# HG changeset patch
# User paulson
# Date 1021533382 -7200
# Node ID dcbf6cb95534bab3ebaea55885c1dbc0803a5202
# Parent  f1097ea60ba43f1e09f0a929345ab041a379d489
converting Ordinal.ML to Isar format

diff -r f1097ea60ba4 -r dcbf6cb95534 src/ZF/Cardinal.ML
--- a/src/ZF/Cardinal.ML	Wed May 15 13:50:38 2002 +0200
+++ b/src/ZF/Cardinal.ML	Thu May 16 09:16:22 2002 +0200
@@ -193,6 +193,12 @@
 by (ALLGOALS (blast_tac (claset() addSIs [premP] addSDs [premNot])));
 qed "Least_equality";
 
+(*Perform induction on i, then prove the Ord(i) subgoal using prems. *)
+fun trans_ind_tac a prems i = 
+    EVERY [res_inst_tac [("i",a)] trans_induct i,
+           rename_last_tac a ["1"] (i+1),
+           ares_tac prems i];
+
 Goal "[| P(i);  Ord(i) |] ==> P(LEAST x. P(x))";
 by (etac rev_mp 1);
 by (trans_ind_tac "i" [] 1);
diff -r f1097ea60ba4 -r dcbf6cb95534 src/ZF/IsaMakefile
--- a/src/ZF/IsaMakefile	Wed May 15 13:50:38 2002 +0200
+++ b/src/ZF/IsaMakefile	Thu May 16 09:16:22 2002 +0200
@@ -39,7 +39,7 @@
   Integ/twos_compl.ML Let.ML Let.thy List.ML List.thy Main.ML Main.thy	\
   Main_ZFC.ML Main_ZFC.thy	\
   Nat.ML Nat.thy Order.thy OrderArith.thy	\
-  OrderType.thy Ordinal.ML Ordinal.thy OrdQuant.ML OrdQuant.thy \
+  OrderType.thy Ordinal.thy OrdQuant.ML OrdQuant.thy \
   Perm.ML Perm.thy	\
   QPair.ML QPair.thy QUniv.ML QUniv.thy ROOT.ML Rel.ML Rel.thy Sum.ML	\
   Sum.thy Tools/cartprod.ML Tools/datatype_package.ML			\
diff -r f1097ea60ba4 -r dcbf6cb95534 src/ZF/Nat.ML
--- a/src/ZF/Nat.ML	Wed May 15 13:50:38 2002 +0200
+++ b/src/ZF/Nat.ML	Thu May 16 09:16:22 2002 +0200
@@ -170,12 +170,24 @@
 
 (** Induction principle analogous to trancl_induct **)
 
+val le_cs = claset() addSIs [leCI] addSEs [leE] addEs [lt_asym];
+
 Goal "m: nat ==> P(m,succ(m)) --> (ALL x: nat. P(m,x) --> P(m,succ(x))) --> \
 \                 (ALL n:nat. m<n --> P(m,n))";
 by (etac nat_induct 1);
-by (ALLGOALS   
-    (EVERY' [rtac (impI RS impI), rtac (nat_induct RS ballI), assume_tac,
-             blast_tac le_cs, blast_tac le_cs])); 
+by (rtac (impI RS impI) 1);
+by (rtac (nat_induct RS ballI) 1);
+by (assume_tac 1);
+by (Blast_tac 1);
+by (asm_simp_tac (simpset() addsimps [le_iff]) 1);
+by (Blast_tac 1);
+(*and again*)
+by (rtac (impI RS impI) 1);
+by (rtac (nat_induct RS ballI) 1);
+by (assume_tac 1);
+by (Blast_tac 1);
+by (asm_simp_tac (simpset() addsimps [le_iff]) 1);
+by (Blast_tac 1);
 qed "succ_lt_induct_lemma";
 
 val prems = Goal
diff -r f1097ea60ba4 -r dcbf6cb95534 src/ZF/Ordinal.ML
--- a/src/ZF/Ordinal.ML	Wed May 15 13:50:38 2002 +0200
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,729 +0,0 @@
-(*  Title:      ZF/Ordinal.ML
-    ID:         $Id$
-    Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
-    Copyright   1993  University of Cambridge
-
-Ordinals in Zermelo-Fraenkel Set Theory 
-*)
-
-(*** Rules for Transset ***)
-
-(** Three neat characterisations of Transset **)
-
-Goalw [Transset_def] "Transset(A) <-> A<=Pow(A)";
-by (Blast_tac 1);
-qed "Transset_iff_Pow";
-
-Goalw [Transset_def] "Transset(A) <-> Union(succ(A)) = A";
-by (blast_tac (claset() addSEs [equalityE]) 1);
-qed "Transset_iff_Union_succ";
-
-Goalw [Transset_def] "Transset(A) <-> Union(A) <= A";
-by (Blast_tac 1);
-qed "Transset_iff_Union_subset";
-
-(** Consequences of downwards closure **)
-
-Goalw [Transset_def]
-    "[| Transset(C); {a,b}: C |] ==> a:C & b: C";
-by (Blast_tac 1);
-qed "Transset_doubleton_D";
-
-val [prem1,prem2] = goalw (the_context ()) [Pair_def]
-    "[| Transset(C); <a,b>: C |] ==> a:C & b: C";
-by (cut_facts_tac [prem2] 1);   
-by (blast_tac (claset() addSDs [prem1 RS Transset_doubleton_D]) 1);
-qed "Transset_Pair_D";
-
-val prem1::prems = goal (the_context ())
-    "[| Transset(C); A*B <= C; b: B |] ==> A <= C";
-by (cut_facts_tac prems 1);
-by (blast_tac (claset() addSDs [prem1 RS Transset_Pair_D]) 1);
-qed "Transset_includes_domain";
-
-val prem1::prems = goal (the_context ())
-    "[| Transset(C); A*B <= C; a: A |] ==> B <= C";
-by (cut_facts_tac prems 1);
-by (blast_tac (claset() addSDs [prem1 RS Transset_Pair_D]) 1);
-qed "Transset_includes_range";
-
-(** Closure properties **)
-
-Goalw [Transset_def] "Transset(0)";
-by (Blast_tac 1);
-qed "Transset_0";
-
-Goalw [Transset_def]
-    "[| Transset(i);  Transset(j) |] ==> Transset(i Un j)";
-by (Blast_tac 1);
-qed "Transset_Un";
-
-Goalw [Transset_def]
-    "[| Transset(i);  Transset(j) |] ==> Transset(i Int j)";
-by (Blast_tac 1);
-qed "Transset_Int";
-
-Goalw [Transset_def] "Transset(i) ==> Transset(succ(i))";
-by (Blast_tac 1);
-qed "Transset_succ";
-
-Goalw [Transset_def] "Transset(i) ==> Transset(Pow(i))";
-by (Blast_tac 1);
-qed "Transset_Pow";
-
-Goalw [Transset_def] "Transset(A) ==> Transset(Union(A))";
-by (Blast_tac 1);
-qed "Transset_Union";
-
-val [Transprem] = Goalw [Transset_def]
-    "[| !!i. i:A ==> Transset(i) |] ==> Transset(Union(A))";
-by (blast_tac (claset() addDs [Transprem RS bspec RS subsetD]) 1);
-qed "Transset_Union_family";
-
-val [prem,Transprem] = Goalw [Transset_def]
-    "[| j:A;  !!i. i:A ==> Transset(i) |] ==> Transset(Inter(A))";
-by (cut_facts_tac [prem] 1);
-by (blast_tac (claset() addDs [Transprem RS bspec RS subsetD]) 1);
-qed "Transset_Inter_family";
-
-(*** Natural Deduction rules for Ord ***)
-
-val prems = Goalw [Ord_def]
-    "[| Transset(i);  !!x. x:i ==> Transset(x) |]  ==>  Ord(i)";
-by (REPEAT (ares_tac (prems@[ballI,conjI]) 1));
-qed "OrdI";
-
-Goalw [Ord_def] "Ord(i) ==> Transset(i)";
-by (Blast_tac 1);
-qed "Ord_is_Transset";
-
-Goalw [Ord_def]
-    "[| Ord(i);  j:i |] ==> Transset(j) ";
-by (Blast_tac 1);
-qed "Ord_contains_Transset";
-
-(*** Lemmas for ordinals ***)
-
-Goalw [Ord_def,Transset_def] "[| Ord(i);  j:i |] ==> Ord(j)";
-by (Blast_tac 1);
-qed "Ord_in_Ord";
-
-(* Ord(succ(j)) ==> Ord(j) *)
-bind_thm ("Ord_succD", succI1 RSN (2, Ord_in_Ord));
-
-AddSDs [Ord_succD];
-
-Goal "[| Ord(i);  Transset(j);  j<=i |] ==> Ord(j)";
-by (REPEAT (ares_tac [OrdI] 1
-     ORELSE eresolve_tac [Ord_contains_Transset, subsetD] 1));
-qed "Ord_subset_Ord";
-
-Goalw [Ord_def,Transset_def] "[| j:i;  Ord(i) |] ==> j<=i";
-by (Blast_tac 1);
-qed "OrdmemD";
-
-Goal "[| i:j;  j:k;  Ord(k) |] ==> i:k";
-by (REPEAT (ares_tac [OrdmemD RS subsetD] 1));
-qed "Ord_trans";
-
-Goal "[| i:j;  Ord(j) |] ==> succ(i) <= j";
-by (REPEAT (ares_tac [OrdmemD RSN (2,succ_subsetI)] 1));
-qed "Ord_succ_subsetI";
-
-
-(*** The construction of ordinals: 0, succ, Union ***)
-
-Goal "Ord(0)";
-by (REPEAT (ares_tac [OrdI,Transset_0] 1 ORELSE etac emptyE 1));
-qed "Ord_0";
-
-Goal "Ord(i) ==> Ord(succ(i))";
-by (REPEAT (ares_tac [OrdI,Transset_succ] 1
-     ORELSE eresolve_tac [succE,ssubst,Ord_is_Transset,
-                          Ord_contains_Transset] 1));
-qed "Ord_succ";
-
-bind_thm ("Ord_1", Ord_0 RS Ord_succ);
-
-Goal "Ord(succ(i)) <-> Ord(i)";
-by (blast_tac (claset() addIs [Ord_succ]) 1);
-qed "Ord_succ_iff";
-
-Addsimps [Ord_0, Ord_succ_iff];
-AddSIs   [Ord_0, Ord_succ];
-AddTCs   [Ord_0, Ord_succ];
-
-Goalw [Ord_def] "[| Ord(i); Ord(j) |] ==> Ord(i Un j)";
-by (blast_tac (claset() addSIs [Transset_Un]) 1);
-qed "Ord_Un";
-
-Goalw [Ord_def] "[| Ord(i); Ord(j) |] ==> Ord(i Int j)";
-by (blast_tac (claset() addSIs [Transset_Int]) 1);
-qed "Ord_Int";
-AddTCs   [Ord_Un, Ord_Int];
-
-val nonempty::prems = Goal
-    "[| j:A;  !!i. i:A ==> Ord(i) |] ==> Ord(Inter(A))";
-by (rtac (nonempty RS Transset_Inter_family RS OrdI) 1);
-by (rtac Ord_is_Transset 1);
-by (REPEAT (ares_tac ([Ord_contains_Transset,nonempty]@prems) 1
-     ORELSE etac InterD 1));
-qed "Ord_Inter";
-
-val jmemA::prems = Goal
-    "[| j:A;  !!x. x:A ==> Ord(B(x)) |] ==> Ord(INT x:A. B(x))";
-by (rtac (jmemA RS RepFunI RS Ord_Inter) 1);
-by (etac RepFunE 1);
-by (etac ssubst 1);
-by (eresolve_tac prems 1);
-qed "Ord_INT";
-
-(*There is no set of all ordinals, for then it would contain itself*)
-Goal "~ (ALL i. i:X <-> Ord(i))";
-by (rtac notI 1);
-by (forw_inst_tac [("x", "X")] spec 1);
-by (safe_tac (claset() addSEs [mem_irrefl]));
-by (swap_res_tac [Ord_is_Transset RSN (2,OrdI)] 1);
-by (Blast_tac 2);
-by (rewtac Transset_def);
-by Safe_tac;
-by (Asm_full_simp_tac 1);
-by (REPEAT (eresolve_tac [asm_rl, Ord_in_Ord] 1));
-qed "ON_class";
-
-(*** < is 'less than' for ordinals ***)
-
-Goalw [lt_def] "[| i:j;  Ord(j) |] ==> i<j";
-by (REPEAT (ares_tac [conjI] 1));
-qed "ltI";
-
-val major::prems = Goalw [lt_def]
-    "[| i<j;  [| i:j;  Ord(i);  Ord(j) |] ==> P |] ==> P";
-by (rtac (major RS conjE) 1);
-by (REPEAT (ares_tac (prems@[Ord_in_Ord]) 1));
-qed "ltE";
-
-Goal "i<j ==> i:j";
-by (etac ltE 1);
-by (assume_tac 1);
-qed "ltD";
-
-Goalw [lt_def] "~ i<0";
-by (Blast_tac 1);
-qed "not_lt0";
-
-Addsimps [not_lt0];
-
-Goal "j<i ==> Ord(j)";
-by (etac ltE 1 THEN assume_tac 1);
-qed "lt_Ord";
-
-Goal "j<i ==> Ord(i)";
-by (etac ltE 1 THEN assume_tac 1);
-qed "lt_Ord2";
-
-(* "ja le j ==> Ord(j)" *)
-bind_thm ("le_Ord2", lt_Ord2 RS Ord_succD);
-
-(* i<0 ==> R *)
-bind_thm ("lt0E", not_lt0 RS notE);
-
-Goal "[| i<j;  j<k |] ==> i<k";
-by (blast_tac (claset() addSIs [ltI] addSEs [ltE] addIs [Ord_trans]) 1);
-qed "lt_trans";
-
-Goalw [lt_def] "i<j ==> ~ (j<i)";
-by (blast_tac (claset() addEs [mem_asym]) 1);
-qed "lt_not_sym";
-
-(* [| i<j;  ~P ==> j<i |] ==> P *)
-bind_thm ("lt_asym", lt_not_sym RS swap);
-
-val [major]= goal (the_context ()) "i<i ==> P";
-by (rtac (major RS (major RS lt_asym)) 1) ;
-qed "lt_irrefl";
-
-Goal "~ i<i";
-by (rtac notI 1);
-by (etac lt_irrefl 1) ;
-qed "lt_not_refl";
-
-AddSEs [lt_irrefl, lt0E];
-
-(** le is less than or equals;  recall  i le j  abbrevs  i<succ(j) !! **)
-
-Goalw [lt_def] "i le j <-> i<j | (i=j & Ord(j))";
-by (Blast_tac 1);
-qed "le_iff";
-
-(*Equivalently, i<j ==> i < succ(j)*)
-Goal "i<j ==> i le j";
-by (asm_simp_tac (simpset() addsimps [le_iff]) 1);
-qed "leI";
-
-Goal "[| i=j;  Ord(j) |] ==> i le j";
-by (asm_simp_tac (simpset() addsimps [le_iff]) 1);
-qed "le_eqI";
-
-bind_thm ("le_refl", refl RS le_eqI);
-
-Goal "i le i <-> Ord(i)";
-by (asm_simp_tac (simpset() addsimps [lt_not_refl, le_iff]) 1);
-qed "le_refl_iff";
-
-AddIffs [le_refl_iff];
-
-val [prem] = Goal "(~ (i=j & Ord(j)) ==> i<j) ==> i le j";
-by (rtac (disjCI RS (le_iff RS iffD2)) 1);
-by (etac prem 1);
-qed "leCI";
-
-val major::prems = Goal
-    "[| i le j;  i<j ==> P;  [| i=j;  Ord(j) |] ==> P |] ==> P";
-by (rtac (major RS (le_iff RS iffD1 RS disjE)) 1);
-by (DEPTH_SOLVE (ares_tac prems 1 ORELSE etac conjE 1));
-qed "leE";
-
-Goal "[| i le j;  j le i |] ==> i=j";
-by (asm_full_simp_tac (simpset() addsimps [le_iff]) 1);
-by (blast_tac (claset() addEs [lt_asym]) 1);
-qed "le_anti_sym";
-
-Goal "i le 0 <-> i=0";
-by (blast_tac (claset() addSEs [leE]) 1);
-qed "le0_iff";
-
-bind_thm ("le0D", le0_iff RS iffD1);
-
-AddSDs [le0D];
-Addsimps [le0_iff];
-
-val le_cs = claset() addSIs [leCI] addSEs [leE] addEs [lt_asym];
-
-
-(*** Natural Deduction rules for Memrel ***)
-
-Goalw [Memrel_def] "<a,b> : Memrel(A) <-> a:b & a:A & b:A";
-by (Blast_tac 1);
-qed "Memrel_iff";
-Addsimps [Memrel_iff];  
-  (*MemrelI/E give better speed than AddIffs here*)
-
-Goal "[| a: b;  a: A;  b: A |] ==> <a,b> : Memrel(A)";
-by Auto_tac;
-qed "MemrelI";
-
-val [major,minor] = Goal
-    "[| <a,b> : Memrel(A);  \
-\       [| a: A;  b: A;  a:b |]  ==> P \
-\    |]  ==> P";
-by (rtac (major RS (Memrel_iff RS iffD1) RS conjE) 1);
-by (etac conjE 1);
-by (rtac minor 1);
-by (REPEAT (assume_tac 1));
-qed "MemrelE";
-
-AddSIs [MemrelI];
-AddSEs [MemrelE];
-
-Goalw [Memrel_def] "Memrel(A) <= A*A";
-by (Blast_tac 1);
-qed "Memrel_type";
-
-Goalw [Memrel_def] "A<=B ==> Memrel(A) <= Memrel(B)";
-by (Blast_tac 1);
-qed "Memrel_mono";
-
-Goalw [Memrel_def] "Memrel(0) = 0";
-by (Blast_tac 1);
-qed "Memrel_0";
-
-Goalw [Memrel_def] "Memrel(1) = 0";
-by (Blast_tac 1);
-qed "Memrel_1";
-
-Addsimps [Memrel_0, Memrel_1];
-
-(*The membership relation (as a set) is well-founded.
-  Proof idea: show A<=B by applying the foundation axiom to A-B *)
-Goalw [wf_def] "wf(Memrel(A))";
-by (EVERY1 [rtac (foundation RS disjE RS allI),
-            etac disjI1,
-            etac bexE, 
-            rtac (impI RS allI RS bexI RS disjI2),
-            etac MemrelE,
-            etac bspec,
-            REPEAT o assume_tac]);
-qed "wf_Memrel";
-
-(*Transset(i) does not suffice, though ALL j:i.Transset(j) does*)
-Goalw [Ord_def, Transset_def, trans_def]
-    "Ord(i) ==> trans(Memrel(i))";
-by (Blast_tac 1);
-qed "trans_Memrel";
-
-(*If Transset(A) then Memrel(A) internalizes the membership relation below A*)
-Goalw [Transset_def]
-    "Transset(A) ==> <a,b> : Memrel(A) <-> a:b & b:A";
-by (Blast_tac 1);
-qed "Transset_Memrel_iff";
-
-
-(*** Transfinite induction ***)
-
-(*Epsilon induction over a transitive set*)
-val major::prems = Goalw [Transset_def]
-    "[| i: k;  Transset(k);                          \
-\       !!x.[| x: k;  ALL y:x. P(y) |] ==> P(x) \
-\    |]  ==>  P(i)";
-by (rtac (major RS (wf_Memrel RS wf_induct2)) 1);
-by (Blast_tac 1);
-by (resolve_tac prems 1);
-by (assume_tac 1);
-by (cut_facts_tac prems 1);
-by (Blast_tac 1);
-qed "Transset_induct";
-
-(*Induction over an ordinal*)
-bind_thm ("Ord_induct", Ord_is_Transset RSN (2, Transset_induct));
-
-(*Induction over the class of ordinals -- a useful corollary of Ord_induct*)
-val [major,indhyp] = Goal
-    "[| Ord(i); \
-\       !!x.[| Ord(x);  ALL y:x. P(y) |] ==> P(x) \
-\    |]  ==>  P(i)";
-by (rtac (major RS Ord_succ RS (succI1 RS Ord_induct)) 1);
-by (rtac indhyp 1);
-by (rtac (major RS Ord_succ RS Ord_in_Ord) 1);
-by (REPEAT (assume_tac 1));
-qed "trans_induct";
-
-(*Perform induction on i, then prove the Ord(i) subgoal using prems. *)
-fun trans_ind_tac a prems i = 
-    EVERY [res_inst_tac [("i",a)] trans_induct i,
-           rename_last_tac a ["1"] (i+1),
-           ares_tac prems i];
-
-
-(*** Fundamental properties of the epsilon ordering (< on ordinals) ***)
-
-(*Finds contradictions for the following proof*)
-val Ord_trans_tac = EVERY' [etac notE, etac Ord_trans, REPEAT o atac];
-
-(** Proving that < is a linear ordering on the ordinals **)
-
-Goal "Ord(i) ==> (ALL j. Ord(j) --> i:j | i=j | j:i)";
-by (etac trans_induct 1);
-by (rtac (impI RS allI) 1);
-by (trans_ind_tac "j" [] 1);
-by (DEPTH_SOLVE (Step_tac 1 ORELSE Ord_trans_tac 1));
-qed_spec_mp "Ord_linear";
-
-(*The trichotomy law for ordinals!*)
-val ordi::ordj::prems = Goalw [lt_def]
-    "[| Ord(i);  Ord(j);  i<j ==> P;  i=j ==> P;  j<i ==> P |] ==> P";
-by (rtac ([ordi,ordj] MRS Ord_linear RS disjE) 1);
-by (etac disjE 2);
-by (DEPTH_SOLVE (ares_tac ([ordi,ordj,conjI] @ prems) 1));
-qed "Ord_linear_lt";
-
-val prems = Goal
-    "[| Ord(i);  Ord(j);  i<j ==> P;  j le i ==> P |]  ==> P";
-by (res_inst_tac [("i","i"),("j","j")] Ord_linear_lt 1);
-by (DEPTH_SOLVE (ares_tac ([leI, sym RS le_eqI] @ prems) 1));
-qed "Ord_linear2";
-
-val prems = Goal
-    "[| Ord(i);  Ord(j);  i le j ==> P;  j le i ==> P |]  ==> P";
-by (res_inst_tac [("i","i"),("j","j")] Ord_linear_lt 1);
-by (DEPTH_SOLVE (ares_tac ([leI,le_eqI] @ prems) 1));
-qed "Ord_linear_le";
-
-Goal "j le i ==> ~ i<j";
-by (blast_tac le_cs 1);
-qed "le_imp_not_lt";
-
-Goal "[| ~ i<j;  Ord(i);  Ord(j) |] ==> j le i";
-by (res_inst_tac [("i","i"),("j","j")] Ord_linear2 1);
-by (REPEAT (SOMEGOAL assume_tac));
-by (blast_tac le_cs 1);
-qed "not_lt_imp_le";
-
-(** Some rewrite rules for <, le **)
-
-Goalw [lt_def] "Ord(j) ==> i:j <-> i<j";
-by (Blast_tac 1);
-qed "Ord_mem_iff_lt";
-
-Goal "[| Ord(i);  Ord(j) |] ==> ~ i<j <-> j le i";
-by (REPEAT (ares_tac [iffI, le_imp_not_lt, not_lt_imp_le] 1));
-qed "not_lt_iff_le";
-
-Goal "[| Ord(i);  Ord(j) |] ==> ~ i le j <-> j<i";
-by (asm_simp_tac (simpset() addsimps [not_lt_iff_le RS iff_sym]) 1);
-qed "not_le_iff_lt";
-
-(*This is identical to 0<succ(i) *)
-Goal "Ord(i) ==> 0 le i";
-by (etac (not_lt_iff_le RS iffD1) 1);
-by (REPEAT (resolve_tac [Ord_0, not_lt0] 1));
-qed "Ord_0_le";
-
-Goal "[| Ord(i);  i~=0 |] ==> 0<i";
-by (etac (not_le_iff_lt RS iffD1) 1);
-by (rtac Ord_0 1);
-by (Blast_tac 1);
-qed "Ord_0_lt";
-
-Goal "Ord(i) ==> i~=0 <-> 0<i";
-by (blast_tac (claset() addIs [Ord_0_lt]) 1);
-qed "Ord_0_lt_iff";
-
-
-(*** Results about less-than or equals ***)
-
-(** For ordinals, j<=i (subset) implies j le i (less-than or equals) **)
-
-Goal "0 le succ(x) <-> Ord(x)";
-by (blast_tac (claset() addIs [Ord_0_le] addEs [ltE]) 1); 
-qed "zero_le_succ_iff";
-AddIffs [zero_le_succ_iff];
-
-Goal "[| j<=i;  Ord(i);  Ord(j) |] ==> j le i";
-by (rtac (not_lt_iff_le RS iffD1) 1);
-by (assume_tac 1);
-by (assume_tac 1);
-by (blast_tac (claset() addEs [ltE, mem_irrefl]) 1);
-qed "subset_imp_le";
-
-Goal "i le j ==> i<=j";
-by (etac leE 1);
-by (Blast_tac 2);
-by (blast_tac (subset_cs addIs [OrdmemD] addEs [ltE]) 1);
-qed "le_imp_subset";
-
-Goal "j le i <-> j<=i & Ord(i) & Ord(j)";
-by (blast_tac (claset() addDs [subset_imp_le, le_imp_subset] addEs [ltE]) 1);
-qed "le_subset_iff";
-
-Goal "i le succ(j) <-> i le j | i=succ(j) & Ord(i)";
-by (simp_tac (simpset() addsimps [le_iff]) 1);
-by (Blast_tac 1);
-qed "le_succ_iff";
-
-(*Just a variant of subset_imp_le*)
-val [ordi,ordj,minor] = Goal
-    "[| Ord(i);  Ord(j);  !!x. x<j ==> x<i |] ==> j le i";
-by (REPEAT_FIRST (ares_tac [notI RS not_lt_imp_le, ordi, ordj]));
-by (etac (minor RS lt_irrefl) 1);
-qed "all_lt_imp_le";
-
-(** Transitive laws **)
-
-Goal "[| i le j;  j<k |] ==> i<k";
-by (blast_tac (claset() addSEs [leE] addIs [lt_trans]) 1);
-qed "lt_trans1";
-
-Goal "[| i<j;  j le k |] ==> i<k";
-by (blast_tac (claset() addSEs [leE] addIs [lt_trans]) 1);
-qed "lt_trans2";
-
-Goal "[| i le j;  j le k |] ==> i le k";
-by (REPEAT (ares_tac [lt_trans1] 1));
-qed "le_trans";
-
-Goal "i<j ==> succ(i) le j";
-by (rtac (not_lt_iff_le RS iffD1) 1);
-by (blast_tac le_cs 3);
-by (ALLGOALS (blast_tac (claset() addEs [ltE])));
-qed "succ_leI";
-
-(*Identical to  succ(i) < succ(j) ==> i<j  *)
-Goal "succ(i) le j ==> i<j";
-by (rtac (not_le_iff_lt RS iffD1) 1);
-by (blast_tac le_cs 3);
-by (ALLGOALS (blast_tac (claset() addEs [ltE])));
-qed "succ_leE";
-
-Goal "succ(i) le j <-> i<j";
-by (REPEAT (ares_tac [iffI,succ_leI,succ_leE] 1));
-qed "succ_le_iff";
-AddIffs [succ_le_iff];
-
-Goal "succ(i) le succ(j) ==> i le j";
-by (blast_tac (claset() addSDs [succ_leE]) 1);
-qed "succ_le_imp_le";
-
-Goal "[| i <= j;  j<k;  Ord(i) |] ==> i<k";
-by (resolve_tac [subset_imp_le RS lt_trans1] 1);
-by (REPEAT (eresolve_tac [asm_rl, ltE] 1));
-qed "lt_subset_trans";
-
-(** Union and Intersection **)
-
-Goal "[| Ord(i); Ord(j) |] ==> i le i Un j";
-by (rtac (Un_upper1 RS subset_imp_le) 1);
-by (REPEAT (ares_tac [Ord_Un] 1));
-qed "Un_upper1_le";
-
-Goal "[| Ord(i); Ord(j) |] ==> j le i Un j";
-by (rtac (Un_upper2 RS subset_imp_le) 1);
-by (REPEAT (ares_tac [Ord_Un] 1));
-qed "Un_upper2_le";
-
-(*Replacing k by succ(k') yields the similar rule for le!*)
-Goal "[| i<k;  j<k |] ==> i Un j < k";
-by (res_inst_tac [("i","i"),("j","j")] Ord_linear_le 1);
-by (stac Un_commute 4);
-by (asm_full_simp_tac (simpset() addsimps [le_subset_iff, subset_Un_iff]) 4);
-by (asm_full_simp_tac (simpset() addsimps [le_subset_iff, subset_Un_iff]) 3);
-by (REPEAT (eresolve_tac [asm_rl, ltE] 1));
-qed "Un_least_lt";
-
-Goal "[| Ord(i); Ord(j) |] ==> i Un j < k  <->  i<k & j<k";
-by (safe_tac (claset() addSIs [Un_least_lt]));
-by (rtac (Un_upper2_le RS lt_trans1) 2);
-by (rtac (Un_upper1_le RS lt_trans1) 1);
-by (REPEAT_SOME assume_tac);
-qed "Un_least_lt_iff";
-
-val [ordi,ordj,ordk] = goal (the_context ())
-    "[| Ord(i); Ord(j); Ord(k) |] ==> i Un j : k  <->  i:k & j:k";
-by (cut_inst_tac [("k","k")] ([ordi,ordj] MRS Un_least_lt_iff) 1);
-by (asm_full_simp_tac (simpset() addsimps [lt_def,ordi,ordj,ordk]) 1);
-qed "Un_least_mem_iff";
-
-(*Replacing k by succ(k') yields the similar rule for le!*)
-Goal "[| i<k;  j<k |] ==> i Int j < k";
-by (res_inst_tac [("i","i"),("j","j")] Ord_linear_le 1);
-by (stac Int_commute 4);
-by (asm_full_simp_tac (simpset() addsimps [le_subset_iff, subset_Int_iff]) 4);
-by (asm_full_simp_tac (simpset() addsimps [le_subset_iff, subset_Int_iff]) 3);
-by (REPEAT (eresolve_tac [asm_rl, ltE] 1));
-qed "Int_greatest_lt";
-
-(*FIXME: the Intersection duals are missing!*)
-
-
-(*** Results about limits ***)
-
-val prems = Goal "[| !!i. i:A ==> Ord(i) |] ==> Ord(Union(A))";
-by (rtac (Ord_is_Transset RS Transset_Union_family RS OrdI) 1);
-by (REPEAT (etac UnionE 1 ORELSE ares_tac ([Ord_contains_Transset]@prems) 1));
-qed "Ord_Union";
-
-val prems = Goal
-    "[| !!x. x:A ==> Ord(B(x)) |] ==> Ord(UN x:A. B(x))";
-by (rtac Ord_Union 1);
-by (etac RepFunE 1);
-by (etac ssubst 1);
-by (eresolve_tac prems 1);
-qed "Ord_UN";
-
-(* No < version; consider (UN i:nat.i)=nat *)
-val [ordi,limit] = Goal
-    "[| Ord(i);  !!x. x:A ==> b(x) le i |] ==> (UN x:A. b(x)) le i";
-by (rtac (le_imp_subset RS UN_least RS subset_imp_le) 1);
-by (REPEAT (ares_tac [ordi, Ord_UN, limit] 1 ORELSE etac (limit RS ltE) 1));
-qed "UN_least_le";
-
-val [jlti,limit] = Goal
-    "[| j<i;  !!x. x:A ==> b(x)<j |] ==> (UN x:A. succ(b(x))) < i";
-by (rtac (jlti RS ltE) 1);
-by (rtac (UN_least_le RS lt_trans2) 1);
-by (REPEAT (ares_tac [jlti, succ_leI, limit] 1));
-qed "UN_succ_least_lt";
-
-Goal "[| a: A;  i le b(a);  Ord(UN x:A. b(x)) |] ==> i le (UN x:A. b(x))";
-by (ftac ltD 1); 
-by (rtac (le_imp_subset RS subset_trans RS subset_imp_le) 1);
-by (REPEAT (ares_tac [lt_Ord, UN_upper] 1));
-qed "UN_upper_le";
-
-val [leprem] = Goal
-    "[| !!x. x:A ==> c(x) le d(x) |] ==> (UN x:A. c(x)) le (UN x:A. d(x))";
-by (rtac UN_least_le 1);
-by (rtac UN_upper_le 2);
-by (etac leprem 3);
-by (ALLGOALS (asm_simp_tac (simpset() addsimps [Ord_UN, leprem RS le_Ord2])));
-qed "le_implies_UN_le_UN";
-
-Goal "Ord(i) ==> (UN y:i. succ(y)) = i";
-by (blast_tac (claset() addIs [Ord_trans]) 1);
-qed "Ord_equality";
-
-(*Holds for all transitive sets, not just ordinals*)
-Goal "Ord(i) ==> Union(i) <= i";
-by (blast_tac (claset() addIs [Ord_trans]) 1);
-qed "Ord_Union_subset";
-
-
-(*** Limit ordinals -- general properties ***)
-
-Goalw [Limit_def] "Limit(i) ==> Union(i) = i";
-by (fast_tac (claset() addSIs [ltI] addSEs [ltE] addEs [Ord_trans]) 1);
-qed "Limit_Union_eq";
-
-Goalw [Limit_def] "Limit(i) ==> Ord(i)";
-by (etac conjunct1 1);
-qed "Limit_is_Ord";
-
-Goalw [Limit_def] "Limit(i) ==> 0 < i";
-by (etac (conjunct2 RS conjunct1) 1);
-qed "Limit_has_0";
-
-Goalw [Limit_def] "[| Limit(i);  j<i |] ==> succ(j) < i";
-by (Blast_tac 1);
-qed "Limit_has_succ";
-
-Goalw [Limit_def]
-    "[| 0<i;  ALL y. succ(y) ~= i |] ==> Limit(i)";
-by (safe_tac subset_cs);
-by (rtac (not_le_iff_lt RS iffD1) 2);
-by (blast_tac le_cs 4);
-by (REPEAT (eresolve_tac [asm_rl, ltE, Ord_succ] 1));
-qed "non_succ_LimitI";
-
-Goal "Limit(succ(i)) ==> P";
-by (rtac lt_irrefl 1);
-by (rtac Limit_has_succ 1);
-by (assume_tac 1);
-by (etac (Limit_is_Ord RS Ord_succD RS le_refl) 1);
-qed "succ_LimitE";
-AddSEs [succ_LimitE];
-
-Goal "~ Limit(succ(i))";
-by (Blast_tac 1);
-qed "not_succ_Limit";
-Addsimps [not_succ_Limit];
-
-Goal "[| Limit(i);  i le succ(j) |] ==> i le j";
-by (blast_tac (claset() addSEs [leE]) 1);
-qed "Limit_le_succD";
-
-(** Traditional 3-way case analysis on ordinals **)
-
-Goal "Ord(i) ==> i=0 | (EX j. Ord(j) & i=succ(j)) | Limit(i)";
-by (blast_tac (claset() addSIs [non_succ_LimitI, Ord_0_lt]) 1);
-qed "Ord_cases_disj";
-
-val major::prems = Goal
-    "[| Ord(i);                 \
-\       i=0                          ==> P;     \
-\       !!j. [| Ord(j); i=succ(j) |] ==> P;     \
-\       Limit(i)                     ==> P      \
-\    |] ==> P";
-by (cut_facts_tac [major RS Ord_cases_disj] 1);
-by (REPEAT (eresolve_tac (prems@[asm_rl, disjE, exE, conjE]) 1));
-qed "Ord_cases";
-
-val major::prems = Goal
-     "[| Ord(i);                \
-\        P(0);                  \
-\        !!x. [| Ord(x);  P(x) |] ==> P(succ(x));       \
-\        !!x. [| Limit(x);  ALL y:x. P(y) |] ==> P(x)   \
-\     |] ==> P(i)";
-by (resolve_tac [major RS trans_induct] 1);
-by (etac Ord_cases 1);
-by (ALLGOALS (blast_tac (claset() addIs prems)));
-qed "trans_induct3";
diff -r f1097ea60ba4 -r dcbf6cb95534 src/ZF/Ordinal.thy
--- a/src/ZF/Ordinal.thy	Wed May 15 13:50:38 2002 +0200
+++ b/src/ZF/Ordinal.thy	Thu May 16 09:16:22 2002 +0200
@@ -6,27 +6,728 @@
 Ordinals in Zermelo-Fraenkel Set Theory 
 *)
 
-Ordinal = WF + Bool + equalities +
-consts
-  Memrel        :: i=>i
-  Transset,Ord  :: i=>o
-  "<"           :: [i,i] => o  (infixl 50) (*less than on ordinals*)
-  Limit         :: i=>o
+theory Ordinal = WF + Bool + equalities:
+
+constdefs
+
+  Memrel        :: "i=>i"
+    "Memrel(A)   == {z: A*A . EX x y. z=<x,y> & x:y }"
+
+  Transset  :: "i=>o"
+    "Transset(i) == ALL x:i. x<=i"
+
+  Ord  :: "i=>o"
+    "Ord(i)      == Transset(i) & (ALL x:i. Transset(x))"
+
+  lt        :: "[i,i] => o"  (infixl "<" 50)   (*less-than on ordinals*)
+    "i<j         == i:j & Ord(j)"
+
+  Limit         :: "i=>o"
+    "Limit(i)    == Ord(i) & 0<i & (ALL y. y<i --> succ(y)<i)"
 
 syntax
-  "le"          :: [i,i] => o  (infixl 50) (*less than or equals*)
+  "le"          :: "[i,i] => o"  (infixl 50)   (*less-than or equals*)
 
 translations
   "x le y"      == "x < succ(y)"
 
 syntax (xsymbols)
-  "op le"       :: [i,i] => o  (infixl "\\<le>" 50) (*less than or equals*)
+  "op le"       :: "[i,i] => o"  (infixl "\<le>" 50)  (*less-than or equals*)
+
+
+(*** Rules for Transset ***)
+
+(** Three neat characterisations of Transset **)
+
+lemma Transset_iff_Pow: "Transset(A) <-> A<=Pow(A)"
+by (unfold Transset_def, blast)
+
+lemma Transset_iff_Union_succ: "Transset(A) <-> Union(succ(A)) = A"
+apply (unfold Transset_def)
+apply (blast elim!: equalityE)
+done
+
+lemma Transset_iff_Union_subset: "Transset(A) <-> Union(A) <= A"
+by (unfold Transset_def, blast)
+
+(** Consequences of downwards closure **)
+
+lemma Transset_doubleton_D: 
+    "[| Transset(C); {a,b}: C |] ==> a:C & b: C"
+by (unfold Transset_def, blast)
+
+lemma Transset_Pair_D:
+    "[| Transset(C); <a,b>: C |] ==> a:C & b: C"
+apply (simp add: Pair_def)
+apply (blast dest: Transset_doubleton_D)
+done
+
+lemma Transset_includes_domain:
+    "[| Transset(C); A*B <= C; b: B |] ==> A <= C"
+by (blast dest: Transset_Pair_D)
+
+lemma Transset_includes_range:
+    "[| Transset(C); A*B <= C; a: A |] ==> B <= C"
+by (blast dest: Transset_Pair_D)
+
+(** Closure properties **)
+
+lemma Transset_0: "Transset(0)"
+by (unfold Transset_def, blast)
+
+lemma Transset_Un: 
+    "[| Transset(i);  Transset(j) |] ==> Transset(i Un j)"
+by (unfold Transset_def, blast)
+
+lemma Transset_Int: 
+    "[| Transset(i);  Transset(j) |] ==> Transset(i Int j)"
+by (unfold Transset_def, blast)
+
+lemma Transset_succ: "Transset(i) ==> Transset(succ(i))"
+by (unfold Transset_def, blast)
+
+lemma Transset_Pow: "Transset(i) ==> Transset(Pow(i))"
+by (unfold Transset_def, blast)
+
+lemma Transset_Union: "Transset(A) ==> Transset(Union(A))"
+by (unfold Transset_def, blast)
+
+lemma Transset_Union_family: 
+    "[| !!i. i:A ==> Transset(i) |] ==> Transset(Union(A))"
+by (unfold Transset_def, blast)
+
+lemma Transset_Inter_family: 
+    "[| j:A;  !!i. i:A ==> Transset(i) |] ==> Transset(Inter(A))"
+by (unfold Transset_def, blast)
+
+(*** Natural Deduction rules for Ord ***)
+
+lemma OrdI:
+    "[| Transset(i);  !!x. x:i ==> Transset(x) |]  ==>  Ord(i)"
+by (simp add: Ord_def) 
+
+lemma Ord_is_Transset: "Ord(i) ==> Transset(i)"
+by (simp add: Ord_def) 
+
+lemma Ord_contains_Transset: 
+    "[| Ord(i);  j:i |] ==> Transset(j) "
+by (unfold Ord_def, blast)
+
+(*** Lemmas for ordinals ***)
+
+lemma Ord_in_Ord: "[| Ord(i);  j:i |] ==> Ord(j)"
+by (unfold Ord_def Transset_def, blast)
+
+(* Ord(succ(j)) ==> Ord(j) *)
+lemmas Ord_succD = Ord_in_Ord [OF _ succI1]
+
+lemma Ord_subset_Ord: "[| Ord(i);  Transset(j);  j<=i |] ==> Ord(j)"
+by (simp add: Ord_def Transset_def, blast)
+
+lemma OrdmemD: "[| j:i;  Ord(i) |] ==> j<=i"
+by (unfold Ord_def Transset_def, blast)
+
+lemma Ord_trans: "[| i:j;  j:k;  Ord(k) |] ==> i:k"
+by (blast dest: OrdmemD)
+
+lemma Ord_succ_subsetI: "[| i:j;  Ord(j) |] ==> succ(i) <= j"
+by (blast dest: OrdmemD)
+
+
+(*** The construction of ordinals: 0, succ, Union ***)
+
+lemma Ord_0 [iff,TC]: "Ord(0)"
+by (blast intro: OrdI Transset_0)
+
+lemma Ord_succ [TC]: "Ord(i) ==> Ord(succ(i))"
+by (blast intro: OrdI Transset_succ Ord_is_Transset Ord_contains_Transset)
+
+lemmas Ord_1 = Ord_0 [THEN Ord_succ]
+
+lemma Ord_succ_iff [iff]: "Ord(succ(i)) <-> Ord(i)"
+by (blast intro: Ord_succ dest!: Ord_succD)
+
+lemma Ord_Un [TC]: "[| Ord(i); Ord(j) |] ==> Ord(i Un j)"
+apply (unfold Ord_def)
+apply (blast intro!: Transset_Un)
+done
+
+lemma Ord_Int [TC]: "[| Ord(i); Ord(j) |] ==> Ord(i Int j)"
+apply (unfold Ord_def)
+apply (blast intro!: Transset_Int)
+done
+
+
+lemma Ord_Inter:
+    "[| j:A;  !!i. i:A ==> Ord(i) |] ==> Ord(Inter(A))"
+apply (rule Transset_Inter_family [THEN OrdI], assumption)
+apply (blast intro: Ord_is_Transset) 
+apply (blast intro: Ord_contains_Transset) 
+done
+
+lemma Ord_INT:
+    "[| j:A;  !!x. x:A ==> Ord(B(x)) |] ==> Ord(INT x:A. B(x))"
+by (rule RepFunI [THEN Ord_Inter], assumption, blast) 
+
+(*There is no set of all ordinals, for then it would contain itself*)
+lemma ON_class: "~ (ALL i. i:X <-> Ord(i))"
+apply (rule notI)
+apply (frule_tac x = "X" in spec)
+apply (safe elim!: mem_irrefl)
+apply (erule swap, rule OrdI [OF _ Ord_is_Transset])
+apply (simp add: Transset_def)
+apply (blast intro: Ord_in_Ord)+
+done
+
+(*** < is 'less than' for ordinals ***)
+
+lemma ltI: "[| i:j;  Ord(j) |] ==> i<j"
+by (unfold lt_def, blast)
+
+lemma ltE:
+    "[| i<j;  [| i:j;  Ord(i);  Ord(j) |] ==> P |] ==> P"
+apply (unfold lt_def)
+apply (blast intro: Ord_in_Ord)
+done
+
+lemma ltD: "i<j ==> i:j"
+by (erule ltE, assumption)
+
+lemma not_lt0 [simp]: "~ i<0"
+by (unfold lt_def, blast)
+
+lemma lt_Ord: "j<i ==> Ord(j)"
+by (erule ltE, assumption)
+
+lemma lt_Ord2: "j<i ==> Ord(i)"
+by (erule ltE, assumption)
+
+(* "ja le j ==> Ord(j)" *)
+lemmas le_Ord2 = lt_Ord2 [THEN Ord_succD]
+
+(* i<0 ==> R *)
+lemmas lt0E = not_lt0 [THEN notE, elim!]
+
+lemma lt_trans: "[| i<j;  j<k |] ==> i<k"
+by (blast intro!: ltI elim!: ltE intro: Ord_trans)
+
+lemma lt_not_sym: "i<j ==> ~ (j<i)"
+apply (unfold lt_def)
+apply (blast elim: mem_asym)
+done
+
+(* [| i<j;  ~P ==> j<i |] ==> P *)
+lemmas lt_asym = lt_not_sym [THEN swap]
+
+lemma lt_irrefl [elim!]: "i<i ==> P"
+by (blast intro: lt_asym)
+
+lemma lt_not_refl: "~ i<i"
+apply (rule notI)
+apply (erule lt_irrefl)
+done
+
+
+(** le is less than or equals;  recall  i le j  abbrevs  i<succ(j) !! **)
+
+lemma le_iff: "i le j <-> i<j | (i=j & Ord(j))"
+by (unfold lt_def, blast)
+
+(*Equivalently, i<j ==> i < succ(j)*)
+lemma leI: "i<j ==> i le j"
+by (simp (no_asm_simp) add: le_iff)
+
+lemma le_eqI: "[| i=j;  Ord(j) |] ==> i le j"
+by (simp (no_asm_simp) add: le_iff)
+
+lemmas le_refl = refl [THEN le_eqI]
+
+lemma le_refl_iff [iff]: "i le i <-> Ord(i)"
+by (simp (no_asm_simp) add: lt_not_refl le_iff)
+
+lemma leCI: "(~ (i=j & Ord(j)) ==> i<j) ==> i le j"
+by (simp add: le_iff, blast)
+
+lemma leE:
+    "[| i le j;  i<j ==> P;  [| i=j;  Ord(j) |] ==> P |] ==> P"
+by (simp add: le_iff, blast)
+
+lemma le_anti_sym: "[| i le j;  j le i |] ==> i=j"
+apply (simp add: le_iff)
+apply (blast elim: lt_asym)
+done
+
+lemma le0_iff [simp]: "i le 0 <-> i=0"
+by (blast elim!: leE)
+
+lemmas le0D = le0_iff [THEN iffD1, dest!]
+
+(*** Natural Deduction rules for Memrel ***)
+
+(*The lemmas MemrelI/E give better speed than [iff] here*)
+lemma Memrel_iff [simp]: "<a,b> : Memrel(A) <-> a:b & a:A & b:A"
+by (unfold Memrel_def, blast)
+
+lemma MemrelI [intro!]: "[| a: b;  a: A;  b: A |] ==> <a,b> : Memrel(A)"
+by auto
+
+lemma MemrelE [elim!]:
+    "[| <a,b> : Memrel(A);   
+        [| a: A;  b: A;  a:b |]  ==> P |]  
+     ==> P"
+by auto
+
+lemma Memrel_type: "Memrel(A) <= A*A"
+by (unfold Memrel_def, blast)
+
+lemma Memrel_mono: "A<=B ==> Memrel(A) <= Memrel(B)"
+by (unfold Memrel_def, blast)
+
+lemma Memrel_0 [simp]: "Memrel(0) = 0"
+by (unfold Memrel_def, blast)
+
+lemma Memrel_1 [simp]: "Memrel(1) = 0"
+by (unfold Memrel_def, blast)
+
+(*The membership relation (as a set) is well-founded.
+  Proof idea: show A<=B by applying the foundation axiom to A-B *)
+lemma wf_Memrel: "wf(Memrel(A))"
+apply (unfold wf_def)
+apply (rule foundation [THEN disjE, THEN allI], erule disjI1, blast) 
+done
+
+(*Transset(i) does not suffice, though ALL j:i.Transset(j) does*)
+lemma trans_Memrel: 
+    "Ord(i) ==> trans(Memrel(i))"
+by (unfold Ord_def Transset_def trans_def, blast)
+
+(*If Transset(A) then Memrel(A) internalizes the membership relation below A*)
+lemma Transset_Memrel_iff: 
+    "Transset(A) ==> <a,b> : Memrel(A) <-> a:b & b:A"
+by (unfold Transset_def, blast)
+
+
+(*** Transfinite induction ***)
+
+(*Epsilon induction over a transitive set*)
+lemma Transset_induct: 
+    "[| i: k;  Transset(k);                           
+        !!x.[| x: k;  ALL y:x. P(y) |] ==> P(x) |]
+     ==>  P(i)"
+apply (simp add: Transset_def) 
+apply (erule wf_Memrel [THEN wf_induct2], blast)
+apply blast 
+done
+
+(*Induction over an ordinal*)
+lemmas Ord_induct = Transset_induct [OF _ Ord_is_Transset]
+
+(*Induction over the class of ordinals -- a useful corollary of Ord_induct*)
+
+lemma trans_induct:
+    "[| Ord(i);  
+        !!x.[| Ord(x);  ALL y:x. P(y) |] ==> P(x) |]
+     ==>  P(i)"
+apply (rule Ord_succ [THEN succI1 [THEN Ord_induct]], assumption)
+apply (blast intro: Ord_succ [THEN Ord_in_Ord]) 
+done
+
+
+(*** Fundamental properties of the epsilon ordering (< on ordinals) ***)
+
+
+(** Proving that < is a linear ordering on the ordinals **)
+
+lemma Ord_linear [rule_format]:
+     "Ord(i) ==> (ALL j. Ord(j) --> i:j | i=j | j:i)"
+apply (erule trans_induct)
+apply (rule impI [THEN allI])
+apply (erule_tac i=j in trans_induct) 
+apply (blast dest: Ord_trans) 
+done
+
+(*The trichotomy law for ordinals!*)
+lemma Ord_linear_lt:
+    "[| Ord(i);  Ord(j);  i<j ==> P;  i=j ==> P;  j<i ==> P |] ==> P"
+apply (simp add: lt_def) 
+apply (rule_tac i1=i and j1=j in Ord_linear [THEN disjE], blast+)
+done
+
+lemma Ord_linear2:
+    "[| Ord(i);  Ord(j);  i<j ==> P;  j le i ==> P |]  ==> P"
+apply (rule_tac i = "i" and j = "j" in Ord_linear_lt)
+apply (blast intro: leI le_eqI sym ) +
+done
+
+lemma Ord_linear_le:
+    "[| Ord(i);  Ord(j);  i le j ==> P;  j le i ==> P |]  ==> P"
+apply (rule_tac i = "i" and j = "j" in Ord_linear_lt)
+apply (blast intro: leI le_eqI ) +
+done
+
+lemma le_imp_not_lt: "j le i ==> ~ i<j"
+by (blast elim!: leE elim: lt_asym)
+
+lemma not_lt_imp_le: "[| ~ i<j;  Ord(i);  Ord(j) |] ==> j le i"
+by (rule_tac i = "i" and j = "j" in Ord_linear2, auto)
+
+(** Some rewrite rules for <, le **)
+
+lemma Ord_mem_iff_lt: "Ord(j) ==> i:j <-> i<j"
+by (unfold lt_def, blast)
+
+lemma not_lt_iff_le: "[| Ord(i);  Ord(j) |] ==> ~ i<j <-> j le i"
+by (blast dest: le_imp_not_lt not_lt_imp_le)
 
-defs
-  Memrel_def    "Memrel(A)   == {z: A*A . EX x y. z=<x,y> & x:y }"
-  Transset_def  "Transset(i) == ALL x:i. x<=i"
-  Ord_def       "Ord(i)      == Transset(i) & (ALL x:i. Transset(x))"
-  lt_def        "i<j         == i:j & Ord(j)"
-  Limit_def     "Limit(i)    == Ord(i) & 0<i & (ALL y. y<i --> succ(y)<i)"
+lemma not_le_iff_lt: "[| Ord(i);  Ord(j) |] ==> ~ i le j <-> j<i"
+by (simp (no_asm_simp) add: not_lt_iff_le [THEN iff_sym])
+
+(*This is identical to 0<succ(i) *)
+lemma Ord_0_le: "Ord(i) ==> 0 le i"
+by (erule not_lt_iff_le [THEN iffD1], auto)
+
+lemma Ord_0_lt: "[| Ord(i);  i~=0 |] ==> 0<i"
+apply (erule not_le_iff_lt [THEN iffD1])
+apply (rule Ord_0, blast)
+done
+
+lemma Ord_0_lt_iff: "Ord(i) ==> i~=0 <-> 0<i"
+by (blast intro: Ord_0_lt)
+
+
+(*** Results about less-than or equals ***)
+
+(** For ordinals, j<=i (subset) implies j le i (less-than or equals) **)
+
+lemma zero_le_succ_iff [iff]: "0 le succ(x) <-> Ord(x)"
+by (blast intro: Ord_0_le elim: ltE)
+
+lemma subset_imp_le: "[| j<=i;  Ord(i);  Ord(j) |] ==> j le i"
+apply (rule not_lt_iff_le [THEN iffD1], assumption)
+apply assumption
+apply (blast elim: ltE mem_irrefl)
+done
+
+lemma le_imp_subset: "i le j ==> i<=j"
+by (blast dest: OrdmemD elim: ltE leE)
+
+lemma le_subset_iff: "j le i <-> j<=i & Ord(i) & Ord(j)"
+by (blast dest: subset_imp_le le_imp_subset elim: ltE)
+
+lemma le_succ_iff: "i le succ(j) <-> i le j | i=succ(j) & Ord(i)"
+apply (simp (no_asm) add: le_iff)
+apply blast
+done
+
+(*Just a variant of subset_imp_le*)
+lemma all_lt_imp_le: "[| Ord(i);  Ord(j);  !!x. x<j ==> x<i |] ==> j le i"
+by (blast intro: not_lt_imp_le dest: lt_irrefl)
+
+(** Transitive laws **)
+
+lemma lt_trans1: "[| i le j;  j<k |] ==> i<k"
+by (blast elim!: leE intro: lt_trans)
+
+lemma lt_trans2: "[| i<j;  j le k |] ==> i<k"
+by (blast elim!: leE intro: lt_trans)
+
+lemma le_trans: "[| i le j;  j le k |] ==> i le k"
+by (blast intro: lt_trans1)
+
+lemma succ_leI: "i<j ==> succ(i) le j"
+apply (rule not_lt_iff_le [THEN iffD1]) 
+apply (blast elim: ltE leE lt_asym)+
+done
+
+(*Identical to  succ(i) < succ(j) ==> i<j  *)
+lemma succ_leE: "succ(i) le j ==> i<j"
+apply (rule not_le_iff_lt [THEN iffD1])
+apply (blast elim: ltE leE lt_asym)+
+done
+
+lemma succ_le_iff [iff]: "succ(i) le j <-> i<j"
+by (blast intro: succ_leI succ_leE)
+
+lemma succ_le_imp_le: "succ(i) le succ(j) ==> i le j"
+by (blast dest!: succ_leE)
+
+lemma lt_subset_trans: "[| i <= j;  j<k;  Ord(i) |] ==> i<k"
+apply (rule subset_imp_le [THEN lt_trans1]) 
+apply (blast intro: elim: ltE) +
+done
+
+(** Union and Intersection **)
+
+lemma Un_upper1_le: "[| Ord(i); Ord(j) |] ==> i le i Un j"
+by (rule Un_upper1 [THEN subset_imp_le], auto)
+
+lemma Un_upper2_le: "[| Ord(i); Ord(j) |] ==> j le i Un j"
+by (rule Un_upper2 [THEN subset_imp_le], auto)
+
+(*Replacing k by succ(k') yields the similar rule for le!*)
+lemma Un_least_lt: "[| i<k;  j<k |] ==> i Un j < k"
+apply (rule_tac i = "i" and j = "j" in Ord_linear_le)
+apply (auto simp add: Un_commute le_subset_iff subset_Un_iff lt_Ord) 
+done
+
+lemma Un_least_lt_iff: "[| Ord(i); Ord(j) |] ==> i Un j < k  <->  i<k & j<k"
+apply (safe intro!: Un_least_lt)
+apply (rule_tac [2] Un_upper2_le [THEN lt_trans1])
+apply (rule Un_upper1_le [THEN lt_trans1], auto) 
+done
+
+lemma Un_least_mem_iff:
+    "[| Ord(i); Ord(j); Ord(k) |] ==> i Un j : k  <->  i:k & j:k"
+apply (insert Un_least_lt_iff [of i j k]) 
+apply (simp add: lt_def)
+done
+
+(*Replacing k by succ(k') yields the similar rule for le!*)
+lemma Int_greatest_lt: "[| i<k;  j<k |] ==> i Int j < k"
+apply (rule_tac i = "i" and j = "j" in Ord_linear_le)
+apply (auto simp add: Int_commute le_subset_iff subset_Int_iff lt_Ord) 
+done
+
+(*FIXME: the Intersection duals are missing!*)
+
+(*** Results about limits ***)
+
+lemma Ord_Union: "[| !!i. i:A ==> Ord(i) |] ==> Ord(Union(A))"
+apply (rule Ord_is_Transset [THEN Transset_Union_family, THEN OrdI])
+apply (blast intro: Ord_contains_Transset)+
+done
+
+lemma Ord_UN: "[| !!x. x:A ==> Ord(B(x)) |] ==> Ord(UN x:A. B(x))"
+by (rule Ord_Union, blast)
+
+(* No < version; consider (UN i:nat.i)=nat *)
+lemma UN_least_le:
+    "[| Ord(i);  !!x. x:A ==> b(x) le i |] ==> (UN x:A. b(x)) le i"
+apply (rule le_imp_subset [THEN UN_least, THEN subset_imp_le])
+apply (blast intro: Ord_UN elim: ltE)+
+done
+
+lemma UN_succ_least_lt:
+    "[| j<i;  !!x. x:A ==> b(x)<j |] ==> (UN x:A. succ(b(x))) < i"
+apply (rule ltE, assumption)
+apply (rule UN_least_le [THEN lt_trans2])
+apply (blast intro: succ_leI)+
+done
+
+lemma UN_upper_le:
+     "[| a: A;  i le b(a);  Ord(UN x:A. b(x)) |] ==> i le (UN x:A. b(x))"
+apply (frule ltD)
+apply (rule le_imp_subset [THEN subset_trans, THEN subset_imp_le])
+apply (blast intro: lt_Ord UN_upper)+
+done
+
+lemma le_implies_UN_le_UN:
+    "[| !!x. x:A ==> c(x) le d(x) |] ==> (UN x:A. c(x)) le (UN x:A. d(x))"
+apply (rule UN_least_le)
+apply (rule_tac [2] UN_upper_le)
+apply (blast intro: Ord_UN le_Ord2)+ 
+done
+
+lemma Ord_equality: "Ord(i) ==> (UN y:i. succ(y)) = i"
+by (blast intro: Ord_trans)
+
+(*Holds for all transitive sets, not just ordinals*)
+lemma Ord_Union_subset: "Ord(i) ==> Union(i) <= i"
+by (blast intro: Ord_trans)
+
+
+(*** Limit ordinals -- general properties ***)
+
+lemma Limit_Union_eq: "Limit(i) ==> Union(i) = i"
+apply (unfold Limit_def)
+apply (fast intro!: ltI elim!: ltE elim: Ord_trans)
+done
+
+lemma Limit_is_Ord: "Limit(i) ==> Ord(i)"
+apply (unfold Limit_def)
+apply (erule conjunct1)
+done
+
+lemma Limit_has_0: "Limit(i) ==> 0 < i"
+apply (unfold Limit_def)
+apply (erule conjunct2 [THEN conjunct1])
+done
+
+lemma Limit_has_succ: "[| Limit(i);  j<i |] ==> succ(j) < i"
+by (unfold Limit_def, blast)
+
+lemma non_succ_LimitI: 
+    "[| 0<i;  ALL y. succ(y) ~= i |] ==> Limit(i)"
+apply (unfold Limit_def)
+apply (safe del: subsetI)
+apply (rule_tac [2] not_le_iff_lt [THEN iffD1])
+apply (simp_all add: lt_Ord lt_Ord2) 
+apply (blast elim: leE lt_asym)
+done
+
+lemma succ_LimitE [elim!]: "Limit(succ(i)) ==> P"
+apply (rule lt_irrefl)
+apply (rule Limit_has_succ, assumption)
+apply (erule Limit_is_Ord [THEN Ord_succD, THEN le_refl])
+done
+
+lemma not_succ_Limit [simp]: "~ Limit(succ(i))"
+by blast
+
+lemma Limit_le_succD: "[| Limit(i);  i le succ(j) |] ==> i le j"
+by (blast elim!: leE)
+
+(** Traditional 3-way case analysis on ordinals **)
+
+lemma Ord_cases_disj: "Ord(i) ==> i=0 | (EX j. Ord(j) & i=succ(j)) | Limit(i)"
+by (blast intro!: non_succ_LimitI Ord_0_lt)
+
+lemma Ord_cases:
+    "[| Ord(i);                  
+        i=0                          ==> P;      
+        !!j. [| Ord(j); i=succ(j) |] ==> P;      
+        Limit(i)                     ==> P       
+     |] ==> P"
+by (drule Ord_cases_disj, blast)  
+
+lemma trans_induct3:
+     "[| Ord(i);                 
+         P(0);                   
+         !!x. [| Ord(x);  P(x) |] ==> P(succ(x));        
+         !!x. [| Limit(x);  ALL y:x. P(y) |] ==> P(x)    
+      |] ==> P(i)"
+apply (erule trans_induct)
+apply (erule Ord_cases, blast+)
+done
+
+ML 
+{*
+val Memrel_def = thm "Memrel_def";
+val Transset_def = thm "Transset_def";
+val Ord_def = thm "Ord_def";
+val lt_def = thm "lt_def";
+val Limit_def = thm "Limit_def";
+
+val Transset_iff_Pow = thm "Transset_iff_Pow";
+val Transset_iff_Union_succ = thm "Transset_iff_Union_succ";
+val Transset_iff_Union_subset = thm "Transset_iff_Union_subset";
+val Transset_doubleton_D = thm "Transset_doubleton_D";
+val Transset_Pair_D = thm "Transset_Pair_D";
+val Transset_includes_domain = thm "Transset_includes_domain";
+val Transset_includes_range = thm "Transset_includes_range";
+val Transset_0 = thm "Transset_0";
+val Transset_Un = thm "Transset_Un";
+val Transset_Int = thm "Transset_Int";
+val Transset_succ = thm "Transset_succ";
+val Transset_Pow = thm "Transset_Pow";
+val Transset_Union = thm "Transset_Union";
+val Transset_Union_family = thm "Transset_Union_family";
+val Transset_Inter_family = thm "Transset_Inter_family";
+val OrdI = thm "OrdI";
+val Ord_is_Transset = thm "Ord_is_Transset";
+val Ord_contains_Transset = thm "Ord_contains_Transset";
+val Ord_in_Ord = thm "Ord_in_Ord";
+val Ord_succD = thm "Ord_succD";
+val Ord_subset_Ord = thm "Ord_subset_Ord";
+val OrdmemD = thm "OrdmemD";
+val Ord_trans = thm "Ord_trans";
+val Ord_succ_subsetI = thm "Ord_succ_subsetI";
+val Ord_0 = thm "Ord_0";
+val Ord_succ = thm "Ord_succ";
+val Ord_1 = thm "Ord_1";
+val Ord_succ_iff = thm "Ord_succ_iff";
+val Ord_Un = thm "Ord_Un";
+val Ord_Int = thm "Ord_Int";
+val Ord_Inter = thm "Ord_Inter";
+val Ord_INT = thm "Ord_INT";
+val ON_class = thm "ON_class";
+val ltI = thm "ltI";
+val ltE = thm "ltE";
+val ltD = thm "ltD";
+val not_lt0 = thm "not_lt0";
+val lt_Ord = thm "lt_Ord";
+val lt_Ord2 = thm "lt_Ord2";
+val le_Ord2 = thm "le_Ord2";
+val lt0E = thm "lt0E";
+val lt_trans = thm "lt_trans";
+val lt_not_sym = thm "lt_not_sym";
+val lt_asym = thm "lt_asym";
+val lt_irrefl = thm "lt_irrefl";
+val lt_not_refl = thm "lt_not_refl";
+val le_iff = thm "le_iff";
+val leI = thm "leI";
+val le_eqI = thm "le_eqI";
+val le_refl = thm "le_refl";
+val le_refl_iff = thm "le_refl_iff";
+val leCI = thm "leCI";
+val leE = thm "leE";
+val le_anti_sym = thm "le_anti_sym";
+val le0_iff = thm "le0_iff";
+val le0D = thm "le0D";
+val Memrel_iff = thm "Memrel_iff";
+val MemrelI = thm "MemrelI";
+val MemrelE = thm "MemrelE";
+val Memrel_type = thm "Memrel_type";
+val Memrel_mono = thm "Memrel_mono";
+val Memrel_0 = thm "Memrel_0";
+val Memrel_1 = thm "Memrel_1";
+val wf_Memrel = thm "wf_Memrel";
+val trans_Memrel = thm "trans_Memrel";
+val Transset_Memrel_iff = thm "Transset_Memrel_iff";
+val Transset_induct = thm "Transset_induct";
+val Ord_induct = thm "Ord_induct";
+val trans_induct = thm "trans_induct";
+val Ord_linear = thm "Ord_linear";
+val Ord_linear_lt = thm "Ord_linear_lt";
+val Ord_linear2 = thm "Ord_linear2";
+val Ord_linear_le = thm "Ord_linear_le";
+val le_imp_not_lt = thm "le_imp_not_lt";
+val not_lt_imp_le = thm "not_lt_imp_le";
+val Ord_mem_iff_lt = thm "Ord_mem_iff_lt";
+val not_lt_iff_le = thm "not_lt_iff_le";
+val not_le_iff_lt = thm "not_le_iff_lt";
+val Ord_0_le = thm "Ord_0_le";
+val Ord_0_lt = thm "Ord_0_lt";
+val Ord_0_lt_iff = thm "Ord_0_lt_iff";
+val zero_le_succ_iff = thm "zero_le_succ_iff";
+val subset_imp_le = thm "subset_imp_le";
+val le_imp_subset = thm "le_imp_subset";
+val le_subset_iff = thm "le_subset_iff";
+val le_succ_iff = thm "le_succ_iff";
+val all_lt_imp_le = thm "all_lt_imp_le";
+val lt_trans1 = thm "lt_trans1";
+val lt_trans2 = thm "lt_trans2";
+val le_trans = thm "le_trans";
+val succ_leI = thm "succ_leI";
+val succ_leE = thm "succ_leE";
+val succ_le_iff = thm "succ_le_iff";
+val succ_le_imp_le = thm "succ_le_imp_le";
+val lt_subset_trans = thm "lt_subset_trans";
+val Un_upper1_le = thm "Un_upper1_le";
+val Un_upper2_le = thm "Un_upper2_le";
+val Un_least_lt = thm "Un_least_lt";
+val Un_least_lt_iff = thm "Un_least_lt_iff";
+val Un_least_mem_iff = thm "Un_least_mem_iff";
+val Int_greatest_lt = thm "Int_greatest_lt";
+val Ord_Union = thm "Ord_Union";
+val Ord_UN = thm "Ord_UN";
+val UN_least_le = thm "UN_least_le";
+val UN_succ_least_lt = thm "UN_succ_least_lt";
+val UN_upper_le = thm "UN_upper_le";
+val le_implies_UN_le_UN = thm "le_implies_UN_le_UN";
+val Ord_equality = thm "Ord_equality";
+val Ord_Union_subset = thm "Ord_Union_subset";
+val Limit_Union_eq = thm "Limit_Union_eq";
+val Limit_is_Ord = thm "Limit_is_Ord";
+val Limit_has_0 = thm "Limit_has_0";
+val Limit_has_succ = thm "Limit_has_succ";
+val non_succ_LimitI = thm "non_succ_LimitI";
+val succ_LimitE = thm "succ_LimitE";
+val not_succ_Limit = thm "not_succ_Limit";
+val Limit_le_succD = thm "Limit_le_succD";
+val Ord_cases_disj = thm "Ord_cases_disj";
+val Ord_cases = thm "Ord_cases";
+val trans_induct3 = thm "trans_induct3";
+*}
 
 end
diff -r f1097ea60ba4 -r dcbf6cb95534 src/ZF/arith_data.ML
--- a/src/ZF/arith_data.ML	Wed May 15 13:50:38 2002 +0200
+++ b/src/ZF/arith_data.ML	Thu May 16 09:16:22 2002 +0200
@@ -175,8 +175,8 @@
   struct
   open CancelNumeralsCommon
   val prove_conv = prove_conv "natless_cancel_numerals"
-  val mk_bal   = FOLogic.mk_binrel "Ordinal.op <"
-  val dest_bal = FOLogic.dest_bin "Ordinal.op <" iT
+  val mk_bal   = FOLogic.mk_binrel "Ordinal.lt"
+  val dest_bal = FOLogic.dest_bin "Ordinal.lt" iT
   val bal_add1 = less_add_iff RS iff_trans
   val bal_add2 = less_add_iff RS iff_trans
   val trans_tac = gen_trans_tac iff_trans