# HG changeset patch # User obua # Date 1141743811 -3600 # Node ID 7785075206842dd29075f7737a84677e5bf90478 # Parent 0b9eb4b0ad98a65267396ef74fd327a0e6a65f08 Added HOL-ZF to Isabelle. diff -r 0b9eb4b0ad98 -r 778507520684 src/HOL/Import/Generate-HOLLight/GenHOLLight.thy --- a/src/HOL/Import/Generate-HOLLight/GenHOLLight.thy Tue Mar 07 14:09:48 2006 +0100 +++ b/src/HOL/Import/Generate-HOLLight/GenHOLLight.thy Tue Mar 07 16:03:31 2006 +0100 @@ -30,7 +30,8 @@ DEF_NUM_REP TYDEF_sum DEF_INL - DEF_INR; + DEF_INR + TYDEF_option; type_maps ind > Nat.ind @@ -39,7 +40,8 @@ N_1 > Product_Type.unit prod > "*" num > nat - sum > "+"; + sum > "+" + option > Datatype.option; const_renames "==" > "eqeq" diff -r 0b9eb4b0ad98 -r 778507520684 src/HOL/Import/replay.ML --- a/src/HOL/Import/replay.ML Tue Mar 07 14:09:48 2006 +0100 +++ b/src/HOL/Import/replay.ML Tue Mar 07 16:03:31 2006 +0100 @@ -369,7 +369,13 @@ (entry::cached, normal) end) else - raise ERR "import_thms" ("cached theorems are not in-sync, expected: "^thmname^", found: "^thmname') + let + val _ = writeln ("cached theorems are not in-sync, expected: "^thmname^", found: "^thmname') + val _ = writeln ("proceeding with next uncached theorem...") + in + ([], thmname::names) + end + (* raise ERR "import_thms" ("cached theorems are not in-sync, expected: "^thmname^", found: "^thmname')*) | zip (thmname::_) (DeltaEntry _ :: _) = raise ERR "import_thms" ("expected theorem '"^thmname^"', but found a delta") fun zip' xs (History ys) = diff -r 0b9eb4b0ad98 -r 778507520684 src/HOL/IsaMakefile --- a/src/HOL/IsaMakefile Tue Mar 07 14:09:48 2006 +0100 +++ b/src/HOL/IsaMakefile Tue Mar 07 16:03:31 2006 +0100 @@ -40,7 +40,8 @@ HOL-UNITY \ HOL-Unix \ HOL-W0 \ - HOL-ex + HOL-ZF \ + HOL-ex # ^ this is the sort position all: test images @@ -451,6 +452,14 @@ Unix/document/root.bib Unix/document/root.tex @$(ISATOOL) usedir $(OUT)/HOL Unix +## HOL-ZF + +HOL-ZF: HOL $(LOG)/HOL-ZF.gz + +$(LOG)/HOL-ZF.gz: $(OUT)/HOL ZF/ROOT.ML \ + ZF/Helper.thy ZF/LProd.thy ZF/HOLZF.thy \ + ZF/MainZF.thy ZF/Games.thy ZF/document/root.tex + @$(ISATOOL) usedir $(OUT)/HOL ZF ## HOL-Modelcheck diff -r 0b9eb4b0ad98 -r 778507520684 src/HOL/ZF/Games.thy --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/HOL/ZF/Games.thy Tue Mar 07 16:03:31 2006 +0100 @@ -0,0 +1,961 @@ +(* Title: HOL/ZF/Games.thy + ID: $Id$ + Author: Steven Obua + + An application of HOLZF: Partizan Games. + See "Partizan Games in Isabelle/HOLZF", available from http://www4.in.tum.de/~obua/partizan +*) + +theory Games +imports MainZF +begin + +constdefs + fixgames :: "ZF set \ ZF set" + "fixgames A \ { Opair l r | l r. explode l \ A & explode r \ A}" + games_lfp :: "ZF set" + "games_lfp \ lfp fixgames" + games_gfp :: "ZF set" + "games_gfp \ gfp fixgames" + +lemma mono_fixgames: "mono (fixgames)" + apply (auto simp add: mono_def fixgames_def) + apply (rule_tac x=l in exI) + apply (rule_tac x=r in exI) + apply auto + done + +lemma games_lfp_unfold: "games_lfp = fixgames games_lfp" + by (auto simp add: def_lfp_unfold games_lfp_def mono_fixgames) + +lemma games_gfp_unfold: "games_gfp = fixgames games_gfp" + by (auto simp add: def_gfp_unfold games_gfp_def mono_fixgames) + +lemma games_lfp_nonempty: "Opair Empty Empty \ games_lfp" +proof - + have "fixgames {} \ games_lfp" + apply (subst games_lfp_unfold) + apply (simp add: mono_fixgames[simplified mono_def, rule_format]) + done + moreover have "fixgames {} = {Opair Empty Empty}" + by (simp add: fixgames_def explode_Empty) + finally show ?thesis + by auto +qed + +constdefs + left_option :: "ZF \ ZF \ bool" + "left_option g opt \ (Elem opt (Fst g))" + right_option :: "ZF \ ZF \ bool" + "right_option g opt \ (Elem opt (Snd g))" + is_option_of :: "(ZF * ZF) set" + "is_option_of \ { (opt, g) | opt g. g \ games_gfp \ (left_option g opt \ right_option g opt) }" + +lemma games_lfp_subset_gfp: "games_lfp \ games_gfp" +proof - + have "games_lfp \ fixgames games_lfp" + by (simp add: games_lfp_unfold[symmetric]) + then show ?thesis + by (simp add: games_gfp_def gfp_upperbound) +qed + +lemma games_option_stable: + assumes fixgames: "games = fixgames games" + and g: "g \ games" + and opt: "left_option g opt \ right_option g opt" + shows "opt \ games" +proof - + from g fixgames have "g \ fixgames games" by auto + then have "\ l r. g = Opair l r \ explode l \ games \ explode r \ games" + by (simp add: fixgames_def) + then obtain l where "\ r. g = Opair l r \ explode l \ games \ explode r \ games" .. + then obtain r where lr: "g = Opair l r \ explode l \ games \ explode r \ games" .. + with opt show ?thesis + by (auto intro: Elem_explode_in simp add: left_option_def right_option_def Fst Snd) +qed + +lemma option2elem: "(opt,g) \ is_option_of \ \ u v. Elem opt u \ Elem u v \ Elem v g" + apply (simp add: is_option_of_def) + apply (subgoal_tac "(g \ games_gfp) = (g \ (fixgames games_gfp))") + prefer 2 + apply (simp add: games_gfp_unfold[symmetric]) + apply (auto simp add: fixgames_def left_option_def right_option_def Fst Snd) + apply (rule_tac x=l in exI, insert Elem_Opair_exists, blast) + apply (rule_tac x=r in exI, insert Elem_Opair_exists, blast) + done + +lemma is_option_of_subset_is_Elem_of: "is_option_of \ (is_Elem_of^+)" +proof - + { + fix opt + fix g + assume "(opt, g) \ is_option_of" + then have "\ u v. (opt, u) \ (is_Elem_of^+) \ (u,v) \ (is_Elem_of^+) \ (v,g) \ (is_Elem_of^+)" + apply - + apply (drule option2elem) + apply (auto simp add: r_into_trancl' is_Elem_of_def) + done + then have "(opt, g) \ (is_Elem_of^+)" + by (blast intro: trancl_into_rtrancl trancl_rtrancl_trancl) + } + then show ?thesis by auto +qed + +lemma wfzf_is_option_of: "wfzf is_option_of" +proof - + have "wfzf (is_Elem_of^+)" by (simp add: wfzf_trancl wfzf_is_Elem_of) + then show ?thesis + apply (rule wfzf_subset) + apply (rule is_option_of_subset_is_Elem_of) + done + qed + +lemma games_gfp_imp_lfp: "g \ games_gfp \ g \ games_lfp" +proof - + have unfold_gfp: "\ x. x \ games_gfp \ x \ (fixgames games_gfp)" + by (simp add: games_gfp_unfold[symmetric]) + have unfold_lfp: "\ x. (x \ games_lfp) = (x \ (fixgames games_lfp))" + by (simp add: games_lfp_unfold[symmetric]) + show ?thesis + apply (rule wf_induct[OF wfzf_implies_wf[OF wfzf_is_option_of]]) + apply (auto simp add: is_option_of_def) + apply (drule_tac unfold_gfp) + apply (simp add: fixgames_def) + apply (auto simp add: left_option_def Fst right_option_def Snd) + apply (subgoal_tac "explode l \ games_lfp") + apply (subgoal_tac "explode r \ games_lfp") + apply (subst unfold_lfp) + apply (auto simp add: fixgames_def) + apply (simp_all add: explode_Elem Elem_explode_in) + done +qed + +theorem games_lfp_eq_gfp: "games_lfp = games_gfp" + apply (auto simp add: games_gfp_imp_lfp) + apply (insert games_lfp_subset_gfp) + apply auto + done + +theorem unique_games: "(g = fixgames g) = (g = games_lfp)" +proof - + { + fix g + assume g: "g = fixgames g" + from g have "fixgames g \ g" by auto + then have l:"games_lfp \ g" + by (simp add: games_lfp_def lfp_lowerbound) + from g have "g \ fixgames g" by auto + then have u:"g \ games_gfp" + by (simp add: games_gfp_def gfp_upperbound) + from l u games_lfp_eq_gfp[symmetric] have "g = games_lfp" + by auto + } + note games = this + show ?thesis + apply (rule iff[rule_format]) + apply (erule games) + apply (simp add: games_lfp_unfold[symmetric]) + done +qed + +lemma games_lfp_option_stable: + assumes g: "g \ games_lfp" + and opt: "left_option g opt \ right_option g opt" + shows "opt \ games_lfp" + apply (rule games_option_stable[where g=g]) + apply (simp add: games_lfp_unfold[symmetric]) + apply (simp_all add: prems) + done + +lemma is_option_of_imp_games: + assumes hyp: "(opt, g) \ is_option_of" + shows "opt \ games_lfp \ g \ games_lfp" +proof - + from hyp have g_game: "g \ games_lfp" + by (simp add: is_option_of_def games_lfp_eq_gfp) + from hyp have "left_option g opt \ right_option g opt" + by (auto simp add: is_option_of_def) + with g_game games_lfp_option_stable[OF g_game, OF this] show ?thesis + by auto +qed + +lemma games_lfp_represent: "x \ games_lfp \ \ l r. x = Opair l r" + apply (rule exI[where x="Fst x"]) + apply (rule exI[where x="Snd x"]) + apply (subgoal_tac "x \ (fixgames games_lfp)") + apply (simp add: fixgames_def) + apply (auto simp add: Fst Snd) + apply (simp add: games_lfp_unfold[symmetric]) + done + +typedef game = games_lfp + by (blast intro: games_lfp_nonempty) + +constdefs + left_options :: "game \ game zet" + "left_options g \ zimage Abs_game (zexplode (Fst (Rep_game g)))" + right_options :: "game \ game zet" + "right_options g \ zimage Abs_game (zexplode (Snd (Rep_game g)))" + options :: "game \ game zet" + "options g \ zunion (left_options g) (right_options g)" + Game :: "game zet \ game zet \ game" + "Game L R \ Abs_game (Opair (zimplode (zimage Rep_game L)) (zimplode (zimage Rep_game R)))" + +lemma Repl_Rep_game_Abs_game: "\ e. Elem e z \ e \ games_lfp \ Repl z (Rep_game o Abs_game) = z" + apply (subst Ext) + apply (simp add: Repl) + apply auto + apply (subst Abs_game_inverse, simp_all add: game_def) + apply (rule_tac x=za in exI) + apply (subst Abs_game_inverse, simp_all add: game_def) + done + +lemma game_split: "g = Game (left_options g) (right_options g)" +proof - + have "\ l r. Rep_game g = Opair l r" + apply (insert Rep_game[of g]) + apply (simp add: game_def games_lfp_represent) + done + then obtain l r where lr: "Rep_game g = Opair l r" by auto + have partizan_g: "Rep_game g \ games_lfp" + apply (insert Rep_game[of g]) + apply (simp add: game_def) + done + have "\ e. Elem e l \ left_option (Rep_game g) e" + by (simp add: lr left_option_def Fst) + then have partizan_l: "\ e. Elem e l \ e \ games_lfp" + apply auto + apply (rule games_lfp_option_stable[where g="Rep_game g", OF partizan_g]) + apply auto + done + have "\ e. Elem e r \ right_option (Rep_game g) e" + by (simp add: lr right_option_def Snd) + then have partizan_r: "\ e. Elem e r \ e \ games_lfp" + apply auto + apply (rule games_lfp_option_stable[where g="Rep_game g", OF partizan_g]) + apply auto + done + let ?L = "zimage (Abs_game) (zexplode l)" + let ?R = "zimage (Abs_game) (zexplode r)" + have L:"?L = left_options g" + by (simp add: left_options_def lr Fst) + have R:"?R = right_options g" + by (simp add: right_options_def lr Snd) + have "g = Game ?L ?R" + apply (simp add: Game_def Rep_game_inject[symmetric] comp_zimage_eq zimage_zexplode_eq zimplode_zexplode) + apply (simp add: Repl_Rep_game_Abs_game partizan_l partizan_r) + apply (subst Abs_game_inverse) + apply (simp_all add: lr[symmetric] Rep_game) + done + then show ?thesis + by (simp add: L R) +qed + +lemma Opair_in_games_lfp: + assumes l: "explode l \ games_lfp" + and r: "explode r \ games_lfp" + shows "Opair l r \ games_lfp" +proof - + note f = unique_games[of games_lfp, simplified] + show ?thesis + apply (subst f) + apply (simp add: fixgames_def) + apply (rule exI[where x=l]) + apply (rule exI[where x=r]) + apply (auto simp add: l r) + done +qed + +lemma left_options[simp]: "left_options (Game l r) = l" + apply (simp add: left_options_def Game_def) + apply (subst Abs_game_inverse) + apply (simp add: game_def) + apply (rule Opair_in_games_lfp) + apply (auto simp add: explode_Elem Elem_zimplode zimage_iff Rep_game[simplified game_def]) + apply (simp add: Fst zexplode_zimplode comp_zimage_eq) + apply (simp add: zet_ext_eq zimage_iff Rep_game_inverse) + done + +lemma right_options[simp]: "right_options (Game l r) = r" + apply (simp add: right_options_def Game_def) + apply (subst Abs_game_inverse) + apply (simp add: game_def) + apply (rule Opair_in_games_lfp) + apply (auto simp add: explode_Elem Elem_zimplode zimage_iff Rep_game[simplified game_def]) + apply (simp add: Snd zexplode_zimplode comp_zimage_eq) + apply (simp add: zet_ext_eq zimage_iff Rep_game_inverse) + done + +lemma Game_ext: "(Game l1 r1 = Game l2 r2) = ((l1 = l2) \ (r1 = r2))" + apply auto + apply (subst left_options[where l=l1 and r=r1,symmetric]) + apply (subst left_options[where l=l2 and r=r2,symmetric]) + apply simp + apply (subst right_options[where l=l1 and r=r1,symmetric]) + apply (subst right_options[where l=l2 and r=r2,symmetric]) + apply simp + done + +constdefs + option_of :: "(game * game) set" + "option_of \ image (\ (option, g). (Abs_game option, Abs_game g)) is_option_of" + +lemma option_to_is_option_of: "((option, g) \ option_of) = ((Rep_game option, Rep_game g) \ is_option_of)" + apply (auto simp add: option_of_def) + apply (subst Abs_game_inverse) + apply (simp add: is_option_of_imp_games game_def) + apply (subst Abs_game_inverse) + apply (simp add: is_option_of_imp_games game_def) + apply simp + apply (auto simp add: Bex_def image_def) + apply (rule exI[where x="Rep_game option"]) + apply (rule exI[where x="Rep_game g"]) + apply (simp add: Rep_game_inverse) + done + +lemma wf_is_option_of: "wf is_option_of" + apply (rule wfzf_implies_wf) + apply (simp add: wfzf_is_option_of) + done + +lemma wf_option_of[recdef_wf, simp, intro]: "wf option_of" +proof - + have option_of: "option_of = inv_image is_option_of Rep_game" + apply (rule set_ext) + apply (case_tac "x") + by (simp add: inv_image_def option_to_is_option_of) + show ?thesis + apply (simp add: option_of) + apply (auto intro: wf_inv_image wf_is_option_of) + done +qed + +lemma right_option_is_option[simp, intro]: "zin x (right_options g) \ zin x (options g)" + by (simp add: options_def zunion) + +lemma left_option_is_option[simp, intro]: "zin x (left_options g) \ zin x (options g)" + by (simp add: options_def zunion) + +lemma zin_options[simp, intro]: "zin x (options g) \ (x, g) \ option_of" + apply (simp add: options_def zunion left_options_def right_options_def option_of_def + image_def is_option_of_def zimage_iff zin_zexplode_eq) + apply (cases g) + apply (cases x) + apply (auto simp add: Abs_game_inverse games_lfp_eq_gfp[symmetric] game_def + right_option_def[symmetric] left_option_def[symmetric]) + done + +consts + neg_game :: "game \ game" + +recdef neg_game "option_of" + "neg_game g = Game (zimage neg_game (right_options g)) (zimage neg_game (left_options g))" + +declare neg_game.simps[simp del] + +lemma "neg_game (neg_game g) = g" + apply (induct g rule: neg_game.induct) + apply (subst neg_game.simps)+ + apply (simp add: right_options left_options comp_zimage_eq) + apply (subgoal_tac "zimage (neg_game o neg_game) (left_options g) = left_options g") + apply (subgoal_tac "zimage (neg_game o neg_game) (right_options g) = right_options g") + apply (auto simp add: game_split[symmetric]) + apply (auto simp add: zet_ext_eq zimage_iff) + done + +consts + ge_game :: "(game * game) \ bool" + +recdef ge_game "(gprod_2_1 option_of)" + "ge_game (G, H) = (\ x. if zin x (right_options G) then ( + if zin x (left_options H) then \ (ge_game (H, x) \ (ge_game (x, G))) + else \ (ge_game (H, x))) + else (if zin x (left_options H) then \ (ge_game (x, G)) else True))" +(hints simp: gprod_2_1_def) + +declare ge_game.simps [simp del] + +lemma ge_game_def: "ge_game (G, H) = (\ x. (zin x (right_options G) \ \ ge_game (H, x)) \ (zin x (left_options H) \ \ ge_game (x, G)))" + apply (subst ge_game.simps[where G=G and H=H]) + apply (auto) + done + +lemma ge_game_leftright_refl[rule_format]: + "\ y. (zin y (right_options x) \ \ ge_game (x, y)) \ (zin y (left_options x) \ \ (ge_game (y, x))) \ ge_game (x, x)" +proof (induct x rule: wf_induct[OF wf_option_of]) + case (1 "g") + { + fix y + assume y: "zin y (right_options g)" + have "\ ge_game (g, y)" + proof - + have "(y, g) \ option_of" by (auto intro: y) + with 1 have "ge_game (y, y)" by auto + with y show ?thesis by (subst ge_game_def, auto) + qed + } + note right = this + { + fix y + assume y: "zin y (left_options g)" + have "\ ge_game (y, g)" + proof - + have "(y, g) \ option_of" by (auto intro: y) + with 1 have "ge_game (y, y)" by auto + with y show ?thesis by (subst ge_game_def, auto) + qed + } + note left = this + from left right show ?case + by (auto, subst ge_game_def, auto) +qed + +lemma ge_game_refl: "ge_game (x,x)" by (simp add: ge_game_leftright_refl) + +lemma "\ y. (zin y (right_options x) \ \ ge_game (x, y)) \ (zin y (left_options x) \ \ (ge_game (y, x))) \ ge_game (x, x)" +proof (induct x rule: wf_induct[OF wf_option_of]) + case (1 "g") + show ?case + proof (auto) + {case (goal1 y) + from goal1 have "(y, g) \ option_of" by (auto) + with 1 have "ge_game (y, y)" by auto + with goal1 have "\ ge_game (g, y)" + by (subst ge_game_def, auto) + with goal1 show ?case by auto} + note right = this + {case (goal2 y) + from goal2 have "(y, g) \ option_of" by (auto) + with 1 have "ge_game (y, y)" by auto + with goal2 have "\ ge_game (y, g)" + by (subst ge_game_def, auto) + with goal2 show ?case by auto} + note left = this + {case goal3 + from left right show ?case + by (subst ge_game_def, auto) + } + qed +qed + +constdefs + eq_game :: "game \ game \ bool" + "eq_game G H \ ge_game (G, H) \ ge_game (H, G)" + +lemma eq_game_sym: "(eq_game G H) = (eq_game H G)" + by (auto simp add: eq_game_def) + +lemma eq_game_refl: "eq_game G G" + by (simp add: ge_game_refl eq_game_def) + +lemma induct_game: "(\x. \y. (y, x) \ lprod option_of \ P y \ P x) \ P a" + by (erule wf_induct[OF wf_lprod[OF wf_option_of]]) + +lemma ge_game_trans: + assumes "ge_game (x, y)" "ge_game (y, z)" + shows "ge_game (x, z)" +proof - + { + fix a + have "\ x y z. a = [x,y,z] \ ge_game (x,y) \ ge_game (y,z) \ ge_game (x, z)" + proof (induct a rule: induct_game) + case (1 a) + show ?case + proof (rule allI | rule impI)+ + case (goal1 x y z) + show ?case + proof - + { fix xr + assume xr:"zin xr (right_options x)" + assume "ge_game (z, xr)" + have "ge_game (y, xr)" + apply (rule 1[rule_format, where y="[y,z,xr]"]) + apply (auto intro: xr lprod_3_1 simp add: prems) + done + moreover from xr have "\ ge_game (y, xr)" + by (simp add: goal1(2)[simplified ge_game_def[of x y], rule_format, of xr, simplified xr]) + ultimately have "False" by auto + } + note xr = this + { fix zl + assume zl:"zin zl (left_options z)" + assume "ge_game (zl, x)" + have "ge_game (zl, y)" + apply (rule 1[rule_format, where y="[zl,x,y]"]) + apply (auto intro: zl lprod_3_2 simp add: prems) + done + moreover from zl have "\ ge_game (zl, y)" + by (simp add: goal1(3)[simplified ge_game_def[of y z], rule_format, of zl, simplified zl]) + ultimately have "False" by auto + } + note zl = this + show ?thesis + by (auto simp add: ge_game_def[of x z] intro: xr zl) + qed + qed + qed + } + note trans = this[of "[x, y, z]", simplified, rule_format] + with prems show ?thesis by blast +qed + +lemma eq_game_trans: "eq_game a b \ eq_game b c \ eq_game a c" + by (auto simp add: eq_game_def intro: ge_game_trans) + +constdefs + zero_game :: game + "zero_game \ Game zempty zempty" + +consts + plus_game :: "game * game \ game" + +recdef plus_game "gprod_2_2 option_of" + "plus_game (G, H) = Game (zunion (zimage (\ g. plus_game (g, H)) (left_options G)) + (zimage (\ h. plus_game (G, h)) (left_options H))) + (zunion (zimage (\ g. plus_game (g, H)) (right_options G)) + (zimage (\ h. plus_game (G, h)) (right_options H)))" +(hints simp add: gprod_2_2_def) + +declare plus_game.simps[simp del] + +lemma plus_game_comm: "plus_game (G, H) = plus_game (H, G)" +proof (induct G H rule: plus_game.induct) + case (1 G H) + show ?case + by (auto simp add: + plus_game.simps[where G=G and H=H] + plus_game.simps[where G=H and H=G] + Game_ext zet_ext_eq zunion zimage_iff prems) +qed + +lemma game_ext_eq: "(G = H) = (left_options G = left_options H \ right_options G = right_options H)" +proof - + have "(G = H) = (Game (left_options G) (right_options G) = Game (left_options H) (right_options H))" + by (simp add: game_split[symmetric]) + then show ?thesis by auto +qed + +lemma left_zero_game[simp]: "left_options (zero_game) = zempty" + by (simp add: zero_game_def) + +lemma right_zero_game[simp]: "right_options (zero_game) = zempty" + by (simp add: zero_game_def) + +lemma plus_game_zero_right[simp]: "plus_game (G, zero_game) = G" +proof - + { + fix G H + have "H = zero_game \ plus_game (G, H) = G " + proof (induct G H rule: plus_game.induct, rule impI) + case (goal1 G H) + note induct_hyp = prems[simplified goal1, simplified] and prems + show ?case + apply (simp only: plus_game.simps[where G=G and H=H]) + apply (simp add: game_ext_eq prems) + apply (auto simp add: + zimage_cong[where f = "\ g. plus_game (g, zero_game)" and g = "id"] + induct_hyp) + done + qed + } + then show ?thesis by auto +qed + +lemma plus_game_zero_left: "plus_game (zero_game, G) = G" + by (simp add: plus_game_comm) + +lemma left_imp_options[simp]: "zin opt (left_options g) \ zin opt (options g)" + by (simp add: options_def zunion) + +lemma right_imp_options[simp]: "zin opt (right_options g) \ zin opt (options g)" + by (simp add: options_def zunion) + +lemma left_options_plus: + "left_options (plus_game (u, v)) = zunion (zimage (\g. plus_game (g, v)) (left_options u)) (zimage (\h. plus_game (u, h)) (left_options v))" + by (subst plus_game.simps, simp) + +lemma right_options_plus: + "right_options (plus_game (u, v)) = zunion (zimage (\g. plus_game (g, v)) (right_options u)) (zimage (\h. plus_game (u, h)) (right_options v))" + by (subst plus_game.simps, simp) + +lemma left_options_neg: "left_options (neg_game u) = zimage neg_game (right_options u)" + by (subst neg_game.simps, simp) + +lemma right_options_neg: "right_options (neg_game u) = zimage neg_game (left_options u)" + by (subst neg_game.simps, simp) + +lemma plus_game_assoc: "plus_game (plus_game (F, G), H) = plus_game (F, plus_game (G, H))" +proof - + { + fix a + have "\ F G H. a = [F, G, H] \ plus_game (plus_game (F, G), H) = plus_game (F, plus_game (G, H))" + proof (induct a rule: induct_game, (rule impI | rule allI)+) + case (goal1 x F G H) + let ?L = "plus_game (plus_game (F, G), H)" + let ?R = "plus_game (F, plus_game (G, H))" + note options_plus = left_options_plus right_options_plus + { + fix opt + note hyp = goal1(1)[simplified goal1(2), rule_format] + have F: "zin opt (options F) \ plus_game (plus_game (opt, G), H) = plus_game (opt, plus_game (G, H))" + by (blast intro: hyp lprod_3_3) + have G: "zin opt (options G) \ plus_game (plus_game (F, opt), H) = plus_game (F, plus_game (opt, H))" + by (blast intro: hyp lprod_3_4) + have H: "zin opt (options H) \ plus_game (plus_game (F, G), opt) = plus_game (F, plus_game (G, opt))" + by (blast intro: hyp lprod_3_5) + note F and G and H + } + note induct_hyp = this + have "left_options ?L = left_options ?R \ right_options ?L = right_options ?R" + by (auto simp add: + plus_game.simps[where G="plus_game (F,G)" and H=H] + plus_game.simps[where G="F" and H="plus_game (G,H)"] + zet_ext_eq zunion zimage_iff options_plus + induct_hyp left_imp_options right_imp_options) + then show ?case + by (simp add: game_ext_eq) + qed + } + then show ?thesis by auto +qed + +lemma neg_plus_game: "neg_game (plus_game (G, H)) = plus_game(neg_game G, neg_game H)" +proof (induct G H rule: plus_game.induct) + case (1 G H) + note opt_ops = + left_options_plus right_options_plus + left_options_neg right_options_neg + show ?case + by (auto simp add: opt_ops + neg_game.simps[of "plus_game (G,H)"] + plus_game.simps[of "neg_game G" "neg_game H"] + Game_ext zet_ext_eq zunion zimage_iff prems) +qed + +lemma eq_game_plus_inverse: "eq_game (plus_game (x, neg_game x)) zero_game" +proof (induct x rule: wf_induct[OF wf_option_of]) + case (goal1 x) + { fix y + assume "zin y (options x)" + then have "eq_game (plus_game (y, neg_game y)) zero_game" + by (auto simp add: prems) + } + note ihyp = this + { + fix y + assume y: "zin y (right_options x)" + have "\ (ge_game (zero_game, plus_game (y, neg_game x)))" + apply (subst ge_game.simps, simp) + apply (rule exI[where x="plus_game (y, neg_game y)"]) + apply (auto simp add: ihyp[of y, simplified y right_imp_options eq_game_def]) + apply (auto simp add: left_options_plus left_options_neg zunion zimage_iff intro: prems) + done + } + note case1 = this + { + fix y + assume y: "zin y (left_options x)" + have "\ (ge_game (zero_game, plus_game (x, neg_game y)))" + apply (subst ge_game.simps, simp) + apply (rule exI[where x="plus_game (y, neg_game y)"]) + apply (auto simp add: ihyp[of y, simplified y left_imp_options eq_game_def]) + apply (auto simp add: left_options_plus zunion zimage_iff intro: prems) + done + } + note case2 = this + { + fix y + assume y: "zin y (left_options x)" + have "\ (ge_game (plus_game (y, neg_game x), zero_game))" + apply (subst ge_game.simps, simp) + apply (rule exI[where x="plus_game (y, neg_game y)"]) + apply (auto simp add: ihyp[of y, simplified y left_imp_options eq_game_def]) + apply (auto simp add: right_options_plus right_options_neg zunion zimage_iff intro: prems) + done + } + note case3 = this + { + fix y + assume y: "zin y (right_options x)" + have "\ (ge_game (plus_game (x, neg_game y), zero_game))" + apply (subst ge_game.simps, simp) + apply (rule exI[where x="plus_game (y, neg_game y)"]) + apply (auto simp add: ihyp[of y, simplified y right_imp_options eq_game_def]) + apply (auto simp add: right_options_plus zunion zimage_iff intro: prems) + done + } + note case4 = this + show ?case + apply (simp add: eq_game_def) + apply (simp add: ge_game.simps[of "plus_game (x, neg_game x)" "zero_game"]) + apply (simp add: ge_game.simps[of "zero_game" "plus_game (x, neg_game x)"]) + apply (simp add: right_options_plus left_options_plus right_options_neg left_options_neg zunion zimage_iff) + apply (auto simp add: case1 case2 case3 case4) + done +qed + +lemma ge_plus_game_left: "ge_game (y,z) = ge_game(plus_game (x, y), plus_game (x, z))" +proof - + { fix a + have "\ x y z. a = [x,y,z] \ ge_game (y,z) = ge_game(plus_game (x, y), plus_game (x, z))" + proof (induct a rule: induct_game, (rule impI | rule allI)+) + case (goal1 a x y z) + note induct_hyp = goal1(1)[rule_format, simplified goal1(2)] + { + assume hyp: "ge_game(plus_game (x, y), plus_game (x, z))" + have "ge_game (y, z)" + proof - + { fix yr + assume yr: "zin yr (right_options y)" + from hyp have "\ (ge_game (plus_game (x, z), plus_game (x, yr)))" + by (auto simp add: ge_game_def[of "plus_game (x,y)" "plus_game(x,z)"] + right_options_plus zunion zimage_iff intro: yr) + then have "\ (ge_game (z, yr))" + apply (subst induct_hyp[where y="[x, z, yr]", of "x" "z" "yr"]) + apply (simp_all add: yr lprod_3_6) + done + } + note yr = this + { fix zl + assume zl: "zin zl (left_options z)" + from hyp have "\ (ge_game (plus_game (x, zl), plus_game (x, y)))" + by (auto simp add: ge_game_def[of "plus_game (x,y)" "plus_game(x,z)"] + left_options_plus zunion zimage_iff intro: zl) + then have "\ (ge_game (zl, y))" + apply (subst goal1(1)[rule_format, where y="[x, zl, y]", of "x" "zl" "y"]) + apply (simp_all add: goal1(2) zl lprod_3_7) + done + } + note zl = this + show "ge_game (y, z)" + apply (subst ge_game_def) + apply (auto simp add: yr zl) + done + qed + } + note right_imp_left = this + { + assume yz: "ge_game (y, z)" + { + fix x' + assume x': "zin x' (right_options x)" + assume hyp: "ge_game (plus_game (x, z), plus_game (x', y))" + then have n: "\ (ge_game (plus_game (x', y), plus_game (x', z)))" + by (auto simp add: ge_game_def[of "plus_game (x,z)" "plus_game (x', y)"] + right_options_plus zunion zimage_iff intro: x') + have t: "ge_game (plus_game (x', y), plus_game (x', z))" + apply (subst induct_hyp[symmetric]) + apply (auto intro: lprod_3_3 x' yz) + done + from n t have "False" by blast + } + note case1 = this + { + fix x' + assume x': "zin x' (left_options x)" + assume hyp: "ge_game (plus_game (x', z), plus_game (x, y))" + then have n: "\ (ge_game (plus_game (x', y), plus_game (x', z)))" + by (auto simp add: ge_game_def[of "plus_game (x',z)" "plus_game (x, y)"] + left_options_plus zunion zimage_iff intro: x') + have t: "ge_game (plus_game (x', y), plus_game (x', z))" + apply (subst induct_hyp[symmetric]) + apply (auto intro: lprod_3_3 x' yz) + done + from n t have "False" by blast + } + note case3 = this + { + fix y' + assume y': "zin y' (right_options y)" + assume hyp: "ge_game (plus_game(x, z), plus_game (x, y'))" + then have "ge_game(z, y')" + apply (subst induct_hyp[of "[x, z, y']" "x" "z" "y'"]) + apply (auto simp add: hyp lprod_3_6 y') + done + with yz have "ge_game (y, y')" + by (blast intro: ge_game_trans) + with y' have "False" by (auto simp add: ge_game_leftright_refl) + } + note case2 = this + { + fix z' + assume z': "zin z' (left_options z)" + assume hyp: "ge_game (plus_game(x, z'), plus_game (x, y))" + then have "ge_game(z', y)" + apply (subst induct_hyp[of "[x, z', y]" "x" "z'" "y"]) + apply (auto simp add: hyp lprod_3_7 z') + done + with yz have "ge_game (z', z)" + by (blast intro: ge_game_trans) + with z' have "False" by (auto simp add: ge_game_leftright_refl) + } + note case4 = this + have "ge_game(plus_game (x, y), plus_game (x, z))" + apply (subst ge_game_def) + apply (auto simp add: right_options_plus left_options_plus zunion zimage_iff) + apply (auto intro: case1 case2 case3 case4) + done + } + note left_imp_right = this + show ?case by (auto intro: right_imp_left left_imp_right) + qed + } + note a = this[of "[x, y, z]"] + then show ?thesis by blast +qed + +lemma ge_plus_game_right: "ge_game (y,z) = ge_game(plus_game (y, x), plus_game (z, x))" + by (simp add: ge_plus_game_left plus_game_comm) + +lemma ge_neg_game: "ge_game (neg_game x, neg_game y) = ge_game (y, x)" +proof - + { fix a + have "\ x y. a = [x, y] \ ge_game (neg_game x, neg_game y) = ge_game (y, x)" + proof (induct a rule: induct_game, (rule impI | rule allI)+) + case (goal1 a x y) + note ihyp = goal1(1)[rule_format, simplified goal1(2)] + { fix xl + assume xl: "zin xl (left_options x)" + have "ge_game (neg_game y, neg_game xl) = ge_game (xl, y)" + apply (subst ihyp) + apply (auto simp add: lprod_2_1 xl) + done + } + note xl = this + { fix yr + assume yr: "zin yr (right_options y)" + have "ge_game (neg_game yr, neg_game x) = ge_game (x, yr)" + apply (subst ihyp) + apply (auto simp add: lprod_2_2 yr) + done + } + note yr = this + show ?case + by (auto simp add: ge_game_def[of "neg_game x" "neg_game y"] ge_game_def[of "y" "x"] + right_options_neg left_options_neg zimage_iff xl yr) + qed + } + note a = this[of "[x,y]"] + then show ?thesis by blast +qed + +constdefs + eq_game_rel :: "(game * game) set" + "eq_game_rel \ { (p, q) . eq_game p q }" + +typedef Pg = "UNIV//eq_game_rel" + by (auto simp add: quotient_def) + +lemma equiv_eq_game[simp]: "equiv UNIV eq_game_rel" + by (auto simp add: equiv_def refl_def sym_def trans_def eq_game_rel_def + eq_game_sym intro: eq_game_refl eq_game_trans) + +instance Pg :: "{ord,zero,plus,minus}" .. + +defs (overloaded) + Pg_zero_def: "0 \ Abs_Pg (eq_game_rel `` {zero_game})" + Pg_le_def: "G \ H \ \ g h. g \ Rep_Pg G \ h \ Rep_Pg H \ ge_game (h, g)" + Pg_less_def: "G < H \ G \ H \ G \ (H::Pg)" + Pg_minus_def: "- G \ contents (\ g \ Rep_Pg G. {Abs_Pg (eq_game_rel `` {neg_game g})})" + Pg_plus_def: "G + H \ contents (\ g \ Rep_Pg G. \ h \ Rep_Pg H. {Abs_Pg (eq_game_rel `` {plus_game (g,h)})})" + Pg_diff_def: "G - H \ G + (- (H::Pg))" + +lemma Rep_Abs_eq_Pg[simp]: "Rep_Pg (Abs_Pg (eq_game_rel `` {g})) = eq_game_rel `` {g}" + apply (subst Abs_Pg_inverse) + apply (auto simp add: Pg_def quotient_def) + done + +lemma char_Pg_le[simp]: "(Abs_Pg (eq_game_rel `` {g}) \ Abs_Pg (eq_game_rel `` {h})) = (ge_game (h, g))" + apply (simp add: Pg_le_def) + apply (auto simp add: eq_game_rel_def eq_game_def intro: ge_game_trans ge_game_refl) + done + +lemma char_Pg_eq[simp]: "(Abs_Pg (eq_game_rel `` {g}) = Abs_Pg (eq_game_rel `` {h})) = (eq_game g h)" + apply (simp add: Rep_Pg_inject [symmetric]) + apply (subst eq_equiv_class_iff[of UNIV]) + apply (simp_all) + apply (simp add: eq_game_rel_def) + done + +lemma char_Pg_plus[simp]: "Abs_Pg (eq_game_rel `` {g}) + Abs_Pg (eq_game_rel `` {h}) = Abs_Pg (eq_game_rel `` {plus_game (g, h)})" +proof - + have "(\ g h. {Abs_Pg (eq_game_rel `` {plus_game (g, h)})}) respects2 eq_game_rel" + apply (simp add: congruent2_def) + apply (auto simp add: eq_game_rel_def eq_game_def) + apply (rule_tac y="plus_game (y1, z2)" in ge_game_trans) + apply (simp add: ge_plus_game_left[symmetric] ge_plus_game_right[symmetric])+ + apply (rule_tac y="plus_game (z1, y2)" in ge_game_trans) + apply (simp add: ge_plus_game_left[symmetric] ge_plus_game_right[symmetric])+ + done + then show ?thesis + by (simp add: Pg_plus_def UN_equiv_class2[OF equiv_eq_game equiv_eq_game]) +qed + +lemma char_Pg_minus[simp]: "- Abs_Pg (eq_game_rel `` {g}) = Abs_Pg (eq_game_rel `` {neg_game g})" +proof - + have "(\ g. {Abs_Pg (eq_game_rel `` {neg_game g})}) respects eq_game_rel" + apply (simp add: congruent_def) + apply (auto simp add: eq_game_rel_def eq_game_def ge_neg_game) + done + then show ?thesis + by (simp add: Pg_minus_def UN_equiv_class[OF equiv_eq_game]) +qed + +lemma eq_Abs_Pg[rule_format, cases type: Pg]: "(\ g. z = Abs_Pg (eq_game_rel `` {g}) \ P) \ P" + apply (cases z, simp) + apply (simp add: Rep_Pg_inject[symmetric]) + apply (subst Abs_Pg_inverse, simp) + apply (auto simp add: Pg_def quotient_def) + done + +instance Pg :: pordered_ab_group_add +proof + fix a b c :: Pg + show "(a < b) = (a \ b \ a \ b)" by (simp add: Pg_less_def) + show "a - b = a + (- b)" by (simp add: Pg_diff_def) + { + assume ab: "a \ b" + assume ba: "b \ a" + from ab ba show "a = b" + apply (cases a, cases b) + apply (simp add: eq_game_def) + done + } + show "a + b = b + a" + apply (cases a, cases b) + apply (simp add: eq_game_def plus_game_comm) + done + show "a + b + c = a + (b + c)" + apply (cases a, cases b, cases c) + apply (simp add: eq_game_def plus_game_assoc) + done + show "0 + a = a" + apply (cases a) + apply (simp add: Pg_zero_def plus_game_zero_left) + done + show "- a + a = 0" + apply (cases a) + apply (simp add: Pg_zero_def eq_game_plus_inverse plus_game_comm) + done + show "a \ a" + apply (cases a) + apply (simp add: ge_game_refl) + done + { + assume ab: "a \ b" + assume bc: "b \ c" + from ab bc show "a \ c" + apply (cases a, cases b, cases c) + apply (auto intro: ge_game_trans) + done + } + { + assume ab: "a \ b" + from ab show "c + a \ c + b" + apply (cases a, cases b, cases c) + apply (simp add: ge_plus_game_left[symmetric]) + done + } +qed + +end diff -r 0b9eb4b0ad98 -r 778507520684 src/HOL/ZF/HOLZF.thy --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/HOL/ZF/HOLZF.thy Tue Mar 07 16:03:31 2006 +0100 @@ -0,0 +1,917 @@ +(* Title: HOL/ZF/HOLZF.thy + ID: $Id$ + Author: Steven Obua + + Axiomatizes the ZFC universe as an HOL type. + See "Partizan Games in Isabelle/HOLZF", available from http://www4.in.tum.de/~obua/partizan +*) + +theory HOLZF +imports Helper +begin + +typedecl ZF + +consts + Empty :: ZF + Elem :: "ZF \ ZF \ bool" + Sum :: "ZF \ ZF" + Power :: "ZF \ ZF" + Repl :: "ZF \ (ZF \ ZF) \ ZF" + Inf :: ZF + +constdefs + Upair:: "ZF \ ZF \ ZF" + "Upair a b == Repl (Power (Power Empty)) (% x. if x = Empty then a else b)" + Singleton:: "ZF \ ZF" + "Singleton x == Upair x x" + union :: "ZF \ ZF \ ZF" + "union A B == Sum (Upair A B)" + SucNat:: "ZF \ ZF" + "SucNat x == union x (Singleton x)" + subset :: "ZF \ ZF \ bool" + "subset A B == ! x. Elem x A \ Elem x B" + +finalconsts + Empty Elem Sum Power Repl Inf + +axioms + Empty: "Not (Elem x Empty)" + Ext: "(x = y) = (! z. Elem z x = Elem z y)" + Sum: "Elem z (Sum x) = (? y. Elem z y & Elem y x)" + Power: "Elem y (Power x) = (subset y x)" + Repl: "Elem b (Repl A f) = (? a. Elem a A & b = f a)" + Regularity: "A \ Empty \ (? x. Elem x A & (! y. Elem y x \ Not (Elem y A)))" + Infinity: "Elem Empty Inf & (! x. Elem x Inf \ Elem (SucNat x) Inf)" + +constdefs + Sep:: "ZF \ (ZF \ bool) \ ZF" + "Sep A p == (if (!x. Elem x A \ Not (p x)) then Empty else + (let z = (\ x. Elem x A & p x) in + let f = % x. (if p x then x else z) in Repl A f))" + +thm Power[unfolded subset_def] + +theorem Sep: "Elem b (Sep A p) = (Elem b A & p b)" + apply (auto simp add: Sep_def Empty) + apply (auto simp add: Let_def Repl) + apply (rule someI2, auto)+ + done + +lemma subset_empty: "subset Empty A" + by (simp add: subset_def Empty) + +theorem Upair: "Elem x (Upair a b) = (x = a | x = b)" + apply (auto simp add: Upair_def Repl) + apply (rule exI[where x=Empty]) + apply (simp add: Power subset_empty) + apply (rule exI[where x="Power Empty"]) + apply (auto) + apply (auto simp add: Ext Power subset_def Empty) + apply (drule spec[where x=Empty], simp add: Empty)+ + done + +lemma Singleton: "Elem x (Singleton y) = (x = y)" + by (simp add: Singleton_def Upair) + +constdefs + Opair:: "ZF \ ZF \ ZF" + "Opair a b == Upair (Upair a a) (Upair a b)" + +lemma Upair_singleton: "(Upair a a = Upair c d) = (a = c & a = d)" + by (auto simp add: Ext[where x="Upair a a"] Upair) + +lemma Upair_fsteq: "(Upair a b = Upair a c) = ((a = b & a = c) | (b = c))" + by (auto simp add: Ext[where x="Upair a b"] Upair) + +lemma Upair_comm: "Upair a b = Upair b a" + by (auto simp add: Ext Upair) + +theorem Opair: "(Opair a b = Opair c d) = (a = c & b = d)" + proof - + have fst: "(Opair a b = Opair c d) \ a = c" + apply (simp add: Opair_def) + apply (simp add: Ext[where x="Upair (Upair a a) (Upair a b)"]) + apply (drule spec[where x="Upair a a"]) + apply (auto simp add: Upair Upair_singleton) + done + show ?thesis + apply (auto) + apply (erule fst) + apply (frule fst) + apply (auto simp add: Opair_def Upair_fsteq) + done + qed + +constdefs + Replacement :: "ZF \ (ZF \ ZF option) \ ZF" + "Replacement A f == Repl (Sep A (% a. f a \ None)) (the o f)" + +theorem Replacement: "Elem y (Replacement A f) = (? x. Elem x A & f x = Some y)" + by (auto simp add: Replacement_def Repl Sep) + +constdefs + Fst :: "ZF \ ZF" + "Fst q == SOME x. ? y. q = Opair x y" + Snd :: "ZF \ ZF" + "Snd q == SOME y. ? x. q = Opair x y" + +theorem Fst: "Fst (Opair x y) = x" + apply (simp add: Fst_def) + apply (rule someI2) + apply (simp_all add: Opair) + done + +theorem Snd: "Snd (Opair x y) = y" + apply (simp add: Snd_def) + apply (rule someI2) + apply (simp_all add: Opair) + done + +constdefs + isOpair :: "ZF \ bool" + "isOpair q == ? x y. q = Opair x y" + +lemma isOpair: "isOpair (Opair x y) = True" + by (auto simp add: isOpair_def) + +lemma FstSnd: "isOpair x \ Opair (Fst x) (Snd x) = x" + by (auto simp add: isOpair_def Fst Snd) + +constdefs + CartProd :: "ZF \ ZF \ ZF" + "CartProd A B == Sum(Repl A (% a. Repl B (% b. Opair a b)))" + +lemma CartProd: "Elem x (CartProd A B) = (? a b. Elem a A & Elem b B & x = (Opair a b))" + apply (auto simp add: CartProd_def Sum Repl) + apply (rule_tac x="Repl B (Opair a)" in exI) + apply (auto simp add: Repl) + done + +constdefs + explode :: "ZF \ ZF set" + "explode z == { x. Elem x z }" + +lemma explode_Empty: "(explode x = {}) = (x = Empty)" + by (auto simp add: explode_def Ext Empty) + +lemma explode_Elem: "(x \ explode X) = (Elem x X)" + by (simp add: explode_def) + +lemma Elem_explode_in: "\ Elem a A; explode A \ B\ \ a \ B" + by (auto simp add: explode_def) + +lemma explode_CartProd_eq: "explode (CartProd a b) = (% (x,y). Opair x y) ` ((explode a) \ (explode b))" + by (simp add: explode_def expand_set_eq CartProd image_def) + +lemma explode_Repl_eq: "explode (Repl A f) = image f (explode A)" + by (simp add: explode_def Repl image_def) + +constdefs + Domain :: "ZF \ ZF" + "Domain f == Replacement f (% p. if isOpair p then Some (Fst p) else None)" + Range :: "ZF \ ZF" + "Range f == Replacement f (% p. if isOpair p then Some (Snd p) else None)" + +theorem Domain: "Elem x (Domain f) = (? y. Elem (Opair x y) f)" + apply (auto simp add: Domain_def Replacement) + apply (rule_tac x="Snd x" in exI) + apply (simp add: FstSnd) + apply (rule_tac x="Opair x y" in exI) + apply (simp add: isOpair Fst) + done + +theorem Range: "Elem y (Range f) = (? x. Elem (Opair x y) f)" + apply (auto simp add: Range_def Replacement) + apply (rule_tac x="Fst x" in exI) + apply (simp add: FstSnd) + apply (rule_tac x="Opair x y" in exI) + apply (simp add: isOpair Snd) + done + +theorem union: "Elem x (union A B) = (Elem x A | Elem x B)" + by (auto simp add: union_def Sum Upair) + +constdefs + Field :: "ZF \ ZF" + "Field A == union (Domain A) (Range A)" + +constdefs + "\" :: "ZF \ ZF => ZF" (infixl 90) --{*function application*} + app_def: "f \ x == (THE y. Elem (Opair x y) f)" + +constdefs + isFun :: "ZF \ bool" + "isFun f == (! x y1 y2. Elem (Opair x y1) f & Elem (Opair x y2) f \ y1 = y2)" + +constdefs + Lambda :: "ZF \ (ZF \ ZF) \ ZF" + "Lambda A f == Repl A (% x. Opair x (f x))" + +lemma Lambda_app: "Elem x A \ (Lambda A f)\x = f x" + by (simp add: app_def Lambda_def Repl Opair) + +lemma isFun_Lambda: "isFun (Lambda A f)" + by (auto simp add: isFun_def Lambda_def Repl Opair) + +lemma domain_Lambda: "Domain (Lambda A f) = A" + apply (auto simp add: Domain_def) + apply (subst Ext) + apply (auto simp add: Replacement) + apply (simp add: Lambda_def Repl) + apply (auto simp add: Fst) + apply (simp add: Lambda_def Repl) + apply (rule_tac x="Opair z (f z)" in exI) + apply (auto simp add: Fst isOpair_def) + done + +lemma Lambda_ext: "(Lambda s f = Lambda t g) = (s = t & (! x. Elem x s \ f x = g x))" +proof - + have "Lambda s f = Lambda t g \ s = t" + apply (subst domain_Lambda[where A = s and f = f, symmetric]) + apply (subst domain_Lambda[where A = t and f = g, symmetric]) + apply auto + done + then show ?thesis + apply auto + apply (subst Lambda_app[where f=f, symmetric], simp) + apply (subst Lambda_app[where f=g, symmetric], simp) + apply auto + apply (auto simp add: Lambda_def Repl Ext) + apply (auto simp add: Ext[symmetric]) + done +qed + +constdefs + PFun :: "ZF \ ZF \ ZF" + "PFun A B == Sep (Power (CartProd A B)) isFun" + Fun :: "ZF \ ZF \ ZF" + "Fun A B == Sep (PFun A B) (\ f. Domain f = A)" + +lemma Fun_Range: "Elem f (Fun U V) \ subset (Range f) V" + apply (simp add: Fun_def Sep PFun_def Power subset_def CartProd) + apply (auto simp add: Domain Range) + apply (erule_tac x="Opair xa x" in allE) + apply (auto simp add: Opair) + done + +lemma Elem_Elem_PFun: "Elem F (PFun U V) \ Elem p F \ isOpair p & Elem (Fst p) U & Elem (Snd p) V" + apply (simp add: PFun_def Sep Power subset_def, clarify) + apply (erule_tac x=p in allE) + apply (auto simp add: CartProd isOpair Fst Snd) + done + +lemma Fun_implies_PFun[simp]: "Elem f (Fun U V) \ Elem f (PFun U V)" + by (simp add: Fun_def Sep) + +lemma Elem_Elem_Fun: "Elem F (Fun U V) \ Elem p F \ isOpair p & Elem (Fst p) U & Elem (Snd p) V" + by (auto simp add: Elem_Elem_PFun dest: Fun_implies_PFun) + +lemma PFun_inj: "Elem F (PFun U V) \ Elem x F \ Elem y F \ Fst x = Fst y \ Snd x = Snd y" + apply (frule Elem_Elem_PFun[where p=x], simp) + apply (frule Elem_Elem_PFun[where p=y], simp) + apply (subgoal_tac "isFun F") + apply (simp add: isFun_def isOpair_def) + apply (auto simp add: Fst Snd, blast) + apply (auto simp add: PFun_def Sep) + done + +ML {* simp_depth_limit := 2 *} +lemma Fun_total: "\Elem F (Fun U V); Elem a U\ \ \x. Elem (Opair a x) F" + by (auto simp add: Fun_def Sep Domain) +ML {* simp_depth_limit := 1000 *} + + +lemma unique_fun_value: "\isFun f; Elem x (Domain f)\ \ ?! y. Elem (Opair x y) f" + by (auto simp add: Domain isFun_def) + +lemma fun_value_in_range: "\isFun f; Elem x (Domain f)\ \ Elem (f\x) (Range f)" + apply (auto simp add: Range) + apply (drule unique_fun_value) + apply simp + apply (simp add: app_def) + apply (rule exI[where x=x]) + apply (auto simp add: the_equality) + done + +lemma fun_range_witness: "\isFun f; Elem y (Range f)\ \ ? x. Elem x (Domain f) & f\x = y" + apply (auto simp add: Range) + apply (rule_tac x="x" in exI) + apply (auto simp add: app_def the_equality isFun_def Domain) + done + +lemma Elem_Fun_Lambda: "Elem F (Fun U V) \ ? f. F = Lambda U f" + apply (rule exI[where x= "% x. (THE y. Elem (Opair x y) F)"]) + apply (simp add: Ext Lambda_def Repl Domain) + apply (simp add: Ext[symmetric]) + apply auto + apply (frule Elem_Elem_Fun) + apply auto + apply (rule_tac x="Fst z" in exI) + apply (simp add: isOpair_def) + apply (auto simp add: Fst Snd Opair) + apply (rule theI2') + apply auto + apply (drule Fun_implies_PFun) + apply (drule_tac x="Opair x ya" and y="Opair x yb" in PFun_inj) + apply (auto simp add: Fst Snd) + apply (drule Fun_implies_PFun) + apply (drule_tac x="Opair x y" and y="Opair x ya" in PFun_inj) + apply (auto simp add: Fst Snd) + apply (rule theI2') + apply (auto simp add: Fun_total) + apply (drule Fun_implies_PFun) + apply (drule_tac x="Opair a x" and y="Opair a y" in PFun_inj) + apply (auto simp add: Fst Snd) + done + +lemma Elem_Lambda_Fun: "Elem (Lambda A f) (Fun U V) = (A = U & (! x. Elem x A \ Elem (f x) V))" +proof - + have "Elem (Lambda A f) (Fun U V) \ A = U" + by (simp add: Fun_def Sep domain_Lambda) + then show ?thesis + apply auto + apply (drule Fun_Range) + apply (subgoal_tac "f x = ((Lambda U f) \ x)") + prefer 2 + apply (simp add: Lambda_app) + apply simp + apply (subgoal_tac "Elem (Lambda U f \ x) (Range (Lambda U f))") + apply (simp add: subset_def) + apply (rule fun_value_in_range) + apply (simp_all add: isFun_Lambda domain_Lambda) + apply (simp add: Fun_def Sep PFun_def Power domain_Lambda isFun_Lambda) + apply (auto simp add: subset_def CartProd) + apply (rule_tac x="Fst x" in exI) + apply (auto simp add: Lambda_def Repl Fst) + done +qed + + +constdefs + is_Elem_of :: "(ZF * ZF) set" + "is_Elem_of == { (a,b) | a b. Elem a b }" + +lemma cond_wf_Elem: + assumes hyps:"\x. (\y. Elem y x \ Elem y U \ P y) \ Elem x U \ P x" "Elem a U" + shows "P a" +proof - + { + fix P + fix U + fix a + assume P_induct: "(\x. (\y. Elem y x \ Elem y U \ P y) \ (Elem x U \ P x))" + assume a_in_U: "Elem a U" + have "P a" + proof - + term "P" + term Sep + let ?Z = "Sep U (Not o P)" + have "?Z = Empty \ P a" by (simp add: Ext Sep Empty a_in_U) + moreover have "?Z \ Empty \ False" + proof + assume not_empty: "?Z \ Empty" + note thereis_x = Regularity[where A="?Z", simplified not_empty, simplified] + then obtain x where x_def: "Elem x ?Z & (! y. Elem y x \ Not (Elem y ?Z))" .. + then have x_induct:"! y. Elem y x \ Elem y U \ P y" by (simp add: Sep) + have "Elem x U \ P x" + by (rule impE[OF spec[OF P_induct, where x=x], OF x_induct], assumption) + moreover have "Elem x U & Not(P x)" + apply (insert x_def) + apply (simp add: Sep) + done + ultimately show "False" by auto + qed + ultimately show "P a" by auto + qed + } + with hyps show ?thesis by blast +qed + +lemma cond2_wf_Elem: + assumes + special_P: "? U. ! x. Not(Elem x U) \ (P x)" + and P_induct: "\x. (\y. Elem y x \ P y) \ P x" + shows + "P a" +proof - + have "? U Q. P = (\ x. (Elem x U \ Q x))" + proof - + from special_P obtain U where U:"! x. Not(Elem x U) \ (P x)" .. + show ?thesis + apply (rule_tac exI[where x=U]) + apply (rule exI[where x="P"]) + apply (rule ext) + apply (auto simp add: U) + done + qed + then obtain U where "? Q. P = (\ x. (Elem x U \ Q x))" .. + then obtain Q where UQ: "P = (\ x. (Elem x U \ Q x))" .. + show ?thesis + apply (auto simp add: UQ) + apply (rule cond_wf_Elem) + apply (rule P_induct[simplified UQ]) + apply simp + done +qed + +consts + nat2Nat :: "nat \ ZF" + +primrec +nat2Nat_0[intro]: "nat2Nat 0 = Empty" +nat2Nat_Suc[intro]: "nat2Nat (Suc n) = SucNat (nat2Nat n)" + +constdefs + Nat2nat :: "ZF \ nat" + "Nat2nat == inv nat2Nat" + +lemma Elem_nat2Nat_inf[intro]: "Elem (nat2Nat n) Inf" + apply (induct n) + apply (simp_all add: Infinity) + done + +constdefs + Nat :: ZF + "Nat == Sep Inf (\ N. ? n. nat2Nat n = N)" + +lemma Elem_nat2Nat_Nat[intro]: "Elem (nat2Nat n) Nat" + by (auto simp add: Nat_def Sep) + +lemma Elem_Empty_Nat: "Elem Empty Nat" + by (auto simp add: Nat_def Sep Infinity) + +lemma Elem_SucNat_Nat: "Elem N Nat \ Elem (SucNat N) Nat" + by (auto simp add: Nat_def Sep Infinity) + +lemma no_infinite_Elem_down_chain: + "Not (? f. isFun f & Domain f = Nat & (! N. Elem N Nat \ Elem (f\(SucNat N)) (f\N)))" +proof - + { + fix f + assume f:"isFun f & Domain f = Nat & (! N. Elem N Nat \ Elem (f\(SucNat N)) (f\N))" + let ?r = "Range f" + have "?r \ Empty" + apply (auto simp add: Ext Empty) + apply (rule exI[where x="f\Empty"]) + apply (rule fun_value_in_range) + apply (auto simp add: f Elem_Empty_Nat) + done + then have "? x. Elem x ?r & (! y. Elem y x \ Not(Elem y ?r))" + by (simp add: Regularity) + then obtain x where x: "Elem x ?r & (! y. Elem y x \ Not(Elem y ?r))" .. + then have "? N. Elem N (Domain f) & f\N = x" + apply (rule_tac fun_range_witness) + apply (simp_all add: f) + done + then have "? N. Elem N Nat & f\N = x" + by (simp add: f) + then obtain N where N: "Elem N Nat & f\N = x" .. + from N have N': "Elem N Nat" by auto + let ?y = "f\(SucNat N)" + have Elem_y_r: "Elem ?y ?r" + by (simp_all add: f Elem_SucNat_Nat N fun_value_in_range) + have "Elem ?y (f\N)" by (auto simp add: f N') + then have "Elem ?y x" by (simp add: N) + with x have "Not (Elem ?y ?r)" by auto + with Elem_y_r have "False" by auto + } + then show ?thesis by auto +qed + +lemma Upair_nonEmpty: "Upair a b \ Empty" + by (auto simp add: Ext Empty Upair) + +lemma Singleton_nonEmpty: "Singleton x \ Empty" + by (auto simp add: Singleton_def Upair_nonEmpty) + +lemma antisym_Elem: "Not(Elem a b & Elem b a)" +proof - + { + fix a b + assume ab: "Elem a b" + assume ba: "Elem b a" + let ?Z = "Upair a b" + have "?Z \ Empty" by (simp add: Upair_nonEmpty) + then have "? x. Elem x ?Z & (! y. Elem y x \ Not(Elem y ?Z))" + by (simp add: Regularity) + then obtain x where x:"Elem x ?Z & (! y. Elem y x \ Not(Elem y ?Z))" .. + then have "x = a \ x = b" by (simp add: Upair) + moreover have "x = a \ Not (Elem b ?Z)" + by (auto simp add: x ba) + moreover have "x = b \ Not (Elem a ?Z)" + by (auto simp add: x ab) + ultimately have "False" + by (auto simp add: Upair) + } + then show ?thesis by auto +qed + +lemma irreflexiv_Elem: "Not(Elem a a)" + by (simp add: antisym_Elem[of a a, simplified]) + +lemma antisym_Elem: "Elem a b \ Not (Elem b a)" + apply (insert antisym_Elem[of a b]) + apply auto + done + +consts + NatInterval :: "nat \ nat \ ZF" + +primrec + "NatInterval n 0 = Singleton (nat2Nat n)" + "NatInterval n (Suc m) = union (NatInterval n m) (Singleton (nat2Nat (n+m+1)))" + +lemma n_Elem_NatInterval[rule_format]: "! q. q <= m \ Elem (nat2Nat (n+q)) (NatInterval n m)" + apply (induct m) + apply (auto simp add: Singleton union) + apply (case_tac "q <= m") + apply auto + apply (subgoal_tac "q = Suc m") + apply auto + done + +lemma NatInterval_not_Empty: "NatInterval n m \ Empty" + by (auto intro: n_Elem_NatInterval[where q = 0, simplified] simp add: Empty Ext) + +lemma increasing_nat2Nat[rule_format]: "0 < n \ Elem (nat2Nat (n - 1)) (nat2Nat n)" + apply (case_tac "? m. n = Suc m") + apply (auto simp add: SucNat_def union Singleton) + apply (drule spec[where x="n - 1"]) + apply arith + done + +lemma represent_NatInterval[rule_format]: "Elem x (NatInterval n m) \ (? u. n \ u & u \ n+m & nat2Nat u = x)" + apply (induct m) + apply (auto simp add: Singleton union) + apply (rule_tac x="Suc (n+m)" in exI) + apply auto + done + +lemma inj_nat2Nat: "inj nat2Nat" +proof - + { + fix n m :: nat + assume nm: "nat2Nat n = nat2Nat (n+m)" + assume mg0: "0 < m" + let ?Z = "NatInterval n m" + have "?Z \ Empty" by (simp add: NatInterval_not_Empty) + then have "? x. (Elem x ?Z) & (! y. Elem y x \ Not (Elem y ?Z))" + by (auto simp add: Regularity) + then obtain x where x:"Elem x ?Z & (! y. Elem y x \ Not (Elem y ?Z))" .. + then have "? u. n \ u & u \ n+m & nat2Nat u = x" + by (simp add: represent_NatInterval) + then obtain u where u: "n \ u & u \ n+m & nat2Nat u = x" .. + have "n < u \ False" + proof + assume n_less_u: "n < u" + let ?y = "nat2Nat (u - 1)" + have "Elem ?y (nat2Nat u)" + apply (rule increasing_nat2Nat) + apply (insert n_less_u) + apply arith + done + with u have "Elem ?y x" by auto + with x have "Not (Elem ?y ?Z)" by auto + moreover have "Elem ?y ?Z" + apply (insert n_Elem_NatInterval[where q = "u - n - 1" and n=n and m=m]) + apply (insert n_less_u) + apply (insert u) + apply auto + apply arith + done + ultimately show False by auto + qed + moreover have "u = n \ False" + proof + assume "u = n" + with u have "nat2Nat n = x" by auto + then have nm_eq_x: "nat2Nat (n+m) = x" by (simp add: nm) + let ?y = "nat2Nat (n+m - 1)" + have "Elem ?y (nat2Nat (n+m))" + apply (rule increasing_nat2Nat) + apply (insert mg0) + apply arith + done + with nm_eq_x have "Elem ?y x" by auto + with x have "Not (Elem ?y ?Z)" by auto + moreover have "Elem ?y ?Z" + apply (insert n_Elem_NatInterval[where q = "m - 1" and n=n and m=m]) + apply (insert mg0) + apply auto + done + ultimately show False by auto + qed + ultimately have "False" using u by arith + } + note lemma_nat2Nat = this + show ?thesis + apply (auto simp add: inj_on_def) + apply (case_tac "x = y") + apply auto + apply (case_tac "x < y") + apply (case_tac "? m. y = x + m & 0 < m") + apply (auto intro: lemma_nat2Nat, arith) + apply (case_tac "y < x") + apply (case_tac "? m. x = y + m & 0 < m") + apply auto + apply (drule sym) + apply (auto intro: lemma_nat2Nat, arith) + done +qed + +lemma Nat2nat_nat2Nat[simp]: "Nat2nat (nat2Nat n) = n" + by (simp add: Nat2nat_def inv_f_f[OF inj_nat2Nat]) + +lemma nat2Nat_Nat2nat[simp]: "Elem n Nat \ nat2Nat (Nat2nat n) = n" + apply (simp add: Nat2nat_def) + apply (rule_tac f_inv_f) + apply (auto simp add: image_def Nat_def Sep) + done + +lemma Nat2nat_SucNat: "Elem N Nat \ Nat2nat (SucNat N) = Suc (Nat2nat N)" + apply (auto simp add: Nat_def Sep Nat2nat_def) + apply (auto simp add: inv_f_f[OF inj_nat2Nat]) + apply (simp only: nat2Nat.simps[symmetric]) + apply (simp only: inv_f_f[OF inj_nat2Nat]) + done + + +(*lemma Elem_induct: "(\x. \y. Elem y x \ P y \ P x) \ P a" + by (erule wf_induct[OF wf_is_Elem_of, simplified is_Elem_of_def, simplified])*) + +lemma Elem_Opair_exists: "? z. Elem x z & Elem y z & Elem z (Opair x y)" + apply (rule exI[where x="Upair x y"]) + by (simp add: Upair Opair_def) + +lemma UNIV_is_not_in_ZF: "UNIV \ explode R" +proof + let ?Russell = "{ x. Not(Elem x x) }" + have "?Russell = UNIV" by (simp add: irreflexiv_Elem) + moreover assume "UNIV = explode R" + ultimately have russell: "?Russell = explode R" by simp + then show "False" + proof(cases "Elem R R") + case True + then show ?thesis + by (insert irreflexiv_Elem, auto) + next + case False + then have "R \ ?Russell" by auto + then have "Elem R R" by (simp add: russell explode_def) + with False show ?thesis by auto + qed +qed + +constdefs + SpecialR :: "(ZF * ZF) set" + "SpecialR \ { (x, y) . x \ Empty \ y = Empty}" + +lemma "wf SpecialR" + apply (subst wf_def) + apply (auto simp add: SpecialR_def) + done + +constdefs + Ext :: "('a * 'b) set \ 'b \ 'a set" + "Ext R y \ { x . (x, y) \ R }" + +lemma Ext_Elem: "Ext is_Elem_of = explode" + by (auto intro: ext simp add: Ext_def is_Elem_of_def explode_def) + +lemma "Ext SpecialR Empty \ explode z" +proof + have "Ext SpecialR Empty = UNIV - {Empty}" + by (auto simp add: Ext_def SpecialR_def) + moreover assume "Ext SpecialR Empty = explode z" + ultimately have "UNIV = explode(union z (Singleton Empty)) " + by (auto simp add: explode_def union Singleton) + then show "False" by (simp add: UNIV_is_not_in_ZF) +qed + +constdefs + implode :: "ZF set \ ZF" + "implode == inv explode" + +lemma inj_explode: "inj explode" + by (auto simp add: inj_on_def explode_def Ext) + +lemma implode_explode[simp]: "implode (explode x) = x" + by (simp add: implode_def inj_explode) + +constdefs + regular :: "(ZF * ZF) set \ bool" + "regular R == ! A. A \ Empty \ (? x. Elem x A & (! y. (y, x) \ R \ Not (Elem y A)))" + implodeable_Ext :: "(ZF * ZF) set \ bool" + "implodeable_Ext R == ! y. Ext R y \ range explode" + wfzf :: "(ZF * ZF) set \ bool" + "wfzf R == regular R & implodeable_Ext R" + +lemma regular_Elem: "regular is_Elem_of" + by (simp add: regular_def is_Elem_of_def Regularity) + +lemma implodeable_Elem: "implodeable_Ext is_Elem_of" + by (auto simp add: implodeable_Ext_def image_def Ext_Elem) + +lemma wfzf_is_Elem_of: "wfzf is_Elem_of" + by (auto simp add: wfzf_def regular_Elem implodeable_Elem) + +constdefs + SeqSum :: "(nat \ ZF) \ ZF" + "SeqSum f == Sum (Repl Nat (f o Nat2nat))" + +lemma SeqSum: "Elem x (SeqSum f) = (? n. Elem x (f n))" + apply (auto simp add: SeqSum_def Sum Repl) + apply (rule_tac x = "f n" in exI) + apply auto + done + +constdefs + Ext_ZF :: "(ZF * ZF) set \ ZF \ ZF" + "Ext_ZF R s == implode (Ext R s)" + +lemma Elem_implode: "A \ range explode \ Elem x (implode A) = (x \ A)" + apply (auto) + apply (simp_all add: explode_def) + done + +lemma Elem_Ext_ZF: "implodeable_Ext R \ Elem x (Ext_ZF R s) = ((x,s) \ R)" + apply (simp add: Ext_ZF_def) + apply (subst Elem_implode) + apply (simp add: implodeable_Ext_def) + apply (simp add: Ext_def) + done + +consts + Ext_ZF_n :: "(ZF * ZF) set \ ZF \ nat \ ZF" + +primrec + "Ext_ZF_n R s 0 = Ext_ZF R s" + "Ext_ZF_n R s (Suc n) = Sum (Repl (Ext_ZF_n R s n) (Ext_ZF R))" + +constdefs + Ext_ZF_hull :: "(ZF * ZF) set \ ZF \ ZF" + "Ext_ZF_hull R s == SeqSum (Ext_ZF_n R s)" + +lemma Elem_Ext_ZF_hull: + assumes implodeable_R: "implodeable_Ext R" + shows "Elem x (Ext_ZF_hull R S) = (? n. Elem x (Ext_ZF_n R S n))" + by (simp add: Ext_ZF_hull_def SeqSum) + +lemma Elem_Elem_Ext_ZF_hull: + assumes implodeable_R: "implodeable_Ext R" + and x_hull: "Elem x (Ext_ZF_hull R S)" + and y_R_x: "(y, x) \ R" + shows "Elem y (Ext_ZF_hull R S)" +proof - + from Elem_Ext_ZF_hull[OF implodeable_R] x_hull + have "? n. Elem x (Ext_ZF_n R S n)" by auto + then obtain n where n:"Elem x (Ext_ZF_n R S n)" .. + with y_R_x have "Elem y (Ext_ZF_n R S (Suc n))" + apply (auto simp add: Repl Sum) + apply (rule_tac x="Ext_ZF R x" in exI) + apply (auto simp add: Elem_Ext_ZF[OF implodeable_R]) + done + with Elem_Ext_ZF_hull[OF implodeable_R, where x=y] show ?thesis + by (auto simp del: Ext_ZF_n.simps) +qed + +lemma wfzf_minimal: + assumes hyps: "wfzf R" "C \ {}" + shows "\x. x \ C \ (\y. (y, x) \ R \ y \ C)" +proof - + from hyps have "\S. S \ C" by auto + then obtain S where S:"S \ C" by auto + let ?T = "Sep (Ext_ZF_hull R S) (\ s. s \ C)" + from hyps have implodeable_R: "implodeable_Ext R" by (simp add: wfzf_def) + show ?thesis + proof (cases "?T = Empty") + case True + then have "\ z. \ (Elem z (Sep (Ext_ZF R S) (\ s. s \ C)))" + apply (auto simp add: Ext Empty Sep Ext_ZF_hull_def SeqSum) + apply (erule_tac x="z" in allE, auto) + apply (erule_tac x=0 in allE, auto) + done + then show ?thesis + apply (rule_tac exI[where x=S]) + apply (auto simp add: Sep Empty S) + apply (erule_tac x=y in allE) + apply (simp add: implodeable_R Elem_Ext_ZF) + done + next + case False + from hyps have regular_R: "regular R" by (simp add: wfzf_def) + from + regular_R[simplified regular_def, rule_format, OF False, simplified Sep] + Elem_Elem_Ext_ZF_hull[OF implodeable_R] + show ?thesis by blast + qed +qed + +lemma wfzf_implies_wf: "wfzf R \ wf R" +proof (subst wf_def, rule allI) + assume wfzf: "wfzf R" + fix P :: "ZF \ bool" + let ?C = "{x. P x}" + { + assume induct: "(\x. (\y. (y, x) \ R \ P y) \ P x)" + let ?C = "{x. \ (P x)}" + have "?C = {}" + proof (rule ccontr) + assume C: "?C \ {}" + from + wfzf_minimal[OF wfzf C] + obtain x where x: "x \ ?C \ (\y. (y, x) \ R \ y \ ?C)" .. + then have "P x" + apply (rule_tac induct[rule_format]) + apply auto + done + with x show "False" by auto + qed + then have "! x. P x" by auto + } + then show "(\x. (\y. (y, x) \ R \ P y) \ P x) \ (! x. P x)" by blast +qed + +lemma wf_is_Elem_of: "wf is_Elem_of" + by (auto simp add: wfzf_is_Elem_of wfzf_implies_wf) + +lemma in_Ext_RTrans_implies_Elem_Ext_ZF_hull: + "implodeable_Ext R \ x \ (Ext (R^+) s) \ Elem x (Ext_ZF_hull R s)" + apply (simp add: Ext_def Elem_Ext_ZF_hull) + apply (erule converse_trancl_induct[where r="R"]) + apply (rule exI[where x=0]) + apply (simp add: Elem_Ext_ZF) + apply auto + apply (rule_tac x="Suc n" in exI) + apply (simp add: Sum Repl) + apply (rule_tac x="Ext_ZF R z" in exI) + apply (auto simp add: Elem_Ext_ZF) + done + +lemma implodeable_Ext_trancl: "implodeable_Ext R \ implodeable_Ext (R^+)" + apply (subst implodeable_Ext_def) + apply (auto simp add: image_def) + apply (rule_tac x="Sep (Ext_ZF_hull R y) (\ z. z \ (Ext (R^+) y))" in exI) + apply (auto simp add: explode_def Sep set_ext + in_Ext_RTrans_implies_Elem_Ext_ZF_hull) + done + +lemma Elem_Ext_ZF_hull_implies_in_Ext_RTrans[rule_format]: + "implodeable_Ext R \ ! x. Elem x (Ext_ZF_n R s n) \ x \ (Ext (R^+) s)" + apply (induct_tac n) + apply (auto simp add: Elem_Ext_ZF Ext_def Sum Repl) + done + +lemma "implodeable_Ext R \ Ext_ZF (R^+) s = Ext_ZF_hull R s" + apply (frule implodeable_Ext_trancl) + apply (auto simp add: Ext) + apply (erule in_Ext_RTrans_implies_Elem_Ext_ZF_hull) + apply (simp add: Elem_Ext_ZF Ext_def) + apply (auto simp add: Elem_Ext_ZF Elem_Ext_ZF_hull) + apply (erule Elem_Ext_ZF_hull_implies_in_Ext_RTrans[simplified Ext_def, simplified], assumption) + done + +lemma wf_implies_regular: "wf R \ regular R" +proof (simp add: regular_def, rule allI) + assume wf: "wf R" + fix A + show "A \ Empty \ (\x. Elem x A \ (\y. (y, x) \ R \ \ Elem y A))" + proof + assume A: "A \ Empty" + then have "? x. x \ explode A" + by (auto simp add: explode_def Ext Empty) + then obtain x where x:"x \ explode A" .. + from iffD1[OF wf_eq_minimal wf, rule_format, where Q="explode A", OF x] + obtain z where "z \ explode A \ (\y. (y, z) \ R \ y \ explode A)" by auto + then show "\x. Elem x A \ (\y. (y, x) \ R \ \ Elem y A)" + apply (rule_tac exI[where x = z]) + apply (simp add: explode_def) + done + qed +qed + +lemma wf_eq_wfzf: "(wf R \ implodeable_Ext R) = wfzf R" + apply (auto simp add: wfzf_implies_wf) + apply (auto simp add: wfzf_def wf_implies_regular) + done + +lemma wfzf_trancl: "wfzf R \ wfzf (R^+)" + by (auto simp add: wf_eq_wfzf[symmetric] implodeable_Ext_trancl wf_trancl) + +lemma Ext_subset_mono: "R \ S \ Ext R y \ Ext S y" + by (auto simp add: Ext_def) + +lemma implodeable_Ext_subset: "implodeable_Ext R \ S \ R \ implodeable_Ext S" + apply (auto simp add: implodeable_Ext_def) + apply (erule_tac x=y in allE) + apply (drule_tac y=y in Ext_subset_mono) + apply (auto simp add: image_def) + apply (rule_tac x="Sep x (% z. z \ (Ext S y))" in exI) + apply (auto simp add: explode_def Sep) + done + +lemma wfzf_subset: "wfzf S \ R \ S \ wfzf R" + by (auto intro: implodeable_Ext_subset wf_subset simp add: wf_eq_wfzf[symmetric]) + +end diff -r 0b9eb4b0ad98 -r 778507520684 src/HOL/ZF/Helper.thy --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/HOL/ZF/Helper.thy Tue Mar 07 16:03:31 2006 +0100 @@ -0,0 +1,32 @@ +(* Title: HOL/ZF/Helper.thy + ID: $Id$ + Author: Steven Obua + + Some helpful lemmas that probably will end up elsewhere. +*) + +theory Helper +imports Main +begin + +lemma theI2' : "?! x. P x \ (!! x. P x \ Q x) \ Q (THE x. P x)" + apply auto + apply (subgoal_tac "P (THE x. P x)") + apply blast + apply (rule theI) + apply auto + done + +lemma in_range_superfluous: "(z \ range f & z \ (f ` x)) = (z \ f ` x)" + by auto + +lemma f_x_in_range_f: "f x \ range f" + by (blast intro: image_eqI) + +lemma comp_inj: "inj f \ inj g \ inj (g o f)" + by (blast intro: comp_inj_on subset_inj_on) + +lemma comp_image_eq: "(g o f) ` x = g ` f ` x" + by auto + +end \ No newline at end of file diff -r 0b9eb4b0ad98 -r 778507520684 src/HOL/ZF/LProd.thy --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/HOL/ZF/LProd.thy Tue Mar 07 16:03:31 2006 +0100 @@ -0,0 +1,189 @@ +(* Title: HOL/ZF/LProd.thy + ID: $Id$ + Author: Steven Obua + + Introduces the lprod relation. + See "Partizan Games in Isabelle/HOLZF", available from http://www4.in.tum.de/~obua/partizan +*) + +theory LProd +imports Multiset +begin + +consts + lprod :: "('a * 'a) set \ ('a list * 'a list) set" + +inductive "lprod R" +intros + lprod_single[intro!]: "(a, b) \ R \ ([a], [b]) \ lprod R" + lprod_list[intro!]: "(ah@at, bh@bt) \ lprod R \ (a,b) \ R \ a = b \ (ah@a#at, bh@b#bt) \ lprod R" + +lemma "(as,bs) \ lprod R \ length as = length bs" + apply (induct as bs rule: lprod.induct) + apply auto + done + +lemma "(as, bs) \ lprod R \ 1 \ length as \ 1 \ length bs" + apply (induct as bs rule: lprod.induct) + apply auto + done + +lemma lprod_subset_elem: "(as, bs) \ lprod S \ S \ R \ (as, bs) \ lprod R" + apply (induct as bs rule: lprod.induct) + apply (auto) + done + +lemma lprod_subset: "S \ R \ lprod S \ lprod R" + by (auto intro: lprod_subset_elem) + +lemma lprod_implies_mult: "(as, bs) \ lprod R \ trans R \ (multiset_of as, multiset_of bs) \ mult R" +proof (induct as bs rule: lprod.induct) + case (lprod_single a b) + note step = one_step_implies_mult[ + where r=R and I="{#}" and K="{#a#}" and J="{#b#}", simplified] + show ?case by (auto intro: lprod_single step) +next + case (lprod_list a ah at b bh bt) + from prems have transR: "trans R" by auto + have as: "multiset_of (ah @ a # at) = multiset_of (ah @ at) + {#a#}" (is "_ = ?ma + _") + by (simp add: ring_eq_simps) + have bs: "multiset_of (bh @ b # bt) = multiset_of (bh @ bt) + {#b#}" (is "_ = ?mb + _") + by (simp add: ring_eq_simps) + from prems have "(?ma, ?mb) \ mult R" + by auto + with mult_implies_one_step[OF transR] have + "\I J K. ?mb = I + J \ ?ma = I + K \ J \ {#} \ (\k\set_of K. \j\set_of J. (k, j) \ R)" + by blast + then obtain I J K where + decomposed: "?mb = I + J \ ?ma = I + K \ J \ {#} \ (\k\set_of K. \j\set_of J. (k, j) \ R)" + by blast + show ?case + proof (cases "a = b") + case True + have "((I + {#b#}) + K, (I + {#b#}) + J) \ mult R" + apply (rule one_step_implies_mult[OF transR]) + apply (auto simp add: decomposed) + done + then show ?thesis + apply (simp only: as bs) + apply (simp only: decomposed True) + apply (simp add: ring_eq_simps) + done + next + case False + from False lprod_list have False: "(a, b) \ R" by blast + have "(I + (K + {#a#}), I + (J + {#b#})) \ mult R" + apply (rule one_step_implies_mult[OF transR]) + apply (auto simp add: False decomposed) + done + then show ?thesis + apply (simp only: as bs) + apply (simp only: decomposed) + apply (simp add: ring_eq_simps) + done + qed +qed + +lemma wf_lprod[recdef_wf,simp,intro]: + assumes wf_R: "wf R" + shows "wf (lprod R)" +proof - + have subset: "lprod (R^+) \ inv_image (mult (R^+)) multiset_of" + by (auto simp add: inv_image_def lprod_implies_mult trans_trancl) + note lprodtrancl = wf_subset[OF wf_inv_image[where r="mult (R^+)" and f="multiset_of", + OF wf_mult[OF wf_trancl[OF wf_R]]], OF subset] + note lprod = wf_subset[OF lprodtrancl, where p="lprod R", OF lprod_subset, simplified] + show ?thesis by (auto intro: lprod) +qed + +constdefs + gprod_2_2 :: "('a * 'a) set \ (('a * 'a) * ('a * 'a)) set" + "gprod_2_2 R \ { ((a,b), (c,d)) . (a = c \ (b,d) \ R) \ (b = d \ (a,c) \ R) }" + gprod_2_1 :: "('a * 'a) set \ (('a * 'a) * ('a * 'a)) set" + "gprod_2_1 R \ { ((a,b), (c,d)) . (a = d \ (b,c) \ R) \ (b = c \ (a,d) \ R) }" + +lemma lprod_2_3: "(a, b) \ R \ ([a, c], [b, c]) \ lprod R" + by (auto intro: lprod_list[where a=c and b=c and + ah = "[a]" and at = "[]" and bh="[b]" and bt="[]", simplified]) + +lemma lprod_2_4: "(a, b) \ R \ ([c, a], [c, b]) \ lprod R" + by (auto intro: lprod_list[where a=c and b=c and + ah = "[]" and at = "[a]" and bh="[]" and bt="[b]", simplified]) + +lemma lprod_2_1: "(a, b) \ R \ ([c, a], [b, c]) \ lprod R" + by (auto intro: lprod_list[where a=c and b=c and + ah = "[]" and at = "[a]" and bh="[b]" and bt="[]", simplified]) + +lemma lprod_2_2: "(a, b) \ R \ ([a, c], [c, b]) \ lprod R" + by (auto intro: lprod_list[where a=c and b=c and + ah = "[a]" and at = "[]" and bh="[]" and bt="[b]", simplified]) + +lemma [recdef_wf, simp, intro]: + assumes wfR: "wf R" shows "wf (gprod_2_1 R)" +proof - + have "gprod_2_1 R \ inv_image (lprod R) (\ (a,b). [a,b])" + by (auto simp add: inv_image_def gprod_2_1_def lprod_2_1 lprod_2_2) + with wfR show ?thesis + by (rule_tac wf_subset, auto) +qed + +lemma [recdef_wf, simp, intro]: + assumes wfR: "wf R" shows "wf (gprod_2_2 R)" +proof - + have "gprod_2_2 R \ inv_image (lprod R) (\ (a,b). [a,b])" + by (auto simp add: inv_image_def gprod_2_2_def lprod_2_3 lprod_2_4) + with wfR show ?thesis + by (rule_tac wf_subset, auto) +qed + +lemma lprod_3_1: assumes "(x', x) \ R" shows "([y, z, x'], [x, y, z]) \ lprod R" + apply (rule lprod_list[where a="y" and b="y" and ah="[]" and at="[z,x']" and bh="[x]" and bt="[z]", simplified]) + apply (auto simp add: lprod_2_1 prems) + done + +lemma lprod_3_2: assumes "(z',z) \ R" shows "([z', x, y], [x,y,z]) \ lprod R" + apply (rule lprod_list[where a="y" and b="y" and ah="[z',x]" and at="[]" and bh="[x]" and bt="[z]", simplified]) + apply (auto simp add: lprod_2_2 prems) + done + +lemma lprod_3_3: assumes xr: "(xr, x) \ R" shows "([xr, y, z], [x, y, z]) \ lprod R" + apply (rule lprod_list[where a="y" and b="y" and ah="[xr]" and at="[z]" and bh="[x]" and bt="[z]", simplified]) + apply (simp add: xr lprod_2_3) + done + +lemma lprod_3_4: assumes yr: "(yr, y) \ R" shows "([x, yr, z], [x, y, z]) \ lprod R" + apply (rule lprod_list[where a="x" and b="x" and ah="[]" and at="[yr,z]" and bh="[]" and bt="[y,z]", simplified]) + apply (simp add: yr lprod_2_3) + done + +lemma lprod_3_5: assumes zr: "(zr, z) \ R" shows "([x, y, zr], [x, y, z]) \ lprod R" + apply (rule lprod_list[where a="x" and b="x" and ah="[]" and at="[y,zr]" and bh="[]" and bt="[y,z]", simplified]) + apply (simp add: zr lprod_2_4) + done + +lemma lprod_3_6: assumes y': "(y', y) \ R" shows "([x, z, y'], [x, y, z]) \ lprod R" + apply (rule lprod_list[where a="z" and b="z" and ah="[x]" and at="[y']" and bh="[x,y]" and bt="[]", simplified]) + apply (simp add: y' lprod_2_4) + done + +lemma lprod_3_7: assumes z': "(z',z) \ R" shows "([x, z', y], [x, y, z]) \ lprod R" + apply (rule lprod_list[where a="y" and b="y" and ah="[x, z']" and at="[]" and bh="[x]" and bt="[z]", simplified]) + apply (simp add: z' lprod_2_4) + done + +constdefs + perm :: "('a \ 'a) \ 'a set \ bool" + "perm f A \ inj_on f A \ f ` A = A" + +lemma "((as,bs) \ lprod R) = + (\ f. perm f {0 ..< (length as)} \ + (\ j. j < length as \ ((nth as j, nth bs (f j)) \ R \ (nth as j = nth bs (f j)))) \ + (\ i. i < length as \ (nth as i, nth bs (f i)) \ R))" +oops + +lemma "trans R \ (ah@a#at, bh@b#bt) \ lprod R \ (b, a) \ R \ a = b \ (ah@at, bh@bt) \ lprod R" +oops + + + +end \ No newline at end of file diff -r 0b9eb4b0ad98 -r 778507520684 src/HOL/ZF/MainZF.thy --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/HOL/ZF/MainZF.thy Tue Mar 07 16:03:31 2006 +0100 @@ -0,0 +1,12 @@ +(* Title: HOL/ZF/MainZF.thy + ID: $Id$ + Author: Steven Obua + + Starting point for using HOLZF. + See "Partizan Games in Isabelle/HOLZF", available from http://www4.in.tum.de/~obua/partizan +*) + +theory MainZF +imports Zet LProd +begin +end \ No newline at end of file diff -r 0b9eb4b0ad98 -r 778507520684 src/HOL/ZF/Zet.thy --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/HOL/ZF/Zet.thy Tue Mar 07 16:03:31 2006 +0100 @@ -0,0 +1,221 @@ +(* Title: HOL/ZF/Zet.thy + ID: $Id$ + Author: Steven Obua + + Introduces a type 'a zet of ZF representable sets. + See "Partizan Games in Isabelle/HOLZF", available from http://www4.in.tum.de/~obua/partizan +*) + +theory Zet +imports HOLZF +begin + +typedef 'a zet = "{A :: 'a set | A f z. inj_on f A \ f ` A \ explode z}" + by blast + +constdefs + zin :: "'a \ 'a zet \ bool" + "zin x A == x \ (Rep_zet A)" + +lemma zet_ext_eq: "(A = B) = (! x. zin x A = zin x B)" + by (auto simp add: Rep_zet_inject[symmetric] zin_def) + +constdefs + zimage :: "('a \ 'b) \ 'a zet \ 'b zet" + "zimage f A == Abs_zet (image f (Rep_zet A))" + +lemma zet_def': "zet = {A :: 'a set | A f z. inj_on f A \ f ` A = explode z}" + apply (rule set_ext) + apply (auto simp add: zet_def) + apply (rule_tac x=f in exI) + apply auto + apply (rule_tac x="Sep z (\ y. y \ (f ` x))" in exI) + apply (auto simp add: explode_def Sep) + done + +lemma image_Inv_f_f: "inj_on f B \ A \ B \ (Inv B f) ` f ` A = A" + apply (rule set_ext) + apply (auto simp add: Inv_f_f image_def) + apply (rule_tac x="f x" in exI) + apply (auto simp add: Inv_f_f) + done + +lemma image_zet_rep: "A \ zet \ ? z . g ` A = explode z" + apply (auto simp add: zet_def') + apply (rule_tac x="Repl z (g o (Inv A f))" in exI) + apply (simp add: explode_Repl_eq) + apply (subgoal_tac "explode z = f ` A") + apply (simp_all add: comp_image_eq image_Inv_f_f) + done + +lemma Inv_f_f_mem: + assumes "x \ A" + shows "Inv A g (g x) \ A" + apply (simp add: Inv_def) + apply (rule someI2) + apply (auto!) + done + +lemma zet_image_mem: + assumes Azet: "A \ zet" + shows "g ` A \ zet" +proof - + from Azet have "? (f :: _ \ ZF). inj_on f A" + by (auto simp add: zet_def') + then obtain f where injf: "inj_on (f :: _ \ ZF) A" + by auto + let ?w = "f o (Inv A g)" + have subset: "(Inv A g) ` (g ` A) \ A" + by (auto simp add: Inv_f_f_mem) + have "inj_on (Inv A g) (g ` A)" by (simp add: inj_on_Inv) + then have injw: "inj_on ?w (g ` A)" + apply (rule comp_inj_on) + apply (rule subset_inj_on[where B=A]) + apply (auto simp add: subset injf) + done + show ?thesis + apply (simp add: zet_def' comp_image_eq[symmetric]) + apply (rule exI[where x="?w"]) + apply (simp add: injw image_zet_rep Azet) + done +qed + +lemma Rep_zimage_eq: "Rep_zet (zimage f A) = image f (Rep_zet A)" + apply (simp add: zimage_def) + apply (subst Abs_zet_inverse) + apply (simp_all add: Rep_zet zet_image_mem) + done + +lemma zimage_iff: "zin y (zimage f A) = (? x. zin x A & y = f x)" + by (auto simp add: zin_def Rep_zimage_eq) + +constdefs + zimplode :: "ZF zet \ ZF" + "zimplode A == implode (Rep_zet A)" + zexplode :: "ZF \ ZF zet" + "zexplode z == Abs_zet (explode z)" + +lemma Rep_zet_eq_explode: "? z. Rep_zet A = explode z" + by (rule image_zet_rep[where g="\ x. x",OF Rep_zet, simplified]) + +lemma zexplode_zimplode: "zexplode (zimplode A) = A" + apply (simp add: zimplode_def zexplode_def) + apply (simp add: implode_def) + apply (subst f_inv_f[where y="Rep_zet A"]) + apply (auto simp add: Rep_zet_inverse Rep_zet_eq_explode image_def) + done + +lemma explode_mem_zet: "explode z \ zet" + apply (simp add: zet_def') + apply (rule_tac x="% x. x" in exI) + apply (auto simp add: inj_on_def) + done + +lemma zimplode_zexplode: "zimplode (zexplode z) = z" + apply (simp add: zimplode_def zexplode_def) + apply (subst Abs_zet_inverse) + apply (auto simp add: explode_mem_zet implode_explode) + done + +lemma zin_zexplode_eq: "zin x (zexplode A) = Elem x A" + apply (simp add: zin_def zexplode_def) + apply (subst Abs_zet_inverse) + apply (simp_all add: explode_Elem explode_mem_zet) + done + +lemma comp_zimage_eq: "zimage g (zimage f A) = zimage (g o f) A" + apply (simp add: zimage_def) + apply (subst Abs_zet_inverse) + apply (simp_all add: comp_image_eq zet_image_mem Rep_zet) + done + +constdefs + zunion :: "'a zet \ 'a zet \ 'a zet" + "zunion a b \ Abs_zet ((Rep_zet a) \ (Rep_zet b))" + zsubset :: "'a zet \ 'a zet \ bool" + "zsubset a b \ ! x. zin x a \ zin x b" + +lemma explode_union: "explode (union a b) = (explode a) \ (explode b)" + apply (rule set_ext) + apply (simp add: explode_def union) + done + +lemma Rep_zet_zunion: "Rep_zet (zunion a b) = (Rep_zet a) \ (Rep_zet b)" +proof - + from Rep_zet[of a] have "? f z. inj_on f (Rep_zet a) \ f ` (Rep_zet a) = explode z" + by (auto simp add: zet_def') + then obtain fa za where a:"inj_on fa (Rep_zet a) \ fa ` (Rep_zet a) = explode za" + by blast + from a have fa: "inj_on fa (Rep_zet a)" by blast + from a have za: "fa ` (Rep_zet a) = explode za" by blast + from Rep_zet[of b] have "? f z. inj_on f (Rep_zet b) \ f ` (Rep_zet b) = explode z" + by (auto simp add: zet_def') + then obtain fb zb where b:"inj_on fb (Rep_zet b) \ fb ` (Rep_zet b) = explode zb" + by blast + from b have fb: "inj_on fb (Rep_zet b)" by blast + from b have zb: "fb ` (Rep_zet b) = explode zb" by blast + let ?f = "(\ x. if x \ (Rep_zet a) then Opair (fa x) (Empty) else Opair (fb x) (Singleton Empty))" + let ?z = "CartProd (union za zb) (Upair Empty (Singleton Empty))" + have se: "Singleton Empty \ Empty" + apply (auto simp add: Ext Singleton) + apply (rule exI[where x=Empty]) + apply (simp add: Empty) + done + show ?thesis + apply (simp add: zunion_def) + apply (subst Abs_zet_inverse) + apply (auto simp add: zet_def) + apply (rule exI[where x = ?f]) + apply (rule conjI) + apply (auto simp add: inj_on_def Opair inj_onD[OF fa] inj_onD[OF fb] se se[symmetric]) + apply (rule exI[where x = ?z]) + apply (insert za zb) + apply (auto simp add: explode_def CartProd union Upair Opair) + done +qed + +lemma zunion: "zin x (zunion a b) = ((zin x a) \ (zin x b))" + by (auto simp add: zin_def Rep_zet_zunion) + +lemma zimage_zexplode_eq: "zimage f (zexplode z) = zexplode (Repl z f)" + by (simp add: zet_ext_eq zin_zexplode_eq Repl zimage_iff) + +lemma range_explode_eq_zet: "range explode = zet" + apply (rule set_ext) + apply (auto simp add: explode_mem_zet) + apply (drule image_zet_rep) + apply (simp add: image_def) + apply auto + apply (rule_tac x=z in exI) + apply auto + done + +lemma Elem_zimplode: "(Elem x (zimplode z)) = (zin x z)" + apply (simp add: zimplode_def) + apply (subst Elem_implode) + apply (simp_all add: zin_def Rep_zet range_explode_eq_zet) + done + +constdefs + zempty :: "'a zet" + "zempty \ Abs_zet {}" + +lemma zempty[simp]: "\ (zin x zempty)" + by (auto simp add: zin_def zempty_def Abs_zet_inverse zet_def) + +lemma zimage_zempty[simp]: "zimage f zempty = zempty" + by (auto simp add: zet_ext_eq zimage_iff) + +lemma zunion_zempty_left[simp]: "zunion zempty a = a" + by (simp add: zet_ext_eq zunion) + +lemma zunion_zempty_right[simp]: "zunion a zempty = a" + by (simp add: zet_ext_eq zunion) + +lemma zimage_id[simp]: "zimage id A = A" + by (simp add: zet_ext_eq zimage_iff) + +lemma zimage_cong[recdef_cong]: "\ M = N; !! x. zin x N \ f x = g x \ \ zimage f M = zimage g N" + by (auto simp add: zet_ext_eq zimage_iff) + +end diff -r 0b9eb4b0ad98 -r 778507520684 src/HOL/ZF/document/root.tex --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/HOL/ZF/document/root.tex Tue Mar 07 16:03:31 2006 +0100 @@ -0,0 +1,28 @@ + +% $Id$ + +\documentclass[11pt,a4paper]{article} +\usepackage{isabelle,isabellesym} + +% this should be the last package used +\usepackage{pdfsetup} + +% urls in roman style, theory text in math-similar italics +\urlstyle{rm} +\isabellestyle{it} + +\newcommand{\ganz}{\mathsf{Z}\mkern-7.5mu\mathsf{Z}} + +\begin{document} + +\title{ZF} +\author{Steven Obua} +\maketitle + +%\tableofcontents + +\parindent 0pt\parskip 0.5ex + +\input{session} + +\end{document}