |
607 apply (blast dest: transM) |
|
608 done |
|
609 |
651 |
610 lemma (in M_trivial) cartprod_abs [simp]: |
652 lemma (in M_trivial) cartprod_abs [simp]: |
611 "[| M(A); M(B); M(z) |] ==> cartprod(M,A,B,z) \<longleftrightarrow> z = A*B" |
653 "[| M(A); M(B); M(z) |] ==> cartprod(M,A,B,z) \<longleftrightarrow> z = A*B" |
612 apply (simp add: cartprod_def) |
654 apply (simp add: cartprod_def) |
613 apply (rule iffI) |
655 apply (rule iffI) |
615 apply (blast dest: transM) |
657 apply (blast dest: transM) |
616 done |
658 done |
617 |
659 |
618 subsubsection\<open>Absoluteness for Unions and Intersections\<close> |
660 subsubsection\<open>Absoluteness for Unions and Intersections\<close> |
619 |
661 |
620 lemma (in M_trivial) union_abs [simp]: |
662 lemma (in M_trans) union_abs [simp]: |
621 "[| M(a); M(b); M(z) |] ==> union(M,a,b,z) \<longleftrightarrow> z = a \<union> b" |
663 "[| M(a); M(b); M(z) |] ==> union(M,a,b,z) \<longleftrightarrow> z = a \<union> b" |
622 apply (simp add: union_def) |
664 unfolding union_def |
623 apply (blast intro: transM) |
665 by (blast intro: transM ) |
624 done |
666 |
625 |
667 lemma (in M_trans) inter_abs [simp]: |
626 lemma (in M_trivial) inter_abs [simp]: |
|
627 "[| M(a); M(b); M(z) |] ==> inter(M,a,b,z) \<longleftrightarrow> z = a \<inter> b" |
668 "[| M(a); M(b); M(z) |] ==> inter(M,a,b,z) \<longleftrightarrow> z = a \<inter> b" |
628 apply (simp add: inter_def) |
669 unfolding inter_def |
629 apply (blast intro: transM) |
670 by (blast intro: transM) |
630 done |
671 |
631 |
672 lemma (in M_trans) setdiff_abs [simp]: |
632 lemma (in M_trivial) setdiff_abs [simp]: |
|
633 "[| M(a); M(b); M(z) |] ==> setdiff(M,a,b,z) \<longleftrightarrow> z = a-b" |
673 "[| M(a); M(b); M(z) |] ==> setdiff(M,a,b,z) \<longleftrightarrow> z = a-b" |
634 apply (simp add: setdiff_def) |
674 unfolding setdiff_def |
635 apply (blast intro: transM) |
675 by (blast intro: transM) |
636 done |
676 |
637 |
677 lemma (in M_trans) Union_abs [simp]: |
638 lemma (in M_trivial) Union_abs [simp]: |
|
639 "[| M(A); M(z) |] ==> big_union(M,A,z) \<longleftrightarrow> z = \<Union>(A)" |
678 "[| M(A); M(z) |] ==> big_union(M,A,z) \<longleftrightarrow> z = \<Union>(A)" |
640 apply (simp add: big_union_def) |
679 unfolding big_union_def |
641 apply (blast intro!: equalityI dest: transM) |
680 by (blast dest: transM) |
642 done |
|
643 |
681 |
644 lemma (in M_trivial) Union_closed [intro,simp]: |
682 lemma (in M_trivial) Union_closed [intro,simp]: |
645 "M(A) ==> M(\<Union>(A))" |
683 "M(A) ==> M(\<Union>(A))" |
646 by (insert Union_ax, simp add: Union_ax_def) |
684 by (insert Union_ax, simp add: Union_ax_def) |
647 |
685 |
659 |
697 |
660 lemma (in M_trivial) successor_abs [simp]: |
698 lemma (in M_trivial) successor_abs [simp]: |
661 "[| M(a); M(z) |] ==> successor(M,a,z) \<longleftrightarrow> z = succ(a)" |
699 "[| M(a); M(z) |] ==> successor(M,a,z) \<longleftrightarrow> z = succ(a)" |
662 by (simp add: successor_def, blast) |
700 by (simp add: successor_def, blast) |
663 |
701 |
664 lemma (in M_trivial) succ_in_M_iff [iff]: |
702 lemma (in M_trans) succ_in_MD [dest!]: |
|
703 "M(succ(a)) \<Longrightarrow> M(a)" |
|
704 unfolding succ_def |
|
705 by (blast intro: transM) |
|
706 |
|
707 lemma (in M_trivial) succ_in_MI [intro!]: |
|
708 "M(a) \<Longrightarrow> M(succ(a))" |
|
709 unfolding succ_def |
|
710 by (blast intro: transM) |
|
711 |
|
712 lemma (in M_trivial) succ_in_M_iff [simp]: |
665 "M(succ(a)) \<longleftrightarrow> M(a)" |
713 "M(succ(a)) \<longleftrightarrow> M(a)" |
666 apply (simp add: succ_def) |
714 by blast |
667 apply (blast intro: transM) |
|
668 done |
|
669 |
715 |
670 subsubsection\<open>Absoluteness for Separation and Replacement\<close> |
716 subsubsection\<open>Absoluteness for Separation and Replacement\<close> |
671 |
717 |
672 lemma (in M_trivial) separation_closed [intro,simp]: |
718 lemma (in M_trans) separation_closed [intro,simp]: |
673 "[| separation(M,P); M(A) |] ==> M(Collect(A,P))" |
719 "[| separation(M,P); M(A) |] ==> M(Collect(A,P))" |
674 apply (insert separation, simp add: separation_def) |
720 apply (insert separation, simp add: separation_def) |
675 apply (drule rspec, assumption, clarify) |
721 apply (drule rspec, assumption, clarify) |
676 apply (subgoal_tac "y = Collect(A,P)", blast) |
722 apply (subgoal_tac "y = Collect(A,P)", blast) |
677 apply (blast dest: transM) |
723 apply (blast dest: transM) |
679 |
725 |
680 lemma separation_iff: |
726 lemma separation_iff: |
681 "separation(M,P) \<longleftrightarrow> (\<forall>z[M]. \<exists>y[M]. is_Collect(M,z,P,y))" |
727 "separation(M,P) \<longleftrightarrow> (\<forall>z[M]. \<exists>y[M]. is_Collect(M,z,P,y))" |
682 by (simp add: separation_def is_Collect_def) |
728 by (simp add: separation_def is_Collect_def) |
683 |
729 |
684 lemma (in M_trivial) Collect_abs [simp]: |
730 lemma (in M_trans) Collect_abs [simp]: |
685 "[| M(A); M(z) |] ==> is_Collect(M,A,P,z) \<longleftrightarrow> z = Collect(A,P)" |
731 "[| M(A); M(z) |] ==> is_Collect(M,A,P,z) \<longleftrightarrow> z = Collect(A,P)" |
686 apply (simp add: is_Collect_def) |
732 unfolding is_Collect_def |
687 apply (blast intro!: equalityI dest: transM) |
733 by (blast dest: transM) |
688 done |
|
689 |
|
690 text\<open>Probably the premise and conclusion are equivalent\<close> |
|
691 lemma (in M_trivial) strong_replacementI [rule_format]: |
|
692 "[| \<forall>B[M]. separation(M, %u. \<exists>x[M]. x\<in>B & P(x,u)) |] |
|
693 ==> strong_replacement(M,P)" |
|
694 apply (simp add: strong_replacement_def, clarify) |
|
695 apply (frule replacementD [OF replacement], assumption, clarify) |
|
696 apply (drule_tac x=A in rspec, clarify) |
|
697 apply (drule_tac z=Y in separationD, assumption, clarify) |
|
698 apply (rule_tac x=y in rexI, force, assumption) |
|
699 done |
|
700 |
734 |
701 subsubsection\<open>The Operator \<^term>\<open>is_Replace\<close>\<close> |
735 subsubsection\<open>The Operator \<^term>\<open>is_Replace\<close>\<close> |
702 |
736 |
703 |
737 |
704 lemma is_Replace_cong [cong]: |
738 lemma is_Replace_cong [cong]: |
707 z=z' |] |
741 z=z' |] |
708 ==> is_Replace(M, A, %x y. P(x,y), z) \<longleftrightarrow> |
742 ==> is_Replace(M, A, %x y. P(x,y), z) \<longleftrightarrow> |
709 is_Replace(M, A', %x y. P'(x,y), z')" |
743 is_Replace(M, A', %x y. P'(x,y), z')" |
710 by (simp add: is_Replace_def) |
744 by (simp add: is_Replace_def) |
711 |
745 |
712 lemma (in M_trivial) univalent_Replace_iff: |
746 lemma (in M_trans) univalent_Replace_iff: |
713 "[| M(A); univalent(M,A,P); |
747 "[| M(A); univalent(M,A,P); |
714 !!x y. [| x\<in>A; P(x,y) |] ==> M(y) |] |
748 !!x y. [| x\<in>A; P(x,y) |] ==> M(y) |] |
715 ==> u \<in> Replace(A,P) \<longleftrightarrow> (\<exists>x. x\<in>A & P(x,u))" |
749 ==> u \<in> Replace(A,P) \<longleftrightarrow> (\<exists>x. x\<in>A & P(x,u))" |
716 apply (simp add: Replace_iff univalent_def) |
750 unfolding Replace_iff univalent_def |
717 apply (blast dest: transM) |
751 by (blast dest: transM) |
718 done |
|
719 |
752 |
720 (*The last premise expresses that P takes M to M*) |
753 (*The last premise expresses that P takes M to M*) |
721 lemma (in M_trivial) strong_replacement_closed [intro,simp]: |
754 lemma (in M_trans) strong_replacement_closed [intro,simp]: |
722 "[| strong_replacement(M,P); M(A); univalent(M,A,P); |
755 "[| strong_replacement(M,P); M(A); univalent(M,A,P); |
723 !!x y. [| x\<in>A; P(x,y) |] ==> M(y) |] ==> M(Replace(A,P))" |
756 !!x y. [| x\<in>A; P(x,y) |] ==> M(y) |] ==> M(Replace(A,P))" |
724 apply (simp add: strong_replacement_def) |
757 apply (simp add: strong_replacement_def) |
725 apply (drule_tac x=A in rspec, safe) |
758 apply (drule_tac x=A in rspec, safe) |
726 apply (subgoal_tac "Replace(A,P) = Y") |
759 apply (subgoal_tac "Replace(A,P) = Y") |
747 Let K be a nonconstructible subset of nat and define |
780 Let K be a nonconstructible subset of nat and define |
748 f(x) = x if x \<in> K and f(x)=0 otherwise. Then RepFun(nat,f) = cons(0,K), a |
781 f(x) = x if x \<in> K and f(x)=0 otherwise. Then RepFun(nat,f) = cons(0,K), a |
749 nonconstructible set. So we cannot assume that M(X) implies M(RepFun(X,f)) |
782 nonconstructible set. So we cannot assume that M(X) implies M(RepFun(X,f)) |
750 even for f \<in> M -> M. |
783 even for f \<in> M -> M. |
751 *) |
784 *) |
752 lemma (in M_trivial) RepFun_closed: |
785 lemma (in M_trans) RepFun_closed: |
753 "[| strong_replacement(M, \<lambda>x y. y = f(x)); M(A); \<forall>x\<in>A. M(f(x)) |] |
786 "[| strong_replacement(M, \<lambda>x y. y = f(x)); M(A); \<forall>x\<in>A. M(f(x)) |] |
754 ==> M(RepFun(A,f))" |
787 ==> M(RepFun(A,f))" |
755 apply (simp add: RepFun_def) |
788 apply (simp add: RepFun_def) |
756 done |
789 done |
757 |
790 |
758 lemma Replace_conj_eq: "{y . x \<in> A, x\<in>A & y=f(x)} = {y . x\<in>A, y=f(x)}" |
791 lemma Replace_conj_eq: "{y . x \<in> A, x\<in>A & y=f(x)} = {y . x\<in>A, y=f(x)}" |
759 by simp |
792 by simp |
760 |
793 |
761 text\<open>Better than \<open>RepFun_closed\<close> when having the formula \<^term>\<open>x\<in>A\<close> |
794 text\<open>Better than \<open>RepFun_closed\<close> when having the formula \<^term>\<open>x\<in>A\<close> |
762 makes relativization easier.\<close> |
795 makes relativization easier.\<close> |
763 lemma (in M_trivial) RepFun_closed2: |
796 lemma (in M_trans) RepFun_closed2: |
764 "[| strong_replacement(M, \<lambda>x y. x\<in>A & y = f(x)); M(A); \<forall>x\<in>A. M(f(x)) |] |
797 "[| strong_replacement(M, \<lambda>x y. x\<in>A & y = f(x)); M(A); \<forall>x\<in>A. M(f(x)) |] |
765 ==> M(RepFun(A, %x. f(x)))" |
798 ==> M(RepFun(A, %x. f(x)))" |
766 apply (simp add: RepFun_def) |
799 apply (simp add: RepFun_def) |
767 apply (frule strong_replacement_closed, assumption) |
800 apply (frule strong_replacement_closed, assumption) |
768 apply (auto dest: transM simp add: Replace_conj_eq univalent_def) |
801 apply (auto dest: transM simp add: Replace_conj_eq univalent_def) |
807 !!x y. [| x\<in>A; M(x); M(y) |] ==> is_b(x,y) \<longleftrightarrow> is_b'(x,y) |] |
840 !!x y. [| x\<in>A; M(x); M(y) |] ==> is_b(x,y) \<longleftrightarrow> is_b'(x,y) |] |
808 ==> is_lambda(M, A, %x y. is_b(x,y), z) \<longleftrightarrow> |
841 ==> is_lambda(M, A, %x y. is_b(x,y), z) \<longleftrightarrow> |
809 is_lambda(M, A', %x y. is_b'(x,y), z')" |
842 is_lambda(M, A', %x y. is_b'(x,y), z')" |
810 by (simp add: is_lambda_def) |
843 by (simp add: is_lambda_def) |
811 |
844 |
812 lemma (in M_trivial) image_abs [simp]: |
845 lemma (in M_trans) image_abs [simp]: |
813 "[| M(r); M(A); M(z) |] ==> image(M,r,A,z) \<longleftrightarrow> z = r``A" |
846 "[| M(r); M(A); M(z) |] ==> image(M,r,A,z) \<longleftrightarrow> z = r``A" |
814 apply (simp add: image_def) |
847 apply (simp add: image_def) |
815 apply (rule iffI) |
848 apply (rule iffI) |
816 apply (blast intro!: equalityI dest: transM, blast) |
849 apply (blast intro!: equalityI dest: transM, blast) |
817 done |
850 done |
818 |
851 |
|
852 subsubsection\<open>Relativization of Powerset\<close> |
|
853 |
819 text\<open>What about \<open>Pow_abs\<close>? Powerset is NOT absolute! |
854 text\<open>What about \<open>Pow_abs\<close>? Powerset is NOT absolute! |
820 This result is one direction of absoluteness.\<close> |
855 This result is one direction of absoluteness.\<close> |
821 |
856 |
822 lemma (in M_trivial) powerset_Pow: |
857 lemma (in M_trans) powerset_Pow: |
823 "powerset(M, x, Pow(x))" |
858 "powerset(M, x, Pow(x))" |
824 by (simp add: powerset_def) |
859 by (simp add: powerset_def) |
825 |
860 |
826 text\<open>But we can't prove that the powerset in \<open>M\<close> includes the |
861 text\<open>But we can't prove that the powerset in \<open>M\<close> includes the |
827 real powerset.\<close> |
862 real powerset.\<close> |
828 lemma (in M_trivial) powerset_imp_subset_Pow: |
863 |
|
864 lemma (in M_trans) powerset_imp_subset_Pow: |
829 "[| powerset(M,x,y); M(y) |] ==> y \<subseteq> Pow(x)" |
865 "[| powerset(M,x,y); M(y) |] ==> y \<subseteq> Pow(x)" |
830 apply (simp add: powerset_def) |
866 apply (simp add: powerset_def) |
831 apply (blast dest: transM) |
867 apply (blast dest: transM) |
832 done |
868 done |
833 |
869 |
|
870 lemma (in M_trans) powerset_abs: |
|
871 assumes |
|
872 "M(y)" |
|
873 shows |
|
874 "powerset(M,x,y) \<longleftrightarrow> y = {a\<in>Pow(x) . M(a)}" |
|
875 proof (intro iffI equalityI) |
|
876 (* First show the converse implication by double inclusion *) |
|
877 assume "powerset(M,x,y)" |
|
878 with \<open>M(y)\<close> |
|
879 show "y \<subseteq> {a\<in>Pow(x) . M(a)}" |
|
880 using powerset_imp_subset_Pow transM by blast |
|
881 from \<open>powerset(M,x,y)\<close> |
|
882 show "{a\<in>Pow(x) . M(a)} \<subseteq> y" |
|
883 using transM unfolding powerset_def by auto |
|
884 next (* we show the direct implication *) |
|
885 assume |
|
886 "y = {a \<in> Pow(x) . M(a)}" |
|
887 then |
|
888 show "powerset(M, x, y)" |
|
889 unfolding powerset_def subset_def using transM by blast |
|
890 qed |
|
891 |
834 subsubsection\<open>Absoluteness for the Natural Numbers\<close> |
892 subsubsection\<open>Absoluteness for the Natural Numbers\<close> |
835 |
893 |
836 lemma (in M_trivial) nat_into_M [intro]: |
894 lemma (in M_trivial) nat_into_M [intro]: |
837 "n \<in> nat ==> M(n)" |
895 "n \<in> nat ==> M(n)" |
838 by (induct n rule: nat_induct, simp_all) |
896 by (induct n rule: nat_induct, simp_all) |
839 |
897 |
840 lemma (in M_trivial) nat_case_closed [intro,simp]: |
898 lemma (in M_trans) nat_case_closed [intro,simp]: |
841 "[|M(k); M(a); \<forall>m[M]. M(b(m))|] ==> M(nat_case(a,b,k))" |
899 "[|M(k); M(a); \<forall>m[M]. M(b(m))|] ==> M(nat_case(a,b,k))" |
842 apply (case_tac "k=0", simp) |
900 apply (case_tac "k=0", simp) |
843 apply (case_tac "\<exists>m. k = succ(m)", force) |
901 apply (case_tac "\<exists>m. k = succ(m)", force) |
844 apply (simp add: nat_case_def) |
902 apply (simp add: nat_case_def) |
845 done |
903 done |
997 ==> separation(M, |
1055 ==> separation(M, |
998 \<lambda>x. \<exists>xa[M]. \<exists>xb[M]. |
1056 \<lambda>x. \<exists>xa[M]. \<exists>xb[M]. |
999 pair(M,x,a,xa) & xa \<in> r & pair(M,x,b,xb) & xb \<in> r & |
1057 pair(M,x,a,xa) & xa \<in> r & pair(M,x,b,xb) & xb \<in> r & |
1000 (\<exists>fx[M]. \<exists>gx[M]. fun_apply(M,f,x,fx) & fun_apply(M,g,x,gx) & |
1058 (\<exists>fx[M]. \<exists>gx[M]. fun_apply(M,f,x,fx) & fun_apply(M,g,x,gx) & |
1001 fx \<noteq> gx))" |
1059 fx \<noteq> gx))" |
1002 |
1060 and power_ax: "power_ax(M)" |
1003 lemma (in M_basic) cartprod_iff_lemma: |
1061 |
|
1062 lemma (in M_trivial) cartprod_iff_lemma: |
1004 "[| M(C); \<forall>u[M]. u \<in> C \<longleftrightarrow> (\<exists>x\<in>A. \<exists>y\<in>B. u = {{x}, {x,y}}); |
1063 "[| M(C); \<forall>u[M]. u \<in> C \<longleftrightarrow> (\<exists>x\<in>A. \<exists>y\<in>B. u = {{x}, {x,y}}); |
1005 powerset(M, A \<union> B, p1); powerset(M, p1, p2); M(p2) |] |
1064 powerset(M, A \<union> B, p1); powerset(M, p1, p2); M(p2) |] |
1006 ==> C = {u \<in> p2 . \<exists>x\<in>A. \<exists>y\<in>B. u = {{x}, {x,y}}}" |
1065 ==> C = {u \<in> p2 . \<exists>x\<in>A. \<exists>y\<in>B. u = {{x}, {x,y}}}" |
1007 apply (simp add: powerset_def) |
1066 apply (simp add: powerset_def) |
1008 apply (rule equalityI, clarify, simp) |
1067 apply (rule equalityI, clarify, simp) |
1147 apply (simp add: range_eq_image) |
1206 apply (simp add: range_eq_image) |
1148 done |
1207 done |
1149 |
1208 |
1150 lemma (in M_basic) field_abs [simp]: |
1209 lemma (in M_basic) field_abs [simp]: |
1151 "[| M(r); M(z) |] ==> is_field(M,r,z) \<longleftrightarrow> z = field(r)" |
1210 "[| M(r); M(z) |] ==> is_field(M,r,z) \<longleftrightarrow> z = field(r)" |
1152 by (simp add: domain_closed range_closed is_field_def field_def) |
1211 by (simp add: is_field_def field_def) |
1153 |
1212 |
1154 lemma (in M_basic) field_closed [intro,simp]: |
1213 lemma (in M_basic) field_closed [intro,simp]: |
1155 "M(r) ==> M(field(r))" |
1214 "M(r) ==> M(field(r))" |
1156 by (simp add: domain_closed range_closed Un_closed field_def) |
1215 by (simp add: field_def) |
1157 |
1216 |
1158 |
1217 |
1159 subsubsection\<open>Relations, functions and application\<close> |
1218 subsubsection\<open>Relations, functions and application\<close> |
1160 |
1219 |
1161 lemma (in M_basic) relation_abs [simp]: |
1220 lemma (in M_trans) relation_abs [simp]: |
1162 "M(r) ==> is_relation(M,r) \<longleftrightarrow> relation(r)" |
1221 "M(r) ==> is_relation(M,r) \<longleftrightarrow> relation(r)" |
1163 apply (simp add: is_relation_def relation_def) |
1222 apply (simp add: is_relation_def relation_def) |
1164 apply (blast dest!: bspec dest: pair_components_in_M)+ |
1223 apply (blast dest!: bspec dest: pair_components_in_M)+ |
1165 done |
1224 done |
1166 |
1225 |
1167 lemma (in M_basic) function_abs [simp]: |
1226 lemma (in M_trivial) function_abs [simp]: |
1168 "M(r) ==> is_function(M,r) \<longleftrightarrow> function(r)" |
1227 "M(r) ==> is_function(M,r) \<longleftrightarrow> function(r)" |
1169 apply (simp add: is_function_def function_def, safe) |
1228 apply (simp add: is_function_def function_def, safe) |
1170 apply (frule transM, assumption) |
1229 apply (frule transM, assumption) |
1171 apply (blast dest: pair_components_in_M)+ |
1230 apply (blast dest: pair_components_in_M)+ |
1172 done |
1231 done |
1178 lemma (in M_basic) apply_abs [simp]: |
1237 lemma (in M_basic) apply_abs [simp]: |
1179 "[| M(f); M(x); M(y) |] ==> fun_apply(M,f,x,y) \<longleftrightarrow> f`x = y" |
1238 "[| M(f); M(x); M(y) |] ==> fun_apply(M,f,x,y) \<longleftrightarrow> f`x = y" |
1180 apply (simp add: fun_apply_def apply_def, blast) |
1239 apply (simp add: fun_apply_def apply_def, blast) |
1181 done |
1240 done |
1182 |
1241 |
1183 lemma (in M_basic) typed_function_abs [simp]: |
1242 lemma (in M_trivial) typed_function_abs [simp]: |
1184 "[| M(A); M(f) |] ==> typed_function(M,A,B,f) \<longleftrightarrow> f \<in> A -> B" |
1243 "[| M(A); M(f) |] ==> typed_function(M,A,B,f) \<longleftrightarrow> f \<in> A -> B" |
1185 apply (auto simp add: typed_function_def relation_def Pi_iff) |
1244 apply (auto simp add: typed_function_def relation_def Pi_iff) |
1186 apply (blast dest: pair_components_in_M)+ |
1245 apply (blast dest: pair_components_in_M)+ |
1187 done |
1246 done |
1188 |
1247 |
1189 lemma (in M_basic) injection_abs [simp]: |
1248 lemma (in M_basic) injection_abs [simp]: |
1190 "[| M(A); M(f) |] ==> injection(M,A,B,f) \<longleftrightarrow> f \<in> inj(A,B)" |
1249 "[| M(A); M(f) |] ==> injection(M,A,B,f) \<longleftrightarrow> f \<in> inj(A,B)" |
1191 apply (simp add: injection_def apply_iff inj_def apply_closed) |
1250 apply (simp add: injection_def apply_iff inj_def) |
1192 apply (blast dest: transM [of _ A]) |
1251 apply (blast dest: transM [of _ A]) |
1193 done |
1252 done |
1194 |
1253 |
1195 lemma (in M_basic) surjection_abs [simp]: |
1254 lemma (in M_basic) surjection_abs [simp]: |
1196 "[| M(A); M(B); M(f) |] ==> surjection(M,A,B,f) \<longleftrightarrow> f \<in> surj(A,B)" |
1255 "[| M(A); M(B); M(f) |] ==> surjection(M,A,B,f) \<longleftrightarrow> f \<in> surj(A,B)" |
1240 ==> function(z)" |
1299 ==> function(z)" |
1241 apply (simp add: restriction_def ball_iff_equiv) |
1300 apply (simp add: restriction_def ball_iff_equiv) |
1242 apply (unfold function_def, blast) |
1301 apply (unfold function_def, blast) |
1243 done |
1302 done |
1244 |
1303 |
1245 lemma (in M_basic) restriction_abs [simp]: |
1304 lemma (in M_trans) restriction_abs [simp]: |
1246 "[| M(f); M(A); M(z) |] |
1305 "[| M(f); M(A); M(z) |] |
1247 ==> restriction(M,f,A,z) \<longleftrightarrow> z = restrict(f,A)" |
1306 ==> restriction(M,f,A,z) \<longleftrightarrow> z = restrict(f,A)" |
1248 apply (simp add: ball_iff_equiv restriction_def restrict_def) |
1307 apply (simp add: ball_iff_equiv restriction_def restrict_def) |
1249 apply (blast intro!: equalityI dest: transM) |
1308 apply (blast intro!: equalityI dest: transM) |
1250 done |
1309 done |
1251 |
1310 |
1252 |
1311 |
1253 lemma (in M_basic) M_restrict_iff: |
1312 lemma (in M_trans) M_restrict_iff: |
1254 "M(r) ==> restrict(r,A) = {z \<in> r . \<exists>x\<in>A. \<exists>y[M]. z = \<langle>x, y\<rangle>}" |
1313 "M(r) ==> restrict(r,A) = {z \<in> r . \<exists>x\<in>A. \<exists>y[M]. z = \<langle>x, y\<rangle>}" |
1255 by (simp add: restrict_def, blast dest: transM) |
1314 by (simp add: restrict_def, blast dest: transM) |
1256 |
1315 |
1257 lemma (in M_basic) restrict_closed [intro,simp]: |
1316 lemma (in M_basic) restrict_closed [intro,simp]: |
1258 "[| M(A); M(r) |] ==> M(restrict(r,A))" |
1317 "[| M(A); M(r) |] ==> M(restrict(r,A))" |
1259 apply (simp add: M_restrict_iff) |
1318 apply (simp add: M_restrict_iff) |
1260 apply (insert restrict_separation [of A], simp) |
1319 apply (insert restrict_separation [of A], simp) |
1261 done |
1320 done |
1262 |
1321 |
1263 lemma (in M_basic) Inter_abs [simp]: |
1322 lemma (in M_trans) Inter_abs [simp]: |
1264 "[| M(A); M(z) |] ==> big_inter(M,A,z) \<longleftrightarrow> z = \<Inter>(A)" |
1323 "[| M(A); M(z) |] ==> big_inter(M,A,z) \<longleftrightarrow> z = \<Inter>(A)" |
1265 apply (simp add: big_inter_def Inter_def) |
1324 apply (simp add: big_inter_def Inter_def) |
1266 apply (blast intro!: equalityI dest: transM) |
1325 apply (blast intro!: equalityI dest: transM) |
1267 done |
1326 done |
1268 |
1327 |
1325 "[|M(Y); \<forall>y[M]. separation(M, \<lambda>x. P(x,y)); |
1383 "[|M(Y); \<forall>y[M]. separation(M, \<lambda>x. P(x,y)); |
1326 \<forall>z[M]. strong_replacement(M, \<lambda>x y. y = {u \<in> z . P(u,x)})|] |
1384 \<forall>z[M]. strong_replacement(M, \<lambda>x y. y = {u \<in> z . P(u,x)})|] |
1327 ==> separation(M, \<lambda>x. \<forall>y[M]. y\<in>Y \<longrightarrow> P(x,y))" |
1385 ==> separation(M, \<lambda>x. \<forall>y[M]. y\<in>Y \<longrightarrow> P(x,y))" |
1328 apply (simp del: separation_closed rall_abs |
1386 apply (simp del: separation_closed rall_abs |
1329 add: separation_iff Collect_rall_eq) |
1387 add: separation_iff Collect_rall_eq) |
1330 apply (blast intro!: Inter_closed RepFun_closed dest: transM) |
1388 apply (blast intro!: RepFun_closed dest: transM) |
1331 done |
1389 done |
1332 |
1390 |
1333 |
1391 |
1334 subsubsection\<open>Functions and function space\<close> |
1392 subsubsection\<open>Functions and function space\<close> |
1335 |
1393 |
1336 text\<open>The assumption \<^term>\<open>M(A->B)\<close> is unusual, but essential: in |
1394 text\<open>The assumption \<^term>\<open>M(A->B)\<close> is unusual, but essential: in |
1337 all but trivial cases, A->B cannot be expected to belong to \<^term>\<open>M\<close>.\<close> |
1395 all but trivial cases, A->B cannot be expected to belong to \<^term>\<open>M\<close>.\<close> |
1338 lemma (in M_basic) is_funspace_abs [simp]: |
1396 lemma (in M_trivial) is_funspace_abs [simp]: |
1339 "[|M(A); M(B); M(F); M(A->B)|] ==> is_funspace(M,A,B,F) \<longleftrightarrow> F = A->B" |
1397 "[|M(A); M(B); M(F); M(A->B)|] ==> is_funspace(M,A,B,F) \<longleftrightarrow> F = A->B" |
1340 apply (simp add: is_funspace_def) |
1398 apply (simp add: is_funspace_def) |
1341 apply (rule iffI) |
1399 apply (rule iffI) |
1342 prefer 2 apply blast |
1400 prefer 2 apply blast |
1343 apply (rule M_equalityI) |
1401 apply (rule M_equalityI) |