wneuper/isa: src/ZF/Constructible/DPow_absolute.thy@52a419210d5c (annotated)

paulson@13503	1	(* Title: ZF/Constructible/DPow_absolute.thy
paulson@13503	2	ID: $Id$
paulson@13503	3	Author: Lawrence C Paulson, Cambridge University Computer Laboratory
paulson@13503	4	Copyright 2002 University of Cambridge
paulson@13503	5	*)
paulson@13503	6
paulson@13503	7	header {Absoluteness for the Definable Powerset Function}
paulson@13503	8
paulson@13503	9
paulson@13503	10	theory DPow_absolute = Satisfies_absolute:
paulson@13503	11
paulson@13503	12
paulson@13503	13	subsection{Preliminary Internalizations}
paulson@13503	14
paulson@13503	15	subsubsection{The Operator @{term is_formula_rec}}
paulson@13503	16
paulson@13503	17	text{*The three arguments of @{term p} are always 2, 1, 0. It is buried
paulson@13503	18	within 11 quantifiers!!*}
paulson@13503	19
paulson@13503	20	(* is_formula_rec :: "[i=>o, [i,i,i]=>o, i, i] => o"
paulson@13503	21	"is_formula_rec(M,MH,p,z) ==
paulson@13503	22	\<exists>dp[M]. \<exists>i[M]. \<exists>f[M]. finite_ordinal(M,dp) & is_depth(M,p,dp) &
paulson@13503	23	2 1 0
paulson@13503	24	successor(M,dp,i) & fun_apply(M,f,p,z) & is_transrec(M,MH,i,f)"
paulson@13503	25	*)
paulson@13503	26
paulson@13503	27	constdefs formula_rec_fm :: "[i, i, i]=>i"
paulson@13503	28	"formula_rec_fm(mh,p,z) ==
paulson@13503	29	Exists(Exists(Exists(
paulson@13503	30	And(finite_ordinal_fm(2),
paulson@13503	31	And(depth_fm(p#+3,2),
paulson@13503	32	And(succ_fm(2,1),
paulson@13503	33	And(fun_apply_fm(0,p#+3,z#+3), is_transrec_fm(mh,1,0))))))))"
paulson@13503	34
paulson@13503	35	lemma is_formula_rec_type [TC]:
paulson@13503	36	"[\| p \<in> formula; x \<in> nat; z \<in> nat \|]
paulson@13503	37	==> formula_rec_fm(p,x,z) \<in> formula"
paulson@13503	38	by (simp add: formula_rec_fm_def)
paulson@13503	39
paulson@13503	40	lemma sats_formula_rec_fm:
paulson@13503	41	assumes MH_iff_sats:
paulson@13503	42	"!!a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 a10.
paulson@13503	43	[\|a0\<in>A; a1\<in>A; a2\<in>A; a3\<in>A; a4\<in>A; a5\<in>A; a6\<in>A; a7\<in>A; a8\<in>A; a9\<in>A; a10\<in>A\|]
paulson@13503	44	==> MH(a2, a1, a0) <->
paulson@13503	45	sats(A, p, Cons(a0,Cons(a1,Cons(a2,Cons(a3,
paulson@13503	46	Cons(a4,Cons(a5,Cons(a6,Cons(a7,
paulson@13503	47	Cons(a8,Cons(a9,Cons(a10,env))))))))))))"
paulson@13503	48	shows
paulson@13503	49	"[\|x \<in> nat; z \<in> nat; env \<in> list(A)\|]
paulson@13503	50	==> sats(A, formula_rec_fm(p,x,z), env) <->
paulson@13503	51	is_formula_rec(**A, MH, nth(x,env), nth(z,env))"
paulson@13503	52	by (simp add: formula_rec_fm_def sats_is_transrec_fm is_formula_rec_def
paulson@13503	53	MH_iff_sats [THEN iff_sym])
paulson@13503	54
paulson@13503	55	lemma formula_rec_iff_sats:
paulson@13503	56	assumes MH_iff_sats:
paulson@13503	57	"!!a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 a10.
paulson@13503	58	[\|a0\<in>A; a1\<in>A; a2\<in>A; a3\<in>A; a4\<in>A; a5\<in>A; a6\<in>A; a7\<in>A; a8\<in>A; a9\<in>A; a10\<in>A\|]
paulson@13503	59	==> MH(a2, a1, a0) <->
paulson@13503	60	sats(A, p, Cons(a0,Cons(a1,Cons(a2,Cons(a3,
paulson@13503	61	Cons(a4,Cons(a5,Cons(a6,Cons(a7,
paulson@13503	62	Cons(a8,Cons(a9,Cons(a10,env))))))))))))"
paulson@13503	63	shows
paulson@13503	64	"[\|nth(i,env) = x; nth(k,env) = z;
paulson@13503	65	i \<in> nat; k \<in> nat; env \<in> list(A)\|]
paulson@13503	66	==> is_formula_rec(**A, MH, x, z) <-> sats(A, formula_rec_fm(p,i,k), env)"
paulson@13503	67	by (simp add: sats_formula_rec_fm [OF MH_iff_sats])
paulson@13503	68
paulson@13503	69	theorem formula_rec_reflection:
paulson@13503	70	assumes MH_reflection:
paulson@13503	71	"!!f' f g h. REFLECTS[\<lambda>x. MH(L, f'(x), f(x), g(x), h(x)),
paulson@13503	72	\<lambda>i x. MH(**Lset(i), f'(x), f(x), g(x), h(x))]"
paulson@13503	73	shows "REFLECTS[\<lambda>x. is_formula_rec(L, MH(L,x), f(x), h(x)),
paulson@13503	74	\<lambda>i x. is_formula_rec(Lset(i), MH(Lset(i),x), f(x), h(x))]"
paulson@13503	75	apply (simp (no_asm_use) only: is_formula_rec_def setclass_simps)
paulson@13503	76	apply (intro FOL_reflections function_reflections fun_plus_reflections
paulson@13503	77	depth_reflection is_transrec_reflection MH_reflection)
paulson@13503	78	done
paulson@13503	79
paulson@13503	80
paulson@13503	81	subsubsection{The Operator @{term is_satisfies}}
paulson@13503	82
paulson@13503	83	(* is_satisfies(M,A,p,z) == is_formula_rec (M, satisfies_MH(M,A), p, z) *)
paulson@13503	84	constdefs satisfies_fm :: "[i,i,i]=>i"
paulson@13503	85	"satisfies_fm(x) == formula_rec_fm (satisfies_MH_fm(x#+5#+6, 2, 1, 0))"
paulson@13503	86
paulson@13503	87	lemma is_satisfies_type [TC]:
paulson@13503	88	"[\| x \<in> nat; y \<in> nat; z \<in> nat \|] ==> satisfies_fm(x,y,z) \<in> formula"
paulson@13503	89	by (simp add: satisfies_fm_def)
paulson@13503	90
paulson@13503	91	lemma sats_satisfies_fm [simp]:
paulson@13503	92	"[\| x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)\|]
paulson@13503	93	==> sats(A, satisfies_fm(x,y,z), env) <->
paulson@13503	94	is_satisfies(**A, nth(x,env), nth(y,env), nth(z,env))"
paulson@13503	95	by (simp add: satisfies_fm_def is_satisfies_def sats_satisfies_MH_fm
paulson@13503	96	sats_formula_rec_fm)
paulson@13503	97
paulson@13503	98	lemma satisfies_iff_sats:
paulson@13503	99	"[\| nth(i,env) = x; nth(j,env) = y; nth(k,env) = z;
paulson@13503	100	i \<in> nat; j \<in> nat; k \<in> nat; env \<in> list(A)\|]
paulson@13503	101	==> is_satisfies(**A, x, y, z) <-> sats(A, satisfies_fm(i,j,k), env)"
paulson@13503	102	by (simp add: sats_satisfies_fm)
paulson@13503	103
paulson@13503	104	theorem satisfies_reflection:
paulson@13503	105	"REFLECTS[\<lambda>x. is_satisfies(L,f(x),g(x),h(x)),
paulson@13503	106	\<lambda>i x. is_satisfies(**Lset(i),f(x),g(x),h(x))]"
paulson@13503	107	apply (simp only: is_satisfies_def setclass_simps)
paulson@13503	108	apply (intro formula_rec_reflection satisfies_MH_reflection)
paulson@13503	109	done
paulson@13503	110
paulson@13503	111
paulson@13503	112	subsection {Relativization of the Operator @{term DPow'}}
paulson@13503	113
paulson@13503	114	lemma DPow'_eq:
paulson@13503	115	"DPow'(A) = Replace(list(A) * formula,
paulson@13503	116	%ep z. \<exists>env \<in> list(A). \<exists>p \<in> formula.
paulson@13503	117	ep = <env,p> & z = {x\<in>A. sats(A, p, Cons(x,env))})"
paulson@13503	118	apply (simp add: DPow'_def, blast)
paulson@13503	119	done
paulson@13503	120
paulson@13503	121
paulson@13503	122	constdefs
paulson@13503	123	is_DPow_body :: "[i=>o,i,i,i,i] => o"
paulson@13503	124	"is_DPow_body(M,A,env,p,x) ==
paulson@13503	125	\<forall>n1[M]. \<forall>e[M]. \<forall>sp[M].
paulson@13503	126	is_satisfies(M,A,p,sp) --> is_Cons(M,x,env,e) -->
paulson@13503	127	fun_apply(M, sp, e, n1) --> number1(M, n1)"
paulson@13503	128
paulson@13503	129	lemma (in M_satisfies) DPow_body_abs:
paulson@13503	130	"[\| M(A); env \<in> list(A); p \<in> formula; M(x) \|]
paulson@13503	131	==> is_DPow_body(M,A,env,p,x) <-> sats(A, p, Cons(x,env))"
paulson@13503	132	apply (subgoal_tac "M(env)")
paulson@13503	133	apply (simp add: is_DPow_body_def satisfies_closed satisfies_abs)
paulson@13503	134	apply (blast dest: transM)
paulson@13503	135	done
paulson@13503	136
paulson@13503	137	lemma (in M_satisfies) Collect_DPow_body_abs:
paulson@13503	138	"[\| M(A); env \<in> list(A); p \<in> formula \|]
paulson@13503	139	==> Collect(A, is_DPow_body(M,A,env,p)) =
paulson@13503	140	{x \<in> A. sats(A, p, Cons(x,env))}"
paulson@13503	141	by (simp add: DPow_body_abs transM [of _ A])
paulson@13503	142
paulson@13503	143
paulson@13503	144	subsubsection{The Operator @{term is_DPow_body}, Internalized}
paulson@13503	145
paulson@13503	146	(* is_DPow_body(M,A,env,p,x) ==
paulson@13503	147	\<forall>n1[M]. \<forall>e[M]. \<forall>sp[M].
paulson@13503	148	is_satisfies(M,A,p,sp) --> is_Cons(M,x,env,e) -->
paulson@13503	149	fun_apply(M, sp, e, n1) --> number1(M, n1) *)
paulson@13503	150
paulson@13503	151	constdefs DPow_body_fm :: "[i,i,i,i]=>i"
paulson@13503	152	"DPow_body_fm(A,env,p,x) ==
paulson@13503	153	Forall(Forall(Forall(
paulson@13503	154	Implies(satisfies_fm(A#+3,p#+3,0),
paulson@13503	155	Implies(Cons_fm(x#+3,env#+3,1),
paulson@13503	156	Implies(fun_apply_fm(0,1,2), number1_fm(2)))))))"
paulson@13503	157
paulson@13503	158	lemma is_DPow_body_type [TC]:
paulson@13503	159	"[\| A \<in> nat; x \<in> nat; y \<in> nat; z \<in> nat \|]
paulson@13503	160	==> DPow_body_fm(A,x,y,z) \<in> formula"
paulson@13503	161	by (simp add: DPow_body_fm_def)
paulson@13503	162
paulson@13503	163	lemma sats_DPow_body_fm [simp]:
paulson@13503	164	"[\| u \<in> nat; x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)\|]
paulson@13503	165	==> sats(A, DPow_body_fm(u,x,y,z), env) <->
paulson@13503	166	is_DPow_body(**A, nth(u,env), nth(x,env), nth(y,env), nth(z,env))"
paulson@13503	167	by (simp add: DPow_body_fm_def is_DPow_body_def)
paulson@13503	168
paulson@13503	169	lemma DPow_body_iff_sats:
paulson@13503	170	"[\| nth(u,env) = nu; nth(x,env) = nx; nth(y,env) = ny; nth(z,env) = nz;
paulson@13503	171	u \<in> nat; x \<in> nat; y \<in> nat; z \<in> nat; env \<in> list(A)\|]
paulson@13503	172	==> is_DPow_body(**A,nu,nx,ny,nz) <->
paulson@13503	173	sats(A, DPow_body_fm(u,x,y,z), env)"
paulson@13503	174	by simp
paulson@13503	175
paulson@13503	176	theorem DPow_body_reflection:
paulson@13503	177	"REFLECTS[\<lambda>x. is_DPow_body(L,f(x),g(x),h(x),g'(x)),
paulson@13503	178	\<lambda>i x. is_DPow_body(**Lset(i),f(x),g(x),h(x),g'(x))]"
paulson@13503	179	apply (unfold is_DPow_body_def)
paulson@13503	180	apply (intro FOL_reflections function_reflections extra_reflections
paulson@13503	181	satisfies_reflection)
paulson@13503	182	done
paulson@13503	183
paulson@13503	184
paulson@13503	185	subsection{Additional Constraints on the Class Model @{term M}}
paulson@13503	186
paulson@13503	187	locale M_DPow = M_satisfies +
paulson@13503	188	assumes sep:
paulson@13503	189	"[\| M(A); env \<in> list(A); p \<in> formula \|]
paulson@13503	190	==> separation(M, \<lambda>x. is_DPow_body(M,A,env,p,x))"
paulson@13503	191	and rep:
paulson@13503	192	"M(A)
paulson@13503	193	==> strong_replacement (M,
paulson@13503	194	\<lambda>ep z. \<exists>env[M]. \<exists>p[M]. mem_formula(M,p) & mem_list(M,A,env) &
paulson@13503	195	pair(M,env,p,ep) &
paulson@13503	196	is_Collect(M, A, \<lambda>x. is_DPow_body(M,A,env,p,x), z))"
paulson@13503	197
paulson@13503	198	lemma (in M_DPow) sep':
paulson@13503	199	"[\| M(A); env \<in> list(A); p \<in> formula \|]
paulson@13503	200	==> separation(M, \<lambda>x. sats(A, p, Cons(x,env)))"
paulson@13503	201	by (insert sep [of A env p], simp add: DPow_body_abs)
paulson@13503	202
paulson@13503	203	lemma (in M_DPow) rep':
paulson@13503	204	"M(A)
paulson@13503	205	==> strong_replacement (M,
paulson@13503	206	\<lambda>ep z. \<exists>env\<in>list(A). \<exists>p\<in>formula.
paulson@13504	207	ep = <env,p> & z = {x \<in> A . sats(A, p, Cons(x, env))})"
paulson@13503	208	by (insert rep [of A], simp add: Collect_DPow_body_abs)
paulson@13503	209
paulson@13503	210
paulson@13503	211	lemma univalent_pair_eq:
paulson@13503	212	"univalent (M, A, \<lambda>xy z. \<exists>x\<in>B. \<exists>y\<in>C. xy = \<langle>x,y\<rangle> \<and> z = f(x,y))"
paulson@13503	213	by (simp add: univalent_def, blast)
paulson@13503	214
paulson@13503	215	lemma (in M_DPow) DPow'_closed: "M(A) ==> M(DPow'(A))"
paulson@13503	216	apply (simp add: DPow'_eq)
paulson@13503	217	apply (fast intro: rep' sep' univalent_pair_eq)
paulson@13503	218	done
paulson@13503	219
paulson@13503	220	text{Relativization of the Operator @{term DPow'}}
paulson@13503	221	constdefs
paulson@13503	222	is_DPow' :: "[i=>o,i,i] => o"
paulson@13503	223	"is_DPow'(M,A,Z) ==
paulson@13503	224	\<forall>X[M]. X \<in> Z <->
paulson@13503	225	subset(M,X,A) &
paulson@13503	226	(\<exists>env[M]. \<exists>p[M]. mem_formula(M,p) & mem_list(M,A,env) &
paulson@13503	227	is_Collect(M, A, is_DPow_body(M,A,env,p), X))"
paulson@13503	228
paulson@13503	229	lemma (in M_DPow) DPow'_abs:
paulson@13503	230	"[\|M(A); M(Z)\|] ==> is_DPow'(M,A,Z) <-> Z = DPow'(A)"
paulson@13503	231	apply (rule iffI)
paulson@13503	232	prefer 2 apply (simp add: is_DPow'_def DPow'_def Collect_DPow_body_abs)
paulson@13503	233	apply (rule M_equalityI)
paulson@13503	234	apply (simp add: is_DPow'_def DPow'_def Collect_DPow_body_abs, assumption)
paulson@13503	235	apply (erule DPow'_closed)
paulson@13503	236	done
paulson@13503	237
paulson@13503	238
paulson@13503	239	subsection{Instantiating the Locale @{text M_DPow}}
paulson@13503	240
paulson@13503	241	subsubsection{The Instance of Separation}
paulson@13503	242
paulson@13503	243	lemma DPow_separation:
paulson@13503	244	"[\| L(A); env \<in> list(A); p \<in> formula \|]
paulson@13503	245	==> separation(L, \<lambda>x. is_DPow_body(L,A,env,p,x))"
paulson@13566	246	apply (rule gen_separation [OF DPow_body_reflection, of "{A,env,p}"],
paulson@13566	247	blast intro: transL)
paulson@13566	248	apply (drule mem_Lset_imp_subset_Lset, clarsimp)
paulson@13503	249	apply (rule DPow_LsetI)
paulson@13503	250	apply (rule_tac env = "[x,A,env,p]" in DPow_body_iff_sats)
paulson@13503	251	apply (rule sep_rules \| simp)+
paulson@13503	252	done
paulson@13503	253
paulson@13503	254
paulson@13503	255
paulson@13503	256	subsubsection{The Instance of Replacement}
paulson@13503	257
paulson@13503	258	lemma DPow_replacement_Reflects:
paulson@13503	259	"REFLECTS [\<lambda>x. \<exists>u[L]. u \<in> B &
paulson@13503	260	(\<exists>env[L]. \<exists>p[L].
paulson@13503	261	mem_formula(L,p) & mem_list(L,A,env) & pair(L,env,p,u) &
paulson@13503	262	is_Collect (L, A, is_DPow_body(L,A,env,p), x)),
paulson@13503	263	\<lambda>i x. \<exists>u \<in> Lset(i). u \<in> B &
paulson@13503	264	(\<exists>env \<in> Lset(i). \<exists>p \<in> Lset(i).
paulson@13503	265	mem_formula(Lset(i),p) & mem_list(Lset(i),A,env) &
paulson@13503	266	pair(**Lset(i),env,p,u) &
paulson@13503	267	is_Collect (Lset(i), A, is_DPow_body(Lset(i),A,env,p), x))]"
paulson@13503	268	apply (unfold is_Collect_def)
paulson@13503	269	apply (intro FOL_reflections function_reflections mem_formula_reflection
paulson@13503	270	mem_list_reflection DPow_body_reflection)
paulson@13503	271	done
paulson@13503	272
paulson@13503	273	lemma DPow_replacement:
paulson@13503	274	"L(A)
paulson@13503	275	==> strong_replacement (L,
paulson@13503	276	\<lambda>ep z. \<exists>env[L]. \<exists>p[L]. mem_formula(L,p) & mem_list(L,A,env) &
paulson@13503	277	pair(L,env,p,ep) &
paulson@13503	278	is_Collect(L, A, \<lambda>x. is_DPow_body(L,A,env,p,x), z))"
paulson@13503	279	apply (rule strong_replacementI)
paulson@13503	280	apply (rename_tac B)
paulson@13566	281	apply (rule_tac u="{A,B}" in gen_separation [OF DPow_replacement_Reflects],
paulson@13566	282	simp)
paulson@13566	283	apply (drule mem_Lset_imp_subset_Lset, clarsimp)
paulson@13566	284	apply (unfold is_Collect_def)
paulson@13503	285	apply (rule DPow_LsetI)
paulson@13503	286	apply (rule bex_iff_sats conj_iff_sats)+
paulson@13566	287	apply (rule_tac env = "[u,x,A,B]" in mem_iff_sats)
paulson@13503	288	apply (rule sep_rules mem_formula_iff_sats mem_list_iff_sats
paulson@13503	289	DPow_body_iff_sats \| simp)+
paulson@13503	290	done
paulson@13503	291
paulson@13503	292
paulson@13503	293	subsubsection{Actually Instantiating the Locale}
paulson@13503	294
paulson@13503	295	lemma M_DPow_axioms_L: "M_DPow_axioms(L)"
paulson@13503	296	apply (rule M_DPow_axioms.intro)
paulson@13503	297	apply (assumption \| rule DPow_separation DPow_replacement)+
paulson@13503	298	done
paulson@13503	299
paulson@13503	300	theorem M_DPow_L: "PROP M_DPow(L)"
paulson@13503	301	apply (rule M_DPow.intro)
paulson@13503	302	apply (rule M_satisfies.axioms [OF M_satisfies_L])+
paulson@13503	303	apply (rule M_DPow_axioms_L)
paulson@13503	304	done
paulson@13503	305
paulson@13503	306	lemmas DPow'_closed [intro, simp] = M_DPow.DPow'_closed [OF M_DPow_L]
paulson@13503	307	and DPow'_abs [intro, simp] = M_DPow.DPow'_abs [OF M_DPow_L]
paulson@13503	308
paulson@13505	309
paulson@13505	310	subsubsection{The Operator @{term is_Collect}}
paulson@13505	311
paulson@13505	312	text{*The formula @{term is_P} has one free variable, 0, and it is
paulson@13505	313	enclosed within a single quantifier.*}
paulson@13505	314
paulson@13505	315	(* is_Collect :: "[i=>o,i,i=>o,i] => o"
paulson@13505	316	"is_Collect(M,A,P,z) == \<forall>x[M]. x \<in> z <-> x \<in> A & P(x)" *)
paulson@13505	317
paulson@13505	318	constdefs Collect_fm :: "[i, i, i]=>i"
paulson@13505	319	"Collect_fm(A,is_P,z) ==
paulson@13505	320	Forall(Iff(Member(0,succ(z)),
paulson@13505	321	And(Member(0,succ(A)), is_P)))"
paulson@13505	322
paulson@13505	323	lemma is_Collect_type [TC]:
paulson@13505	324	"[\| is_P \<in> formula; x \<in> nat; y \<in> nat \|]
paulson@13505	325	==> Collect_fm(x,is_P,y) \<in> formula"
paulson@13505	326	by (simp add: Collect_fm_def)
paulson@13505	327
paulson@13505	328	lemma sats_Collect_fm:
paulson@13505	329	assumes is_P_iff_sats:
paulson@13505	330	"!!a. a \<in> A ==> is_P(a) <-> sats(A, p, Cons(a, env))"
paulson@13505	331	shows
paulson@13505	332	"[\|x \<in> nat; y \<in> nat; env \<in> list(A)\|]
paulson@13505	333	==> sats(A, Collect_fm(x,p,y), env) <->
paulson@13505	334	is_Collect(**A, nth(x,env), is_P, nth(y,env))"
paulson@13505	335	by (simp add: Collect_fm_def is_Collect_def is_P_iff_sats [THEN iff_sym])
paulson@13505	336
paulson@13505	337	lemma Collect_iff_sats:
paulson@13505	338	assumes is_P_iff_sats:
paulson@13505	339	"!!a. a \<in> A ==> is_P(a) <-> sats(A, p, Cons(a, env))"
paulson@13505	340	shows
paulson@13505	341	"[\| nth(i,env) = x; nth(j,env) = y;
paulson@13505	342	i \<in> nat; j \<in> nat; env \<in> list(A)\|]
paulson@13505	343	==> is_Collect(**A, x, is_P, y) <-> sats(A, Collect_fm(i,p,j), env)"
paulson@13505	344	by (simp add: sats_Collect_fm [OF is_P_iff_sats])
paulson@13505	345
paulson@13505	346
paulson@13505	347	text{*The second argument of @{term is_P} gives it direct access to @{term x},
paulson@13505	348	which is essential for handling free variable references.*}
paulson@13505	349	theorem Collect_reflection:
paulson@13505	350	assumes is_P_reflection:
paulson@13505	351	"!!h f g. REFLECTS[\<lambda>x. is_P(L, f(x), g(x)),
paulson@13505	352	\<lambda>i x. is_P(**Lset(i), f(x), g(x))]"
paulson@13505	353	shows "REFLECTS[\<lambda>x. is_Collect(L, f(x), is_P(L,x), g(x)),
paulson@13505	354	\<lambda>i x. is_Collect(Lset(i), f(x), is_P(Lset(i), x), g(x))]"
paulson@13505	355	apply (simp (no_asm_use) only: is_Collect_def setclass_simps)
paulson@13505	356	apply (intro FOL_reflections is_P_reflection)
paulson@13505	357	done
paulson@13505	358
paulson@13505	359
paulson@13505	360	subsubsection{The Operator @{term is_Replace}}
paulson@13505	361
paulson@13505	362	text{*BEWARE! The formula @{term is_P} has free variables 0, 1
paulson@13505	363	and not the usual 1, 0! It is enclosed within two quantifiers.*}
paulson@13505	364
paulson@13505	365	(* is_Replace :: "[i=>o,i,[i,i]=>o,i] => o"
paulson@13505	366	"is_Replace(M,A,P,z) == \<forall>u[M]. u \<in> z <-> (\<exists>x[M]. x\<in>A & P(x,u))" *)
paulson@13505	367
paulson@13505	368	constdefs Replace_fm :: "[i, i, i]=>i"
paulson@13505	369	"Replace_fm(A,is_P,z) ==
paulson@13505	370	Forall(Iff(Member(0,succ(z)),
paulson@13505	371	Exists(And(Member(0,A#+2), is_P))))"
paulson@13505	372
paulson@13505	373	lemma is_Replace_type [TC]:
paulson@13505	374	"[\| is_P \<in> formula; x \<in> nat; y \<in> nat \|]
paulson@13505	375	==> Replace_fm(x,is_P,y) \<in> formula"
paulson@13505	376	by (simp add: Replace_fm_def)
paulson@13505	377
paulson@13505	378	lemma sats_Replace_fm:
paulson@13505	379	assumes is_P_iff_sats:
paulson@13505	380	"!!a b. [\|a \<in> A; b \<in> A\|]
paulson@13505	381	==> is_P(a,b) <-> sats(A, p, Cons(a,Cons(b,env)))"
paulson@13505	382	shows
paulson@13505	383	"[\|x \<in> nat; y \<in> nat; env \<in> list(A)\|]
paulson@13505	384	==> sats(A, Replace_fm(x,p,y), env) <->
paulson@13505	385	is_Replace(**A, nth(x,env), is_P, nth(y,env))"
paulson@13505	386	by (simp add: Replace_fm_def is_Replace_def is_P_iff_sats [THEN iff_sym])
paulson@13505	387
paulson@13505	388	lemma Replace_iff_sats:
paulson@13505	389	assumes is_P_iff_sats:
paulson@13505	390	"!!a b. [\|a \<in> A; b \<in> A\|]
paulson@13505	391	==> is_P(a,b) <-> sats(A, p, Cons(a,Cons(b,env)))"
paulson@13505	392	shows
paulson@13505	393	"[\| nth(i,env) = x; nth(j,env) = y;
paulson@13505	394	i \<in> nat; j \<in> nat; env \<in> list(A)\|]
paulson@13505	395	==> is_Replace(**A, x, is_P, y) <-> sats(A, Replace_fm(i,p,j), env)"
paulson@13505	396	by (simp add: sats_Replace_fm [OF is_P_iff_sats])
paulson@13505	397
paulson@13505	398
paulson@13505	399	text{*The second argument of @{term is_P} gives it direct access to @{term x},
paulson@13505	400	which is essential for handling free variable references.*}
paulson@13505	401	theorem Replace_reflection:
paulson@13505	402	assumes is_P_reflection:
paulson@13505	403	"!!h f g. REFLECTS[\<lambda>x. is_P(L, f(x), g(x), h(x)),
paulson@13505	404	\<lambda>i x. is_P(**Lset(i), f(x), g(x), h(x))]"
paulson@13505	405	shows "REFLECTS[\<lambda>x. is_Replace(L, f(x), is_P(L,x), g(x)),
paulson@13505	406	\<lambda>i x. is_Replace(Lset(i), f(x), is_P(Lset(i), x), g(x))]"
paulson@13505	407	apply (simp (no_asm_use) only: is_Replace_def setclass_simps)
paulson@13505	408	apply (intro FOL_reflections is_P_reflection)
paulson@13505	409	done
paulson@13505	410
paulson@13505	411
paulson@13505	412
paulson@13505	413	subsubsection{The Operator @{term is_DPow'}, Internalized}
paulson@13505	414
paulson@13505	415	(* "is_DPow'(M,A,Z) ==
paulson@13505	416	\<forall>X[M]. X \<in> Z <->
paulson@13505	417	subset(M,X,A) &
paulson@13505	418	(\<exists>env[M]. \<exists>p[M]. mem_formula(M,p) & mem_list(M,A,env) &
paulson@13505	419	is_Collect(M, A, is_DPow_body(M,A,env,p), X))" *)
paulson@13505	420
paulson@13505	421	constdefs DPow'_fm :: "[i,i]=>i"
paulson@13505	422	"DPow'_fm(A,Z) ==
paulson@13505	423	Forall(
paulson@13505	424	Iff(Member(0,succ(Z)),
paulson@13505	425	And(subset_fm(0,succ(A)),
paulson@13505	426	Exists(Exists(
paulson@13505	427	And(mem_formula_fm(0),
paulson@13505	428	And(mem_list_fm(A#+3,1),
paulson@13505	429	Collect_fm(A#+3,
paulson@13505	430	DPow_body_fm(A#+4, 2, 1, 0), 2))))))))"
paulson@13505	431
paulson@13505	432	lemma is_DPow'_type [TC]:
paulson@13505	433	"[\| x \<in> nat; y \<in> nat \|] ==> DPow'_fm(x,y) \<in> formula"
paulson@13505	434	by (simp add: DPow'_fm_def)
paulson@13505	435
paulson@13505	436	lemma sats_DPow'_fm [simp]:
paulson@13505	437	"[\| x \<in> nat; y \<in> nat; env \<in> list(A)\|]
paulson@13505	438	==> sats(A, DPow'_fm(x,y), env) <->
paulson@13505	439	is_DPow'(**A, nth(x,env), nth(y,env))"
paulson@13505	440	by (simp add: DPow'_fm_def is_DPow'_def sats_subset_fm' sats_Collect_fm)
paulson@13505	441
paulson@13505	442	lemma DPow'_iff_sats:
paulson@13505	443	"[\| nth(i,env) = x; nth(j,env) = y;
paulson@13505	444	i \<in> nat; j \<in> nat; env \<in> list(A)\|]
paulson@13505	445	==> is_DPow'(**A, x, y) <-> sats(A, DPow'_fm(i,j), env)"
paulson@13505	446	by (simp add: sats_DPow'_fm)
paulson@13505	447
paulson@13505	448	theorem DPow'_reflection:
paulson@13505	449	"REFLECTS[\<lambda>x. is_DPow'(L,f(x),g(x)),
paulson@13505	450	\<lambda>i x. is_DPow'(**Lset(i),f(x),g(x))]"
paulson@13505	451	apply (simp only: is_DPow'_def setclass_simps)
paulson@13505	452	apply (intro FOL_reflections function_reflections mem_formula_reflection
paulson@13505	453	mem_list_reflection Collect_reflection DPow_body_reflection)
paulson@13505	454	done
paulson@13505	455
paulson@13505	456	(????????????????move up)
paulson@13505	457
paulson@13505	458
paulson@13505	459
paulson@13505	460
paulson@13505	461
paulson@13505	462	subsection{Additional Constraints on the Class Model @{term M}}
paulson@13505	463
paulson@13505	464	constdefs
paulson@13505	465	transrec_body :: "[i=>o,i,i,i,i] => o"
paulson@13505	466	"transrec_body(M,g,x) ==
paulson@13505	467	\<lambda>y z. \<exists>gy[M]. y \<in> x & fun_apply(M,g,y,gy) & is_DPow'(M,gy,z)"
paulson@13505	468
paulson@13505	469	lemma (in M_DPow) transrec_body_abs:
paulson@13505	470	"[\|M(x); M(g); M(z)\|]
paulson@13505	471	==> transrec_body(M,g,x,y,z) <-> y \<in> x & z = DPow'(g`y)"
paulson@13505	472	by (simp add: transrec_body_def DPow'_abs transM [of _ x])
paulson@13505	473
paulson@13505	474	locale M_Lset = M_DPow +
paulson@13505	475	assumes strong_rep:
paulson@13505	476	"[\|M(x); M(g)\|] ==> strong_replacement(M, \<lambda>y z. transrec_body(M,g,x,y,z))"
paulson@13505	477	and transrec_rep:
paulson@13505	478	"M(i) ==> transrec_replacement(M, \<lambda>x f u.
paulson@13505	479	\<exists>r[M]. is_Replace(M, x, transrec_body(M,f,x), r) &
paulson@13505	480	big_union(M, r, u), i)"
paulson@13505	481
paulson@13505	482
paulson@13505	483	lemma (in M_Lset) strong_rep':
paulson@13505	484	"[\|M(x); M(g)\|]
paulson@13505	485	==> strong_replacement(M, \<lambda>y z. y \<in> x & z = DPow'(g`y))"
paulson@13505	486	by (insert strong_rep [of x g], simp add: transrec_body_abs)
paulson@13505	487
paulson@13505	488	lemma (in M_Lset) DPow_apply_closed:
paulson@13505	489	"[\|M(f); M(x); y\<in>x\|] ==> M(DPow'(f`y))"
paulson@13505	490	by (blast intro: DPow'_closed dest: transM)
paulson@13505	491
paulson@13505	492	lemma (in M_Lset) RepFun_DPow_apply_closed:
paulson@13505	493	"[\|M(f); M(x)\|] ==> M({DPow'(f`y). y\<in>x})"
paulson@13505	494	by (blast intro: DPow_apply_closed RepFun_closed2 strong_rep')
paulson@13505	495
paulson@13505	496	lemma (in M_Lset) RepFun_DPow_abs:
paulson@13505	497	"[\|M(x); M(f); M(r) \|]
paulson@13505	498	==> is_Replace(M, x, \<lambda>y z. transrec_body(M,f,x,y,z), r) <->
paulson@13505	499	r = {DPow'(f`y). y\<in>x}"
paulson@13505	500	apply (simp add: transrec_body_abs RepFun_def)
paulson@13505	501	apply (rule iff_trans)
paulson@13505	502	apply (rule Replace_abs)
paulson@13505	503	apply (simp_all add: DPow_apply_closed strong_rep')
paulson@13505	504	done
paulson@13505	505
paulson@13505	506	lemma (in M_Lset) transrec_rep':
paulson@13505	507	"M(i) ==> transrec_replacement(M, \<lambda>x f u. u = (\<Union>y\<in>x. DPow'(f ` y)), i)"
paulson@13505	508	apply (insert transrec_rep [of i])
paulson@13505	509	apply (simp add: RepFun_DPow_apply_closed RepFun_DPow_abs
paulson@13505	510	transrec_replacement_def)
paulson@13505	511	done
paulson@13505	512
paulson@13505	513
paulson@13505	514
paulson@13505	515	constdefs
paulson@13505	516
paulson@13505	517	is_Lset :: "[i=>o, i, i] => o"
paulson@13505	518	"is_Lset(M,a,z) == is_transrec(M, %x f u. u = (\<Union>y\<in>x. DPow'(f`y)), a, z)"
paulson@13505	519
paulson@13505	520	lemma (in M_Lset) Lset_abs:
paulson@13505	521	"[\|Ord(i); M(i); M(z)\|]
paulson@13505	522	==> is_Lset(M,i,z) <-> z = Lset(i)"
paulson@13505	523	apply (simp add: is_Lset_def Lset_eq_transrec_DPow')
paulson@13505	524	apply (rule transrec_abs)
paulson@13505	525	apply (simp_all add: transrec_rep' relativize2_def RepFun_DPow_apply_closed)
paulson@13505	526	done
paulson@13505	527
paulson@13505	528	lemma (in M_Lset) Lset_closed:
paulson@13505	529	"[\|Ord(i); M(i)\|] ==> M(Lset(i))"
paulson@13505	530	apply (simp add: Lset_eq_transrec_DPow')
paulson@13505	531	apply (rule transrec_closed [OF transrec_rep'])
paulson@13505	532	apply (simp_all add: relativize2_def RepFun_DPow_apply_closed)
paulson@13505	533	done
paulson@13505	534
paulson@13505	535
paulson@13505	536	subsection{Instantiating the Locale @{text M_Lset}}
paulson@13505	537
paulson@13505	538
paulson@13505	539	subsubsection{The First Instance of Replacement}
paulson@13505	540
paulson@13505	541	lemma strong_rep_Reflects:
paulson@13505	542	"REFLECTS [\<lambda>u. \<exists>v[L]. v \<in> B & (\<exists>gy[L].
paulson@13505	543	v \<in> x & fun_apply(L,g,v,gy) & is_DPow'(L,gy,u)),
paulson@13505	544	\<lambda>i u. \<exists>v \<in> Lset(i). v \<in> B & (\<exists>gy \<in> Lset(i).
paulson@13505	545	v \<in> x & fun_apply(Lset(i),g,v,gy) & is_DPow'(Lset(i),gy,u))]"
paulson@13505	546	by (intro FOL_reflections function_reflections DPow'_reflection)
paulson@13505	547
paulson@13505	548	lemma strong_rep:
paulson@13505	549	"[\|L(x); L(g)\|] ==> strong_replacement(L, \<lambda>y z. transrec_body(L,g,x,y,z))"
paulson@13505	550	apply (unfold transrec_body_def)
paulson@13505	551	apply (rule strong_replacementI)
paulson@13505	552	apply (rename_tac B)
paulson@13566	553	apply (rule_tac u="{x,g,B}" in gen_separation [OF strong_rep_Reflects], simp)
paulson@13566	554	apply (drule mem_Lset_imp_subset_Lset, clarsimp)
paulson@13505	555	apply (rule DPow_LsetI)
paulson@13505	556	apply (rule bex_iff_sats conj_iff_sats conj_iff_sats)+
paulson@13566	557	apply (rule_tac env = "[v,u,x,g,B]" in mem_iff_sats)
paulson@13505	558	apply (rule sep_rules DPow'_iff_sats \| simp)+
paulson@13505	559	done
paulson@13505	560
paulson@13505	561
paulson@13505	562	subsubsection{The Second Instance of Replacement}
paulson@13505	563
paulson@13505	564	lemma transrec_rep_Reflects:
paulson@13505	565	"REFLECTS [\<lambda>x. \<exists>v[L]. v \<in> B &
paulson@13505	566	(\<exists>y[L]. pair(L,v,y,x) &
paulson@13505	567	is_wfrec (L, \<lambda>x f u. \<exists>r[L].
paulson@13505	568	is_Replace (L, x, \<lambda>y z.
paulson@13505	569	\<exists>gy[L]. y \<in> x & fun_apply(L,f,y,gy) &
paulson@13505	570	is_DPow'(L,gy,z), r) & big_union(L,r,u), mr, v, y)),
paulson@13505	571	\<lambda>i x. \<exists>v \<in> Lset(i). v \<in> B &
paulson@13505	572	(\<exists>y \<in> Lset(i). pair(**Lset(i),v,y,x) &
paulson@13505	573	is_wfrec (**Lset(i), \<lambda>x f u. \<exists>r \<in> Lset(i).
paulson@13505	574	is_Replace (**Lset(i), x, \<lambda>y z.
paulson@13505	575	\<exists>gy \<in> Lset(i). y \<in> x & fun_apply(**Lset(i),f,y,gy) &
paulson@13505	576	is_DPow'(**Lset(i),gy,z), r) &
paulson@13505	577	big_union(**Lset(i),r,u), mr, v, y))]"
paulson@13505	578	apply (simp only: setclass_simps [symmetric])
paulson@13505	579	--{Convert @{text "\<exists>y\<in>Lset(i)"} to @{text "\<exists>y[*Lset(i)]"} within the body
paulson@13505	580	of the @{term is_wfrec} application. *}
paulson@13505	581	apply (intro FOL_reflections function_reflections
paulson@13505	582	is_wfrec_reflection Replace_reflection DPow'_reflection)
paulson@13505	583	done
paulson@13505	584
paulson@13505	585
paulson@13505	586	lemma transrec_rep:
paulson@13505	587	"[\|L(j)\|]
paulson@13505	588	==> transrec_replacement(L, \<lambda>x f u.
paulson@13505	589	\<exists>r[L]. is_Replace(L, x, transrec_body(L,f,x), r) &
paulson@13505	590	big_union(L, r, u), j)"
paulson@13505	591	apply (rule transrec_replacementI, assumption)
paulson@13566	592	apply (unfold transrec_body_def)
paulson@13505	593	apply (rule strong_replacementI)
paulson@13505	594	apply (rename_tac B)
paulson@13566	595	apply (rule_tac u="{j,B,Memrel(eclose({j}))}"
paulson@13566	596	in gen_separation [OF transrec_rep_Reflects], simp)
paulson@13566	597	apply (drule mem_Lset_imp_subset_Lset, clarsimp)
paulson@13505	598	apply (rule DPow_LsetI)
paulson@13505	599	apply (rule bex_iff_sats conj_iff_sats)+
paulson@13566	600	apply (rule_tac env = "[v,x,j,B,Memrel(eclose({j}))]" in mem_iff_sats)
paulson@13505	601	apply (rule sep_rules is_wfrec_iff_sats Replace_iff_sats DPow'_iff_sats \|
paulson@13505	602	simp)+
paulson@13505	603	done
paulson@13505	604
paulson@13505	605
paulson@13505	606	subsubsection{Actually Instantiating @{text M_Lset}}
paulson@13505	607
paulson@13505	608	lemma M_Lset_axioms_L: "M_Lset_axioms(L)"
paulson@13505	609	apply (rule M_Lset_axioms.intro)
paulson@13505	610	apply (assumption \| rule strong_rep transrec_rep)+
paulson@13505	611	done
paulson@13505	612
paulson@13505	613	theorem M_Lset_L: "PROP M_Lset(L)"
paulson@13505	614	apply (rule M_Lset.intro)
paulson@13505	615	apply (rule M_DPow.axioms [OF M_DPow_L])+
paulson@13505	616	apply (rule M_Lset_axioms_L)
paulson@13505	617	done
paulson@13505	618
paulson@13505	619	text{Finally: the point of the whole theory!}
paulson@13505	620	lemmas Lset_closed = M_Lset.Lset_closed [OF M_Lset_L]
paulson@13505	621	and Lset_abs = M_Lset.Lset_abs [OF M_Lset_L]
paulson@13505	622
paulson@13505	623
paulson@13505	624	subsection{The Notion of Constructible Set}
paulson@13505	625
paulson@13505	626
paulson@13505	627	constdefs
paulson@13505	628	constructible :: "[i=>o,i] => o"
paulson@13505	629	"constructible(M,x) ==
paulson@13505	630	\<exists>i[M]. \<exists>Li[M]. ordinal(M,i) & is_Lset(M,i,Li) & x \<in> Li"
paulson@13505	631
paulson@13505	632
paulson@13505	633	theorem V_equals_L_in_L:
paulson@13505	634	"L(x) ==> constructible(L,x)"
paulson@13505	635	apply (simp add: constructible_def Lset_abs Lset_closed)
paulson@13505	636	apply (simp add: L_def)
paulson@13505	637	apply (blast intro: Ord_in_L)
paulson@13505	638	done
paulson@13505	639
paulson@13505	640
paulson@13503	641	end

author	paulson
	Wed, 11 Sep 2002 16:55:37 +0200
changeset 13566	52a419210d5c
parent 13505	52a16cb7fefb
child 13634	99a593b49b04
permissions	-rw-r--r--