1. No category

1 Axioms of set theory

1
Axioms of set theory
The regularity postulate and the infinity postulate are the only ones
explicitly present in the Theory ‘Set theory’ underlying the proof
checker Ref. All other axioms typical of set theory—and, to some
extent, even the two just recalled—, are built into the inferential ma
chinery of Ref. We now recast the said postulates in the form of two
theorems: citing them will thus become handier, because universal
quantifiers are left as understood.
Thm 0: [Global choice] arb(X) ∈ (X ∪ {X}) ∩ {arb(X) \X} . Proof:
Suppose not(x0 ) ⇒ Auto
Discharge ⇒ Qed
The preceding theorem entails the “axiom” of choice formulated after
Zermelo.
Thm 0a: [Every partition has a choice function] h∀b ∈ P, c ∈ P | b ∩ c 6= ∅ ↔ b = ci → h∃s, ∀b ∈ P, x | b ∩ s = {x} i. Proof:
Suppose not(p0 ) ⇒ Stat0 : h∀b ∈ p0 , c ∈ p0 | b ∩ c 6= ∅ ↔ b = ci & Stat1 : ¬h∃s, ∀b ∈ p0 , x | b ∩ s = {x} i
Suppose that the partition p0 is a counterexample to the claim. Con
sidering the set {arb(b) : b ∈ p0 }, we get a contradiction as follows.
Loc def ⇒
s0 = {arb(b) : b ∈ p0 }
hs0 i,→Stat1 ⇒ Stat2 : ¬h∀b ∈ p0 , ∃x | b ∩ s0 = {x} i
hb0 i,→Stat2 ⇒ Stat3 : ¬h∃x | b0 ∩ s0 = {x} i & b0 ∈ p0
harb(b0 ) i,→Stat3 ⇒ Stat4 : b0 ∩ s0 6= {arb(b0 )}
he0 i,→Stat4 ⇒ e0 ∈ b0 ∩ s0 ↔ e0 6= arb(b0 )
Suppose ⇒ e0 ∈ b0 ∩ s0
ELEM ⇒ Stat5 : e0 ∈ {arb(b) : b ∈ p0 }
hc0 i,→Stat5 ⇒ e0 = arb(c0 ) & c0 ∈ p0
hb0 , c0 i,→Stat0 ⇒ c0 = ∅
hc0 , c0 i,→Stat0 ⇒ false;
Discharge ⇒
hb0 i,→Stat10 ⇒ e0 ∈/ b0
hb0 , b0 i,→Stat0 ⇒ false;
Discharge ⇒
Stat10 : (e0 ∈
/ {arb(b) : b ∈ p0 } ∨ e0 ∈
/ b0 ) & e0 = arb(b0 )
Qed
Thm 00: [Axiom of Infinity] s∞ 6= ∅ & (X ∈ s∞ → {X} ∈ s∞ ). Proof:
Suppose not(x0 ) ⇒ Auto
Assump ⇒ Stat1 : h∀x ∈ s∞ | {x} ∈ s∞ i & s∞ 6= ∅
hx0 i,→Stat1 ⇒ false;
Discharge ⇒ Qed
In the above statement, it would have been easy—but pointless, it
seems to us—to replace s∞ by a new constant sp inf satisfyng the
stronger condition
∅ ∈ sp inf & (X ∈ sp inf → {X} ∈ sp inf) :
2
Basic laws on the power-set and sum-set global operations
Def P: [Family of all subsets of a given set]
PS
=Def
{x : x ⊆ S}
Our next theorem characterizes the powerset formation operation in
more usable terms than the very definition of this construct. It also
proves that no set can equal his own powerset (else it should belong
to itself, against the acyclicity of membership).
Thm pow0 : [Characterization of powerset; also: no set equals its own powerset] (X ⊇ Y ↔ Y ∈ PX) & X 6= PX. Proof:
Suppose not(x0 , y0 ) ⇒ Auto
k We begin by excluding the possibility that x0 = Px0 :
Suppose ⇒
Stat0 : x0 ∈
/ {y : y ⊆ x0 }
hx0 i,→Stat0 ⇒ false;
Use def(Px0 ) ⇒
Discharge ⇒
Auto
Auto
Arguing by contradiction, if x0 , y0 constituted a counterexample, then
either one of the literals x0 ⊇ y0 and y0 ∈ {y : y ⊆ x0 } would be true
and the other one would be false.
EQUAL ⇒ Stat1 : x0 ⊇ y0 6= y0 ∈ {y : y ⊆ x0 }
If it is the second that is true then, via a substitution in the setformer,
we would contradict the falsity of the first.
Suppose ⇒
Stat2 : y0 ∈ {y : y ⊆ x0 }
hy1 i,→Stat2(Stat1?) ⇒ false;
Discharge ⇒
Stat3 : y0 ∈
/ {y : y ⊆ x0 }
But then the literals x0 ⊇ y0 and y0 ∈
/ {y : y ⊆ x0 } should hold to
gether, which gives us a contradiction if we replace the bounded vari
able y of the setformer by y0 .
hy0 i,→Stat3(Stat1?) ⇒ false;
Discharge ⇒
Qed
Thm pow1 : [Monotonicity of powerset] S ⊇ X → PX ∪ {∅, X} ⊆ PS. Proof:
Suppose not(s0 , x0 ) ⇒ Auto
Set monot ⇒ {x : x ⊆ x0 } ⊆ {x : x ⊆ s0 }
Use def(P) ⇒ Stat1 : ∅ ∈
/ {x : x ⊆ s0 } ∨ x0 ∈
/ {x : x ⊆ s0 }
h∅, x0 i,→Stat1 ⇒ false;
Discharge ⇒ Qed
Thm pow2 : [Powerset of null set and of singletons] P∅ = {∅} & P {X} = {∅, {X}} . Proof:
Suppose not(x0 ) ⇒ Auto
Suppose ⇒ P∅ 6= {∅}
h∅, ∅i,→T pow1 ⇒ Stat0 : P∅ 6⊆ {∅}
hy0 i,→Stat0(Stat0?) ⇒ Stat1 : y0 ∈ P∅ & y0 ∈/ {∅}
h∅, y0 i,→T pow0 (Stat1?) ⇒ false;
Discharge ⇒ P {x0 } =
6 {∅, {x0 }}
h {x0 } , {x0 } i,→T pow1 ⇒ Stat2 : P {x0 } 6⊆ {∅, {x0 }}
hy1 i,→Stat2 ⇒ Stat3 : y1 ∈ P {x0 } & y1 ∈/ {∅, {x0 }}
h {x0 } , y1 i,→T pow0 (Stat3?) ⇒ false;
Discharge ⇒ Qed
Thm pow3 : [Injectivity of the operation X ∪ PX] H ∪ PH = K ∪ PK → H = K. Proof:
Suppose not(h0 , k0 ) ⇒ Stat1 : h0 ∪ Ph0 = k0 ∪ Pk0 & h0 6= k0
Suppose that h0 ∪ Ph0 = k0 ∪ Ph0 . Then, since h0 ∈ Ph0 , either h0 ∈
k0 or h0 ∈ Pk0 must hold; likewise we get k0 ∈ h0 ∨ k0 ∈ Ph0 . How
ever, each one of the three cases h0 ∈ k0 & k0 ∈ h0 , h0 ∈ k0 & k0 ⊆ h0 ,
k0 ∈ h0 & h0 ⊆ k0 contradicts acyclicity of membership; the only case
left, namely h0 ⊆ k0 & k0 ⊆ h0 implies h0 = k0 , leads us to the desired
conclusion h0 = k0 .
hh0 , h0 i,→T pow0 (?) ⇒ h0 ∈ Ph0
hk0 , k0 i,→T pow0 (?) ⇒ k0 ∈ Pk0
hk0 , h0 i,→T pow0 ⇒ Auto
hh0 , k0 i,→T pow0 ⇒ Auto
(Stat1?)ELEM ⇒ Stat2 : (h0 ∈ k0 ∨ h0 ⊆ k0 ) & (k0 ∈ h0 ∨ k0 ⊆ h0 ) & h0 6= k0
(Stat2?)Discharge ⇒ Qed
Def sumset: [Family of all members of members of a set]
S
S
=Def
{u : v ∈ S, u ∈ v}
S
Thm un0 : [Sum-set operation yielding null result] X = ∅ ↔ X ⊆ {∅} . Proof:
Suppose not(x0 ) ⇒ Auto
S
Use def( x0 ) ⇒ Auto
Suppose ⇒ Stat1 : x0 6⊆ {∅} & {y : x ∈ x0 , y ∈ x} = ∅
hx1 , x1 , arb(x1 ) i,→Stat1(Stat1) ⇒ false;
Discharge ⇒ Stat2 : {y : x ∈ x0 , y ∈ x} =
6 ∅ & x0 ⊆ {∅}
hx2 , y2 i,→Stat2(Stat2?) ⇒ false;
Discharge ⇒ Qed
S
Thm un1 : [Sum-set operation yielding sigleton result] X = {Y} ↔ X ⊆ {∅, {Y}} & {Y} ∈ X. Proof:
Suppose not(x0 , y0 ) ⇒ Auto
S
S
Use def( ) ⇒ Stat0 : x0 = {y : x ∈Sx0 , y ∈ x}
Suppose ⇒ Stat1 : x0 6⊆ {∅, {y0 }} & x0 = {y0 }
hx1 i,→Stat1(Stat1) ⇒ Stat2 : arb(x1 \ {y0 }) ∈ x1 \ {y0 } & x1 ∈ x0
Loc def ⇒ a = arb(x1 \ {y0 })
EQUAL hStat0i ⇒ Stat3 : a ∈
/ {y : x ∈ x0 , y ∈ x}
hx1 , ai,→Stat3(Stat2?) ⇒ Sfalse;
Discharge ⇒ Auto
Suppose ⇒ {y0 } ∈
/ x0 & x0 = {y0 }
hx0 i,→T un0 (Stat0?) ⇒ false;
Discharge ⇒ Auto
Suppose ⇒ Stat4 : y0 ∈
/ {y : x ∈ x0 , y ∈ x} & {y0 } ∈ x0
S
h {y0 } , y0 i,→Stat4(Stat4?) ⇒ false;
Discharge ⇒ Stat5 : x0 6⊆ {y0 } & x0 ⊆ {∅, {y0 }}
hei,→Stat5(Stat0?) ⇒ Stat6 : e ∈ {y : x ∈ x0 , y ∈ x} & e 6= y0
hx2 , y2 i,→Stat6(Stat5) ⇒ x2 = {y0 } & e ∈ x2
(Stat6?)Discharge ⇒ Qed
S
S
Thm un2 : [Sum-set operation combined with set adjunction] X ∪ {Y} = Z → Z = X ∪ Y. Proof:
Suppose not(x0 , y0 , z0 )S
⇒ Auto
S
EQUAL ⇒ Stat0 : (x0 ∪ {y0 }) 6= x0 ∪ y0
S
Use def( ) ⇒ Stat1 : {y : x ∈ x0 ∪ {y0 } , y ∈ x} =
6 {y0 : x0 ∈ x0 , y0 ∈ x0 } ∪ y0
hci,→Stat1(Stat1?) ⇒ c ∈ {y : x ∈ x0 ∪ {y0 } , y ∈ x} =
6 c ∈ {y0 : x0 ∈ x0 , y0 ∈ x0 } ∪ y0
Suppose ⇒ Stat2 : c ∈ {y : x ∈ x0 ∪ {y0 } , y ∈ x} & c ∈
/ {y0 : x0 ∈ x0 , y0 ∈ x0 } & c ∈
/ y0
hx1 , y1 , x1 , y1 i,→Stat2(Stat2?) ⇒ false;
Discharge ⇒ Auto
Suppose ⇒ Stat3 : c ∈
/ {y : x ∈ x0 ∪ {y0 } , y ∈ x} & c ∈ y0
hy0 , ci,→Stat3(Stat3?) ⇒ false;
Discharge ⇒ Stat4 : c ∈ {y0 : x0 ∈ x0 , y0 ∈ x0 } & c ∈
/ {y : x ∈ x0 ∪ {y0 } , y ∈ x}
hx2 , y2 , x2 , y2 i,→Stat4(Stat4?) ⇒ false;
Discharge ⇒ Qed
Thm un4 : [Sum-set operation applied to a singleton] {Y} = Z →
S
Z = Y. Proof:
Suppose not(y0 , z0 ) ⇒S Auto
h∅i,→T un0 (?) ⇒
∅=∅
h∅, y0 , z0 i,→T un2 (?) ⇒ false;
Discharge ⇒
Qed
S
Thm un6 : [Sum-set operation applied to a doubleton] {X, Y} = X ∪ Y. Proof:
Suppose not(x0 , y0 ) ⇒ Auto
hx0 , {x0 } i,→T un4 ⇒ Auto
S
h {x0 } , yS
Stat1 : {x0 , y0 } 6⊆ x0 ∪ y0
0 , {x0 , y0 } i,→T un2 ⇒
Use def( {x0 , y0 }) ⇒ Auto
hz0 i,→Stat1(Stat1?) ⇒ Stat2 : z0 ∈ {u : v ∈ {x0 , y0 } , u ∈ v} & z0 ∈/ x0 ∪ y0
hv0 , u0 i,→Stat2(Stat2?) ⇒ false;
Discharge ⇒ Qed
Theory un un f(X)
End un un
Enter theory un un
Thm un7 : [Sum-set distributes over set formation]
Suppose not(x0 ) ⇒ Auto
S S
S
S
{ {f(z) : z ∈ y} : y ∈ X} = {f(w) : w ∈ X} . Proof:
S
Use def( ) ⇒
S
S
S
{f(w)
S : w ∈ x0 } = {f(w) : w ∈ {u : v ∈ x0 , u ∈ v}} &
{f(w) : v ∈ x0 , w ∈ v} ={u : z ∈ {f(w) : v ∈ x0 , w ∈ v} , u ∈ z}
S S
Use def
{ {f(z) : z ∈ y} : y ∈S
x0 } ⇒ Auto
SIMPLF ⇒ Stat1 : {u : v ∈ { {f(z) : z ∈ y} : y ∈ x0 } , u ∈ v} =
6 {u : v ∈ x0 , w ∈ v, u ∈ f(w)}
hei,→Stat1(Stat1?)S⇒
e∈
/ {u : v ∈ { {f(z) : z ∈ y} : y ∈ x0 } , u ∈ v} ↔ e ∈ {u : v ∈ x0 , w ∈ v, S
u ∈ f(w)}
Suppose ⇒ Stat2 : e ∈ {u : v ∈ x0 , w ∈ v, u ∈ f(w)} & Stat3 : e ∈
/ {u : v ∈ { {f(z) : z ∈ y} : y ∈ x0 } , u ∈ v}
hv0 , w0 , u0 i,→Stat2(Stat2?)
⇒
v
∈
x
& w0 ∈ v0 & e ∈ f(w0 )
0
0
S
S
Suppose ⇒ Stat4 :
{f(z) : z ∈ v0 } ∈
/ { {f(z) : z ∈ y} : y ∈ x0 }
hv0 i,→Stat4(Stat2?)
⇒ false;
Discharge ⇒ Auto
S
{f(z) : z ∈ v0 } ⇒ Auto
Use def
Suppose ⇒ e ∈
/ {u : v ∈ {f(z) : z ∈ v0 } , u ∈ v}
SIMPLF hStat4, ?i ⇒ Stat5 : e ∈
/ {u : z ∈ v0 , u ∈ f(z)}
hw
,
e
i
,→Stat5(Stat2?)
⇒
false;
Discharge ⇒ Auto
S
S0
h {f(z) : z ∈ v0 } , ei,→Stat3(Stat2?) ⇒ false;
Discharge ⇒ Stat6 : e ∈ {u : v ∈ { {f(z) : z ∈ y} : y ∈ x0 } , u ∈ v} &
Stat7 : e ∈
/ {u : v ∈ x0 , w ∈ v, u ∈ S
f(w)}
hv1 , u1 i,→Stat6(Stat6?)
⇒ Stat8 : v1 ∈ { {f(z) : z ∈ y} : y ∈ x0 }
S
Use def
{f(z) : z ∈ y1 } ⇒
Auto
&
e ∈ v1
hy1 i,→Stat8(Stat8?) ⇒ y1 ∈ x0 & e ∈ {u : v ∈ {f(z) : z ∈ y1 } , u ∈ v}
SIMPLF hStat8, ?i ⇒ Stat9 : e ∈ {u : z ∈ y1 , u ∈ f(z)}
hz1 , u2 i,→Stat9(Stat9?) ⇒ z1 ∈ y1 & e ∈ f(z1 )
hy1 , z1 , ei,→Stat7(Stat8?) ⇒ false;
Discharge ⇒ Qed
Enter theory Set theory
Display un un
Theory un un f(X)
⇒
S S
S
S
h∀x | { {f(z) : z ∈ y} : y ∈ x} = {f(w) : w ∈ x} i
End un un
3
Transitive sets, ordinals, and rank
Let us now introduce the notion of ordinal as formalized (after von
Neumann’s approach) by Raphael M. Robinson in 1937.
Def isOrd0 : [‘Is-an-ordinal’ property]
O(o)
↔Def
Def isOrd1 : [Successor operation (defined for any set)]
Def isOrd2 : [Rank operation (defined for any set)]
h∀x ∈ o | x ⊆ oi & h∀x ∈ o, y ∈ o | x ∈ y ∨ y ∈ x ∨ x = yi
next(X)
rk(X)
=Def
=Def
X ∪ {X}
S
next rk(y) : y ∈ X
Thm isOrd0 : [Technical lemma about ordinals] O(S) & O(T) & T ⊆ S & T 6= S → T = arb(S\T) . Proof:
Suppose not(s, t) ⇒ Auto
Loc def ⇒ a = arb(s\t)
Use def(O) ⇒ Stat1 : h∀x ∈ s | x ⊆ si & Stat2 : h∀x ∈ s, y ∈ s | x ∈ y ∨ y ∈ x ∨ x = yi & h∀x ∈ t | x ⊆ ti
ELEM ⇒ O(t) & a ∈ s\t\ {t} & a ∩ (s\t) = ∅ & t ⊆ s
hai,→Stat1(Stat1?) ⇒ Stat3 : t 6⊆ a & h∀x ∈ t | x ⊆ ti & a ⊆ t
hb, bi,→Stat3(Stat1?) ⇒ b ⊆ t & b ∈/ a & b ∈ t
ha, bi,→Stat2(Stat1?) ⇒ false;
Discharge ⇒ Qed
Thm isOrd1 : [Two ordinals are always comparable via inclusion] O(S) & O(T) → S ∩ T ∈ {S, T} . Proof:
Suppose not(o0 , o1 ) ⇒ O(o0 ) & O(o1 ) & o0 ∩ o1 6= o0 & o0 ∩ o1 6= o1
Loc def ⇒ a0 = arb(o0 \o0 ∩ o1 ) & a1 = arb(o1 \o0 ∩ o1 )
ELEM ⇒ a0 ∈ o0 \o0 ∩ o1 & a1 ∈ o1 \o0 ∩ o1
Suppose ⇒ ¬O(o0 ∩ o1 )
Use def(O) ⇒ Stat1 :
¬h∀x ∈ o0 ∩ o1 | x ⊆ o0 ∩ o1 i ∨ ¬h∀x ∈ o0 ∩ o1 , y ∈ o0 ∩ o1 | x ∈ y ∨ y ∈ x ∨ x = yi & h∀x ∈ o1 | x ⊆ o1 i &
h∀x ∈ o0 | x ⊆ o0 i & h∀x ∈ o0 , y ∈ o0 | x ∈ y ∨ y ∈ x ∨ x = yi
hx0 , x1 , y1 , x0 , x0 , x1 , y1 i,→Stat1(Stat1?) ⇒ false;
Discharge ⇒ O(o0 ∩ o1 )
ho0 , o0 ∩ o1 i,→T isOrd0 (?) ⇒ o0 ∩ o1 = a0
ho1 , o0 ∩ o1 i,→T isOrd0 (?) ⇒ false;
Discharge ⇒ Qed
Thm isOrd2 : [The successor of each ordinal is an ordinal] O(S) → O next(S) . Proof:
Suppose not(s0 ) ⇒ Auto
If a counterexample s0 to the claim could exist, in view of the defini
tion of the ‘next’ operation, s0 would falsify O(s0 ) → O(s0 ∪ {s0 }).
Use def(next) ⇒
O(s0 ) & ¬O(s0 ∪ {s0 })
Now, in the light of the definition of O, s0 must be transitive (i. e.,
each element of s0 must be a subset of s0 ), moreover, membership
must satisfy trichotomy on s0 ; but then s0 ∪ {s0 } cannot lack either
corresponding property.
Suppose ⇒ Stat1 : ¬h∀x ∈ s0 ∪ {s0 } | x ⊆ s0 ∪ {s0 } i & h∀x ∈ s0 | x ⊆ s0 i
hx0 , x0 i,→Stat1(Stat1?) ⇒ false;
Discharge ⇒ Auto
Use def(O) ⇒ Stat2 : ¬h∀x ∈ s0 ∪ {s0 } , y ∈ s0 ∪ {s0 } | x ∈ y ∨ y ∈ x ∨ x = yi & h∀x ∈ s0 , y ∈ s0 | x ∈ y ∨ y ∈ x ∨ x = yi
hx1 , y1 , x1 , y1 i,→Stat2(Stat2?) ⇒ false;
Discharge ⇒ Qed
Thm isOrd3 : [Every element of an ordinal is an ordinal strictly included in it] O(X) → Y ∈ X ↔ O(Y) & Y ⊆ X & Y 6= X . Proof:
Suppose not(x0 , y0 ) ⇒ Auto
Use def(O) ⇒ Stat0 : h∀x ∈ x0 | x ⊆ x0 i & h∀x ∈ x0 , y ∈ x0 | x ∈ y ∨ y ∈ x ∨ x = yi
hy0 i,→Stat0(Stat0?) ⇒ Stat1 : y0 ∈ x0 → y0 ⊆ x0
hx0 , y0 i,→T isOrd0 ⇒ Stat2 : O(x0 ) & y0 ∈ x0 & ¬O(y0 )
Suppose ⇒ Stat3 : ¬h∀x ∈ y0 | x ⊆ y0 i
hx1 i,→Stat3(Stat0?) ⇒ Stat4 : x1 6⊆ y0 & x1 ∈ y0 & x1 ∈ x0
hy1 i,→Stat4(Stat4?) ⇒ y0 ∈/ y1 & y1 ∈/ y0 & y0 6= y1 & y1 ∈ x1
hx1 , y1 , y0 i,→Stat0(Stat2?) ⇒ false;
Discharge ⇒ Auto
Use def(O) ⇒ Stat5 : ¬h∀x ∈ y0 , y ∈ y0 | x ∈ y ∨ y ∈ x ∨ x = yi & h∀x ∈ x0 , y ∈ x0 | x ∈ y ∨ y ∈ x ∨ x = yi
hx2 , x3 , x2 , x3 i,→Stat5(Stat1?) ⇒ false;
Discharge ⇒ Qed
S
Thm isOrd4 : [The union of a set of ordinals is an ordinal] O {o ∈ S | O(o)} . Proof:
Suppose not(s1 ) ⇒ Auto
Loc def ⇒ s0 = {o ∈ s1 | O(o)}
Suppose ⇒ Stat10 : ¬h∀o ∈ s0 | O(o)i
ho3 i,→Stat10(?) ⇒ Stat11 : o3 ∈ {o ∈ s1 | O(o)} & ¬O(o3 )
h i,→Stat11(Stat11?) ⇒ false;
Discharge
S⇒ Auto
EQUAL ⇒ Stat0 : h∀o ∈ s0 | O(o)
i
& ¬O( s0 )
S
S
S
S
Use def(O) ⇒ Stat1 : ¬h∀x ∈ s0 | x ⊆ s0 i ∨ ¬h∀x ∈ s0 , y ∈ s0 | x ∈ y ∨ y ∈ x ∨ x = yi
hx0 , x1 , xS
Auto
2 i,→Stat1 ⇒
Use def( s0 ) ⇒ Auto
S
Suppose ⇒ Stat2 : x0 ∈ {u : v ∈ s0 , u ∈ v} & x0 6⊆ s0
ho0 , u0 i,→Stat2(Stat2?) ⇒ Stat3 : o0 ∈ s0 & x0 ∈ o0
hs0 , o0 , s0 i,→Tun2 (Stat2?) ⇒ x0 6⊆ o0
Use def O(o0 ) ⇒ Auto
ho0 i,→Stat0(Stat3?) ⇒ Stat4 : h∀x ∈ o0 | x ⊆ o0 i
hx0 i,→Stat4(Stat3?) ⇒ false;
Discharge ⇒ Auto
EQUAL ⇒ Stat6 : x1 , x2 ∈ {u : v ∈ s0 , u ∈ v} & ¬(x1 ∈ x2 ∨ x2 ∈ x1 ∨ x1 = x2 )
Use def O(o1 ) ⇒ Auto
Use def O(o2 ) ⇒ Auto
ho1 , u1 , o2 , u2 i,→Stat6(Stat6, Stat6?) ⇒ Stat7 : o1 ∈ s0 & x1 ∈ o1 & o2 ∈ s0 & x2 ∈ o2
ho1 i,→Stat0(Stat6?) ⇒ Stat8 : h∀x ∈ o1 , y ∈ o1 | x ∈ y ∨ y ∈ x ∨ x = yi & O(o1 )
ho2 i,→Stat0(Stat6?) ⇒ Stat9 : h∀x ∈ o2 , y ∈ o2 | x ∈ y ∨ y ∈ x ∨ x = yi & O(o2 )
ho1 , o2 i,→T isOrd1 (Stat8?) ⇒ o1 ⊆ o2 ∨ o2 ⊆ o1
Suppose ⇒ o2 ⊆ o1
hx1 , x2 i,→Stat8(Stat6?) ⇒ false;
Discharge ⇒ Auto
hx1 , x2 i,→Stat9(Stat6?) ⇒ false;
Discharge ⇒ Qed
k Every ordinal includes the successor of each one of its elements.
Thm isOrd6 : [Every ordinal includes the successor of each one of its elements] O(O) & Y ∈ O → next(Y) ⊆ O. Proof:
Suppose not(o, y) ⇒ Stat1 : next(y) 6⊆ o & O(o) & y ∈ o
Use def next(y) ⇒ Auto
hji,→Stat1(?) ⇒ j ∈/ o & j ∈ y
ho, yi,→T isOrd3 (?) ⇒ O(y) & y ⊆ o
hj, oi,→T isOrd1 ⇒ Auto
hy, ji,→T isOrd3 (?) ⇒ O(j) & j ⊆ o & j 6= o
ho, ji,→T isOrd3 (?) ⇒ false;
Discharge ⇒ Qed
k Every ordinal is union of a set of successor ordinals.
S
Thm isOrd7 : [Every ordinal is union of a set of successor ordinals] O(O) → O = {next(y) : y ∈ O} . Proof:
Suppose not(o0 ) ⇒S Auto
Suppose ⇒ ¬O
{next(y) : y ∈ o0 }
S
: y ∈ o0 } | O(o)}
h {next(y) : y ∈ o0 } i,→T isOrd4 (?) ⇒ O {o ∈ {next(y)
S
next(y) : y ∈ o0 | O next(y)
SIMPLF ⇒ O
Suppose ⇒ {next(y) : y ∈ o0 } = next(y) : y ∈ o0 | O next(y)
EQUAL ⇒ false;
Discharge ⇒ Stat1 : {next(y) : y ∈ o0 } =
6
next(y) : y ∈ o0 | O next(y)
hy0 i,→Stat1(Stat1?) ⇒ y0 ∈ o0 & ¬O next(y0 )
ho0 , y0 i,→T isOrd3 (?) ⇒ O(y0 )
hy0 i,→T
isOrd2 (Stat1?) ⇒ false;
Discharge ⇒ Auto
S
ho0 , {next(y)
:
y
∈
o
Stat2 :
0 } i,→T isOrd1 (?) ⇒
S
S
S
S
o0 ⊆ {next(y) : y ∈ o0 } ∨ {next(y) : y ∈ o0 } ⊆ o0 & o0 6= {next(y) : y ∈ o0 } & O(o0 ) & O {next(y) : y ∈ o0 }
S
Use def
{next(y)
S : y ∈ o0 } ⇒ Auto
SIMPLF ⇒
{next(y)
: y ∈ o0 } = {u : y ∈ o0 , u ∈ next(y)}
S
Suppose ⇒ o0 ⊆ {next(y) : y ∈ o0 }
S
h {next(y) : y ∈ o0 } , o0 i,→T isOrd0 (Stat2) ⇒ Stat3 : o0 ∈ {u : y ∈ o0 , u ∈ next(y)}
hy0 , u0 i,→Stat3(Stat3?) ⇒ Stat4 : y0 ∈ o0 & o0 ∈ next(y0 )
ho0 , y0 i,→T isOrd6 (Stat4, Stat2?)
⇒ false;
Discharge ⇒ Auto
S
Loc def ⇒ o1 = arb(o0 \ {next(y) : y ∈ o0 })
S
ho0 , {next(y) : y ∈ o0 } i,→T isOrd0 (Stat2) ⇒ Stat5 : o1 ∈/ {u : y ∈ o0 , u ∈ next(y)} & o1 ∈ o0
Use def next(o1 ) ⇒ Auto
ho1 , o1 i,→Stat5(Stat5?) ⇒ false;
Discharge ⇒ Qed
Thm isOrd8 . O(X) & O(Y) → X ∈ Y ∨ Y ∈ X ∨ X = Y. Proof:
Suppose not(x0 , y0 ) ⇒ Auto
hx0 , y0 i,→T isOrd1 (?) ⇒ x0 ∩ y0 ∈ {x0 , y0 }
hx0 , y0 i,→T isOrd3 ⇒ Auto
hy0 , x0 i,→T isOrd3 (?) ⇒ false;
Discharge ⇒ Qed
Thm isOrd9 : [Every successor ordinal is the successor of its unionset] O(X) & X = next(M) → M =
Suppose not(x0 , m0 ) ⇒ Auto
hx0 , m0 i,→T isOrd3 ⇒ Auto
hx0 , m0 , x0 i,→T un2 ⇒ Auto
S
X & O(M). Proof:
Suppose x0 , m0 is a counterexample; then some z1 must witness that
S
S
m0 and x0 are different. The inclusion m0 ⊆ x0 is obvious, in view
S
of Theorem un2 ; thus, z1 ∈ x0 and z1 ∈
/ m0 must hold.
S
Use def(next) ⇒ Stat1 : m0 6⊇ x0 & x0 = m0 ∪ {m0 } & O(x0 )
S
Use def( x0 ) ⇒ Auto
hz1 i,→Stat1(Stat1?) ⇒ Stat2 : z1 ∈ {u : v ∈ x0 , u ∈ v} & z1 ∈/ m0
S
x0 and z1 ∈
/ m0 , because
It is untenable, though, that z1 ∈
the former condition implies that z1 ∈ z0 and z0 ∈ x0 holds for
a suitable z0 , but then the latter implies that z1 = m0 and hence
m0 ∈ z0 & z0 ∈ m0 ∩ {m0 } which contradicts the well-foundedness
of membership. The two contradictions which we have encountered
conclude our argument and give us the desired conclusion.
hz0 , y0 i,→Stat2(Stat1?) ⇒ z1 ∈ z0 & z0 ∈ x0
hx0 , z0 i,→T isOrd3 (Stat1?) ⇒ z1 ∈ x0
Discharge ⇒
Qed
Thm rk1 : [The only set of rank ∅ is ∅] rk(X) = ∅ ↔ X = ∅. Proof:
Suppose not(x0 ) ⇒ Auto
Use def rk(x0 ) ⇒ Auto
h next rk(y) : y ∈ x0 i,→T
6 x0 = ∅
un0 ⇒ Stat1 : next rk(y) : y ∈ x0 ⊆ {∅} =
Suppose ⇒
next rk(y) : y ∈ x0 6⊆ {∅}
(Stat1?)ELEM ⇒ Stat2 : next rk(y) : y ∈ x0 6= ∅
hy0 i,→Stat2(Stat1?)
⇒ false;
Discharge ⇒ Auto
Use def next rk(y1 ) ⇒ Auto
(Stat1?)ELEM ⇒ Stat3 : x0 6= ∅ & Stat4 : next rk(y1 ) ∈
/ next rk(y) : y ∈ x0
hy1 , y1 i,→Stat3(Stat3?) ⇒ false;
Discharge ⇒ Qed
S
S
Thm rk2 : [The rank operation distributes over sum-set] rk( X) = {rk(y) : y ∈ X} . Proof:
Suppose not(x0 ) ⇒ Auto
S Use def rk( x0 ) ⇒ Auto
h i un un f(X) 7→ next rk(X) ⇒
S S S
S Stat1 : h∀x |
next rk(z) : z ∈ y : y ∈ x =
next rk(w) : w ∈ x i
S S S
hx0 i,→Stat1(?) ⇒
next rk(z) : z ∈ y : y ∈ x0 6= {rk(y)
: y ∈ x0 }
S
APPLY
Suppose ⇒
{rk(y) : y ∈ x0 } =
next rk(z) : z ∈ y : y ∈ x0
EQUAL hStat1i ⇒
false;
Discharge ⇒ Stat2 : {rk(y) : y ∈ x0 } =
6
S
hy0 i,→Stat2(Stat2?)
⇒ rk(y0 ) 6=
next
rk(z)
:
z
∈
y
0
Use def rk(y0 ) ⇒ Auto
(Stat2?)Discharge ⇒ Qed
S next rk(z) : z ∈ y : y ∈ x0
Thm rk3 : [The rank operation distributes over dyadic union] rk(X ∪ Y) = rk(X) ∪ rk(Y). Proof:
Suppose not(x0 , y0 ) ⇒ AutoS
S
h {x0 , y0 } i,→T rk2 (?) ⇒ rk( {x0 , y0 }) = {rk(y) : y ∈ {x0 , y0 }}
hx0 , y0 i,→T un6 ⇒ Auto
hrk(x0 ), rk(y0 )i,→T un6 ⇒ Auto
Suppose ⇒ {rk(y) : y ∈ {x0 , y0 }} = {rk(x0 ), rk(y0 )}
EQUAL ⇒ false;
Discharge ⇒ Stat1 : {rk(y) : y ∈ {x0 , y0 }} =
6 {rk(x0 ), rk(y0 )}
hei,→Stat1(Stat1?) ⇒ e ∈ {rk(y) : y ∈ {x0 , y0 }} ↔ e ∈/ {rk(x0 ), rk(y0 )}
Suppose ⇒ Stat2 : e ∈ {rk(y) : y ∈ {x0 , y0 }}
hz0 i,→Stat2(Stat2?) ⇒ e = rk(z0 ) & z0 ∈ {x0 , y0 }
Suppose ⇒ z0 = x0
EQUAL hStat1i ⇒ false;
Discharge ⇒ z0 = y0
EQUAL hStat1i ⇒ false;
Discharge ⇒ Auto
Suppose ⇒ Stat3 : e ∈
/ {rk(y) : y ∈ {x0 , y0 }} & e = rk(x0 )
hx0 i,→Stat3(Stat3?) ⇒ false;
Discharge ⇒ Stat4 : e ∈
/ {rk(y) : y ∈ {x0 , y0 }} & e = rk(y0 )
hy0 i,→Stat4(Stat4?) ⇒ false;
Discharge ⇒ Qed
Thm rk4 : [The rank operation is monotonic non-decreasing relative to inclusion] X ⊆ Y → rk(X) ⊆ rk(Y). Proof:
Suppose not(x0 , y0 ) ⇒ x0 ∪ y0 = y0 & rk(x0 ) 6⊆ rk(y0 )
hx0 , y0 i,→T rk3 (?) ⇒ rk(x0 ) ⊆ rk(x0 ∪ y0 )
EQUAL ⇒ false;
Discharge ⇒ Qed
4
Basic laws on the finiteness property
Traditionally, finiteness is defined through the notion of cardinality
of a set: a set is finite if its cardinality precedes the first infinite
ordinal. As a shortcut, to begin developing an acceptable formal
treatment of finiteness without much preparatory work, we adopt
here the following definition (reminiscent of Tarski’s 1924 paper “Sur
les ensembles fini”): a set F is finite if every non-null family of subsets
of F owns an inclusion-minimal element. This notion can be specified
very succinctly in terms of the powerset operator.
Def Fin: [Finiteness property]
Finite(F)
↔Def
h∀g ∈ P(PF)\ {∅} , ∃m | g ∩ Pm = {m} i
Thm fin0 : [Monotonicity of finiteness] Y ⊇ X & Finite(Y) → Finite(X). Proof:
Suppose not(y0 , x0 ) ⇒ Auto
hy0 , x0 i,→T pow1 (?) ⇒ Py0 ⊇ Px0
Use def(Finite) ⇒ Stat1 : ¬h∀g ∈ P(Px0 )\ {∅} , ∃m | g ∩ Pm = {m} i & h∀g0 ∈ P(Py0 )\ {∅} , ∃m | g0 ∩ Pm = {m} i
hPy0 , Px0 i,→T pow1 (?) ⇒ P(Py0 ) ⊇ P(Px0 )
hg0 , g0 i,→Stat1(Stat1?) ⇒ ¬h∃m | g0 ∩ Pm = {m} i & h∃m | g0 ∩ Pm = {m} i
Discharge ⇒ Qed
Thm fina : [Every nonnull set of subsets of a finite set has inclusion-maximal elements] Finite(F) →
h∀g ∈ P(PF)\ {∅} , ∃m | {x ∈ g | m ⊆ x} ∩ Pm = {m} i. Proof:
Suppose not(f0 ) ⇒ Stat1 : ¬h∀g ∈ P(Pf0 )\ {∅} , ∃m | {x ∈ g | m ⊆ x} ∩ Pm = {m} i & Finite(f0 )
Use def Finite(f0 ) ⇒ Auto
hg0 i,→Stat1(?) ⇒ Stat2 :
h∀g ∈ P(Pf0 )\ {∅} , ∃m | g ∩ Pm = {m} i & ¬h∃m | {x ∈ g0 | m ⊆ x} ∩ Pm = {m} i & g0 ∈ P(Pf0 )\ {∅}
Suppose ⇒ {f0 \x : x ∈ g0 } ∈
/ P(Pf0 )\ {∅}
Suppose ⇒ Stat4 : {f0 \x : x ∈ g0 } = ∅
harb(g0 ) i,→Stat4(Stat2) ⇒ false;
Discharge ⇒ Auto
hPf0 , {f0 \x : x ∈ g0 } i,→T pow0 (Stat2?) ⇒ Stat5 : Pf0 6⊇ {f0 \x : x ∈ g0 }
hf0 , f1 i,→T pow0 (Stat5?) ⇒ Auto
hf1 i,→Stat5(Stat5?) ⇒ Stat6 : f1 ∈ {f0 \x : x ∈ g0 } & f0 6⊇ f1
hx0 i,→Stat6(Stat6?) ⇒ false;
Discharge ⇒ Auto
h {f0 \x : x ∈ g0 } i,→Stat2(Stat2?) ⇒ Stat7 :
h∃m | {f0 \x : x ∈ g0 } ∩ Pm = {m} i & ¬h∃m | {x ∈ g0 | m ⊆ x} ∩ Pm = {m} i
hm0 , f0 \m0 i,→Stat7(Stat7?) ⇒ {f0 \x : x ∈ g0 } ∩ Pm0 = {m0 } &
{x ∈ g0 | f0 \m0 ⊆ x} ∩ P(f0 \m0 ) 6= {f0 \m0 }
Suppose ⇒ f0 \m0 ∈
/ {x ∈ g0 | f0 \m0 ⊆ x} ∩ P(f0 \m0 )
hf0 \m0 , f0 \m0 i,→T pow0 (Stat7?) ⇒ Stat8 :
m0 ∈ {f0 \x : x ∈ g0 } & f0 \m0 ∈
/ {x ∈ g0 | f0 \m0 ⊆ x}
hx0 , f0 \x0 i,→Stat8(Stat8?) ⇒ Stat9 : x0 ∈ g0 & x0 6⊆ f0
hPf0 , g0 i,→T pow0 (Stat2, Stat9?) ⇒ x0 ∈ Pf0
hf0 , x0 i,→T pow0 (Stat9?) ⇒ false;
Discharge ⇒ Auto
hPf0 , g0 i,→T pow0 (Stat2?) ⇒ Stat10 :
{x ∈ g0 | f0 \m0 ⊆ x} 6⊆ {f0 \m0 } & m0 ∈ {f0 \x : x ∈ g0 } & g0 ⊆ Pf0
hx1 , x2 i,→Stat10(Stat10?) ⇒ Stat11 : x1 ∈ {x ∈ g0 | f0 \m0 ⊆ x} & x1 6= f0 \m0 & m0 = f0 \x2 & x2 ∈ g0
hf0 , x2 i,→T pow0 (Stat10?) ⇒ x2 ⊆ f0
h i,→Stat11(Stat11?) ⇒ x1 ∈ g0 & f0 \m0 ⊆ x1
hf0 , x1 i,→T pow0 (Stat7?) ⇒ f0 \x1 ⊆ m0 & f0 \x1 ∈/ {f0 \x : x ∈ g0 } ∩ Pm0
hm0 , f0 \x1 i,→T pow0 (Stat11?) ⇒ Stat12 : f0 \x1 ∈/ {f0 \x : x ∈ g0 }
hx1 i,→Stat12(Stat11?) ⇒ false;
Discharge ⇒ Qed
Thm fin1 : [Finiteness of the union of a finite set with a singleton] Finite(F) → Finite(F ∪ {X}). Proof:
Suppose not(f0 , x0 ) ⇒ Auto
Arguing by contradiction, suppose that f0 and x0 are such that f0 is
finite but f0 ∪ {x0 } is not. A nonnull familiy g0 of subsets of f0 ∪ {x0 }
must then exist none of whose elements is minimal. On the other
hand {y\ {x0 } : y ∈ g0 }, which is also nonnull but consists entirely
of subsets of f0 , must have a minimal element m0 = y0 \ {x0 }, with
y0 ∈ g0 .
Use def(Finite) ⇒ Stat0 : ¬h∀g ∈ P P(f0 ∪ {x0 }) \ {∅} , ∃m | g ∩ Pm = {m} i & Stat1 : h∀h ∈ P(Pf0 )\ {∅} , ∃m | h ∩ Pm = {m} i
hg0 i,→Stat0(Stat0) ⇒ Stat2 : ¬h∃m | g0 ∩ Pm = {m} i & g0 ∈ P P(f0 ∪ {x0 }) & g0 6= ∅
Loc def ⇒ Stat3 : h0 = {y\ {x0 } : y ∈ g0 }
Suppose ⇒ h0 ∈
/ P(Pf0 )\ {∅}
Suppose ⇒ Stat4 : {y\ {x0 } : y ∈ g0 } = ∅
harb(g0 ) i,→Stat4(Stat2, Stat2) ⇒ false;
Discharge ⇒ Auto
/ {h : h ⊆ {k : k ⊆ f0 }}
Use def(P) ⇒ Stat5 : h0 ∈
hh0 i,→Stat5(Stat5?) ⇒ Stat6 : h0 6⊆ {k : k ⊆ f0 }
hk0 i,→Stat6(Stat3?) ⇒ Stat7 : k0 ∈ {y\ {x0 } : y ∈ g0 } & k0 ∈/ {k : k ⊆ f0 }
hy1 , k0 i,→Stat7(Stat7?) ⇒ y1 ∈ g0 & y1 6⊆ f0 ∪ {x0 }
Use def(P) ⇒ Stat8 : g0 ∈ {h : h ⊆ {k : k ⊆ f0 ∪ {x0 }}}
hh1 i,→Stat8(Stat7?) ⇒ Stat9 : y1 ∈ {k : k ⊆ f0 ∪ {x0 }}
hk1 i,→Stat9(Stat7?) ⇒ false;
Discharge ⇒ Auto
hh0 , m0 i,→Stat1(Stat3?) ⇒ Stat10 : m0 ∈ {y\ {x0 } : y ∈ g0 } & h0 ∩ Pm0 = {m0 }
hy0 i,→Stat10(Stat10?) ⇒ Stat11 : m0 = y0 \ {x0 } & y0 ∈ g0
We will reach the desired contradiction by showing that either m0 or
y0 = m0 ∪ {x0 } is minimal in g0 . We check first that m0 itself must
be minimal when m0 ∈ g0 .
Suppose ⇒ m0 ∈ g0
hm0 i,→Stat2(Stat10?) ⇒ Stat12 : g0 ∩ Pm0 6⊆ {m0 }
Use def(Pm0 ) ⇒ Auto
hz0 i,→Stat12(Stat3?) ⇒ Stat13 : z0 ∈ {h : h ⊆ m0 } & z0 ∈/ {y\ {x0 } : y ∈ g0 } & z0 ∈ g0
hh2 , z0 i,→Stat13(Stat11?) ⇒ false;
Discharge ⇒ Auto
Suppose next that m0 ∈
/ g0 ; we will reach a contradiction by showing
that y0 is minimal in g0 .
Suppose ⇒ y0 ∈
/ Py0
Use def(P) ⇒ Stat13a : y0 ∈
/ {s : s ⊆ y0 }
hy0 i,→Stat13a(Stat13a?) ⇒ false;
Discharge ⇒ Auto
hy0 i,→Stat2(Stat11?) ⇒ Stat14 : g0 ∩ Py0 6⊆ {y0 }
Use def(Py0 ) ⇒ Auto
hz1 i,→Stat14(Stat11?) ⇒ Stat15 : z1 ∈ {h : h ⊆ y0 } & z1 ∈ g0 & z1 \ {x0 } =
6 y0 \ {x0 }
EQUAL hStat10i ⇒ h0 ∩ P(y0 \ {x0 }) = {y0 \ {x0 }}
Suppose ⇒ z1 \ {x0 } ∈
/ P(y0 \ {x0 })
Use def(P) ⇒ Stat16 : z1 \ {x0 } ∈
/ {h : h ⊆ y0 \ {x0 }}
hz1 \ {x0 } i,→Stat16(Stat16?) ⇒ z1 \ {x0 } 6⊆ y0 \ {x0 }
hh3 i,→Stat15(Stat16?) ⇒ false;
Discharge ⇒ Auto
Suppose ⇒ Stat17 : z1 \ {x0 } ∈
/ {y\ {x0 } : y ∈ g0 }
hz1 i,→Stat17(Stat15?) ⇒ false;
Discharge ⇒ z1 \ {x0 } ∈ h0
(Stat15?)Discharge ⇒ Qed
Thm fin2 : [Singletons are finite] Finite({X}) & Finite(∅). Proof:
Suppose not(x0 ) ⇒ Auto
h {x0 } , ∅i,→T fin0 ⇒ ¬Finite({x0 })
Use def(Finite) ⇒ Stat1 : ¬h∀g ∈ P(P {x0 })\ {∅} , ∃m | g ∩ Pm = {m} i
hg0 i,→Stat1 ⇒ Stat2 : ¬h∃m | g0 ∩ Pm = {m} i & g0 ∈ P(P {x0 })\ {∅}
Use def(P) ⇒ Stat3 : g0 ∈ {y : y ⊆ P {x0 }}
hx0 i,→T pow2 ⇒ Auto
hy0 i,→Stat3(Stat2?) ⇒ Stat4 : g0 6= ∅ & g0 ⊆ {∅, {x0 }}
Suppose ⇒ ∅ ∈ g0
h∅i,→Stat2(Stat3?) ⇒ false;
Discharge ⇒ g0 = {{x0 }}
h {x0 } i,→Stat2(Stat3?) ⇒ false;
Discharge ⇒ Qed
Theory finiteInduction s0 , P(S)
Finite(s0 ) & P(s0 )
End finiteInduction
Enter theory finiteInduction
Thm finiteInduction0 . h∃m | {s ⊆ s0 | P(s)} ∩ Pm = {m} i. Proof:
Suppose not( ) ⇒ Auto
Assump ⇒ Finite(s0 ) & P(s0 )
Use def(Finite) ⇒ Stat1 : h∀g ∈ P(Ps0 )\ {∅} , ∃m | g ∩ Pm = {m} i
h {s ⊆ s0 | P(s)} i,→Stat1 ⇒ {s ⊆ s0 | P(s)} ∈/ P(Ps0 )\ {∅}
Suppose ⇒ Stat2 : s0 ∈
/ {s ⊆ s0 | P(s)}
hs0 i,→Stat2 ⇒ false;
Discharge ⇒ {s ⊆ s0 | P(s)} ∈
/ P(Ps0 )
Use def(P) ⇒ Stat3 : {s ⊆ s0 | P(s)} ∈
/ {y : y ⊆ {z : z ⊆ s0 }}
h {s ⊆ s0 | P(s)} i,→Stat3 ⇒ Stat4 : {s ⊆ s0 | P(s)} 6⊆ {z : z ⊆ s0 }
hs1 i,→Stat4 ⇒ Stat5 : s1 ∈ {s : s ⊆ s0 | P(s)} & s1 ∈/ {z : z ⊆ s0 }
hs, s1 i,→Stat5(Stat5?) ⇒ false;
Discharge ⇒ Qed
APPLY
hv1Θ : finΘ i Skolem⇒
Thm finiteInduction1 . {s ⊆ s0 | P(s)} ∩ PfinΘ = {finΘ } .
Thm finiteInduction2 : [Minimal finite set satisfying P ] S ⊆ finΘ → Finite(S) & P(S) ↔ S = finΘ . Proof:
Suppose not(s1 ) ⇒ Auto
h i,→T finiteInduction1 ⇒ {s ⊆ s0 | P(s)} ∩ PfinΘ = {finΘ } & Stat1 : finΘ ∈ {s ⊆ s0 | P(s)}
h i,→Stat1 ⇒ finΘ ⊆ s0 & P(finΘ )
Assump ⇒ Finite(s0 )
hs0 , finΘ i,→T fin0 ⇒ Finite(finΘ )
hfinΘ , s1 i,→T fin0 ⇒ P(s1 ) 6= s1 = finΘ
Suppose ⇒ s1 = finΘ
EQUAL ⇒ false;
Discharge ⇒ s1 ∈
/ {s ⊆ s0 | P(s)} ∩ PfinΘ & P(s1 )
Suppose ⇒ s1 ∈
/ PfinΘ
/ {y : y ⊆ finΘ }
Use def(P) ⇒ Stat2 : s1 ∈
hs1 i,→Stat2 ⇒ false;
Discharge ⇒ Stat3 : s1 ∈
/ {s ⊆ s0 | P(s)}
hs1 i,→Stat3 ⇒ false;
Discharge ⇒ Qed
Enter theory Set theory
Display finiteInduction
Theory finiteInduction s0 , P(S)
Finite(s0 ) & P(s0 )
⇒ (finΘ )
h∀s | s ⊆ finΘ → Finite(s) & P(s) ↔ s = finΘ i
End finiteInduction
Thm fin3 : [Finiteness of the union of two finite sets] Finite(X) & Finite(Y) → Finite(X ∪ Y). Proof:
Suppose not(x0 , y1 ) ⇒ Auto
Arguing by contradiction, suppose that x0 and y1 are finite sets whose
union is not finite. The finite induction enables us to take a minimal
subset y0 of y1 for which x0 ∪ y0 is not finite.
hfinΘ : y0 i finiteInduction s0 7→ y1 , P(S) 7→ ¬Finite(x0 ∪ S) ⇒
Stat1 : h∀s | s ⊆ y0 → Finite(s) & ¬Finite(x0 ∪ s) ↔ s = y0 i
hy0 i,→Stat1(Stat1?) ⇒ Finite(y0 ) & ¬Finite(x0 ∪ y0 )
APPLY
Loc def ⇒
a0 = arb(y0 )
Since y0 cannot be empty, the union x0 ∪ y0 can be decomposed as
x0 ∪ (y0 \ {arb(y0 )}) ∪ {arb(y0 )}, where x0 ∪ (y0 \ {arb(y0 )}) is finite
by inductive hypothesis. But then x0 ∪ y0 must also be finite by
Theorem fin1
Suppose ⇒ x0 ∪ y0 = x0
EQUAL ⇒ false;
Discharge ⇒ Stat2 : y0 \ {a0 } =
6 y0
hy0 \ {a0 } i,→Stat1(Stat1?) ⇒ Finite x0 ∪ (y0 \ {a0 })
hx0 ∪ (y0 \ {a0 }), a0 i,→T fin1 (Stat2?) ⇒ Finite x0 ∪ (y0 \ {a0 }) ∪ {a0 }
EQUAL hStat1i ⇒ false;
Discharge ⇒ Qed
S
Thm fin4 : [Finiteness of the union of a finite set of sets] h∀x ∈ next(F) | Finite(x)i → Finite( F). Proof:
Suppose not(f1 ) ⇒ Auto
Set monot ⇒ h∀x ∈ f1 ∪ {f1 } | Finite(x)i → h∀x ∈ f1 | Finite(x)i
Use def(next) ⇒ Stat0 : h∀x ∈ f1 ∪ {f1 } | Finite(x)i & h∀x ∈ f1 | Finite(x)i
hf1 i,→Stat0(Stat0?) ⇒ Finite(f1 )
hfinΘ : f0 i finiteInduction s0 7→ f1 , P(F) 7→ h∀x ∈ F | Finite(x)i & ¬Finite( F) ⇒
S
Stat1 : h∀f | f ⊆ f0 → Finite(f) & h∀x ∈ F | Finite(x)i & ¬Finite( F) ↔ f = f0 i
APPLY
S Loc def ⇒ a0 = arb(f0 )
Set monot ⇒ h∀x ∈ f0 | Finite(x)i → h∀x ∈ f0 \ {a0 } | Finite(x)i
S
hf0 i,→Stat1(Stat1) ⇒ Stat2 : h∀x ∈ f0 | Finite(x)i & h∀x ∈ f0 \ {a0 } | Finite(x)i & ¬Finite( f0 ) & (f0 6= ∅ → a0 ∈ f0 )
Suppose ⇒ f0 = ∅
hf0 i,→T un0 (Stat2) ⇒ ¬Finite(∅)
h∅i,→T fin2 (Stat2?) ⇒ false;
Discharge ⇒
S Auto hf0 \ {a0 } i,→Stat1(Stat2?) ⇒ Stat3 :SFiniteS (f0 \ {a0 }) & a0 ∈ f0
hf0 \ {a0 } , a0 , f0 i,→T un2 (Stat3?) ⇒
f0 = (f0 \ {a0 }) ∪ a0
hS
a0 i,→Stat2(Stat3?) ⇒ Finite(a0 )
S
h (f0 \ {a0 }), a0 i,→T fin3 (Stat3?) ⇒ Finite (f0 \ {a0 }) ∪ a0
EQUAL hStat2i ⇒ false;
Discharge ⇒ Qed
Thm rk6 : [Every finite set
F all of whose elements have finite rank has finite rank] Finite(F) &
Finite rk(F) . Proof:
Suppose not(f0 ) ⇒ Stat0 : Finite(f0 ) & t ∈ f0 | ¬Finite rk(t)
= ∅ & ¬Finite rk(f0 )
t ∈ F | ¬Finite rk(t) = ∅ →
is
a
counterexample.
By
definition,
Suppose S f0
rk(f
)
=
next
rk(y)
:
y
∈
f
,
where
we
are
assuming
0
0 Finite rk(y) and hence Finite next rk(y)
for each y ∈ f0 .
But then rk(f0 ) is finite, because the sum-set of every finite set of
finite sets is already known to be finite.
S
next rk(y)
:
y
∈
f
Use def(rk) ⇒ rk(f0 ) =
0
S EQUAL hStat0i ⇒ Stat1 : ¬Finite
next rk(y) : y ∈ f0
h next rk(y) : y ∈ f0 i,→T fin4 (Stat1?) ⇒ Stat2 : ¬h∀x ∈ next next rk(y) : y ∈ f0 | Finite(x)i
hr0 i,→Stat2(Stat2?) ⇒ r0 ∈ next next rk(y) : y ∈ f0 & ¬Finite(r0 )
Use def(next) ⇒ r0 = next rk(y) : y ∈ f0 ∨ r0 ∈ next rk(y) : y ∈ f0
Suppose ⇒ r0 = next rk(y) : y ∈ f0
APPLY h i finiteImage s0 7→ f0 , f(Y) 7→ next rk(Y) ⇒ Finite next rk(y) : y ∈ f0
EQUAL hStat2i ⇒ false;
Discharge ⇒ Stat4 : r0 ∈ next rk(y) : y ∈ f0 & t ∈ f0 | ¬Finite rk(t)
=∅
hy0 , y0 i,→Stat4(Stat4?) ⇒ Stat5 : y0∈/ t ∈ f0 | ¬Finite rk(t) & y0 ∈ f0 & r0 = next rk(y0 )
hy0 i,→Stat5(Stat5?) ⇒ Finite rk(y0 )
hrk(y0 ),rk(y0 )i,→T fin1 (Stat5?) ⇒ Finite rk(y0 ) ∪ {rk} (y0 )
Use def next rk(y0 ) ⇒ Auto
EQUAL hStat2i ⇒
false;
Discharge ⇒
Qed
Def mxl: [Inclusion-maximal elements, if any]
mxl(S)
=Def
{m ∈ S | {x ∈ S\ {m} | m ⊆ x} = ∅}
Thm fin5 : [Every nonnull finite set has an inclusion-maximal element] Finite(S) & S 6= ∅ → mxl(S) 6= ∅. Proof:
Suppose not(s1 ) ⇒ Auto
To start an inductive argument by contradiction, suppose s2 is an
inclusion-minimal counterexample.
hfinΘ : s2 i finiteInduction s0 7→ s1 , P(S) 7→ S 6= ∅ & mxl(S) = ∅
Stat1 : h∀s | s ⊆ s2 → Finite(s) & s 6= ∅ & mxl(s) = ∅ ↔ s = s2 i
APPLY
⇒
hs2 i,→Stat1(Stat1?)
⇒ Stat2 : s2 6= ∅ & mxl(s2 ) = ∅
Use def mxl(s2 ) ⇒ Auto
Draw from this set s2 , where no element is maximal, element x2 .
Since x2 is not maximal, there is an x3 ∈ s2 exceeding it.
hx2 i,→Stat2(Stat2?) ⇒ Stat3 : {m ∈ s2 | {x ∈ s2 \ {m} | m ⊆ x} = ∅} = ∅ & x2 ∈ s2
hx2 i,→Stat3 ⇒ Stat4 : {x ∈ s2 \ {x2 } | x2 ⊆ x} =
6 ∅
hx3 i,→Stat4(Stat4?) ⇒ x3 ∈ s2 \ {x2 } & x2 ⊆ x3
Due to the minimality assumption concerning s2 , there is a maximal
element m0 in s2 \ {x2 }.
Use def mxl(s2 \ {x2 }) ⇒ Auto
hs2 \ {x2 } i,→Stat1(Stat3?) ⇒ Stat5 : {m ∈ s2 \ {x2 } | {x ∈ s2 \ {x2 } \ {m} | m ⊆ x} = ∅} =
6 ∅
hm0 i,→Stat5(Stat5?) ⇒ Stat6 : {x ∈ s2 \ {x2 } \ {m0 } | m0 ⊆ x} = ∅ & m0 ∈ s2 \ {x2 }
This m0 is not maximal in s2 ; therefore, unlike x3 , it must be included
in x2 .
hm0 i,→Stat3(Stat6?) ⇒ Stat7 : {x ∈ s2 \ {m0 } | m0 ⊆ x} =
6 ∅ & {x ∈ s2 \ {x2 } \ {m0 } | m0 ⊆ x} = ∅
hx4 , x4 i,→Stat7(Stat7?) ⇒ m0 ⊆ x2
But then x3 exceeds m0 , which contradicts the maximality of m0 in
s2 \ {x2 }.
hx3 i,→Stat6(Stat4?) ⇒ false;
Discharge ⇒
Qed
Theory finiteImage s0 , f(X)
Finite(s0 )
End finiteImage
Enter theory finiteImage
Thm finiteImage. Finite {f(x) : x ∈ s0 } . Proof:
Suppose not( ) ⇒ Auto
We can prove the claim by means of finite induction. Arguing by
contradiction, let us assume that s0 has, via the global function f(X),
infinite image; then take an s1 which is finite and minimal (w. r.
t. inclusion) and has, much like s0 , infinite image {f(x) : x ∈ s1 }.
As one sees easily, s1 6= ∅; hence, if we remove an element a from
s1 , we find that {f(x) : x ∈ s1 \ {a}} is finite in consequence of the
supposed minimality of s1 . Since the union of two finite sets is finite,
we get the finiteness of {f(x) : x ∈ s1 \ {a}} ∪ {f} (a), which hence
must differ from {f(x) : x ∈ s1 }.
Assump ⇒
APPLY
Finite(s0 )
hfinΘ :
s1 i finiteInduction s0 7→ s0 , P(S) 7→ ¬Finite {f(x) : x ∈ S}
⇒
Stat1 : h∀s | s ⊆ s1 → Finite(s) & ¬Finite {f(x) : x ∈ s} ↔ s = s1 i
hs1 i,→Stat1 ⇒ ¬Finite {f(x) : x ∈ s1 }
Loc def ⇒ Stat0 : a = arb(s1 ) hf(a)i,→T fin2 ⇒ Finite {f} (a) & Finite(∅)
Suppose ⇒ s1 = ∅
ELEM ⇒ {f(x) : x ∈ ∅} = ∅
EQUAL ⇒ false;
Discharge ⇒ Auto
(Stat0)ELEM ⇒ Stat2 : s1 \ {a} ⊆ s1 & s1 \ {a} =
6 s1
Suppose ⇒ {f(x) : x ∈ s1 } = {f(x) : x ∈ s1 \ {a}} ∪ {f}(a)
hs1 \ {a} i,→Stat1(Stat2?) ⇒ Finite {f(x) : x ∈ s1 \ {a}}
h {f(x) :
x ∈ s1 \ {a}} , f(a)i,→T fin1 (Stat1?) ⇒
Finite {f(x) : x ∈ s1 \ {a}} ∪ {f} (a)
EQUAL hStat1i ⇒ false;
Discharge ⇒ Auto
On the other hand, {f(x) : x ∈ s1 \ {a}} ∪ {f} (a) and {f(x) : x ∈ s1 }
must be equal: in fact a ∈ s1 , and therefore f(a) ∈ {f(x) : x ∈ s1 };
moreover, by monotonicity, {f(x) : x ∈ s1 \ {a}} ⊆ {f(x) : x ∈ s1 }
and . . .
Set monot ⇒ {f(x) : x ∈ s1 \ {a}} ⊆ {f(x) : x ∈ s1 }
Suppose ⇒ Stat3 : f(a) ∈
/ {f(x) : x ∈ s1 }
hai,→Stat3(Stat2, Stat2?) ⇒ false;
Discharge ⇒ Stat4 : {f(x) : x ∈ s1 } 6⊆ {f(x) : x ∈ s1 \ {a}} ∪ {f} (a)
. . . one easily sees that {f(x) : x ∈ s1 } ⊆ {f(x) : x ∈ s1 \ {a}} ∪ {f} (a),
...
hbi,→Stat4(Stat4?) ⇒ Stat5 : b ∈ {f(x) : x ∈ s1 } & b ∈/ {f(x) : x ∈ s1 \ {a}}
hx0 i,→Stat5(Stat5?) ⇒ f(x0 ) ∈/ {f(x) : x ∈ s1 \ {a}} & x0 ∈ s1 & f(x0 ) 6= f(a)
Suppose ⇒ x0 = a
EQUAL hStat5i ⇒ false;
Discharge ⇒
hx0 i,→Stat6(Stat6?) ⇒ false; -
Qed
Enter theory Set theory
Display finiteImage
Theory finiteImage s0 , f(X)
Finite(s0 )
⇒
Finite {f(x) : x ∈ s0 }
End finiteImage
Thm fin6 : [Powersets of finite sets are finite] Finite(F) → Finite(PF). Proof:
Suppose not(f1 ) ⇒ Auto
We can prove the claim by means of finite induction. Arguing by
contradiction, let us assume that f1 is finite but has an infinite pow
erset; then take an f0 which is finite and minimal (w. r. t. inclusion)
and has, much like f1 , infinite powerset. As one sees easily, f0 6= ∅;
hence, if we remove an element a from f0 , we find that P(f0 \ {a}) is
finite in consequence of the supposed minimality of f0 .
hfinΘ : f0 i finiteInduction s0 7→ f1 , P(S) 7→ ¬Finite(PS) ⇒
Stat1 : h∀s | s ⊆ f0 → Finite(s) & ¬Finite(Ps) ↔ s = f0 i
APPLY
hf0 i,→Stat1 ⇒ ¬Finite(Pf0 )
{f} (a)
Stat6 : f(x0 ) ∈
/ {f(x) : x ∈ s1 \ {a}} & x0 6= a & x0 ∈ s1
k which leads us to the sought contradiction.
Discharge ⇒
∪
Suppose ⇒ f0 = ∅
h∅i,→T fin2 (Stat1?) ⇒ Finite({∅})
Suppose ⇒ P∅ = {∅}
EQUAL ⇒ false;
Discharge ⇒ Auto
Use def(P∅) ⇒ Auto
h∅, ∅i,→T pow1 (Stat1?) ⇒ Stat2 : {x : x ⊆ ∅} 6⊆ {∅}
hx0 i,→Stat2(Stat2?) ⇒ Stat3 : x0 ∈ {x : x ⊆ ∅} & x0 6= ∅
hx1 i,→Stat3(Stat3?) ⇒ false;
Discharge ⇒ Stat4 : f0 6= ∅
hai,→Stat4(Stat4?) ⇒ a ∈ f0
hf0 \ {a} i,→Stat1(Stat4?) ⇒ Finite P(f0 \ {a})
hf0 , f0 \ {a} i,→T pow1 (Stat4?) ⇒ Pf0 = P(f0 \ {a}) ∪ Pf0 \P(f
0 \ {a})
EQUAL hStat1i ⇒ ¬Finite P(f0 \ {a}) ∪ Pf0 \P(f0 \ {a})
hP(f0 \ {a}), Pf0 \P(f0 \ {a})i,→T fin3 (Stat1?) ⇒ ¬Finite Pf0 \P(f0 \ {a})
Suppose ⇒ Stat5 : Pf0 \P(f0 \ {a}) 6= {x ∪ {a} : x ∈ P(f0 \ {a})}
hbi,→Stat5 ⇒ Auto
Use def(Pf0 ) ⇒ Auto
Use def P(f0 \ {a}) ⇒ Auto
Suppose ⇒ Stat6 : b ∈ {x ∪ {a} : x ∈ P(f0 \ {a})}
hx2 i,→Stat6(Stat5?) ⇒ Stat7 : x2 ∈ {y : y ⊆ f0 \ {a}} & b = x2 ∪ {a}
hy2 i,→Stat7(Stat7?) ⇒ x2 ⊆ f0 \ {a}
(Stat5?)ELEM ⇒ Stat8 : b ∈ {y : y ⊆ f0 \ {a}} ∨ b ∈
/ {y : y ⊆ f0 }
hy1 , bi,→Stat8(Stat4?) ⇒ false;
Discharge ⇒ Auto
(Stat5?)ELEM ⇒ Stat9 : b ∈ {y : y ⊆ f0 } & b ∈
/ {y : y ⊆ f0 \ {a}} & b ∈
/ {x ∪ {a} : x ∈ P(f0 \ {a})}
hy0 , y0 , y0 \ {a} i,→Stat9(Stat5?) ⇒ Stat10 :
y0 \ {a} ∈
/ {y : y ⊆ f0 \ {a}} & y0 ⊆ f0 & a ∈ y0
hy0 \ {a} i,→Stat10(Stat10?) ⇒ false;
Discharge ⇒ Auto
APPLY h i finiteImage s0 7→ P(f0 \ {a}), f(X) 7→ x ∪ {a} ⇒ Finite {x ∪ {a} : x ∈ P(f0 \ {a})}
EQUAL ⇒
5
5.1
false;
Discharge ⇒
Qed
From reachability to transfinite induction
Reachability in a ‘big graph’
Theory reachability V(X), E(X, Y)
This theory has two predicates, one monadic and the other dyadic, as
arguments: these represent nodes (or ‘vertices’) and arcs (or ‘edges’)
of a system. What we mean by ‘system’, following Aczel, is a struc
ture akin to a graph but whose nodes and arcs might form proper
classes. Anyway, we insist that the immediate descendants of each
node x must be included in a set (possibly a set which depends on
x). (Cf. P. Aczel, “Non-well-founded sets”, vol. 14 of CSLI Lecture
Notes, CSLI, Stanford, CA, 1988)
h∀x | V(x) → h∃c, ∀y | E(x, y) & V(y) → y ∈ cii
End reachability
Enter theory reachability
Inside this Theory ‘reachability’, we will use Skolemization to
associate with every node the set of its children in the system.
For each node x, we own a set c comprising all the immediate
descendants of x; hence separation enables us to form the set
ch = {y ∈ c | E(x, y) & V(y)} of all nodes which are immediate descen
dants of x in the system. This set will be named children(x) by the
subsequent application of Skolemization. When x is not a node, a
forthcoming theorem will arrange things so that children(x) = ∅.
Thm reachability · 0: [Every node has a set of children] h∃ch, ∀y | E(X, y) & V(X) & V(y) ↔ y ∈ chi. Proof:
Suppose not(x0 ) ⇒ Stat0 : ¬h∃ch, ∀y | E(x0 , y) & V(x0 ) & V(y) ↔ y ∈ chi
Suppose ⇒
¬V(x0 )
h∅i,→Stat0(Stat0?) ⇒ Stat1 : ¬h∀y | E(x0 , y) & V(x0 ) & V(y) ↔ y ∈ ∅i
hyi,→Stat1(Stat0?) ⇒ false;
Discharge ⇒ Auto
Assump ⇒ Stat2 : h∀x | V(x) → h∃c, ∀y | E(x, y) & V(y) → y ∈ cii
hx0 i,→Stat2(Stat0?) ⇒ Stat3 : h∃c, ∀y | E(x0 , y) & V(y) → y ∈ ci & V(x0 )
hki,→Stat3(Stat3?) ⇒ Stat4 : h∀y | E(x0 , y) & V(y) → y ∈ ki
Loc def ⇒ kh = {y ∈ k | E(x0 , y) & V(y)}
hkhi,→Stat0(Stat4?) ⇒ Stat5 : ¬h∀y | E(x0 , y) & V(x0 ) & V(y) ↔ y ∈ khi
hy0 i,→Stat5(Stat3?) ⇒ E(x0 , y0 ) & V(y0 ) 6= y0 ∈ kh
Suppose ⇒ Stat6 : E(x0 , y0 ) & V(y0 )
(Stat4?)ELEM ⇒ Stat7 : y0 ∈
/ {y ∈ k | E(x0 , y) & V(y)}
hy0 i,→Stat4(Stat6?) ⇒ y0 ∈ k
hy0 i,→Stat7(Stat6?) ⇒ false;
(Stat4?)Discharge ⇒ Stat8 : y0 ∈ {y ∈ k | E(x0 , y) & V(y)} & ¬ E(x0 , y0 ) & V(y0 )
h i,→Stat8(Stat8?) ⇒ false;
Discharge ⇒
Qed
k Skolemize this last statement, rewriting it in the following form:
APPLY
hv1Θ : childreni Skolem⇒
Thm reachability · 1a: [Children lemma, 0] h∀x, y | E(x, y) & V(x) & V(y) ↔ y ∈ children(x)i.
Then recast the ‘children lemma’ just obtained in a form where uni
versal quantifiers are left understood, because this new version of the
lemma can be cited more easily.
Thm reachability · 1: [Children lemma] E(X, Y) & V(X) & V(Y) ↔ Y ∈ children(X). Proof:
Suppose not(x, y) ⇒ Auto
Treachability · 1a ⇒ Stat1 : h∀x, y | E(x, y) & V(x) & V(y) ↔ y ∈ children(x)i
hxi,→Stat1 ⇒ Stat2 : h∀y | E(x, y) & V(x) & V(y) ↔ y ∈ children(x)i
hyi,→Stat2 ⇒ false;
Discharge ⇒ Qed
Now we start to prepare more closely for the proof of a preliminary
version of the principle of transfinite induction by making an auxiliary
definition: we introduce the set descsΘ (s) of those x which either
belong to s or are descendants of elements of s (i. e., children of s,
children of children of s, and so on recursively). The construction of
descsΘ (s) will proceed in stages; as a preliminary, in fact, we define
the sets descs x(s, le) of all nodes that are reachable from s through
paths of given ‘length’ le. In an intuitive discussion, we think that
the length of a path is a natural number; but, as we do not own from
the outset the set of all natural numbers, we exploit the basic infinite
set s∞ as a convenient surrogate of this set.
Def reachability · 0: [Recursively defined iterated children]
descs x(S, X) =Def
if X = arb(s∞ ) then S else {u : w ∈ arb({descs x(S, y) : y ∈ X | y ∈ s∞ }) , u ∈ children(w)} fi
Explanation: We know that s∞ is a nonnull set satisfying the prop
erty that {X} ∈ s∞ follows from X ∈ s∞ . Hence arb(s∞ ) = a and
{a}, {{a}}, . . . are members of s∞ ; and since each of them belongs to
its immediate follower and membership does not form cycles (as one
can deduce from regularity), they differ from one another and hence
their supply is infinite. As natural numers have not been introduced
yet, we can exploit a in the role of 0, {a} in the role of 1, {{a}}
of 2, etc. We have defined descs x(S, Le) in such a way that when
Le varies over a, {a}, {{a}}, . . . the sets descs x(S, Le) come to form
a sequence descs x(S, a), descs x(S, {a}), descs x(S, {{a}}), . . . whose
first component is S and hence is formed by the same elements as S,
the second is formed by the children of elements of S, the third by
the children of children of S, and so on. At the end, by forming the
union of all components of this sequence (see our next definition), we
obtain the set S of all nodes reachable from S along paths formed by
arcs of the system.
Def reachability · 1: [Ultimate descendants of a set of nodes]
descsΘ (S)
=Def
{u : i ∈ s∞ , u ∈ descs x(S, i)}
The set just defined includes s; moreover, we will show that it is
transitively closed under membership. First we need the following
simple lemma:
Thm reachability · 2: [Descendants indexed by the singletons in the basic infinite set] X ∈ s∞ → descs x(S, {X}) =
{u : w ∈ descs x(S, X), u ∈ children(w)} . Proof:
Suppose not(x, s) ⇒ Auto
Since
x
∈
s∞ ,
{x} =
6 arb(s∞ ),
and
so
descs x(s, {x}) = {u : v ∈ arb({descs x(s, y) : y ∈ {x}}) , u ∈ children({x})}
by definition.
Use def(descs x) ⇒ descs x(s, {x}) = if {x} = arb(s∞ ) then s else {u : w ∈ arb({descs x(s, y) : y ∈ {x} | y ∈ s∞ }) , u ∈ children(w)} fi
hs∞ i,→T 0 (?) ⇒ descs x(s, {x}) = {u : w ∈ arb({descs x(s, y) : y ∈ {x} | y ∈ s∞ }) , u ∈ children(w)}
EQUAL ⇒ Stat1 : {u : w ∈ arb({descs x(s, y) : y ∈ {x} | y ∈ s∞ }) , u ∈ children(w)} =
6 {u : w ∈ descs x(s, x), u ∈ children(w)}
left-hand
side
of
this
inequality
reduces
The
which contradicts
{u : w ∈ descs x(s, x), u ∈ children(w)},
initial hypothesis, and so proves our lemma.
to
the
Suppose ⇒ Stat2 : {descs x(s, y) : y ∈ {x} | y ∈ s∞ } =
6 {descs x} (s, x)
Set monot ⇒ {descs x(s, y) : y ∈ {x} | y ∈ s∞ } ⊆ {descs x(s, y) : y ∈ {x}}
SIMPLF ⇒ {descs x(s, y) : y ∈ {x}} = {descs x} (s, x)
(Stat2?)ELEM ⇒
Stat3 : descs x(s, x) ∈
/ {descs x(s, y) : y ∈ {x} | y ∈ s∞ }
hxi,→Stat3(?) ⇒ false;
Discharge ⇒ {descs x(s, y) : y ∈ {x} | y ∈ s∞ } = {descs x} (s, x)
h {descs x} (s, x)i,→T 0 (?) ⇒ arb({descs x}) (s, x) = descs x(s, x)
EQUAL hStat1i ⇒ false;
Discharge ⇒ Qed
Now we can prove, for any set s, that descsΘ (s) includes s and is
E-transitive.
Thm reachability · 3: [Stepwise reachability] S ⊆ descsΘ (S) & X ∈ descsΘ (S) & V(X) & V(Y) & E(X, Y) → Y ∈ descsΘ (S) . Proof:
Suppose not(s, x, y) ⇒ Auto
k Arguing by contradiction, we must consider the following alternative:
hx, yi,→Treachability · 1 ⇒ s 6⊆ descsΘ (s) ∨ x ∈ descsΘ (s) & y ∈ children(x) & y ∈/ descsΘ (s)
The first of these cases is impossible, since an xx in s but not in
descsΘ (s) could not be in any of the sets descs x(s, v) where v be
longs to s∞ , contradicting the fact that arb(s∞ ) belongs to s∞ , while
descs x(s, arb(s∞ )) = s. Hence we need only consider the second case.
Suppose ⇒
Stat1 : s 6⊆ descsΘ (s)
hxxi,→Stat1 ⇒ xx ∈ s & xx ∈/ descsΘ (s)
Use def(descsΘ ) ⇒ Stat2 : xx ∈
/ {y : v ∈ s∞ , y ∈ descs x(s, v)}
hs∞ i,→T 0 (?) ⇒ Auto
harb(s∞ ) i,→T 0 (?) ⇒ arb(s∞ ) ∈ s∞
harb(s∞ ) , xxi,→Stat2 ⇒ xx ∈/ descs x(s, arb(s∞ ))
Use def(descs x) ⇒ descs x(s, arb(s∞ )) = s
(Stat1?)Discharge ⇒ Stat4 : x ∈ descsΘ (s) & y ∈ children(x) & y ∈
/ descsΘ (s)
But in this case there must exist some d in s∞ such that x in
descs x(s, d), and then descs x(s, {d}) = {w : v ∈ descs x(s, d), w ∈ v}
must have y as a member. Since {d} is a member of s∞ , this contra
dicts the fact that y ∈
/ descsΘ (s), and so proves our theorem.
Use def(descsΘ ) ⇒ Stat5 : x ∈ {w : v ∈ s∞ , w ∈ descs x(S, v)}
hd, wi,→Stat5 ⇒ Stat6 : d ∈ s∞ & x ∈ descs x(s, d)
hdi,→T 0 ⇒ {d} ∈ s∞
Use def(descsΘ ) ⇒ Stat7 : y ∈
/ {w : v ∈ s∞ , w ∈ descs x(s, v)}
h {d} , yi,→Stat7 ⇒ y ∈/ descs x(s, {d})
hd, si,→Treachability · 2 ⇒ Stat8 : y ∈/ {u : w ∈ descs x(s, d), u ∈ children(w)}
hx, yi,→Stat8(Stat8, Stat6?) ⇒ Stat9 : y ∈/ children(x)
hx, yi,→Treachability · 1 ⇒ false;
Discharge ⇒
Qed
Transitivity of the reachability relation is proved next: if Y is reach
able from X and Z is reachable from Y, then Z is reachable from
X.
Thm reachability · 4: [Transitivity of reachability] Y ∈ descsΘ ({X}) & Z ∈ descsΘ ({Y}) → Z ∈ descsΘ ({X}). Proof:
Suppose not(y0 , x, z) ⇒ Auto
Assume that y0 is reachable from {x} and that z is reachable from
{y0 }; however, to start an argument by contradiction, assume that z
is unreachable from {x}.
Suppose ⇒
{s ∈ s∞ | descs x({y0 } , s) 6⊆ descsΘ ({x})} = ∅
It follows from the definition of the set descsΘ ({y0 }) of all sets reach
able from {y0 } that at least one of the layers descs x({y0 } , i) (with
i ∈ s∞ ) which compose descsΘ ({y0 }) has an element that is unreach
able from {x}.
Use def descsΘ ({y0 }) ⇒ Auto
ELEM ⇒ Stat1 : z ∈ {u : i ∈ s∞ , u ∈ descs x({y0 } , i)} & z ∈
/ descsΘ ({x})
hi, ui,→Stat1 ⇒ i ∈ s∞ & z ∈ descs x({y0 } , i) & Stat2 : i ∈/ {s ∈ s∞ | descs x({y0 } , s) 6⊆ descsΘ ({x})}
hii,→Stat2(Stat1?) ⇒ false;
Discharge ⇒ Auto
So
we
can
pick
s0
∈
s∞
in
such
that
descs
x({y
}
,
s
)
⊆
6
descs
({x})
0
0
Θ
descs x({y0 } , s) ⊆ descsΘ ({x}) holds for all s ∈ s0 ∩ s∞ .
a
way
whereas
Loc def ⇒ s0 = arb({s ∈ s∞ | descs x({y0 } , s) 6⊆ descsΘ ({x})})
h {s ∈ s∞ | descs x({y0 } , s) 6⊆ descsΘ ({x})} i,→T 0 (?) ⇒ Stat3 :
s0 ∈ {s ∈ s∞ | descs x({y0 } , s) 6⊆ descsΘ ({x})} & s0 ∩ {s ∈ s∞ | descs x({y0 } , s) 6⊆ descsΘ ({x})} = ∅
h i,→Stat3(?) ⇒ Stat4 : descs x({y0 } , s0 ) 6⊆ descsΘ ({x}) & s0 ∈ s∞ & y0 ∈ descsΘ ({x})
The selected s0 cannot coincide with arb(s∞ ), because
descs x({y0 } , arb(s∞ )) = {y0 }, whose only element we have as
sumed to be reachable from {x}.
Use def descs x({y0 } , s0 ) ⇒ Auto
Suppose ⇒ s0 = arb(s∞ )
(Stat4?)ELEM ⇒ descs x({y0 } , s0 ) = {y0 }
(Stat4?)Discharge ⇒
descs x({y0 } , s0 ) = {u : w ∈ arb({descs x({y0 } , y) : y ∈ s0 | y ∈ s∞ }) , u ∈ children(w)}
then,
observe
that
the
expression
But
arb({descs x({y0 } , y) : y ∈ s0 | y ∈ s∞ }) occurring in the spec
ification of descs x({y0 } , s0 ) designates a set of the form
a = descs x({y0 } , s1 ), with s1 ∈ s0 ∩ s∞ . There must exist a
child u0 of an element w0 of this set that is unreachable from {x}.
hu0 i,→Stat4(Stat4?) ⇒ Stat5 : u0 ∈ {u : w ∈ arb({descs x({y0 } , y) : y ∈ s0 | y ∈ s∞ }) , u ∈ children(w)}
hw0 , u1 i,→Stat5(Stat5?) ⇒ Stat6 : w0 ∈ arb({descs x({y0 } , y) : y ∈ s0 | y ∈ s∞ }) & u0 ∈ children(w0 )
Loc def ⇒
& u0
∈
/ descsΘ ({x})
Stat7 : a = arb({descs x({y0 } , y) : y ∈ s0 | y ∈ s∞ })
h {descs x({y0 } , y) : y ∈ s0 | y ∈ s∞ } i,→T 0 (Stat5?) ⇒ Stat8 : a ∈ {descs x({y0 } , y) : y ∈ s0 | y ∈ s∞ }
hs1 i,→Stat8(Stat6, Stat7, Stat3?) ⇒ Stat9 : s1 ∈/ {s ∈ s∞ | descs x({y0 } , s) 6⊆ descsΘ ({x})} & s1 ∈ s0 & s1 ∈ s∞ & w0 ∈ descs x({y0 } , s1 )
the
minimality
of
s0 ,
it
turns
out
that
By
descs x({y0 } , s1 ) ⊆ descsΘ ({x}), and therefore w0 ∈ descs x({x0 }),
holds. But then every child of w0 , including u0 , must belong to
descsΘ ({x}), as we know from Theorem reachability · 1 that the
children of any w are the nodes directly accessible from w, . . .
hs1 i,→Stat9(Stat5, Stat6?) ⇒ Stat10 : w0 ∈ descsΘ ({x})
hw0 , u0 i,→Treachability · 1 ⇒ E(w0 , u0 ) & V(w0 ) & V(u0 )
. . . and this, with the aid of the previous Theorem reachability·3, leads
us to a fact, u0 ∈ descsΘ ({x}), which blatantly conflicts with a fact
established earlier.
h {x} , w0 , u0 i,→Treachability · 3 ⇒ Auto
k This contradiction gives us the desired conclusion.
(Stat5?)Discharge ⇒
Qed
Then we show that the set of all descendants of a set s is inclusion
minimal among all sets that include s and are closed relative to the
children-formation operation.
Thm reachability · 5: [Minimality of the reachability set] S ⊆ T & h∀x, y | x ∈ T & E(x, y) & V(x) & V(y) → y ∈ Ti → descsΘ (S) ⊆ T. Proof:
Suppose not(s, t) ⇒ Stat1 : h∀x, y | x ∈ t & E(x, y) & V(x) & V(y) → y ∈ ti & s ⊆ t & descsΘ (s) 6⊆ t
Assume that s ⊆ t and that every node which is directly accessible
from a node in t belongs to t; however, to start an argument by
contradiction, assume that not all sets reachable from s are in t.
Use def descsΘ (s) ⇒ Auto
(Stat1?)ELEM ⇒ Stat2 : {u : i ∈ s∞ , u ∈ descs x(s, i)} 6⊆ t
It follows from the definition of the set descsΘ (s) of the descendants
of s, that at least one of the layers descs x(s, i) (with i ∈ s∞ ) which
compose descsΘ (s) is not included in t.
Suppose ⇒ Stat3 : {i ∈ s∞ | descs x(s, i) 6⊆ t} = ∅
hu0 i,→Stat2(Stat2?) ⇒ Stat4 : u0 ∈ {u : i ∈ s∞ , u ∈ descs x(s, i)} & u0 ∈/ t
hi, ui,→Stat4(Stat4?) ⇒ i ∈ s∞ & descs x(s, i) 6⊆ t
hii,→Stat3(Stat3?) ⇒ false;
Discharge ⇒ Auto
So we can pick i0 ∈ s∞ in such a way that descs x(s, i0 ) 6⊆ t whereas
descs x(s, i) ⊆ t holds for all i ∈ i0 ∩ s∞ .
Loc def ⇒ i0 = arb({i ∈ s∞ | descs x(s, i) 6⊆ t})
h {i ∈ s∞ | descs x(s, i) 6⊆ t} i,→T 0 (?) ⇒ Stat5 :
i0 ∈ {i ∈ s∞ | descs x(s, i) 6⊆ t} & i0 ∩ {i ∈ s∞ | descs x(s, i) 6⊆ t} = ∅
h i,→Stat5(Stat5?) ⇒
Stat6 : i0 ∈ s∞ & descs x(s, i0 ) 6⊆ t
Use def descs x(s, i0 ) ⇒
Auto
The selected i0 cannot coincide with arb(s∞ ), because
descs x(s, arb(s∞ )) = s, which we have assumed to be included
in t.
Suppose ⇒ i0 = arb(s∞ )
(Stat6?)ELEM ⇒ Stat7 : descs x(s, i0 ) = s
(Stat7, Stat6, Stat1?)Discharge ⇒ Stat8 : {u : w ∈ arb({descs x(s, y) : y ∈ i0 | y ∈ s∞ }) , u ∈ children(w)} 6⊆ t
then,
observe
that
the
expression
But
arb({descs x(s, y) : y ∈ i0 | y ∈ s∞ }) occurring in the specifica
tion of descs x(s, i0 ) designates a set of the form a = descs x(s, i1 ),
with i1 ∈ i0 ∩ s∞ . There must exist a child u1 of an element w0 of
this set that does not belong to t.
hu1 i,→Stat8(Stat8?) ⇒ Stat9 : u1 ∈ {u : w ∈ arb({descs x(s, y) : y ∈ i0 | y ∈ s∞ }) , u ∈ children(w)}
hw0 , u2 i,→Stat9(Stat9?) ⇒ w0 ∈ arb({descs x(s, y) : y ∈ i0 | y ∈ s∞ }) & u1 ∈ children(w0 )
Loc def ⇒
a = arb({descs x(s, y) : y ∈ i0 | y ∈ s∞ })
h {descs x(s, y) : y ∈ i0 | y ∈ s∞ } i,→T 0 (Stat9?) ⇒ Stat10 : a ∈ {descs x(s, y) : y ∈ i0 | y ∈ s∞ }
hi1 i,→Stat10(Stat9?) ⇒ Stat11 : i1 ∈ i0 & i1 ∈ s∞ & w0 ∈ descs x(s, i1 )
& u1
∈
/t
By the minimality of i0 , it turns out that descs x(s, i1 ) ⊆ t, and there
fore w0 ∈ t, holds. But then every child of w0 , including u1 , must
belong to t, as we know from Theorem reachability·1 that the children
of any w are the nodes directly accessible from w, . . .
(Stat11, Stat5?)ELEM ⇒
Stat12 : i1 ∈
/ {i ∈ s∞ | descs x(s, i) 6⊆ t}
hi1 i,→Stat12(Stat11?) ⇒ w0 ∈ t
hw0 , u1 i,→Treachability · 1 ⇒ E(w0 , u1 ) & V(w0 ) & V(u1 )
. . . and we have initially assumed that nodes directly accessible from
t belong to t. This leads us into a contradiction, which gives us the
desired conclusion.
hw0 , u1 i,→Stat1(Stat9?) ⇒ false;
Discharge ⇒
Qed
Enter theory Set theory
Display reachability
Theory reachability V(X), E(X, Y)
h∀x | V(x) → h∃c, ∀y | E(x, y) & V(y) → y ∈ cii
⇒ (descsΘ )
h∀s, x, y | s ⊆ descsΘ (s) & x ∈ descsΘ (s) & V(x) & V(y) & E(x, y) → y ∈ descsΘ (s) i
h∀y, x, z | y ∈ descsΘ ({x}) & z ∈ descsΘ ({y}) → z ∈ descsΘ ({x})i
h∀s, t | s ⊆ t & h∀x, y | x ∈ t & E(x, y) & V(x) & V(y) → y ∈ ti → descsΘ (s) ⊆ ti
End reachability
5.2
Reachability through a global function
An example of the use of reachability is the construction of the closure
of a set with respect to a global function.
Theory reachGlob g(X)
End reachGlob
Enter theory reachGlob
Thm globa : [Activator of reachability, to be used with a global function] h∀x | ∅ = ∅ → h∃c, ∀y | y = g(x) & ∅ = ∅ → y ∈ cii. Proof:
Suppose not( ) ⇒ Stat1 : ¬h∀x | ∅ = ∅ → h∃c, ∀y | y = g(x) & ∅ = ∅ → y ∈ cii
hx0 i,→Stat1 ⇒ Stat2 : ¬h∃c, ∀y | y = g(x0 ) & ∅ = ∅ → y ∈ ci
h {g} (x0 )i,→Stat2 ⇒ Stat3 : ¬h∀y | y = g(x0 ) & ∅ = ∅ → y ∈ {g} (x0 )i
hy0 i,→Stat3 ⇒ false;
Discharge ⇒ Qed
Now we can apply reachability to the big graph whose vertices are
all sets and whose edges are all pairs [x, y] such that y = g(x).
APPLY
hdescsΘ : globChaini reachability V(X) 7→ ∅ = ∅, E(X, Y) 7→ Y = g(X) ⇒
Thm globb : [Recursively defined chaining]
h∀s, x, y | s ⊆ globChain(s) & x ∈ globChain(s) & ∅ = ∅ & ∅ = ∅ & y = g(x) → y ∈ globChain(s) i &
h∀y, x, z | y ∈ globChain({x}) & z ∈ globChain({y}) → z ∈ globChain({x})i &
h∀s, t | s ⊆ t & h∀x, y | x ∈ t & y = g(x) & ∅ = ∅ & ∅ = ∅ → y ∈ ti → globChain(s) ⊆ ti.
Def glob0 : [Reachability chain based on a global function]
globΘ (B)
=Def
globChain({B})
Thm glob0 : [Transitivity of reachability chain based on a global function] Y ∈ globΘ (X) & Z ∈ globΘ (Y) → Z ∈ globΘ (X). Proof:
Suppose not(y0 , x0 , z0 ) ⇒ Auto
Use def(globΘ ) ⇒ Stat1 : y0 ∈ globChain({x0 }) & z0 ∈ globChain({y0 }) & z0 ∈
/ globChain({x0 })
h i,→T globb (Stat1?) ⇒ Stat2 : h∀y, x, z | y ∈ globChain({x}) & z ∈ globChain({y}) → z ∈ globChain({x})i
hy0 , x0 , z0 i,→Stat2(Stat1?) ⇒ false;
Discharge ⇒ Qed
Thm glob1 : [Closure properties of a reachability chain] B ∈ globΘ (B) & X ∈ globΘ (B) & Y = g(X) → Y ∈ globΘ (B) . Proof:
Suppose not(b0 , x0 , y0 ) ⇒ Auto
h i,→T globb ⇒ Stat1 : h∀s, x, y | s ⊆ globChain(s) & x ∈ globChain(s) & ∅ = ∅ & ∅ = ∅ & y = g(x) → y ∈ globChain(s) i
Use def globΘ (b0 ) ⇒ Auto
h {b0 } , x0 , y0 i,→Stat1(?) ⇒ false;
Discharge ⇒ Qed
Thm glob2 : [Minimality of reachability chain] B ∈ T & h∀x ∈ T | g(x) ∈ Ti → globΘ (B) ⊆ T. Proof:
Suppose not(b0 , t0 ) ⇒ Auto
h i,→T globb ⇒ Stat1 : h∀s, t | s ⊆ t & h∀x, y | x ∈ t & y = g(x) & ∅ = ∅ & ∅ = ∅ → y ∈ ti → globChain(s) ⊆ ti
Use def globΘ (b0 ) ⇒ Auto
h {b0 } , t0 i,→Stat1 ⇒ Stat2 : ¬h∀x, y | x ∈ t0 & y = g(x) & ∅ = ∅ & ∅ = ∅ → y ∈ t0 i & h∀x ∈ t0 | g(x) ∈ t0 i
hx0 , y0 , x0 i,→Stat2(Stat2?) ⇒ false;
Discharge ⇒ Qed
Our next theorem provides information about the structure of each
item in the reachability chain of a global function.
Thm glob3 : [Every item in a reachability chain other than the starter is generated] globΘ (B) = {B} ∪ {g(u) : u ∈ globΘ (B)} . Proof:
Suppose not(b0 ) ⇒ Auto
Suppose ⇒ Stat1 : {b0 } ∪ {g(u) : u ∈ globΘ (b0 )} 6⊆ globΘ (b0 )
ha0 i,→Stat1 ⇒ Auto
hb0 , y0 , g(y0 )i,→T glob1 (Stat1?) ⇒ Stat2 : a0 ∈ {g(u) : u ∈ globΘ (b0 )} & y0 ∈ globΘ (b0 ) → g(y0 ) ∈ globΘ (b0 )
hy0 i,→Stat2(Stat1?) ⇒ false;
Discharge ⇒ Auto
hb0 , {b0 } ∪ {g(u) : u ∈ globΘ (b0 )} i,→T glob2 (?) ⇒ Stat3 : ¬
h∀x ∈ {b0 } ∪ {g(u) : u ∈ globΘ (b0 )} | g(x) ∈ {b0 } ∪ {g(u) : u ∈ globΘ (b0 )} i
hx1 i,→Stat3(Stat3?) ⇒ Stat4 : g(x1 ) ∈/ {g(u) : u ∈ globΘ (b0 )} & x1 ∈ {b0 } ∪ {g(u) : u ∈ globΘ (b0 )}
Suppose ⇒ x1 = b0
hb0 , x1 , g(x1 )i,→T glob1 (Stat4?) ⇒ x1 , g(x1 ) ∈ globΘ (b0 )
hx1 i,→Stat4(Stat4?) ⇒ false;
Discharge ⇒ Auto
(Stat4?)ELEM ⇒ Stat5 : x1 ∈ {g(u) : u ∈ globΘ (b0 )}
hu1 i,→Stat5(Stat5?) ⇒ u1 ∈ globΘ (b0 ) & x1 = g(u1 )
hb0 , u1 , x1 i,→T glob1 (Stat5?) ⇒ x1 ∈ globΘ (b0 )
hb0 , x1 , g(x1 )i,→T glob1 (Stat4?) ⇒ g(x1 ) ∈ globΘ (b0 )
hx1 i,→Stat4(Stat5?) ⇒ false;
Discharge ⇒ Qed
Thm glob4 : [Connectivity of each reachability chain] f ⊆ globΘ (B) | h∀x ∈ globΘ (B) | x ∈ f ↔ g(x) ∈ f i = {∅, globΘ (B)} . Proof:
Suppose not(b0 ) ⇒ Auto
Suppose ⇒ Stat1 : ∅ ∈
/ f ⊆ globΘ (b0 ) | h∀x ∈ globΘ (b0 ) | x ∈ f ↔ g(x) ∈ f i
h∅i,→Stat1(Stat1?) ⇒ Stat2 : ¬h∀x ∈ globΘ (b0 ) | x ∈ ∅ ↔ g(x) ∈ ∅i
hx0 i,→Stat2(Stat2?) ⇒ false; Discharge ⇒ Auto
Suppose ⇒ Stat3 : globΘ (b0 ) ∈
/ f ⊆ globΘ (b0 ) | h∀x ∈ globΘ (b0 ) | x ∈ f ↔ g(x) ∈ f i
hglobΘ (b0 )i,→Stat3(Stat3?) ⇒ Stat4 : ¬h∀x ∈ globΘ (b0 ) | x ∈ globΘ (b0 ) ↔ g(x) ∈ globΘ (b0 )i
hb0 i,→T glob3 ⇒ Auto
hx1 i,→Stat4(Stat4?) ⇒ Stat5 : g(x1 ) ∈/ {g(u) : u ∈ globΘ(b0 )} & x1 ∈ globΘ (b0 )
hx1 i,→Stat5(Stat5?) ⇒ false;
Discharge ⇒ Stat6 : f ⊆ globΘ (b0 ) | h∀x ∈ globΘ (b0 ) | x ∈ f ↔ g(x) ∈ f i 6⊆ {∅, globΘ (b0 )}
hf0 i,→Stat6(Stat6?) ⇒ Stat7 : f0 ∈ f ⊆ globΘ (b0 ) | h∀x ∈ globΘ (b0 ) | x ∈ f ↔ g(x) ∈ f i & f0 ∈/ {∅, globΘ (b0 )}
h i,→Stat7(Stat7?) ⇒ Stat8 : h∀x ∈ globΘ (b0 ) | x ∈ f0 ↔ g(x) ∈ f0 i & f0 ⊆ globΘ (b0 )
Suppose ⇒ b0 ∈ f0
hb0 , f0 i,→T glob2 (Stat7?) ⇒ Stat9 : ¬h∀x ∈ f0 | g(x) ∈ f0 i
hx2 i,→Stat9(Stat9?) ⇒ x2 ∈ f0 & g(x2 ) ∈/ f0
hx2 i,→Stat8(Stat8?) ⇒ false;
Discharge ⇒ Auto
hb0 i,→T glob3 ⇒ Stat10 : {g(u) : u ∈ globΘ (b0 )} ⊆ globΘ (b0 ) & b0 ∈ globΘ (b0 )\f0
hb0 , globΘ (b0 )\f0 i,→T glob2 (Stat7?) ⇒ Stat11 : ¬h∀x ∈ globΘ (b0 )\f0 | g(x) ∈ globΘ (b0 )\f0 i
hx3 i,→Stat11(Stat11?) ⇒ x3 ∈ globΘ (b0 )\f0 & g(x3 ) ∈/ globΘ (b0 )\f0
hx3 i,→Stat8(Stat10?) ⇒ Stat12 : g(x3 ) ∈/ {g(u) : u ∈ globΘ (b0 )}
hx3 i,→Stat12(Stat11?) ⇒ false;
Discharge ⇒ Qed
Enter theory Set theory
Display reachGlob
Theory reachGlob g(X)
⇒ (globΘ )
h∀y, x, z | y ∈ globΘ (x) & z ∈ globΘ (y) → z ∈ globΘ (x)i
h∀b, x, y | b ∈ globΘ (b) & x ∈ globΘ (b) & y = g(x) → y ∈ globΘ (b) i
h∀b, t | b ∈ t & h∀x ∈ t | g(x) ∈ ti → globΘ (b) ⊆ ti
h∀b | glob
Θ (b) = {b} ∪ {g(u) : u ∈ globΘ (b)} i
h∀b | f ⊆ globΘ (b) | h∀x ∈ globΘ (b) | x ∈ f ↔ g(x) ∈ f i = {∅, globΘ (b)} i
End reachGlob
6
Existence of an infinite set: Natural numbers
An example of the use of reachability through a global function is
the construction of the set of all natural numbers intended à la von
Neumann.
APPLY hglobΘ : countChaini reachGlob g(X) 7→ X ∪ {X} ⇒
Thm natsa : [Recursively defined upward counting] h∀y, x, z | Y ∈ countChain(X) & Z ∈ countChain(Y)
→ Z ∈ countChain(X)i &
h∀b, x, y | B ∈ countChain(B) & X ∈ countChain(B) & Y = X ∪ {X} → Y ∈ countChain(B) i &
h∀b, t | B ∈ T & h∀x ∈ T | x ∪ {x} ∈ Ti → countChain(B) ⊆ Ti & h∀b | countChain(B) = {B} ∪ {u ∪ {u} : u ∈ countChain(B)} i.
Def nats: [von Neumann’s natural numbers]
N
=Def
countChain(∅)
Thm nats1 : [Closure properties of von Neumann’s naturals] ∅ ∈ N & (X ∈ N & Y = X ∪ {X} → Y ∈ N). Proof:
Suppose not(x0 , y0 ) ⇒ Auto
h i,→T natsa ⇒ Stat1 : h∀b, x, y | b ∈ countChain(b) & x ∈ countChain(b) & y = x ∪ {x} → y ∈ countChain(b) i
Use def(N) ⇒ N = countChain(∅)
h∅, x0 , y0 i,→Stat1(?) ⇒ false;
Discharge ⇒ Qed
Thm nats2 : [Minimality of von Neumann’s set of naturals] ∅ ∈ T & h∀x ∈ T | x ∪ {x} ∈ Ti → N ⊆ T. Proof:
Suppose not(t0 ) ⇒ Auto
h i,→T natsa ⇒ Stat1 : h∀b, t | b ∈ t & h∀x ∈ t | x ∪ {x} ∈ ti → countChain(b) ⊆ ti
Use def(N) ⇒ N = countChain(∅)
h∅, t0 i,→Stat1 ⇒ Stat2 : ¬h∀x, y | x ∈ t0 & y = x ∪ {x} & ∅ = ∅ & ∅ = ∅ → y ∈ t0 i & h∀x ∈ t0 | x ∪ {x} ∈ t0 i
hx0 , y0 , x0 i,→Stat2(Stat2?) ⇒ false;
Discharge ⇒ Qed
k We can now prove that the set of all natural numbers is infinite.
Thm nats4 : [Infinitely many natural numbers exist] ¬Finite(N). Proof:
Suppose not( ) ⇒ Auto
Use def(Finite) ⇒ Stat1 : h∀g ∈ P(PN)\ {∅} , ∃m | g ∩ Pm = {m} i
Suppose ⇒ ¬h∃m | {N\n : n ∈ N} ∩ Pm = {m} i
h {N\n : n ∈ N} i,→Stat1(Stat1?) ⇒ {N\n : n ∈ N} ∈/ P(PN)\ {∅}
Suppose ⇒ Stat2 : {N\n : n ∈ N} = ∅
h∅i,→Stat2(Stat2?) ⇒ ∅ ∈/ N
h∅, ∅i,→T nats1 (Stat2?) ⇒ false;
Discharge ⇒ Auto
Use def(P) ⇒ Stat3 : {N\n : n ∈ N} ∈
/ {x : x ⊆ {y : y ⊆ N}}
h {N\n : n ∈ N} i,→Stat3(Stat3?) ⇒ Stat4 : {N\n : n ∈ N} 6⊆ {y : y ⊆ N}
hai,→Stat4(Stat4?) ⇒ Stat5 : a ∈ {N\n : n ∈ N} & a ∈/ {y : y ⊆ N}
hn0 , ai,→Stat5(Stat5?) ⇒ false;
Discharge ⇒ Stat6 : h∃m | {N\n : n ∈ N} ∩ Pm = {m} i
hm1 i,→Stat6(Stat6?) ⇒ Stat7 : m1 ∈ {N\n : n ∈ N} & {N\n : n ∈ N} ∩ Pm1 = {m1 }
hn1 i,→Stat7(Stat7?) ⇒ n1 ∈ N & m1 = N\n1
hn1 , n1 ∪ {n1 } i,→T nats1 (Stat7?) ⇒ n1 ∪ {n1 } ∈ N
Suppose ⇒ Stat8 : N\(n1 ∪ {n1 }) ∈
/ {N\n : n ∈ N}
hn1 ∪ {n1 } i,→Stat8(Stat7?) ⇒ false;
Discharge ⇒ Auto
EQUAL hStat7i ⇒ P(N\n1 ) = Pm1
hN\n1 , N\(n1 ∪ {n1 })i,→T pow0 (Stat7?) ⇒ false;
Discharge ⇒ Qed
Our next theorem provides information about the structure of each
natural number, thereby making it possible to prove many proper
ties of such numbers, as illustrated by the various theorems which
immediately follow it.
Thm nats5 : [Every nonnull natural number is a successor] N = {∅} ∪ {u ∪ {u} : u ∈ N} . Proof:
Suppose not( ) ⇒ Auto
h i,→T natsa ⇒ Stat1 : h∀b | countChain(B) = {B} ∪ {u ∪ {u} : u ∈ countChain(B)} i
h∅i,→Stat1(?) ⇒ countChain(∅) = {∅} ∪ {u ∪ {u} : u ∈ countChain(∅)}
Use def(N) ⇒
false;
Discharge ⇒
Qed
k Next we prove that each natural number is a transitive set.
Thm nats6 : [Every natural number is transitive] X ∈ N → {w ∈ X | w 6⊆ X} = ∅. Proof:
Suppose not(x0 ) ⇒ Auto
Suppose ⇒ Stat0 : {u ∈ N | {w ∈ u | w 6⊆ u} =
6 ∅} = ∅
hx0 i,→Stat0(?) ⇒ false;
Discharge ⇒ Stat1 : {u ∈ N | {w ∈ u | w 6⊆ u} =
6 ∅} =
6 ∅
Loc def ⇒ a0 = arb({u ∈ N | {w ∈ u | w 6⊆ u} =
6 ∅})
(Stat1)ELEM ⇒ Stat2 : a0 ∈ {u ∈ N | {w ∈ u | w 6⊆ u} =
6 ∅} & a0 ∩ {u ∈ N | {w ∈ u | w 6⊆ u} =
6 ∅} = ∅
h i,→Stat2(Stat2?) ⇒ Stat3 : {w ∈ a0 | w 6⊆ a0 } =
6 ∅ & a0 ∈ N
Suppose ⇒ a0 = ∅
EQUAL ⇒ Stat4 : {w ∈ ∅ | w 6⊆ ∅} =
6 ∅
he0 i,→Stat4(Stat4?) ⇒ false;
Discharge ⇒ a0 6= ∅
h i,→T nats5 (Stat2?) ⇒ Stat5 : a0 ∈ {u ∪ {u} : u ∈ N}
hu1 i,→Stat5(Stat2?) ⇒ Stat6 : u1 ∈/ {u ∈ N | {w ∈ u | w 6⊆ u} =
6 ∅} & a0 = u1 ∪ {u1 } & u1 ∈ N
hu1 i,→Stat6(Stat6?) ⇒ Stat7 : {w ∈ u1 | w 6⊆ u1 } = ∅
hw1 i,→Stat3(Stat3, Stat3?) ⇒ w1 ∈ a0 & w1 6⊆ a0
Suppose ⇒ w1 6= u1
hw1 i,→Stat7(Stat6?) ⇒ false;
Discharge ⇒ false
Discharge ⇒ Qed
In preparation for the proof that of any two natural numbers one
belongs to the other, we prove a sort of ‘converse’ of the claim that
all naturals are transitive.
Thm nats7 : [Strict inclusion between natural numbers amounts to membership] {X, Y} ⊆ N → (X ⊆ Y & X 6= Y ↔ X ∈ Y). Proof:
Suppose not(x1 , y1 ) ⇒ Auto
Loc def ⇒ y0 = arb y ∈ N | h∃x ∈ N | x ⊆ y & x 6= y & x ∈
/ yi
Suppose ⇒ y0 ∈
/ y ∈ N | h∃x ∈ N | x ⊆ y & x 6= y & x ∈
/ yi
ELEM ⇒ Stat1 : y1 ∈
/ y ∈ N | h∃x ∈ N | x ⊆ y & x 6= y & x ∈
/ yi
hy1 i,→Stat1(?) ⇒ Stat2 : ¬h∃x ∈ N | x ⊆ y1 & x 6= y1 & x ∈/ y1 i
hx1 i,→Stat2(?) ⇒ y1 ∈ N & x1 ∈ y1 & x1 6= y1 & x1 6⊆ y1
hy1 i,→T nats6 (Stat2?) ⇒ Stat3 : x1 ∈/ {w ∈ y1 | w 6⊆ y1 }
hx1 i,→Stat3(Stat2?) ⇒
Discharge ⇒
false;
Stat4 : y0 ∈ y ∈ N | h∃x ∈ N | x ⊆ y & x 6= y & x ∈
/ yi & y0 ∩ y ∈ N | h∃x ∈ N | x ⊆ y & x 6= y & x ∈
/ yi = ∅
h i,→T nats5 ⇒ Auto
In view of Theorem nats6 , should a counterexample to the claim exist,
one could pick a y0 ∈ N and an x0 ∈ N strictly included in y0 so that
/ y0 and no element u of y0 strictly includes any x ∈ N that does
x0 ∈
not belong to u. In order to strictly include something, y0 cannot be
∅; therefore y = u0 ∪ {u0 } for some u0 .
h i,→Stat4(Stat4?) ⇒
hx0 i,→Stat5(Stat5?) ⇒
hu0 i,→Stat6(Stat4?) ⇒
hu0 i,→Stat7(Stat7?) ⇒
Stat5 : h∃x ∈ N | x ⊆ y0 & x 6= y0 & x ∈
/ y0 i & y0 ∈ {∅} ∪ {u ∪ {u} : u ∈ N}
Stat6 : y0 ∈ {u
∪
{u}
:
u
∈
N}
&
x
∈ N & x0 ⊆ y0 & x0 6= y0 & x0 ∈
/ y0
0
Stat7 : u0 ∈
/ y ∈ N | h∃x ∈ N | x ⊆ y & x 6= y & x ∈
/ yi & u0 ∈ N & y0 = u0 ∪ {u0 }
Stat8 : ¬h∃x ∈ N | x ⊆ u0 & x 6= u0 & x ∈
/ u0 i
But then u0 ∈ x0 must hold, else u0 would strictly include x0 , which
inductively implies x0 ∈ u0 and hence leads to the contradiction
x0 ∈ y0 . Since x0 is nonnull, it must be of the form v0 ∪ {v0 } for
some v0 ∈ N; however, this conflicts with the inequality x0 6= y0 , be
cause v0 ∪ {v0 } = W ∪ {u0 } with W ⊆ u0 can only hold if v0 = u0
and v0 = W.
hx0 i,→Stat8(Stat4?) ⇒ Stat9 : x0 ∈ {u ∪ {u} : u ∈ N}
hv0 i,→Stat9(Stat9?) ⇒ x0 \ {u0 } ∪ {u0 } = v0 ∪ {v0 }
(Stat6?)Discharge ⇒
& u0
∈ x0
Qed
k Next we prove that the set of all natural numbers is an ordinal.
Thm nats8 : [The set of all natural numbers is an ordinal] O(N). Proof:
Suppose not( ) ⇒ Auto
Use def(O) ⇒ Stat0 : ¬h∀x ∈ N | x ⊆ Ni ∨ ¬h∀x ∈ N, y ∈ N | x ∈ y ∨ y ∈ x ∨ x = yi
Loc def ⇒ n0 = arb({w ∈ N | w 6⊆ N})
Suppose ⇒ Stat1 : n0 ∈ {w ∈ N | w 6⊆ N} & n0 ∩ {w ∈ N | w 6⊆ N} = ∅
h i,→T nats5 ⇒ Auto
h i,→Stat1(Stat1?) ⇒ Stat2 : n0 ∈ {u ∪ {u} : u ∈ N} & n0 6⊆ N
hu0 i,→Stat2(Stat1?) ⇒ Stat3 : u0 ∈/ {w ∈ N | w 6⊆ N} & u0 ∈ N & n0 = u0 ∪ {u0 }
hu0 i,→Stat3(Stat2?) ⇒ false;
Discharge ⇒ Stat4 : {w ∈ N | w 6⊆ N} = ∅
Suppose ⇒ Stat5 : {x : x ∈ N, y ∈ N | ¬(x ⊆ y ∨ y ⊆ x)} = ∅
hx0 i,→Stat4(Stat4?) ⇒ Auto
hx0 , x1 , y1 i,→Stat0(Stat4?) ⇒ Stat6 :
x1 , y1 ∈ N & x1 ∈
/ y1 & y1 ∈
/ x1 & ¬(x1 ∈ y1 ∨ y1 ∈ x1 ∨ x1 = y1 )
hx1 , y1 i,→Stat5(Stat5?) ⇒ x1 ⊆ y1 ∨ y1 ⊆ x1
hx1 , y1 i,→T nats7 (Stat6?) ⇒ y1 ⊆ x1
hy1 , x1 i,→T nats7 (Stat6?) ⇒ false;
Discharge ⇒ Stat9 : {x : x ∈ N, y ∈ N | ¬(x ⊆ y ∨ y ⊆ x)} =
6 ∅
Loc def ⇒ x0 = arb({x : x ∈ N, y ∈ N | ¬(x ⊆ y ∨ y ⊆ x)})
(Stat9)ELEM ⇒ Stat10 : x0 ∈ {x : x ∈ N, y ∈ N | ¬(x ⊆ y ∨ y ⊆ x)} & x0 ∩ {x : x ∈ N, y ∈ N | ¬(x ⊆ y ∨ y ⊆ x)} = ∅
hx2 , y0 i,→Stat10(Stat10?) ⇒ Stat11 : x0 , y0 ∈ N & ¬(x0 ⊆ y0 ∨ y0 ⊆ x0 )
h i,→T nats5 (Stat11?) ⇒ Stat12 : x0 ∈ {u ∪ {u} : u ∈ N}
hu1 i,→Stat12(Stat10?) ⇒ Stat13 : u1 ∈/ {x : x ∈ N, y ∈ N | ¬(x ⊆ y ∨ y ⊆ x)} & u1 ∈ N & x0 = u1 ∪ {u1 }
hu1 , y0 i,→Stat13(Stat11?) ⇒ u1 ⊆ y0 & u1 6= y0
hu1 , y0 i,→T nats7 (Stat11?) ⇒ false;
Discharge ⇒ Qed
6.1
A basic form of the principle of transfinite induction
Next we state a basic form of the principle of transfinite induction,
which simply asserts that if there is any n satisfying a property P(X),
there is a memership-minimal m such that P(m). We formulate this
as a theory providing just one theorem.
Theory transfiniteInduction n, P(X)
P(n)
End transfiniteInduction
Enter theory transfiniteInduction
Def transfiniteInductiona : [Activator of reachability, for transfinite induction argument]
APPLY
EtransfInd(X)
=Def
arb({u ∈ X | P(u)})
hglobΘ : GtransfIndi reachGlob g(X) 7→ EtransfInd(X) ⇒
Thm transfiniteInductiona . h∀b, x, y | b ∈ GtransfInd(b) & x ∈ GtransfInd(b) & y = EtransfInd(x) → y ∈ GtransfInd(b) i.
Def transfiniteInduction0 : [Witness for transfinite induction argument]
transfIndΘ
=Def
arb({m : m ∈ GtransfInd(n) | P(m)})
Thm transfiniteInduction1 : [Transfinite membership induction] P(transfIndΘ) & K ∈ transfIndΘ → ¬P(K) . Proof:
Suppose not(k0 ) ⇒ Stat0 : ¬P(transfIndΘ ) ∨ k0 ∈ transfIndΘ & P(k0 )
Proceed
by
contradiction,
first
noting
that
{m : m ∈ GtransfInd(n) | P(m)} cannot be null since n belongs
to it.
h i,→T transfiniteInductiona
Stat1 : h∀b, x, y | b ∈ GtransfInd(b) & x ∈ GtransfInd(b) & y = EtransfInd(x) → y ∈ GtransfInd(b) i
Suppose ⇒ Stat2 : {m : m ∈ GtransfInd(n) | P(m)} = ∅
Assump ⇒ P(n)
hn, ∅, ∅i,→Stat1 ⇒ n ∈ GtransfInd(n)
hni,→Stat2 ⇒ false;
Discharge ⇒ Auto
⇒
The axiom of choice now tells us that there is a minimal element
transfIndΘ of {m : m ∈ GtransfInd(n) | P(m)}. This necessarily satis
fies transfIndΘ ∈ GtransfInd(n) & P(transfIndΘ ).
Use def(transfIndΘ ) ⇒ transfIndΘ = arb({m : m ∈ GtransfInd(n) | P(m)})
m ∈ GtransfInd(n) | P(m)} i,→T 0 (?) ⇒ Stat3 :
h {m :
transfIndΘ ∈ {m : m ∈ GtransfInd(n) | P(m)} & transfIndΘ ∩ {m : m ∈ GtransfInd(n) | P(m)} = ∅
htransfIndΘ i,→Stat3 ⇒ transfIndΘ ∈ GtransfInd(n) & P(transfIndΘ )
The negative of our theorem now tells us that there is a k0 ∈
transfIndΘ such that P(k0 ); consequently, there is a k1 belonging to
{m : GtransfInd(n) | P(m)} which also belongs to transfIndΘ ; thereby,
the minimality of transfIndΘ gets contradicted. This contradiction
proves our theorem.
Suppose ⇒
Stat4 : k0 ∈
/ {u ∈ transfIndΘ | P(u)}
hk0 i,→Stat4(Stat0?) ⇒ false;
Discharge ⇒ Stat5 : k0 ∈ {u ∈ transfIndΘ | P(u)}
Loc def ⇒ k1 = arb({u ∈ transfIndΘ | P(u)})
(Stat5)ELEM ⇒ Stat6 : k1 ∈ {u ∈ transfIndΘ | P(u)}
h i,→Stat6(Stat3?) ⇒ Stat8 : k1 ∈/ {m : m ∈ GtransfInd(n) | P(m)} & P(k1 )
hn, transfIndΘ , k1 i,→Stat1 ⇒ k1 = EtransfInd(transfIndΘ ) → k1 ∈ GtransfInd(n)
Use def(EtransfInd) ⇒ k1 ∈ GtransfInd(n)
hk1 i,→Stat8(Stat8?) ⇒ false;
Discharge ⇒ Qed
Enter theory Set theory
Now we have a preliminary form of the principle of transfinite induc
tion, which is given by the following theory:
Display transfiniteInduction
Theory transfiniteInduction n, P(X)
P(n)
⇒ (transfIndΘ )
h∀k | P(transfIndΘ ) & k ∈ transfIndΘ → ¬P(k) i
End transfiniteInduction
Through application of transfinite induction, we prove that the rank
of each set is an ordinal.
Thm rk7 : [Every set has an ordinal for rank] O rk(X) . Proof:
Suppose not(x1 ) ⇒ Auto
APPLY
htransfIndΘ :
x0 i transfiniteInduction n 7→ x1 , P(X) 7→ ¬O rk(X)
⇒
Stat0 : h∀k | ¬O rk(x0 ) & k ∈ x0 → ¬¬O rk(k) i
h∅i,→Stat0(Stat0?) ⇒ Stat1 : ¬O
rk(x
)
0
S
next rk(y) : y∈ x0
Use def(rk) ⇒ Stat2 : rk(x0 ) =
S next rk(y) : y ∈ x0
EQUAL hStat1i ⇒ ¬O
S o ∈ next rk(y) : y ∈ x0 | O(o)
h next rk(y) : y ∈ x0 i,→T isOrd4 (Stat2?) ⇒ Stat3 : O
n
o
SIMPLF ⇒
o ∈ next rk(y) : y ∈ x0 | O(o) = next rk(y) : y ∈ x0 | O next rk(y)
n
o
Suppose ⇒ Stat4 : next rk(y) : y ∈ x0 | O next rk(y)
6= next rk(y) : y ∈ x0
he0 i,→Stat4(Stat4?) ⇒ e0 ∈ x0 & ¬O next rk(e0 )
he0 i,→Stat0(Stat4?) ⇒ O rk(e0 )
n
o
hrk(e0 )i,→T isOrd2 (Stat4?) ⇒ false;
Discharge ⇒
next rk(y) : y ∈ x0 | O next rk(y)
= next rk(y) : y ∈ x0
EQUAL ⇒ false;
Discharge ⇒ Qed
Thm rk9 : [Monotonicity of the rank operation relative to membership] X ∈ Y → rk(X) ∈ rk(Y) & rk(X) ⊆ rk(Y). Proof:
Suppose not(x0 , y0 ) ⇒ Auto
hy0 i,→T rk7 ⇒ Auto
hrk(y0 ), rk(x0 )i,→T isOrd3 (?) ⇒ Stat0 : rk(x0 ) ∈/ rk(y0 )
Use def rk(y0 ) ⇒ Auto S next
ELEM ⇒ Stat1 : rk(x0 ) ∈
/
rk(y) : y ∈ y0 & x0 ∈ y0
Suppose ⇒ Stat2 : next rk(x0 ) ∈
/ next rk(y) : y ∈ y0
hx0 i,→Stat2(Stat1?)
⇒ false;
Discharge ⇒ Auto
Use def next rk(x0 ) ⇒ Auto
h
next rk(y) : y ∈ y0 , next rk(x0 ) , next rk(y) : y ∈ y0 i,→T un2 (Stat1?) ⇒
false;
Discharge ⇒
Thm isOrd11 : [Every finite nonnull ordinal is a successor ordinal] O(X) & Finite(X) & X 6= ∅ & V =
Suppose not(x0 , v0 ) ⇒ Auto
S
Qed
X → X = next(V) & O(V). Proof:
Suppose x0 is a counterexample. Due to its finiteness, x0 has a maxi
mal element m0 , so that {x ∈ x0 \ {m0 } | m0 ⊆ x} = ∅; moreover, due
to the fact that x0 is an ordinal, m0 is the maximum of x0 and there
fore next(m0 ) includes next(y) for every y ∈ x0 .
Use def mxl(x0 ) ⇒ Auto
hx0 i,→T fin5 (?) ⇒ Stat1 : {m ∈ x0 | {x ∈ x0 \ {m} | m ⊆ x} = ∅} =
6 ∅ & O(x0 )
hm0 i,→Stat1(Stat1?) ⇒ Stat2 : {x ∈ x0 \ {m0 } | m0 ⊆ x} = ∅ & m0 ∈ x0
hx0 , m0 i,→T isOrd3 (Stat1?) ⇒ O(m0 ) hm0 i,→T isOrd2 (Stat2?)
⇒ O next(m0 )
Use def next(m0 ) ⇒ Auto
Suppose ⇒ Stat3 : ¬h∀y ∈ x0 | next(y) ⊆ next(m0 )i
hy0 i,→Stat3(Stat3?) ⇒ Stat4 : y0 ∈ x0 & next(y0 ) 6⊆ next(m0 )
hx0 , y0 i,→T isOrd3 (Stat1?) ⇒ O(y0 ) hy0 i,→T isOrd2 (Stat4?) ⇒ O next(y0 )
hy0 , m0 i,→T isOrd
(Stat2?) ⇒ y0 ∈ m0 ∨ m0 ∈ y0 ∨ y0 = m0
8
Use def next(y0 ) ⇒ Auto
hnext(y0 ), next(m0 )i,→T isOrd1 (Stat2?) ⇒ m0 ⊆ y0 & m0 6= y0
hy0 i,→Stat2(Stat4?) ⇒ false;
Discharge ⇒ Auto
S
From Theorem isOrd7 we get x0 = {next(y) : y ∈ x0 }, whence
next(m0 ) = x0 easily follows. On the one hand, in fact, for each z ∈ x0
we have z ⊆ next(y) for some y ∈ x0 ; such a y meets, by what seen
above, the condition next(y) ⊆ next(m0 ), implying z ∈ next(m0 ). On
the other hand, if z ∈ next(m0 ), then z ∈ x0 , because m0 ∈ x0 and
hence next(m0 ) ⊆ x0 .
S
hx0 i,→T isOrd7 (?) ⇒ Stat5 : h∀y
S ∈ x0 | next(y) ⊆ next(m0 )i & x0 = {next(y) : y ∈ x0 }
Suppose ⇒ Stat6 : next(m0 ) 6= {next(y) : y ∈ x0 }
S
{next(y) : y ∈ x0 } ⇒ Auto
Use def
S
hz0 i,→Stat6(Stat6?) ⇒ z0 ∈ next(m0 ) 6= z0 ∈ {next(y) : y ∈ x0 }
Suppose ⇒ z0 ∈ {u : v ∈ {next(y) : y ∈ x0 } , u ∈ v}
SIMPLF hStat6i ⇒ Stat7 : z0 ∈ {u : y ∈ x0 , u ∈ next(y)}
hy1 , x1 i,→Stat7(Stat7?) ⇒ y1 ∈ x0 & z0 ∈ next(y1 )
S
hy1 i,→Stat5(Stat6?) ⇒ false;
Discharge ⇒ Stat8 : z0 ∈ next(m0 ) & z0 ∈
/ {next(y) : y ∈ x0 }
h {next(y) : y ∈ x0 } , next(m0 ), {next(y) : y ∈ x0 } i,→T un2 (Stat8?) ⇒ Stat9 :
next(m0 ) ∈
/ {next(y) : y ∈ x0 }
hm0 i,→Stat9(Stat2, Stat2?) ⇒ false;
Discharge ⇒ Auto
(Stat5?)ELEM ⇒ x0 = next(m0 )
hx0 , m0 i,→T isOrd9 (Stat1?) ⇒ m0 = x0
S
EQUAL ⇒
false;
Discharge ⇒
Qed
Thm rk11 . O(R) & Finite(R) → h∃h | Finite(h) & h∀y | rk(y) ⊆ R → y ∈ hii. Proof:
Suppose not(r0 ) ⇒ Auto
Arguing by contradiction, suppose that a counterexample exists;
hence, by resorting to finite induction, we can pick a counterexample
r0 which is minimal in the sense that none of its strict subsets is a
counterexample to our claim.
hfinΘ : r0 i finiteInduction s0 7→ r0 , P(R) 7→ O(R) & ¬h∃h | Finite(h) & h∀y | rk(y) ⊆ R → y ∈ hii ⇒
Stat1 : h∀S | S ⊆ r0 → Finite(S) & O(S) & ¬h∃h | Finite(h) & h∀y | rk(y) ⊆ S → y ∈ hii ↔ S = r0 i
hr0 i,→Stat1(Stat1?) ⇒ Stat2 : ¬h∃h | Finite(h) & h∀y | rk(y) ⊆ r0 → y ∈ hii & O(r0 ) & Finite(r0 )
APPLY
Plainly r0 6= ∅ holds, else all sets of rank not exceeding r0 would be
members of {∅}, by Theorem rk1 .
Suppose ⇒
Stat3 : r0 = ∅
h∅i,→T fin2 (Stat3?) ⇒ Finite({∅})
h {∅} i,→Stat2(Stat2?) ⇒ Stat4 : ¬h∀y | rk(y) ⊆ r0 → y ∈ {∅} i
hy1 i,→T rk1 ⇒ Auto
hy1 i,→Stat4(Stat3?) ⇒ false;
Discharge ⇒ Auto
Since r0 is a finite non-null ordinal, it is a successor ordinal
r0 = r1 ∪ {r1 }, by Theorem isOrd11 . Thus, by our minimal choice
of the counterexample, a finite set h1 and a y0 must exist such that
/ Ph1 (in order to see
h∀y | rk(y) ⊆ r1 → y ∈ h1 i and rk(y0 ) ⊆ r0 & y0 ∈
the latter, observe that Ph1 is finite because h1 is finite).
S
Loc def ⇒ r1 = r0
Use def next(r1 ) ⇒ Auto
hr0 , r1 i,→T isOrd11 (Stat2?) ⇒ Stat5 : r0 = r1 ∪ {r1 } & O(r1 )
hr1 i,→Stat1(Stat5?) ⇒ Stat6 : h∃h | Finite(h) & h∀y | rk(y) ⊆ r1 → y ∈ hii
hh1 i,→Stat6(Stat6?) ⇒ Stat7 : h∀y | rk(y) ⊆ r1 → y ∈ h1 i & Finite(h1 )
Loc def ⇒ h0 = Ph1
hh1 i,→T fin6 (Stat7) ⇒ Finite(h0 )
hh0 i,→Stat2(Stat7?)
⇒ Stat8 : ¬h∀y | rk(y) ⊆ r0 → y ∈ h0 i
Use def rk(y0 ) ⇒ Auto
hh1 , y0 i,→T pow0 ⇒ Auto
hy0 i,→Stat8(Stat7?) ⇒ Stat9 : y0 6⊆ h1 &
S
next rk(y) : y ∈ y0 ⊆ r0
However, the fact that y0 has rank included in r0 entails that
next rk(z) ⊆ r0 must hold for each z ∈ y0 ; consequently rk(z) ∈ r0
must hold, therefore rk(z) ⊆ r1 , and hence z ∈ h1 . Thus we get
y0 ⊆ h1 , which leads us to the sought contradiction.
hz0 i,→Stat9(Stat9?) ⇒ z0 ∈ y0 & z0 ∈/ h1
Suppose ⇒ Stat10 : next rk(z0 ) ∈
/ next rk(y) : y ∈ y0
hz0 i,→Stat10(Stat9?)
⇒ false;
Discharge ⇒ Auto
Use def next rk(z0 ) ⇒ Auto
h next rk(y) : y ∈ y0 , next rk(z0 ) , next rk(y) : y ∈ y0 i,→T un2 (Stat9?) ⇒
rk(z0 ) ⊆ r0 &
rk(z0 ) 6= r0
hz0 i,→T rk7 ⇒ Auto
hrk(z0 ), r1 i,→T isOrd3 ⇒ Auto
hr0 , rk(z0 )i,→T isOrd3 (Stat2?) ⇒ rk(z0 ) ⊆ r1
hz0 i,→Stat7(Stat9?) ⇒ false;
Discharge ⇒ Qed
Thm rk12 . Finite rk(X) ↔ Finite(X) & h∀y ∈ X | Finite rk(y) i. Proof:
Suppose not(x0 ) ⇒ Auto
Suppose ⇒ Stat1 : h∀y ∈ x0 | Finite rk(y) i & Finite(x0 )
hx0 i,→T rk6 (?) ⇒ Stat2 : t ∈ x0 | ¬Finite
rk(t) 6= ∅
ht0 i,→Stat2 ⇒ t0 ∈ x0 & ¬Finite rk(t0 )
ht0 i,→Stat1(Stat2?) ⇒ false; Discharge ⇒ Auto
Suppose ⇒ Stat3 : Finite rk(x0 ) & ¬Finite(x0 )
hx0 i,→T rk7 ⇒ Auto
hrk(x0 )i,→T rk11 (?) ⇒ Stat4 : h∃h | Finite(h) & h∀y | rk(y) ⊆ rk(x0 ) → y ∈ hii
hh0 , x0 i,→T fin0 ⇒ Auto
hh0 i,→Stat4(Stat3?) ⇒ Stat5 : x0 6⊆ h0 & h∀y | rk(y) ⊆ rk(x0 ) → y ∈ h0 i
ht1 , t1 i,→Stat5(Stat5?) ⇒ t1 ∈ x0 & rk(t1 ) 6⊆ rk(x0 )
ht1 , x0 i,→T rk9 (Stat5?) ⇒ false;
Discharge ⇒ Stat6 : ¬h∀y ∈ x0 | Finite rk(y) i & Finite rk(x0 )
ht2 i,→Stat6(Stat6?) ⇒ t2 ∈ x0 & ¬Finite rk(t2 )
ht2 , x0 i,→T rk9 (Stat6?) ⇒ rk(t2 ) ⊆ rk(x0 )
hrk(x0 ), rk(t2 )i,→T fin0 (Stat6?) ⇒ false;
Discharge ⇒ Qed
7
Pairs and projections
Def pair0 : [Ordered pair according to Kuratowski]
Def pair1 : [Left projection of a pair]
Def pair2 : [Right projection of a pair]
Q[1]
Q[2]
=Def
=Def
[X, Y]
=Def
{{X} , {X, Y}}
arb({x : s ∈ Q, x ∈ s | s = {x}})
arb({y : d ∈ Q, y ∈ d | Q = {{y}} ∨ d\ {y} ∈ Q})
k This is the proof for the usual Kuratowski’s pair notion.
[1]
[2]
Thm pair0 : [Unambiguity of the global pairing function] [X, Y] = X & [X, Y] = Y. Proof:
[1]
[2]
Suppose not(x0 , y0 ) ⇒ [x0 , y0 ] 6= x0 ∨ [x0 , y0 ] 6= y0
Use def([·, ·]) ⇒ [x0 , y0 ] = {{x0 } , {x0 , y0 }}
[1]
[2]
EQUAL ⇒ Stat0 : {{x0 } , {x0 , y0 }} 6= x0 ∨ {{x0 } , {x0 , y0 }} 6= y0
[1]
Suppose ⇒ Stat6 : {{x0 } , {x0 , y0 }} 6= x0
Use def({{x0 } , {x0 , y0 }}[1] ) ⇒ Auto
(Stat6?)ELEM ⇒ Stat7 : arb({x : s ∈ {{x0 } , {x0 , y0 }} , x ∈ s | s = {x}}) 6= x0
(Stat7)ELEM ⇒ Stat8 : {x : s ∈ {{x0 } , {x0 , y0 }} , x ∈ s | s = {x}} =
6 {x0 }
Suppose ⇒ Stat9 : x0 ∈
/ {x : s ∈ {{x0 } , {x0 , y0 }} , x ∈ s | s = {x}}
h {x0 } , x0 i,→Stat9(Stat9, Stat0?) ⇒ false;
Discharge ⇒ Auto
hx0 i,→Stat8(Stat8?) ⇒ Stat10 : x0 ∈ {x : s ∈ {{x0 } , {x0 , y0 }} , x ∈ s | s = {x}} & x0 6= x0
hd1 , x1 i,→Stat10(Stat10?) ⇒ Stat11 : d1 ∈ {{x0 } , {x0 , y0 }} & x1 ∈ d1 & d1 = {x1 } & x0 = x1 & x0 6= x0
(Stat11?)Discharge ⇒ Auto
[2]
(Stat0?)ELEM ⇒ Stat1 : {{x0 } , {x0 , y0 }} 6= y0
Use def([·, 2]) ⇒ Stat2 : arb({y : d ∈ {{x0 } , {x0 , y0 }} , y ∈ d | {{x0 } , {x0 , y0 }} = {{y}} ∨ d\ {y} ∈ {{x0 } , {x0 , y0 }}}) 6= y0
(Stat2)ELEM ⇒ {y : d ∈ {{x0 } , {x0 , y0 }} , y ∈ d | {{x0 } , {x0 , y0 }} = {{y}} ∨ d\ {y} ∈ {{x0 } , {x0 , y0 }}} =
6 {y0 }
EQUAL hStat1i ⇒ Stat3 : {y : d ∈ {{x0 } , {x0 , y0 }} , y ∈ d | {{x0 } , {x0 , y0 }} = {{y}} ∨ d\ {y} ∈ {{x0 } , {x0 , y0 }}} =
6 {y0 }
Suppose ⇒ Stat4 : y0 ∈
/ {y : d ∈ {{x0 } , {x0 , y0 }} , y ∈ d | {{x0 } , {x0 , y0 }} = {{y}} ∨ d\ {y} ∈ {{x0 } , {x0 , y0 }}}
h {x0 , y0 } , y0 i,→Stat4(Stat4, Stat0?) ⇒ false;
Discharge ⇒ Auto
hy0 i,→Stat3(Stat3?) ⇒ Stat5 :
y0 ∈ {y : d ∈ {{x0 } , {x0 , y0 }} , y ∈ d | {{x0 } , {x0 , y0 }} = {{y}} ∨ d\ {y} ∈ {{x0 } , {x0 , y0 }}} & y0 6= y0
hd2 , y2 i,→Stat5(Stat5?) ⇒ false;
Discharge ⇒ Qed
Thm pair2 : [When applied to 0, both projections yield the value 0] F = ∅ → F[1] = ∅ & F[2] = ∅. Proof:
Suppose not(f0 ) ⇒ Auto
EQUAL ⇒ Stat0 : ¬(∅[1] = ∅ & ∅[2] = ∅)
Use def(∅[1] ) ⇒ Auto
Use def(∅[2] ) ⇒ Auto
(Stat0)ELEM ⇒ Stat1 : {x : d ∈ ∅, x ∈ d, y ∈ d | ∅ = [x, y]} =
6 ∅∨
{y : d ∈ ∅, x ∈ d, y ∈ d | ∅ = [x, y]} =
6 ∅
hx0 , y0 i,→Stat1(Stat1?) ⇒ Stat2 : x0 ∈ {x : d ∈ ∅, x ∈ d, y ∈ d | ∅ = [x, y]}
y0 ∈ {y : d ∈ ∅, x ∈ d, y ∈ d | ∅ = [x, y]}
hd1 , x1 , y1 , d2 , x2 , y2 i,→Stat2(Stat2?) ⇒ false;
Discharge ⇒
∨
Qed
Thm pair3 . X = {U, V} → {X} =
6 U & {X} =
6 {U, W} . Proof:
Suppose not(x0 , u0 , v0 , w0 ) ⇒ false;
Discharge ⇒ Qed
Thm pair4 . {X, Y, {X} , {X, Y}} ⊆ {U, V, {U} , {U, V}} → X 6= {U, V} . Proof:
Suppose not(x0 , y0 , u0 , v0 ) ⇒ Stat0 : {x0 , y0 , {x0 } , {x0 , y0 }} ⊆ {u0 , v0 , {u0 } , {u0 , v0 }} & x0 = {u0 , v0 }
hx0 , u0 , v0 , v0 i,→T pair3 ⇒ Auto
hx0 , u0 , v0 , u0 i,→T pair3 ⇒ Auto
(Stat0?)Discharge ⇒ Qed
Thm pair5 . {X, Y, {X} , {X, Y}} = {U, V, {U} , {U, V}} → X = U. Proof:
Suppose not(x0 , y0 , u0 , v0 ) ⇒ Stat0 : {x0 , y0 , {x0 } , {x0 , y0 }} = {u0 , v0 , {u0 } , {u0 , v0 }} & x0 6= u0 & {x0 } =
6 {u0 } & {x0 } =
6 {u0 , v0 }
TELEM ⇒ {x0 } , x0 ∈ {x0 , y0 , {x0 } , {x0 , y0 }}
EQUAL ⇒ {x0 } , x0 ∈ {u0 , v0 , {u0 } , {u0 , v0 }}
ELEM ⇒ x0 = u0 ∨ x0 = v0 ∨ x0 = {u0 } ∨ x0 = {u0 , v0 }
hx0 , y0 , u0 , v0 i,→T pair4 (?) ⇒ x0 6= {u0 }
hx0 , y0 , u0 , v0 i,→T pair4 (?) ⇒ x0 6= {u0 , v0 }
(Stat0?)ELEM ⇒ x0 = v0 & {x0 } =
6 v0 & {x0 } = u0
EQUAL ⇒ Stat3 : {v0 , y0 , {v0 } , {v0 , y0 }} = {{v0 } , v0 , {{v0 }} , {{v0 } , v0 }}
(Stat3?)ELEM ⇒ y0 = {v0 }
EQUAL ⇒ Stat4 : {v0 , {v0 } , {v0 , {v0 }}} = {{v0 } , v0 , {{v0 }} , {{v0 } , v0 }}
TELEM ⇒ {v0 , {v0 } , {v0 , {v0 }}} =
6 {{v0 } , v0 , {{v0 }} , {{v0 } , v0 }}
(Stat4?)Discharge ⇒ Qed
Thm pair6 . {X, Y, {X} , {X, Y}} = {U, V, {U} , {U, V}} → Y = V. Proof:
Suppose not(x0 , y0 , u0 , v0 ) ⇒ Stat0 : {x0 , y0 , {x0 } , {x0 , y0 }} = {u0 , v0 , {u0 } , {u0 , v0 }} & y0 6= v0
hx0 , y0 , u0 , v0 i,→T pair5 (?) ⇒ x0 = u0
EQUAL ⇒ {x0 , y0 , {x0 } , {x0 , y0 }} = {x0 , v0 , {x0 } , {x0 , v0 }}
ELEM ⇒ y0 6= {x0 } & y0 6= {x0 , v0 } & y0 = x0
TELEM ⇒ Stat1 : ¬({x0 , {x0 } , {x0 }} = {x0 , v0 , {x0 } , {x0 , v0 }} & x0 6= v0 )
EQUAL ⇒ false;
Discharge ⇒ Qed
Def maps1 : [Map domain, i.e. set of first components of pairs in map]
Def maps2 : [Map restriction]
F|A
=Def
Is map(F)
=Def
p[1] : p ∈ F
p ∈ F | p[1] ∈ A
Def maps3 : [Image, i.e. value, of single-valued function]
Def maps5 : [Map predicate]
domain(F)
↔Def
FX
=Def
arb F|{X}
[2]
h∀p ∈ F | p = p[1] , p[2] i
Theory universe U(X)
h∀x, y, z | U(x) & U(y) & {y, z} ⊆ x → U(z)i
U(∅)
h∀x, y | U(x) & U(y) → U({x, y})i
End universe
Enter theory universe
Thm univ1 : [Closure of universe w.r.t. paring] U(X) & U(Y) → U([X, Y]). Proof:
Suppose not(x0 , y0 ) ⇒ Auto
Assump ⇒ Stat1 : h∀x, y | U(x) & U(y) → U({x, y})i & U(∅)
hx0 , x0 i,→Stat1(?) ⇒ U({x0 , x0 }) & {x0 , x0 } = {x0 }
EQUAL hStat1i ⇒ U({x0 })
hx0 , y0 i,→Stat1(?) ⇒ U({x0 , y0 })
Use def([·, ·]) ⇒ ¬U({{x0 } , {x0 , y0 }})
h {x0 } , {x0 , y0 } i,→Stat1(Stat1?) ⇒ false
Discharge ⇒ Qed
Thm univ2 : [Closure of universe w.r.t. map application] Is map(F) & U(F) & h∀x ∈ domain(F) | U(x)i & F = ∅ ∨ h∃q ∈ F | U(q)i →
U(FX). Proof:
Suppose not(f0 , x0 ) ⇒ Auto
Suppose ⇒ Stat1 : x0 ∈
/ p[1] : p ∈ f0
Assump ⇒ U(∅)
Suppose ⇒ f0 x0 = ∅
EQUAL ⇒ false;
Discharge ⇒ Auto
[2]
Use def() ⇒ Stat2 : arb f0|{x0 }
6= ∅
[1]
Use def(|) ⇒ f0|{x0 } = p ∈ f0 | p ∈ {x0 }
harb f0|{x0 } i,→T pair2 (Stat2) ⇒ Stat3 : p ∈ f0 | p[1] ∈ {x0 } 6= ∅
hp1 i,→Stat3(Stat3?) ⇒ Stat4 : p1 ∈ f0 & p1 [1] = x0
hp1 i,→Stat1(Stat4?) ⇒ false;
Discharge ⇒ Auto
Use def(domain(f0 )) ⇒ Auto Use def(Is map) ⇒ Stat5 : x0 ∈ p[1] : p ∈ f0 & h∀x ∈ domain(f0 ) | U(x)i & x0 ∈ domain(f0 ) & Stat6 :
h∀p ∈ f0 | p = p[1] , p[2] i
hp0 , x0 , p0 i,→Stat5(?) ⇒ Stat7 : h∃q ∈ f0 | U(q)i & p0 ∈ f0 & x0 = p0 [1] & U(x0 ) & U(f0 ) & ¬U(f0 x0 )
p ∈ f0 | p[1] ∈ {x0 } = ∅
hp0 i,→Stat8(Stat7?) ⇒ false;
Discharge
⇒ Stat9 : Auto
Loc def ⇒ a0 = arb p ∈ f0 | p[1] ∈ {x0 }
(Stat9)ELEM ⇒ Stat10 : a0 ∈ p ∈ f0 | p[1] ∈ {x0 }
h i,→Stat10(Stat10?)
a0 ∈ f0 & a0 [1] = x
0
⇒
[1]
[2]
Use def([·, ·]) ⇒
a0 , a0
= {x0 , x0 } , x0 , a0 [2]
ha0 i,→Stat6(Stat10?) ⇒ Stat11 : a0 = {x0 , x0 } , x0 , a0 [2]
Assump ⇒ Stat12 : h∀x, y, z | U(x) & U(y) & {y, z} ⊆ x → U(z)i & h∀x, y | U(x) & U(y) → U({x, y})i
hq0 i,→Stat7(Stat7, Stat7?) ⇒ Stat13 : q0 ∈ f0 & U(q0 )
hf0 , q0 , a0 , x0 , nx0 i,→Stat12(Stat7?)
⇒ Stat14 : U(a0 ) & U({x0 , x0 })
o
ha0 , {x0 , x0 } , x0 , a0 [2] i,→Stat12(Stat10?) ⇒ Stat16 : U( x0 , a0 [2] )
Suppose ⇒
h
n
Stat8 :
o
x0 , a0 [2] , x0 , a0 [2] i,→Stat12(Stat16, Stat7?) ⇒
U(a0 [2] )
[2]
EQUAL hStat7i ⇒ U(arb p ∈ f0 | p[1] ∈ {x0 }
)
[2]
Use def() ⇒ ¬U(arb f0|{x0 }
)
Discharge ⇒ Qed
Use def(|) ⇒ false;
Enter theory Set theory
Display universe
Theory universe U(X)
h∀x, y, z | U(x) & U(y) & {y, z} ⊆ x → U(z)i
U(∅)
h∀x, y | U(x) & U(y) → U({x, y})i
⇒
h∀x, y | U(x) & U(y) → U([x, y])i
h∀f, x | Is map(f) & U(f) & h∀x ∈ domain(f) | U(x)i & f = ∅ ∨ h∃q ∈ f | U(q)i → U(fx)i
End universe
Def herf 0 : [Hierarchy of the hereditarily finite levels]
HFL(L)
↔Def
L = ∅ ∨ h∃ell ∈ L | HFL(ell) & L = Pelli
Def herf 1 : [Hereditarily finite sets]
HF(L)
↔Def
h∃ell | HFL(ell) & L ∈ elli
Def hier0 : [UltimateS‘logarithm’ of a set S]
basis(S) =Def
if ∅ ∈
/ S & S ∩ S = ∅ then S else
S
if h∃ell | S = ell ∪ Pell & Pell ∩ (ell\Pell) = ∅i then arb({basis(ell) : ell ∈ S | S = ell ∪ Pell}) else
{∅}
fi
fi
Def hier1 : [Levels of a superstructure based on B]
Level(L, B)
Def hier2 : [Freeness condition for the basis of a superstructure]
↔Def
Ur(B)
L = ∅ ∨ basis(L) = B & B 6= {∅}
↔Def
∅∈
/B&B∩
S
B = ∅ & h∀ell | Level(ell, B) → Pell ∩
Thm hier0 : [The null set is a superstructure basis] Ur(∅) & ¬Ur({∅}). Proof:
Suppose not( ) ⇒ Auto
Use def Ur({∅}) ⇒ Auto
Use def Ur(∅) ⇒ Auto
S
ELEM ⇒ Stat1 : ¬h∀ell | Level(ell, ∅) → Pell ∩ ∅ = ∅i
h∅i,→T un0 ⇒ Auto
hx1 i,→Stat1(Stat1?) ⇒ false;
Discharge ⇒ Qed
Thm hier1 : [Uniqueness of the outcome of the second branch of the definition of ‘basis’]
S = L ∪ PL → arb({basis(ell) : ell ∈ S | S = ell ∪ Pell}) = basis(L). Proof:
Suppose not(s0 , x0 ) ⇒ Stat0 : s0 = x0 ∪ Px0 & arb({basis(ell) : ell ∈ s0 | s0 = ell ∪ Pell}) 6= basis(x0 )
ELEM ⇒ {basis(ell) : ell ∈ s0 | s0 = ell ∪ Pell} =
6 {basis} (x0 )
Suppose ⇒ Stat1 : basis(x0 ) ∈
/ {basis(ell) : ell ∈ s0 | s0 = ell ∪ Pell}
hx0 i,→Stat1(?) ⇒ x0 ∈/ Px0
hx0 , x0 i,→T pow0 (Stat1?) ⇒ false;
Discharge ⇒ Auto
(Stat0?)ELEM ⇒ Stat3 : {basis(ell) : ell ∈ s0 | s0 = ell ∪ Pell} 6⊆ {basis} (x0 )
hb0 i,→Stat3(Stat3?) ⇒ Stat4 : b0 ∈ {basis(ell) : ell ∈ s0 | s0 = ell ∪ Pell} & b0 6= basis(x0 )
hx1 i,→Stat4(Stat4?) ⇒ b0 = basis(x1 ) & s0 = x1 ∪ Px1
hx0 , x1 i,→T pow3 (Stat0?) ⇒ x0 = x1
EQUAL hStat4i ⇒ false;
Discharge ⇒ Qed
S
B = ∅i
Thm hier2 . S = L ∪ Pow(L) & PL ∩
Suppose not(s0 , h0 ) ⇒ Auto
S
(L\PL) = ∅ → L ∈ S & basis(S) = basis(L) & L ⊆ S. Proof:
Arguing by contradiction, suppose that s0 , h0 falsify our claim. Notice
that ∅ ∈ s0 , and hence the defining clause of basis(s0 ) cannot be the
first; therefore it is the second.
hh0 , h0 i,→T pow0 (?) ⇒ h0 ∈ s0
hh0 , ∅i,→T pow0 (?) ⇒ ∅ ∈ s0
Use def basis(s0 ) ⇒ Auto
S
Suppose not ⇒ Stat1 : ¬h∃h | s0 = h ∪ Ph & Ph ∩ (h\Ph) = ∅i
hh0 i,→Stat1(?) ⇒ false;
Discharge ⇒ basis(s0 ) = arb({basis(ell) : ell ∈ s0 | s0 = ell ∪ Pell})
hs0 , h0 i,→T hier1 (?) ⇒ false;
Discharge ⇒ Qed
Thm hier3 : [The basis of any set is included in it] basis(S) = {∅} & S 6= ∅ ∨ basis(S) ⊆ S. Proof:
Suppose not(s1 ) ⇒ Auto
Suppose ⇒ s1 = ∅
Use def(basis) ⇒ basis(∅) = ∅
EQUAL ⇒ false;
Discharge ⇒ Auto
APPLY
htransfIndΘ :
s0 i transfiniteInduction n 7→ s1 , P(S) 7→ basis(S) 6= {∅} & basis(S) 6⊆ S
⇒
Stat1 : h∀t | basis(s0 ) 6= {∅} & basis(s0 ) 6⊆ s0 & t ∈ s0 → ¬ basis(t) 6= {∅} & basis(t) 6⊆ t
i
Use def basis(s0 ) ⇒ Auto
S
hs0 i,→Stat1(Stat1?) ⇒ Stat2 : h∃h | s0 = h ∪ Ph
S & Ph ∩ (h\Ph) = ∅i & basis(s0 ) 6⊆ s0
hk0 i,→Stat2(Stat2?) ⇒ s0 = k0 ∪ Pk0 & Pk0 ∩ (k0 \Pk0 ) = ∅
hs0 , k0 i,→T hier2 (Stat2?) ⇒ k0 ⊆ s0 & k0 ∈ s0 & basis(s0 ) = basis(k0 )
hk0 i,→Stat1(Stat2?) ⇒ false;
Discharge ⇒ Qed
Thm hier4 : [Quasi-transitivity of every set of individuals] ∅ ∈
/B&B∩
Suppose not(s0 ) ⇒ Auto
S
B=∅→B∩
S
Arguing by contradiction,
S suppose that s0 is a counterexample. The
s
∩
(s0 \Ps0 ) = ∅, of s0 follows readily from the
quasi-transitivity,
S 0
hypothesis s0 ∩ s0 = ∅; hence we are left with the sole possibility
s0 \Ps0 6= s0 .
S
S
S
Use def( ) ⇒
s0 = {u : v ∈ s0 , u ∈ v} & (s0 \Ps0 ) = {u : v ∈ s0 \Ps0 , u ∈ v}
Set monot ⇒ {u : v ∈ s0 , u ∈ v} ⊇ {u : v ∈ s0 \Ps0 , u ∈ v}
(B\PB) = ∅ & B\PB = B. Proof:
ELEM ⇒
Stat1 : s0 \Ps0 6= s0
subset t0 of s0 which belongs
Consider a S
Sto s0 and hence is non-null.
Since t0 ⊆ s0 must hold, we get s0 ∩ s0 6= ∅; but this contradicts
one of our hypotheses, and hence leads us to the sought contradiction.
hs0 , t0 i,→T pow0 ⇒ Auto
S
ht0 i,→Stat1(?) ⇒ Stat2 : t0 ∈ s0 & s0 ⊇ t0 & t0 6= ∅ & s0 ∩ s0 = ∅
hs0 , t0 , s0 i,→T un2 (Stat2?) ⇒ false;
Discharge ⇒ Qed
The following theorem provides a condition for the preservation of the
B = L\PL of individuals and of the quasi-transitivity property
set S
a set L to its amplification S = L ∪ PL.
L ∩ B = ∅ from S
S The said
condition is PL ∩ B = ∅, obviously ensuring that S ∩ B = ∅.
Thm hier5 : [Lift that preserves
S quasi-transitivity
S and the set of individuals]
B = L\PL & L ∩ B = ∅ & PL ∩ B = ∅ & S = L ∪ PL → B = S\PS. Proof:
Suppose not(b0 , xS
Auto
0 , s0 ) ⇒
ELEM ⇒ s0 ∩ b0 = ∅ & s0 \Ps0 6= b0
S
EQUAL ⇒ Stat0 : x0 ∪ Px0 \P(x0 ∪ Px0 ) 6= b0 & (x0 ∪ Px0 ) ∩ b0 = ∅
hx0 ∪ Px0 , x0 i,→T pow1 (?) ⇒ Stat1 : x0 \Px0 6⊆ x0 \P(x0 ∪ Px0 )
S
hx1 i,→Stat1(?) ⇒ Stat2 : x1 ∈ x0 & x1 ∈/ Px0 & x1 ∈ P(x0 ∪ Px0 ) & x1 ∈ b0 & x0 ∩ b0 = ∅
hx0 , x1 i,→T pow0 (Stat2?) ⇒ Stat3 : x1 6⊆ x0
hx0 ∪ Px0 , x1 i,→T pow0 (Stat2?) ⇒ x1 ⊆ x0 ∪ Px0
hy0 i,→Stat3(Stat3?) ⇒ y0 ∈ x1 & y0 ∈ Px0
hb0 , x1 , b0 i,→T un2 (Stat0?) ⇒ false;
Discharge ⇒ Qed
Thm hier6 : [Sets that behave like collections of individuals, 1]
S
¬Finite(R) & ∅ ∈
/ B & h∀u ∈ B | rk(u) = Ri & Level(K, B) → Finite rk {x ∈ K | R ∈
/ rk(x)} . Proof:
Suppose not(r0 , b0 , k1 ) ⇒ Auto
Arguing by contradiction and by means of transfinie induction, take
a counterexample r0 , b0 , k0 where k0 is such that r0 , b0 , h fails to be a
counterexample for any h ∈ k0 .
APPLY
htransfIndΘ :
k0 i transfiniteInduction n 7→ k1 , P(L) 7→
Level(L, b0 ) & ¬Finite rk {x ∈ L | r0 ∈
/ rk(x)}
Stat0 : h∀h | Level(k0 , b0 ) & ¬Finite rk {x ∈ k0 | r0 ∈
/ rk(x)}
&
!
⇒
!
h ∈ k0 → ¬ Level(h, b0 ) & ¬Finite rk {x ∈ h | r0 ∈
/ rk(x)}
i
hk0 i,→Stat0(?) ⇒ Stat1 : h∀u ∈ b0 | rk(u) = r0 i & ¬Finite(r0 ) & ∅ ∈/ b0 & Level(k0 , b0 ) & ¬Finite rk {x ∈ k0 | r0 ∈/ rk(x)}
S
Neither k0 = ∅ nor k0 = b0 can hold, because in either
/ rk(x)} = ∅ would hold; hence
case the equality {x ∈ k0 | r0 ∈
/ rk(x)} = ∅ would hold, and this rank would be
rk {x ∈ k0 | r0 ∈
finite, contrary to our hypothesis.
Suppose ⇒ k0 = ∅ ∨ k0 = b0
Set monot ⇒ {x ∈ k0 | r0 ∈
/ rk(x)} ⊆ {x ∈ k0 | true}
h {x ∈ k0 | r0 ∈/ rk(x)} i,→T rk1 (Stat1) ⇒ Stat2 : {x ∈ k0 | r0 ∈/ rk(x)} =
6 ∅ & k0 = b0
/ rk(x)} = ∅,Swe argue as fol To see that k0 = b0 entails {x ∈ k0 | r0 ∈
lows:
we
have
supposed
that
∅
∈
/
b
and
that h∀u ∈ b0 | rk(u) = r0 i;
0
consequently,
every
x
∈
b
has
a
u
∈
x
such
that rk(u) = r0 and hence
0
r0 ∈ rk(x).
hx0 i,→Stat2(Stat1) ⇒ arb(x0 ) ∈ x0 & x0 ∈ b0 & r0 ∈/ rk(x0 )
hb0 , x0 , b0 i,→T un2 ⇒ Auto
Loc def ⇒ a0 = arb(x0 )
ha0 , x0 i,→T rk9 (Stat2?) ⇒ rk(a0 ) ∈ rk(x0 )
ha0 i,→Stat1(Stat2?) ⇒ false;
Discharge ⇒
Auto
In order that Level(k0 , b0 ) holds, we must hence have basis(k0 ) = b0 ;
/ b0 and k0 6= b0 , we get b0 = basis(h0 )
thus, recalling ∅ ∈
We can exploit the induction hypothe where h0 = k0 ∪ Ph0 .
sis in connection with h0 , in order to get Finite rk(h1 ) , where
h1 = {u ∈ h0 | r0 ∈
/ rk(u)}. Also put r1 = rk(h1 ).
Use def basis(k0 ) ⇒ Auto
Use def Level(k0 , b0 ) ⇒ Auto
S
(Stat1?)ELEM ⇒ Stat3 : h∃h | k0 = h ∪ Ph & Ph ∩ (h\Ph) = ∅i & basis(k0 ) = arb({basis(h) : h ∈ k0 | k0 = h ∪ Ph})
hk0 , h0 i,→T hier1 ⇒ Auto
Use def Level(h0 , b0 ) ⇒ Auto
hh0 i,→Stat3(Stat1?) ⇒ Stat4 : k0 = h0 ∪ Ph0 & Level(h0 , b0 )
hh0 , h0 i,→T pow0 (Stat4?) ⇒ h0 ∈ k0
hh0 i,→Stat0(Stat4?) ⇒ Finite rk {u ∈ h0 | r0 ∈/ rk(u)}
Loc def ⇒
Stat5 : h1 = {u ∈ h0 | r0 ∈
/ rk(u)} & r1 = rk(h1 )
Let us now show that {x ∈ k0 | r0 ∈
/ rk(x)} cannot be included in
h1 ∪ Ph1 .
Suppose ⇒
{x ∈ k0 | r0 ∈
/ rk(x)} ⊆ h1 ∪ Ph1
r1 , namely rk(h1 ), is finite; therefore h1 , Ph1 , and h1 ∪ Ph1 are finite;
no element of h1 ∪ Ph1 has rank exceeding r1 , hence every elements of
h1 ∪ Ph1 has finite rank, and therefore the rank of h1 ∪ Ph1 is finite.
This enables us to discard the inclusion just supposed temporarily,
because we know that {x ∈ k0 | r0 ∈
/ rk(x)} has infinite rank.
Suppose ⇒ Finite rk(h1 ∪ Ph1 )
hrk(h1 ∪ Ph1 ), rk {x ∈ k0 | r0 ∈/ rk(x)} i,→T fin0 ⇒ Auto
h {x ∈ k0 | r0 ∈/ rk(x)} , h1 ∪ Ph1 i,→T rk4 (Stat1?) ⇒ false;
Discharge ⇒ Auto
EQUAL hStat4i ⇒ Finite rk(h1 )
hh1 i,→T fin6 ⇒ Auto
hh1 i,→T rk12 (Stat5?) ⇒ Stat6 : h∀y ∈ h1 | Finite rk(y) i & Finite(h1 ) & Finite(Ph1 )
hh1 , Ph1 i,→T fin3 (Stat6?) ⇒ Finite(h1 ∪ Ph1 )
hh1 ∪ Ph1 i,→T rk12 (Stat5?) ⇒ Stat7 : ¬h∀y ∈ h1 ∪ Ph1 | Finite rk(y) i
hy0 i,→Stat7 ⇒ Auto
hh1 , y0 i,→T pow0 ⇒ Auto
hy0 i,→Stat6(Stat6?) ⇒ y0 ⊆ h1 & ¬Finite rk(y0 )
hy0 , h1 i,→T rk4 (Stat7?) ⇒ rk(y0 ) ⊆ rk(h1 )
hrk(h1 ), rk(y0 )i,→T fin0 (Stat5?) ⇒ false;
Discharge ⇒ Auto
We will now get a contradiction, leading us to the desired con
Consider an x1 belonging to
clusion, by arguing as follows.
{x
∈
k
|
r
∈
/
rk(x)}
but
not
belonging
to h1 ∪ Ph1 . If x1 belonged
0
0
to
h
,
then
by
the
definition
of
h
it
should
belong to h1 ; since this is
0
1
forbidden
and
k
=
h
∪
Ph
,
we
obtain
x
⊆
h0 ; on the other hand,
0
0
0
1
we have x1 6⊆ h1 .
(Stat5?)ELEM ⇒
Stat8 : {x ∈ k0 | r0 ∈
/ rk(x)} 6⊆ h1 ∪ Ph1
hh1 , x1 i,→T pow0 ⇒ Auto
hx1 i,→Stat8(Stat8?) ⇒ Stat9 : x1 ∈ {x ∈ k0 | r0 ∈/ rk(x)}
h i,→Stat9(Stat5?) ⇒ Stat11 : x1 ∈/ {u ∈ h0 | r0 ∈/ rk(u)}
hh0 , x1 i,→T pow0 ⇒ Auto
hx1 i,→Stat11(Stat4?) ⇒ x1 ⊆ h0
& x1
& x1
∈
/ h1 & Stat10 : x1 6⊆ h1
∈ k0 & r0 ∈
/ rk(x1 )
Thus x1 must have an element whose rank exceeds r0 ; but then rk(x1 )
exceeds r0 also, which is untenable.
hy1 i,→Stat10(Stat5?) ⇒ Stat12 : y1 ∈/ {u ∈ h0 | r0 ∈/ rk(u)}
hy1 i,→Stat12(Stat11?) ⇒ r0 ∈ rk(y1 )
& y1
∈ x1
hy1 , x1 i,→T rk9 (Stat11?) ⇒ false;
Discharge ⇒
Qed
S
Thm hier7 : [Sets that behave like collections
/ B & h∀u ∈ B | rk(u) = Ri → Ur(B). Proof:
S of individuals, 2] ¬Finite(R) & ∅ ∈
/ b0 & ¬Ur(b0 )
Suppose not(r0 , b0 ) ⇒ Stat0
S : h∀u ∈ b0 | rk(u) = r0 i & ¬Finite(r0 ) & ∅ ∈
Suppose ⇒ Stat1 : b0 ∩ b0 6= ∅
Loc def ⇒ a0 = arb(x0 )
ha0 , x0 i,→T rk9 ⇒ Auto
S
hx0 i,→Stat1(Stat0) ⇒ x0 ∈ b0 & x0S∈ b0 & rk(a0 ) 6= rk(x0 )
hb0 , x0 , b0 i,→T un2 (Stat0) ⇒ a0 ∈ b0
hx0 i,→Stat0(Stat1?) ⇒ rk(x0 ) = r0
ha0 i,→Stat0(Stat1?) ⇒ false;
Discharge ⇒ Auto
S
Use def(Ur) ⇒ Stat2 : ¬h∀h | Level(h, S
b0 ) → Ph ∩ b0 = ∅i
hh0 i,→Stat2(Stat2?) ⇒ Stat3 : Ph
0 ∩ b0 6= ∅ & Level(h0,b0 )
hr0 , b0 , h0 i,→T hier6 (?) ⇒ Finite rk {x ∈ h0 | r0 ∈/ rk(x)}
hh0 , u0 i,→T pow0 ⇒ Auto
S
hu0 i,→Stat3(Stat3?) ⇒ Stat4 : u0 ∈ b0 & u0 ⊆ h0
hu0 i,→Stat0(Stat3?) ⇒ rk(u0 ) = r0
Suppose ⇒
Stat5 : u0 6⊆ {x ∈ h0 | r0 ∈
/ rk(x)}
hx1 i,→Stat5(Stat5?) ⇒ Stat6 : x1 ∈/ {x ∈ h0 | r0 ∈/ rk(x)} & x1 ∈ u0
hx1 i,→Stat6(Stat4?) ⇒ r0 ∈ rk(x1 )
hx1 , u0 i,→T rk9 (Stat4?) ⇒ false;
Discharge ⇒ Auto
hrk {x ∈ h0 | r0 ∈/ rk(x)} , rk(u0 )i,→T fin0 ⇒ Auto
hu0 , {x ∈ h0 | r0 ∈/ rk(x)} i,→T rk4 (Stat3?) ⇒ Finite rk(u0 )
EQUAL ⇒
false;
Discharge ⇒
Qed
Theory urification(a0 , c0 )
¬Finite(a0 ) ∨ ¬Finite(c0 )
End urification
Enter theory urification
Def ur0 : [Global function injecting a0 onto an ur-set]
urΘ (X)
=Def
{a0 \ {X} ∪ {a0 ∪ c0 }}
Thm ur0 : [Injectivity of the urification map over a0 ] {X, Y} ⊆ a0 & urΘ (X) = urΘ (Y) → X = Y. Proof:
Suppose not(x0 , y0 ) ⇒ Auto
Use def(urΘ ) ⇒ Stat1 : ({x0 , y0 } ⊆ a0 & {a0 \ {x0 } ∪ {a0 ∪ c0 }} = {a0 \ {y0 } ∪ {a0 ∪ c0 }}) & x0 6= y0
(Stat1?)Discharge ⇒
Qed
Thm ur1 : [The null-set is not among the candidate urelements] ∅ ∈
/ {urΘ (x) : x ∈ a0 } . Proof:
Suppose not( ) ⇒ Stat1 : ∅ ∈ {urΘ (x) : x ∈ a0 }
Use def urΘ (x1 ) ⇒ Auto
hx1 i,→Stat1(Stat1?) ⇒ false;
Discharge ⇒ Qed
Thm ur2 . h∀v ∈
S
{urΘ (x) : x ∈ a0 } | rk(v) = rk({a0 ∪ c0 })i. Proof:
Auto
Suppose not( ) ⇒
Loc def ⇒
Stat1 : b0 = {urΘ (x) : x ∈ a0 } & r0 = rk({a0 ∪ c0 })
Suppose that b0 , a0 , c0 , r0 (where b0 , r0 are defined as just shown)
form a couterexample. Violation of the claim means that there is a
S
u0 ∈ b0 such that rk(u0 ) 6= r0 .
S
EQUAL ⇒ Stat3 : ¬h∀v ∈ b0 | rk(v) = r0 i
S
Use def( b0 ) ⇒ Auto
hu0 i,→Stat3(?) ⇒ Stat4 : u0 ∈ {u : v ∈ b0 , u ∈ v} & rk(u0 ) 6= rk({a0 ∪ c0 })
In view of the initial assumptions r0 = rk({a0 ∪ c0 }) and
b0 = {{a0 \ {x} ∪ {a0 ∪ c0 }} : x ∈ a0 }, this amounts to saying that
rk(a0 \ {x0 } ∪ {a0 ∪ c0 }), rewritable as rk(a0 \ {x0 }) ∪ rk({a0 ∪ c0 }),
differs from rk({a0 ∪ c0 }) for some x0 ∈ a0 .
hv1 , u1 i,→Stat4(Stat1?)
⇒ Stat5 : v1 ∈ {urΘ (x) : x ∈ a0 } & u0 ∈ v1
Use def urΘ (x0 ) ⇒ Auto
hx0 i,→Stat5(Stat5?) ⇒ x0 ∈ a0 & u0 = a0 \ {x0 } ∪ {a0 ∪ c0 }
ha0 \ {x0 } , {a0 ∪ c0 } i,→T rk3 ⇒ Auto
EQUAL hStat4i ⇒ rk(a0 \ {x0 }) ∪ rk({a0 ∪ c0 }) 6= rk({a0 ∪ c0 })
This is untenable, though, because rk(a0 \ {x0 }) ⊆ rk(a0 ∪ c0 ) and
rk(a0 ∪ c0 ) ⊆ rk({a0 ∪ c0 }). This contradiction completes our argu
ment by contradiction.
ha0 \ {x0 } , a0 ∪ c0 i,→T rk4 (Stat5?) ⇒ rk(a0 ∪ c0 ) 6⊆ rk({a0 ∪ c0 })
ha0 ∪ c0 , {a0 ∪ c0 } i,→T rk9 (Stat5?) ⇒ false;
Discharge ⇒ Qed
Thm ur3 . U ∈ {urΘ (x) : x ∈ a0 } → rk(U) = next rk({a0 ∪ c0 }) . Proof:
Suppose not(u0 ) ⇒
Auto
h i,→T ur1 (?) ⇒ Stat1 : u0 6= ∅ & u0 ∈ {urΘ (x) : x ∈ a0 }
hv0 i,→Stat1(Stat1?) ⇒ vS0 ∈ u0
&
rk(u0 ) 6= next rk({a0 ∪ c0 })
next rk(y) : y ∈ u0
Use def(rk) ⇒ rk(u0 ) =
S
h i,→T ur2 (Stat2?) ⇒ Stat2 : h∀u ∈ {urΘ (x) : x ∈ a0 } | rk(u) = rk({a0 ∪ c0 })i
h {urΘ (x) :Sx ∈ a0 } , u0 , {urΘ (x) : x ∈ a0 } i,→T un2 (Stat1?) ⇒
u0 ⊆
{urΘ (x) : x ∈ a0 }
hv0 i,→Stat2(Stat1?) ⇒ rk(v0 ) = rk({a
0 ∪ c0 })
Suppose ⇒ Stat3 : {next} rk(v0 ) 6= next rk(y) : y ∈ u0
Suppose ⇒ Stat4 : next rk(v0 ) ∈
/ next rk(y) : y ∈ u0
hv0 i,→Stat4(Stat1?) ⇒ false;
Discharge
⇒ Auto
hw0 i,→Stat3(Stat3?) ⇒ Stat5 : w0 ∈ next
rk(y) : y ∈ u0 & w0 6= next rk(v0 )
S
hv1 i,→Stat5(Stat2?) ⇒ w0 = next rk(v1 ) & v1 ∈ {urΘ (x) : x ∈ a0 }
hv1 i,→Stat2(Stat2?) ⇒ rk(v1 ) = rk(v0 )
EQUAL hStat5i ⇒ false;
Discharge ⇒ {next} rk(v0 ) = next rk(y) : y ∈ u0
S
hnext rk(v0 ) , next
⇒ Stat6 :
next
rk(v0 ) i,→T un6 (Stat6?)
rk(v0 ) , next rk(v0 ) =
next rk(v0 ) ∪ next rk(v0 ) & next rk(v0 ) , next rk(v0 )
EQUAL hStat1i ⇒ false;
Discharge ⇒ Qed
= {next} rk(v0 ) & next rk(v0 ) ∪ next rk(v0 ) = next rk(v0 )
Thm ur4 . Ur {urΘ (x) : x ∈ a0 } . Proof:
Suppose not( ) ⇒ Auto
Familiar inequalities concerning rank then imply that rk({a0 ∪ c0 })
is infinite.
Assump ⇒ ¬Finite(a0 ) ∨ ¬Finite(c0 )
ha0 ∪ c0 , a0 i,→T fin0 ⇒ Auto
ha0 ∪ c0 , c0 i,→T fin0 ⇒ Auto
ha0 , c0 i,→T rk3 ⇒ Auto
ha0 ∪ c0 i,→T rk12 (?) ⇒ Stat1 : ¬Finite rk(a0 ∪ c0 )
ha0 ∪ c0 , {a0 ∪ c0 } i,→T rk9 (?) ⇒ rk(a0 ∪ c0 ) ⊆ rk({a0 ∪ c0 })
hrk({a0 ∪ c0 }), rk(a0 ∪ c0 )i,→T fin0 (Stat1?) ⇒ ¬Finite rk({a0 ∪ c0 })
We can now resort to Theorem hier7 and to the two theorems just
proved in order to get the sought contradiction.
h i,→T ur1 ⇒ Auto
h i,→T ur2 ⇒ Auto
hrk({a0 ∪ c0 }), {urΘ (x) :
x ∈ a0 } i,→T hier7 (?) ⇒
false;
Discharge ⇒
Qed
Enter theory Set theory
Display urification
Theory urification(a0 , c0 )
¬Finite(a0 ) ∨ ¬Finite(c0 )
⇒ (urΘ )
h∀x, y |S{x, y} ⊆ a0 & urΘ (x) = urΘ (y) → x = yi
h∀v ∈ {urΘ (x) : x ∈ a0 } | rk(v) = rk({a0 ∪ c0 })i
h∀u | u ∈ {urΘ (x) : x ∈ a0 } → rk(u) = next rk({a0 ∪ c0 }) i
Ur {urΘ (x) : x ∈ a0 }
End urification
Theory superstructure(b0 )
Ur(b0 )
End superstructure
Enter theory superstructure
Thm sstr0 : [The first level of the superstructure is the basis b0 itself] Level(∅, b0 ) & Level(b0 , b0 ) & b0 6= {∅} . Proof:
Suppose not( ) ⇒ Auto
Assump ⇒ Ur(b0 )
Use def Ur(b0 ) ⇒ Auto
Use def(Level) ⇒ Level(∅, b0 ) & basis(b0 ) 6= b0
Use def basis(b0 ) ⇒ Auto
Discharge ⇒ Qed
Thm sstr1 : [The basis of the superstructure is included in every nonnull level of it] Level(L, b0 ) & L 6= ∅ → b0 ⊆ L. Proof:
Suppose not(h0 ) ⇒ Auto
Use def(Level) ⇒ basis(h0 ) = b0
Suppose ⇒ b0 = {∅}
Assump ⇒ Ur(b0 )
h i,→T hier0 ⇒ ¬Ur({∅})
EQUAL ⇒ false;
Discharge ⇒ Auto
hh0 i,→T hier3 (?) ⇒ false;
Discharge ⇒ Qed
Thm sstr2 : [The basis b0 of the superstructure is quasi-transitive and consists solely of individuals] b0 ∩
S
(b0 \Pb0 ) = ∅ & b0 \Pb0 = b0 . Proof:
Suppose not( ) ⇒ Auto
Assump ⇒ Ur(b0 )
Use def Ur(b0 ) ⇒ Auto
hb0 i,→T hier4 (?) ⇒ false;
Discharge ⇒
Qed
Thm sstr3 : [Every level of the superstructure based on 0 is transitive] Level(L, b0 ) & b0 = ∅ → L ⊆ PL. Proof:
Suppose not(h1 ) ⇒ Auto
EQUAL ⇒ Level(h1 , ∅) & h1 6⊆ Ph1
APPLY
htransfIndΘ :
h0 i transfiniteInduction n 7→ h1 , P(L) 7→ Level(L, ∅) & L 6⊆ PL
⇒
Stat1 : h∀k | Level(h0 , ∅) & h0 6⊆ Ph0 & k ∈ h0 → ¬ Level(k, ∅) & k 6⊆ Pk i
Use def Level(h0 , ∅) ⇒ Auto
Use def basis(h0 ) ⇒ Auto
S
hh0 i,→Stat1(Stat1?) ⇒ Stat2 : h∃k | h0 = k ∪ Pk
S & Pk ∩ (k\Pk) = ∅i & h0 6⊆ Ph0 & basis(h0 ) = ∅
hk0 i,→Stat2(Stat2?) ⇒ h0 = k0 ∪ Pk0 & Pk0 ∩ (k0 \Pk0 ) = ∅
hh0 , k0 i,→T hier2 (Stat2?) ⇒ basis(k0 ) = ∅ & k0 ∈ h0
hk0 i,→Stat1(Stat1?) ⇒ Stat3 : ¬ Level(k0 , ∅) & k0 6⊆ Pk0
Use def Level(k0 , ∅) ⇒ Auto
hh0 , k0 i,→T pow1 (Stat2?) ⇒ false;
(Stat2?)Discharge ⇒ Qed
Thm sstr4 : [Within the superstructure based on ∅, the operation PL lifts each level to a higher level]
Level(L, b0 ) & b0 = ∅ → Level(PL, b0 ). Proof:
Suppose not(h0 ) ⇒ Auto
Arguing by contradiction and exploiting transfinite induction, sup
pose that h0 is a counterexample none of whose elements contradicts
the claim.
EQUAL ⇒ Stat1 : Level(h0 , ∅) & ¬Level(Ph0 , ∅)
By the definition of ‘Level’, and in view of Theorem hier3 ,
our hypothesis amounts to supposing that basis(h0 ) = ∅ whereas
basis(h0 ∪ Ph0 ) 6= ∅, where h0 ⊆ Ph0 holds
S by Theorem sstr3 , and
hence
we
have
h
∪
Ph
=
Ph
and
Ph
∩
(h0 \Ph0 ) = ∅. But then
0
0
0
0
basis(h
∪
Ph
)
=
basis(h
)
must
hold
in
the
light of Theorem hier2 ,
0
0
0
and we are led to the sought contradiction.
hh0 i,→T hier3 (Stat1?) ⇒ ¬ h0 = ∅ & basis(h0 ) 6= ∅
h∅, ∅i,→T pow0 (Stat1?) ⇒ ∅ 6= P∅
Use def(Level) ⇒ Stat2 : basis(h0 ) = ∅ & basis(Ph0 ) 6= ∅
EQUAL ⇒ b0 = ∅ & Level(h0 , b0 ) & ¬Level(Ph0 , b0 )
hh0 \Ph0 i,→T un0 ⇒ Auto
S
hh0 i,→T sstr3 (Stat1?) ⇒ h0 ∪ Ph0 = Ph0 & (h0 \Ph0 ) = ∅
hh0 ∪ Ph0 , h0 i,→T hier2 (Stat2?) ⇒ basis(h0 ∪ Ph0 ) = basis(h0 )
EQUAL hStat2i ⇒ false;
Discharge ⇒ Qed
Thm sstr5 : [Successive levels of the superstructure are S
quasi-transitive, with b0 as invariant set of individuals]
Level(L, b0 ) → (L = ∅ ∨ b0 = L\PL) & L ∩ (L\PL) = ∅. Proof:
Suppose not(h1 ) ⇒ Auto
Suppose that a counterexample h1 to the claim exists; then, by trans
finite induction, a counterexample h0 none of whose elements is a
counterexample must also exist.
APPLY
htransfIndΘ :
S
h0 i transfiniteInduction n 7→ h1 , P(L) 7→ Level(L, b0 ) & ¬ (L = ∅ ∨ b0 = L\PL) & L ∩ (L\PL) = ∅
⇒
S
Stat0 : h∀k | Level(h0 , b0 ) & ¬ (h0 = ∅ ∨ b0 = h0 \Ph0 ) & h0 ∩ (h0 \Ph0 ) = ∅ &
S
k ∈ h0 → ¬ Level(k, b0 ) & ¬ (k = ∅ ∨ b0 = k\Pk) & k ∩ (k\Pk) = ∅
i
Obviously h0 6= ∅; moreover, by Theorem sstr2 , h0 6= b0 must hold. It
follows from Level(h0 , b0 ) that basis(h0 ) = b0 and b0 6= {∅}.
hh0 i,→Stat0(Stat0?) ⇒ Stat1 : Level(h0 , b0 ) & ¬ (h0 = ∅ ∨ b0 = h0 \Ph0 ) & h0 ∩ (h0 \Ph0 ) = ∅
S
Suppose ⇒ h0 = b0
S
EQUAL hStat1i ⇒ ¬ (b0 = ∅ ∨ b0 = b0 \Pb0 ) & b0 ∩ (b0 \Pb0 ) = ∅
h i,→T sstr2 (Stat1?)⇒ false;
Discharge ⇒ Auto
Use def Level(h0 , b0 ) ⇒ Auto
(Stat1?)ELEM ⇒ Stat2 : h0 6= ∅ & h0 6= b0 & basis(h0 ) = b0 & b0 6= {∅}
Hence, by the definition of ‘basis’, we get that basis(h0 ) = basis(k0 ),
where h0 = k0 ∪ Pk0 and Pk0 ∩ S(k0 \Pk0 ) = ∅.
Use def basis(h0 ) ⇒ Auto
S
(Stat2?)ELEM ⇒ Stat3 : h∃k | h0 = k ∪ Pk & Pk
S ∩ (k\Pk) = ∅i
hk0 i,→Stat3(Stat3?) ⇒ h0 = k0 ∪ Pk0 & Pk0 ∩ (k0 \Pk0 ) = ∅
hh0 , k0 i,→T hier2 (Stat2?) ⇒ basis(k0 ) = b0
S
Plainly Level(k0 , b0 ) holds, therefore k0 ∩ (k0 \Pk0 ) = ∅ and
b0 = k0 \Pk0 readily follow from the induction hypothesis, because
k0 ∈ h0 .
Use def Level(k0 , b0 ) ⇒ Auto
hk0 , k0 i,→T pow0 (Stat2?) ⇒ Level(k0 , b0 ) & k0 ∈ h0 S
hk0 i,→Stat0(Stat3?) ⇒ (k0 = ∅ ∨ b0 = k0 \Pk0 ) & k0 ∩ (k0 \Pk0 ) = ∅
Suppose ⇒ b0 6= k0 \Pk0 & k0 = ∅
hk0 i,→T hier3 (Stat3?) ⇒ false;
Discharge
⇒ Auto
S
(Stat3?)ELEM ⇒ b0 = k0 \Pk0 & k0 ∩ (k0 \Pk0 ) = ∅
k But then Theorem hier5 readily leads us to the sought contradiction.
S
S
EQUAL hStat3i ⇒ k0 ∩ b0 = ∅ & Pk0 ∩ b0 = ∅ S
hb0 , k0 , h0 i,→T hier5 (Stat3?)
S ⇒ b0 = h0 \Ph0 & h0 ∩ b0 = ∅
EQUAL hStat3i ⇒ h0 ∩ (h0 \Ph0 ) = ∅
(Stat1?)Discharge ⇒ Qed
Thm sstr6 : [Within the superstructure, the operation X ∪ PX lifts each level to a higher level] Level(L, b0 ) & (b0 = ∅ ∨ L 6= ∅) → Level(L ∪ PL, b0 ). Proof:
Suppose not(h0 ) ⇒ Auto
k Arguing by contradiction, suppose the contrary of our claim.
Suppose ⇒ b0 = ∅
hh0 i,→T sstr4 (?) ⇒ Level(Ph0 , b0 )
hh0 i,→T sstr3 (?) ⇒ h0 ∪ Ph0 = Ph0
EQUAL ⇒ false;
Discharge ⇒ Auto
h i,→T sstr0 (?) ⇒ Stat1 : b0 6⊆ {∅} & h0 6= ∅ & Level(h0 , b0 ) & ¬Level(h0 ∪ Ph0 , b0 )
Use def(Level) ⇒ Stat2 : basis(h0 ) 6= basis(h0 ∪ Ph0 )
The branch of the definition of basis(h0 ∪ Ph0 ) which gets exploited
is not the first, because ∅ ∈ Ph0 ; therefore it is the second, in view of
Theorem sstr5 combined with the assumption Ur(b0 ).
hh0 , ∅i,→T pow0 (Stat2?)
S ⇒ ∅ ∈ h0 ∪ Ph0
Suppose ⇒ Ph0 ∩ (h0 \Ph0 ) 6= ∅
hh0 i,→T sstr5 (Stat1?) ⇒ Stat3
: b0 = h0 \Ph0
S
EQUAL hStat2i ⇒ Ph0 ∩ b0 6= ∅
Assump ⇒ Ur(b0 )
S
Use def(Ur) ⇒ Stat4 : h∀k | Level(k, b0 ) → Pk ∩ b0 = ∅i
hh0 i,→Stat4(Stat1?) ⇒ false;
Discharge ⇒
Auto
This
contradicts
Theorem
hier2
which
basis(h0 ) = basis(h0 ∪ Ph0 ) in the situation at hand.
hh0 ∪ Ph0 , h0 i,→T hier2 (Stat2?) ⇒ false;
Discharge ⇒
ensures
Qed
Thm sstr7 : [∅ belongs to the first level of the superstructure] Level(b0 ∪ Pb0 , b0 ) & ∅ ∈ b0 ∪ Pb0 . Proof:
Suppose not( ) ⇒ Auto
h i,→T sstr0 (?) ⇒ Level(b0 , b0 )
hb0 i,→T sstr6 (?) ⇒ Level(b0 ∪ Pb0 , b0 )
hb0 , ∅i,→T pow0 (?) ⇒ false;
Discharge ⇒ Qed
Thm sstr8 : [Closure of the union of levels relative to power-set] X ∈ L\b0 & Level(L, b0 ) → h∃h | Level(h, b0 ) & PX ⊆ Phi. Proof:
Suppose not(x0 , h1 ) ⇒ Auto
If a counterexample h1 , x0 to the claim exists, then consider the first
level h0 (relative to b0 ) to which x0 belongs.
APPLY
htransfIndΘ :
h0 i transfiniteInduction n 7→ h1 , P(L) 7→ Level(L, b0 ) & x0 ∈ L ⇒
Stat0 : h∀k | Level(h0 , b0 ) & x0 ∈ h0 & k ∈ h0 → ¬ Level(k, b0 ) & x0 ∈ k i
hh0 i,→Stat0(?) ⇒ Stat1 : Level(h0 , b0 ) & x0 ∈ h0 & x0 ∈/ b0
Use def(Level) ⇒ basis(h0 ) = b0
Assump ⇒ Ur(b0 )
/ basis(h0 )
Use def(Ur) ⇒ ∅ ∈
Use def basis(h0 ) ⇒ Auto
S
(Stat1?)ELEM ⇒ Stat2 : h∃k | h0 = k ∪ Pk & Pk ∩ (k\Pk) = ∅i & basis(h0 ) = arb({basis(k) : k ∈ h0 | h0 = k ∪ Pk})
One easily sees that h0 = k0 ∪ Pk0 must hold, for some level k0 rela
tive to the same basis as the one of h0 , namely b0 .
S
hk0 i,→Stat2(Stat2?)⇒ h0 = k0 ∪ Pk0 & Pk0 ∩ (k0 \Pk0 ) = ∅
Use def Level(k0 , b0 ) ⇒ Auto
hh0 , k0 i,→T hier1 (Stat1?) ⇒ Stat3 : Level(k0 , b0 )
But then the induction hypothesis applies to k0 , because k0 ∈ h0 ; and
hence x0 ∈ Pk0 \k0 . From x0 ⊆ k0 , we readily get Px0 ⊆ Pk0 , which
contradicts the initial hypothesis.
hh0 , k0 i,→T hier2 (Stat2?) ⇒ k0 ∈ h0
hk0 , x0 i,→T pow0 ⇒ Auto
hk0 , x0 i,→T pow1 ⇒ Auto
hk0 i,→Stat0(Stat1?) ⇒ Px0 ⊆ Pk0
ELEM ⇒ Stat4 : ¬h∃h | Level(h, b0 ) & Px0 ⊆ Phi
hk0 i,→Stat4(Stat3?) ⇒ false;
Discharge ⇒ Qed
Thm sstr9 : [Quasi-transitivity of the super-structure] X ∈ L & Y ∈ M & {Y, Z} ⊆ X & Level(L, b0 ) & Level(M, b0 ) → h∃h | Level(h, b0 ) & Z ∈ hi. Proof:
Suppose not(x0 , h0 , y0 , h1 , z0 ) ⇒ Auto
Suppose ⇒ x0 ∈ b0
S
hh1 i,→T sstr5 (?) ⇒
S b0 = h1 \Ph1 & h1 ∩ (h1 \Ph1 ) = ∅
EQUAL ⇒ h1 ∩ b0 = ∅
S
Use def( b0 ) ⇒ Auto
ELEM ⇒ Stat1 : y0 ∈
/ {u : v ∈ b0 , u ∈ v}
hx0 , y0 i,→Stat1(?) ⇒ false;
Discharge ⇒ Auto
hx0 , h0 i,→T sstr8 (?) ⇒ Stat2 : h∃h | Level(h, b0 ) & Px0 ⊆ Phi & ¬h∃h | Level(h, b0 ) & z0 ∈ hi & {y0 , z0 } ⊆ x0
hx0 , {y0 , z0 } i,→T pow0 ⇒ Auto
hh2 , {y0 , z0 } i,→T pow0 ⇒ Auto
hh2 , h2 i,→Stat2(Stat2?) ⇒ false;
Discharge ⇒ Qed
Thm sstr10 : [The levels of the super-structure are totally ordered by inclusion] L 6⊆ M & Level(L, b0 ) & Level(M, b0 ) → M ⊆ L. Proof:
Suppose not(h1 , k1 ) ⇒ Auto
Arguing by contradiction, suppose that a counterexample exists.
Then, by transfinite induction, a minimal level h0 which cannot be
compared by inclusion with some other level exists. By exploiting
transfinite induction once more, we can find a minimal level k0 which
h0 cannot be compared with.
Suppose ⇒ Stat0 : ¬h∃h | Level(h, b0 ) & h1 6⊆ h & h 6⊆ h1 i
hk1 i,→Stat0(?) ⇒ false;
Discharge ⇒ Auto
APPLY htransfIndΘ : h0 i transfiniteInduction n 7→ h1 , P(L) 7→ Level(L, b0 ) & h∃h | Level(h, b0 ) & L 6⊆ h & h 6⊆ Li ⇒
Stat1 : h∀k | Level(h0 , b0 ) & h∃h | Level(h, b0 ) & h0 6⊆ h & h 6⊆ h0 i & k ∈ h0 → ¬ Level(k, b0 ) & h∃h | Level(h, b0 ) & k 6⊆ h & h 6⊆ ki i
hh0 i,→Stat1(Stat1?) ⇒ Stat2 : h∃h | Level(h, b0 ) & h0 6⊆ h & h 6⊆ h0 i & Level(h0 , b0 )
hh3 i,→Stat2(Stat2?) ⇒ Level(h3 , b0 ) & h0 6⊆ h3 & h3 6⊆ h0
APPLY
htransfIndΘ :
k0 i transfiniteInduction n 7→ h3 , P(L) 7→ Level(L, b0 ) & h0 6⊆ L & L 6⊆ h0 ⇒
Stat3 : h∀k | Level(k0 , b0 ) & h0 6⊆ k0 & k0 6⊆ h0 & k ∈ k0 → ¬ Level(k, b0 ) & h0 6⊆ k & k 6⊆ h0 i
Use def Level(h0 , b0 ) ⇒
Use def Level(k0 , b0 ) ⇒
Auto
Auto
Clearly, neither h0 nor k0 can be empty; moreover neither one can
equal b0 . But then it turns out easily that h0 = k2 ∪ Pk2 for a suitable
level relative to the basis b0 and, likewise, k0 = h2 ∪ Ph2 holds for a
suitable level relative to the basis b0 ; but then, by the induction hy
pothesis either h2 ⊆ k2 or k2 ⊆ h2 holds, whence h2 ∪ Ph2 ⊆ k2 ∪ Pk2
and k2 ∪ Pk2 ⊆ h2 ∪ Ph2 follow, respectively.
Use def basis(k0 ) ⇒ Auto
hk0 i,→Stat3(Stat2?) ⇒ Stat4 : Level(k0 , b0 ) & h0 6⊆ k0 & k0S6⊆ h0 & basis(h0 ) = b0 & basis(k0 ) = b0 & b0 6= {∅}
hh0 i,→T sstr5 (Stat2?)
⇒ Stat5 : h∃k | k0 = k ∪ Pk & Pk ∩ (k\Pk) = ∅i & b0 = arb({basis(k) : k ∈ k0 | k0 = k ∪ Pk})
Use def basis(h0 ) ⇒ Auto
S
hk0 i,→T sstr5 (Stat4?) ⇒ Stat6 : h∃k | h0 = k ∪ Pk & Pk ∩ (k\Pk) = ∅i & b0 = arb({basis(k) : k ∈ h0 | h0 = k ∪ Pk})
hh2 i,→Stat5(Stat5, Stat5?)
⇒ Stat7 : k0 = h2 ∪ Ph2
Use def Level(h2 , b0 ) ⇒ Auto
hk0 , h2 i,→T hier1 (Stat4?) ⇒ Level(h2 , b0 )
hk2 , k2 i,→T pow0 (Stat6?) ⇒ k2 ∈ Pk2
hk2 i,→Stat6(Stat6?)⇒ Stat8 : h0 = k2 ∪ Pk2
Use def Level(k2 , b0 ) ⇒ Auto
hh0 , k2 i,→T hier1 (Stat4?) ⇒ Level(k2 , b0 )
hk2 i,→Stat1(Stat6?) ⇒ Stat9 : ¬h∃h | Level(h, b0 ) & k2 6⊆ h & h 6⊆ k2 i
hh2 i,→Stat9(Stat6?) ⇒ k2 ⊆ h2 ∨ h2 ⊆ k2
Suppose ⇒ Stat10 : k2 ⊆ h2
hh2 , k2 i,→T pow1 (Stat7, Stat8, Stat10, Stat4?) ⇒ false;
Discharge ⇒ Auto
(Stat9?)ELEM ⇒ Stat11 : h2 ⊆ k2
hk2 , h2 i,→T pow1 (Stat7, Stat8, Stat11, Stat4?) ⇒ false;
Discharge ⇒ Qed
Thm sstr11 : [Closedness of the super-structure relative to pair formation] X ∈ L & Y ∈ M & Level(L, b0 ) & Level(M, b0 ) → h∃h | Level(h, b0 ) & {X, Y} ∈ hi. Proof:
Suppose not(x0 , h0 , y0 , h1 ) ⇒ Auto
Suppose ⇒ ¬Level(h0 ∪ h1 , b0 )
hh0 , h1 i,→T sstr10 (?) ⇒ h0 ∪ h1 = h1 ∨ h0 ∪ h1 = h0
Suppose ⇒ h0 ∪ h1 = h1
EQUAL ⇒ false;
Discharge ⇒ h0 ∪ h1 = h0
EQUAL ⇒ false;
Discharge ⇒ Auto
hh0 ∪ h1 , {x0 , y0 } i,→T pow0 (?) ⇒ Stat1 : {x0 , y0 } ∈ h0 ∪ h1 ∪ P(h0 ∪ h1 )
hh0 ∪ h1 i,→T sstr6 (?) ⇒ Stat2 : ¬h∃h | Level(h, b0 ) & {x0 , y0 } ∈ hi & Level h0 ∪ h1 ∪ P(h0 ∪ h1 ), b0
hh0 ∪ h1 ∪ P(h0 ∪ h1 )i,→Stat2(Stat1?) ⇒ false;
Discharge ⇒
Qed
Thm sstr12 : [The unionset of a superstructure meets all conditions to be qualified as a universe]
h∃k | Level(k, b0 ) & ∅ ∈ ki & h∀x, y, z | h∃h | Level(h, b0 ) & x ∈ hi & h∃k | Level(k, b0 ) & y ∈ ki & {y, z} ⊆ x → h∃m | Level(m, b0 ) & z ∈ mii &
h∀x, y | h∃h | Level(h, b0 ) & x ∈ hi & h∃k | Level(k, b0 ) & y ∈ ki → h∃k | Level(k, b0 ) & {x, y} ∈ kii. Proof:
Suppose not( ) ⇒ Auto
Suppose ⇒ Stat1 : ¬h∃k | Level(k, b0 ) & ∅ ∈ ki
h i,→T sstr7 (?) ⇒ Level(b0 ∪ Pb0 , b0 ) & ∅ ∈ b0 ∪ Pb0
hb0 ∪ Pb0 i,→Stat1(Stat1?) ⇒ false;
Discharge ⇒ Auto
Suppose ⇒ Stat2 : ¬h∀x, y, z | h∃h | Level(h, b0 ) & x ∈ hi & h∃k | Level(k, b0 ) & y ∈ ki & {y, z} ⊆ x → h∃m | Level(m, b0 ) & z ∈ mii
hx0 , y0 , z0 i,→Stat2(Stat2?) ⇒ Stat3 : h∃h | Level(h, b0 ) & x0 ∈ hi & h∃k | Level(k, b0 ) & y0 ∈ ki & {y0 , z0 } ⊆ x0 & ¬h∃m | Level(m, b0 ) & z0 ∈ mi
hh0 , h1 i,→Stat3(Stat3?) ⇒ Level(h0 , b0 ) & x0 ∈ h0 & Level(h1 , b0 ) & y0 ∈ h1
hx0 , h0 , y0 , h1 , z0 i,→T sstr9 (Stat3?) ⇒ false;
Discharge ⇒
Stat5 : ¬h∀x, y | h∃h | Level(h, b0 ) & x ∈ hi & h∃k | Level(k, b0 ) & y ∈ ki → h∃k | Level(k, b0 ) & {x, y} ∈ kii
hx1 , y1 i,→Stat5(Stat5?) ⇒ Stat6 : h∃h | Level(h, b0 ) & x1 ∈ hi & h∃k | Level(k, b0 ) & y1 ∈ ki & ¬h∃k | Level(k, b0 ) & {x1 , y1 } ∈ ki
hh2 , k2 i,→Stat6(Stat6?) ⇒ Level(h2 , b0 ) & x1 ∈ h2 & Level(k2 , b0 ) & y1 ∈ k2 & ¬h∃k | Level(k, b0 ) & {x1 , y1 } ∈ ki
hx1 , h2 , y1 , k2 i,→T sstr11 (Stat6?) ⇒ false;
Discharge ⇒ Qed
k The sum-class of a superstructure is a universe:
APPLY h i universe U(X) 7→ h∃k | Level(k, b0 ) & X ∈ ki ⇒
Thm sstr13 : [The sum-class of a superstructure is a universe] h∀x, y | h∃h | Level(h, b0 ) & x ∈ hi & h∃k | Level(k, b0 ) & y ∈ ki → h∃k | Level(k, b0 ) & [x, y] ∈ kii &
h∀f, x | Is map(f) & h∃k | Level(k, b0 ) & f ∈ ki & h∀u ∈ domain(f), ∃h | Level(h, b0 ) & u ∈ hi & f = ∅ ∨ h∃q ∈ f, m | Level(m, b0 ) & q ∈ mi → h∃n | Level(n, b0 ) & fx ∈ nii.
APPLY
hglobΘ : sstri reachGlob g(X) 7→ if X = ∅ & b0 6= ∅ then b0 else X ∪ PX fi ⇒
Thm sstr14 : [Precursor of the universe of the superstructure] h∀b, x, y | B ∈ sstr(B) & X ∈ sstr(B) & Y = if X = ∅ & b0 6= ∅ then b0 else X ∪ PX fi → Y ∈ sstr(B) i.
Def sstr0 : [Universe of the superstructure]
sstrΘ
=Def
S
{h ∈ sstr(∅) | Level(h, b0 )}
Thm sstr15 : [Smallness of the universe of the superstructure] h∃h | Level(h, b0 ) & X ∈ hi ↔ X ∈ sstrΘ . Proof:
Suppose not(x0 ) ⇒ Auto
If a counterexample to the claim exists then there must exists a level
h1 such h1 ∈
/ sstr(∅); hence, by trasfinite induction, there must also
exist a level h0 such that h0 ∈
/ sstr(∅) whereas h0 ⊆ sstr(∅).
S
Use def(sstrΘ ) ⇒ Stat1 : sstrΘ = {h ∈ sstr(∅) | Level(h, b0 )}
S
Use def( ) ⇒ sstrΘ = {u : v ∈ {h ∈ sstr(∅) | Level(h, b0 )} , u ∈ v}
Suppose ⇒ Stat2 : x0 ∈ {u : v ∈ {h ∈ sstr(∅) | Level(h, b0 )} , u ∈ v}
hv0 , u0 i,→Stat2(?) ⇒ Stat3 : v0 ∈ {h : h ∈ sstr(∅) | Level(h, b0 )} & ¬h∃h | Level(h, b0 ) & x0 ∈ hi & x0 ∈ v0
hw0 , w0 i,→Stat3(Stat3?) ⇒ false;
Discharge ⇒ Stat4 : h∃h | Level(h, b0 ) & x0 ∈ hi & x0 ∈
/ sstrΘ
hh1 i,→Stat4(Stat1) ⇒ Level(h1 , b0 ) & h1 6⊆ sstrΘ
h {h ∈ sstr(∅) | Level(h, b0 )} , h1 , {h ∈ sstr(∅) | Level(h, b0 )} i,→T un2 (Stat1?) ⇒ Stat5 :
h1 ∈
/ {h ∈ sstr(∅) | Level(h, b0 )}
hh1 i,→Stat5(Stat4?) ⇒ h1 ∈/ sstr(∅)
APPLY htransfIndΘ : h0 i transfiniteInduction n 7→ h1 , P(L) 7→
L∈
/ sstr(∅) & Level(L, b0 )
⇒
Stat6 : h∀k | h0 ∈
/ sstr(∅) & Level(h0 , b0 ) & k ∈ h0 → ¬ k ∈
/ sstr(∅) & Level(k, b0 ) i
hh0 i,→Stat6 ⇒ Auto
Clearly we have ∅ ∈ sstr(∅) and b0 ∈ sstr(∅), because either b0 = ∅
or b0 = if ∅ = ∅ & b0 6= ∅ then b0 else ∅ ∪ P∅ fi holds. Therefore h0
differs from ∅ and from b0 .
h i,→T sstr14 (Stat6?) ⇒ Stat7 :
h∀s, x, y | s ∈ sstr(s) & x ∈ sstr(s) & y = if x = ∅ & b0 6= ∅ then b0 else x ∪ Px fi → y ∈ sstr(s) i & h0 ∈/ sstr(∅)
h∅, ∅, b0 i,→Stat7(Stat7?) ⇒ h0 6= ∅ & h0 6= b0
k ...
Use def Level(h0 , b0 ) ⇒ Auto
Use def basis(h0 ) ⇒ Auto
(Stat6?)ELEM ⇒ Stat10 :
h∃k | h0 = k ∪ Pk & Pk ∩ (k\Pk) = ∅i & basis(h
S 0 ) = arb({basis(k) : k ∈ h0 | h0 = k ∪ Pk})
hk0 i,→Stat10(Stat10?)
⇒ h0 = k0 ∪ Pk0 & Pk0 ∩ (k0 \Pk0 ) = ∅
S
Use def Level(k0 , b0 ) ⇒
Auto
hh0 , k0 i,→T hier2 (Stat10?) ⇒ k0 ∈ h0 & Level(k0 , b0 )
hk0 i,→Stat6(Stat7?) ⇒ k0 ∈ sstr(∅)
h∅, k0 , if k0 = ∅ & b0 6= ∅ then b0 else k0 ∪ Pk0 fii,→Stat7(Stat7?) ⇒ k0 = ∅
h∅i,→T pow2 (Stat10?) ⇒ P∅ = {∅} & h0 = Pk0
EQUAL hStat10i ⇒ Stat11 : basis({∅}) = b0
h {∅} i,→T hier3 (Stat10?) ⇒ b0 = ∅
h∅, k0 , h0 i,→Stat7(Stat10?) ⇒ h0 ∈ sstr(∅)
(Stat6?)Discharge ⇒
Qed
Enter theory Set theory
&
basis(h0 ) = b0 & b0 6= {∅}
Display superstructure
Theory superstructure(b0 )
Ur(b0 )
⇒ (sstrΘ )
Level(∅, b0 ) & Level(b0 , b0 ) & b0 6= {∅}
h∀l | Level(l,
b0 ) & l 6= ∅ → b0 ⊆ li
S
b0 ∩ (b0 \Pb0 ) = ∅ & b0 \Pb0 = b0
h∀l | Level(l, b0 ) & b0 = ∅ → l ⊆ Pli
h∀l | Level(l, b0 ) & b0 = ∅ → Level(Pl, b0 )i S
h∀l | Level(l, b0 ) → (l = ∅ ∨ b0 = l\Pl) & l ∩ (l\Pl) = ∅i
h∀l | Level(l, b0 ) & (b0 = ∅ ∨ l 6= ∅) → Level(l ∪ Pl, b0 )i
Level(b0 ∪ Pb0 , b0 ) & ∅ ∈ b0 ∪ Pb0
h∀x, l | x ∈ l\b0 & Level(l, b0 ) → h∃h | Level(h, b0 ) & Px ⊆ Phii
h∀x, l, y, m, z | x ∈ l & y ∈ m & {y, z} ⊆ x & Level(l, b0 ) & Level(m, b0 ) → h∃h | Level(h, b0 ) & z ∈ hii
h∀l, m | l 6⊆ m & Level(l, b0 ) & Level(m, b0 ) → m ⊆ li
h∀x, l, y, m | x ∈ l & y ∈ m & Level(l, b0 ) & Level(m, b0 ) → h∃h | Level(h, b0 ) & {x, y} ∈ hii
h∃k | Level(k, b0 ) & ∅ ∈ ki & h∀x, y, z | h∃h | Level(h, b0 ) & x ∈ hi & h∃k | Level(k, b0 ) & y ∈ ki & {y, z} ⊆ x → h∃m | Level(m, b0 ) & z ∈ mii &
h∀x, y | h∃h | Level(h, b0 ) & x ∈ hi & h∃k | Level(k, b0 ) & y ∈ ki → h∃k | Level(k, b0 ) & {x, y} ∈ kii
h∀x, y | h∃h | Level(h, b0 ) & x ∈ hi & h∃k | Level(k, b0 ) & y ∈ ki → h∃k | Level(k, b0 ) & [x, y] ∈ kii &
h∀f, x | Is map(f) & h∃k | Level(k, b0 ) & f ∈ ki & h∀u ∈ domain(f), ∃h | Level(h, b0 ) & u ∈ hi & f = ∅ ∨ h∃q ∈ f, m | Level(m, b0 ) & q ∈ mi →
h∃n | Level(n, b0 ) & fx ∈ nii
h∀x | h∃h | Level(h, b0 ) & x ∈ hi ↔ x ∈ sstrΘ i
End superstructure
8
8.1
Arithmetization of formulae about a universe
Lists
Def list1 : [Insertion of a new element at the beginning of a list]
add(H, B)
=Def
{{{H, ∅}} ∪ B} ∪ B
Def list2 : [Singleton subset of a set representing a list to which the last element inserted in set belongs]
Def list3 : [Selector needed for extracting list endpoints]
sl(L, Y)
=Def
arb(arb(arb(L) \Y) \ {∅})
final(L)
=Def
{q ∈ L | L\ {q} ⊆ q}
Def list4 : [Head of a list]
Def list5 : [Bottom of a list]
Def list6 : [Two-element list]
Def list7 : [Body of a list]
Def list8 : [Segment of a list]
Def list9 : [Length of a list]
top(L)
sl final(L), L
=Def
bot(L)
=Def
sl(L, L)
opair(X, Y)
del(L)
=Def
sub(I, L)
len(L)
Def list10 : [I-th component of list]
Def list11 : [Concatenation of two list]
add Y, add(X, ∅)
=Def
L\final(L)
=Def
=Def
th(I, L)
if I = ∅ then L else del arb({sub(j, L) : j ∈ I | j ∈ final(I)}) fi
if ∅ ∈ next(L) then ∅ else next
=Def
cat(L, M)
S
{len(q) : q ∈ L} fi
if I = ∅ then len(L) else top sub del(I), L fi
=Def
if ∅ ∈ M then M else L ∪ {cat(L, q) : q ∈ M} fi
Def list12 : [What is a list?]
Is list(L) ↔Def h∀p ∈ L, q ∈ L\ {p} | p ∈ q ∨ q ∈ pi & h∀q ∈ L, ∃h | q\L = {{h, ∅}} i &
h∀p ∈ L, ∃q ∈ L | p ∩ L ∈ {∅, q ∩ L ∪ {q}} i
Thm list0 : [Conventionally, component extractions from ∅ always return ∅] Is list(∅) & {final(∅), top(∅), bot(∅), del(∅)} = {∅} . Proof:
Suppose not( ) ⇒ Auto
Suppose ⇒ ¬Is list(∅)
Use def(Is list) ⇒ Stat1 :
¬(h∀p ∈ ∅, q ∈ ∅\ {p} | p ∈ q ∨ q ∈ pi & h∀q ∈ ∅, ∃h | q\∅ = {{h, ∅}} i & h∀p ∈ ∅, ∃q ∈ ∅ | p ∩ ∅ ∈ {∅, q ∩ ∅ ∪ {q}} i)
hp0 , q0 , q1 , p1 i,→Stat1(Stat1?) ⇒ false;
Discharge ⇒ Auto
Suppose ⇒ final(∅) 6= ∅
Use def(final) ⇒ Stat2 : {q ∈ ∅ | ∅\ {q} ⊆ q} =
6 ∅
hq2 i,→Stat2(Stat2?) ⇒ false;
Discharge ⇒ Auto
T somehow ⇒ false;
Discharge ⇒ Qed
Def arthm0 : [Shape of a set encoding a term]
IsTerm(T) ↔Def
T = {{arb(arb(T))}} ∨ T ∈ N\ {∅} ∨ h∃x ∈ T, y ∈ T | IsTerm(x) & IsTerm(y) & next({x, y}) ∪ {{x}} = T\ {∅} i
Thm arthm0 : [The null set encodes no term] X = ∅ → ¬IsTerm(X). Proof:
Suppose not(x1 ) ⇒ Auto
EQUAL ⇒ IsTerm(∅)
Use def IsTerm(∅) ⇒ Auto
ELEM ⇒ Stat1 : h∃x ∈ ∅, y ∈ ∅ | IsTerm(x) & IsTerm(y) & next({x, y}) ∪ {{x}} = ∅\ {∅} i
hx0 , y0 i,→Stat1(Stat1?) ⇒ false;
Discharge ⇒ Qed
Our next theorem entails that no natural number n can be of the
form {{a}}. In fact, on the basis of Theorems nats5 , nats8 , isOrd
S 3,
isOrd9 , and un4 , such an n would satisfy the condition n = next( n),
whence {{a}} = next({a}) follows; however, with our next theorem,
this would lead us to the untenable conclusion {a} = ∅.
Thm arthm1 : [A set encoding a constant cannot encode any variable] {Z} = next(Z) ↔ Z = ∅. Proof:
Suppose not(z0 ) ⇒ Auto
Discharge ⇒ Qed
Use def(next) ⇒ false;
Thm arthm2 : [A set encoding a constant cannot encode any compound term] next({X, Y}) ∪ {{X}} ∪ U 6= {Z} . Proof:
Suppose not(x0 , y0 , u0 , z0 ) ⇒ Auto
Use def(next) ⇒ false;
Discharge ⇒ Qed
Thm arthm3 : [A set encoding a variable cannot encode any compound term] X 6= ∅ & next({X, Y}) ∪ {{X}} = T\ {∅} & ∅ ∈ T → T 6= next(V). Proof:
Suppose not(x0 , y0 , t0 , v0 ) ⇒ Auto
TELEM ⇒ {x0 , x0 } ∪ {{x0 , x0 }} ∪ {{x0 }} ∪ {∅} = {x0 , {x0 } , ∅}
Use def(next) ⇒ Stat1 : {x0 , {x0 } , ∅} = v0 ∪ {v0 } & ∅ ∈ v0 ∪ {v0 } & x0 = y0
EQUAL ⇒ Stat2 : {x0 , {x0 } , ∅} = v0 ∪ {v0 } & x0 6= ∅
(Stat2?)ELEM ⇒ v0 = {x0 }
(Stat1?)Discharge ⇒ Qed
Thm arthm4 : [A set can encode at most one constant] {{A}} = {{B}} → A = B. Proof:
Suppose not(a0 , b0 ) ⇒ false;
Discharge ⇒ Qed
Thm arthm5 : [A set can encode at most one compound term] ∅ ∈
/ {X, Y, Xp, Yp} & U ∪ Up ⊆ {∅} & next({X, Y}) ∪ {{X}} ∪ U = next({Xp, Yp}) ∪ {{Xp}} ∪ Up →
X = Xp & Y = Yp & U = Up. Proof:
Suppose not(x0 , y0 , x1 , y1 , u0 , v0 ) ⇒ Auto
Use def(next) ⇒ u0 = v0
Use def next({x0 , y0 }) ⇒ Auto
Use def next({x1 , y1 }) ⇒ Auto
TELEM ⇒ {x0 , y0 } ∪ {{x0 , y0 }} ∪ {{x0 }} = {x0 , y0 , {x0 } , {x0 , y0 }}
TELEM ⇒ {x1 , y1 } ∪ {{x1 , y1 }} ∪ {{x1 }} = {x1 , y1 , {x1 } , {x1 , y1 }}
EQUAL ⇒ Stat1 : {x0 , y0 , {x0 } , {x0 , y0 }} ∪ u0 = {x1 , y1 , {x1 } , {x1 , y1 }} ∪ u0 & u0 ⊆ {∅} & ∅ ∈
/ {x0 , y0 , x1 , y1 }
hx0 , y0 , x1 , y1 i,→T pair5 (Stat1?) ⇒ x0 = x1
hx0 , y0 , x1 , y1 i,→T pair6 (Stat1?) ⇒ y0 = y1
Discharge ⇒ Qed
Def arthm1 : [Left-hand side of a compound term]
Def arthm2 : [Right-hand side of a compound term]
lf(T)
rg(T)
=Def
=Def
arb({x : x ∈ T, y ∈ T | T\ {∅} = next({x, y}) ∪ {{x}}})
arb({y : x ∈ T, y ∈ T | T\ {∅} = next({x, y}) ∪ {{x}}})
Theory evalTerm th(J, L), cst(S), Pair(P), Appl(P), lft(P), rgt(P)
h∀s, t | cst(s) = cst(t) → s = ti
h∀s, i, p, q | i ∈ N & Pair(p) & Appl(q) → cst(s) ∈/ {i, p, q} & i ∈/ {p, q} & p 6= qi
h∀x, y | ∅ ∈/ {x, y} → h∃p, ∀q | Pair(p) & lft(p) = x & rgt(p) = y ↔ p = qii
h∀x, y | ∅ ∈/ {x, y} → h∃p, ∀q | Appl(p) & lft(p) = x & rgt(p) = y ↔ p = qii
h∀p | Pair(p) ∨ Appl(p) → ∅ ∈/ {lft(p), rgt(p)} i
h∀t | {lft(t), rgt(t)} ⊆ t ∪ {∅} i
End evalTerm
Enter theory evalTerm
Thm evalTerm0 : [Unnaming, the reverse of naming] h∃s, ∀t | cst(t) = C → t = si. Proof:
Suppose not(c0 ) ⇒ Stat1 : ¬h∃s, ∀t | cst(t) = c0 → t = si
Suppose ⇒ Stat2 : ¬h∃s | cst(s) = c0 i
h∅i,→Stat1(?) ⇒ Stat3 : ¬h∀t | cst(t) = c0 → t = ∅i
hsi,→Stat3(Stat3?) ⇒ cst(s) = c0
hsi,→Stat2(Stat3?) ⇒ false;
Discharge ⇒ Stat4 : h∃s | cst(s) = c0 i
hs0 i,→Stat4(Stat4?) ⇒ cst(s0 ) = c0
hs0 i,→Stat1(Stat1?) ⇒ Stat5 : ¬h∀t | cst(t) = c0 → t = s0 i
ht0 i,→Stat5(Stat4?) ⇒ cst(t0 ) = cst(s0 ) & t0 6= s0
Assump ⇒ Stat6 : h∀s, t | cst(s) = cst(t) → s = ti
ht0 , s0 i,→Stat6(Stat5?) ⇒ false;
Discharge ⇒ Qed
APPLY
hv1Θ : rvCsti Skolem⇒
Thm evalTerma : [We now identify unnaming as rvCst] h∀c, t | cst(t) = c → t = rvCst(c)i.
Thm evalTermb . h∃p, q | Pair(p) & Appl(q)i. Proof:
Suppose not( ) ⇒ Stat1 : ¬h∃p, q | Pair(p) & Appl(q)i
Assump ⇒ Stat2 :
h∀x, y | ∅ ∈/ {x, y} → h∃p, ∀q | Pair(p) & lft(p) = x & rgt(p) = y ↔ p = qii &
h∀x, y | ∅ ∈/ {x, y} → h∃p, ∀q | Appl(p) & lft(p) = x & rgt(p) = y ↔ p = qii
h {∅} , {∅} , {∅} , {∅} i,→Stat2(Stat2?) ⇒ Stat3 :
h∃p, ∀q | Pair(p) & lft(p) = {∅} & rgt(p) = {∅} ↔ p = qi & h∃p, ∀q | Appl(p) & lft(p) = {∅} & rgt(p) = {∅} ↔ p = qi
hp0 , p0 , q0 i,→Stat3(Stat3?) ⇒ Stat5 : h∀q | Appl(q0 ) & lft(q0 ) = {∅} & rgt(q0 ) = {∅} ↔ q0 = qi & Pair(p0 )
hq0 i,→Stat5(Stat5, Stat1?) ⇒ Appl(q0 ) & Pair(p0 )
hp0 , q0 i,→Stat1(Stat5?) ⇒ false;
Discharge ⇒ Qed
Def evalTerm: [Evaluation function for a term encoded as a set]
valΘ (T, V) =Def
if T ∈ N then th(T, V) else
if Pair(T) then [arb({valΘ (x, V) : x ∈ T | x = lft(T)}), arb({valΘ (y, V) : y ∈ T | y = rgt(T)})] else
if Appl(T) then arb({valΘ (x, V) : x ∈ T | x = lft(T)}) arb({valΘ (y, V) : y ∈ T | y = rgt(T)}) else
rvCst(T)
fi
fi
fi
Thm evalTerm1 : [Evaluation of a constant] valΘ cst(S), V = S. Proof:
Suppose not(s0 , v0 ) ⇒ Auto
Loc def ⇒ Stat0 : c0 = cst(s0 )
Assump ⇒ Stat1 : h∀s, i, p, q | i ∈ N & Pair(p) & Appl(q) → cst(s) ∈
/ {i, p, q} & i ∈
/ {p, q} & p 6= qi
h i,→T evalTermb (?) ⇒ Stat2 : h∃p, q | Pair(p) & Appl(q)i
hp0 , q0 i,→Stat2(Stat2?) ⇒ Pair(p0 ) & Appl(q0 )
h i,→T nats1 ⇒ ∅ ∈ N
Suppose ⇒ c0 ∈ N
hs0 , c0 , p0 , q0 i,→Stat1(Stat0?) ⇒ false;
Discharge ⇒ Auto
Suppose ⇒ Pair(c0 )
hs0 , ∅, c0 , q0 i,→Stat1(Stat0?) ⇒ false;
Discharge ⇒ Auto
Suppose ⇒
Appl(c0 )
hs0 , ∅, p0 , c0 i,→Stat1(Stat0?) ⇒ false;
Discharge
⇒ Auto EQUAL ⇒ Stat3 : cst(s0 ) ∈
/ N &¬Pair cst(s0 ) & ¬Appl cst(s0 )
Use def(valΘ ) ⇒ valΘ cst(s0 ), v0 =
if cst(s0 ) ∈ N then th cst(s
0 ), v 0 else
if Pair cst(s0 ) then arb
, arb valΘ (y, v0 ) : y ∈ cst(s0 ) | y = rgt cst(s0 )
else valΘ (x, v0 ) : x ∈ cst(s0 ) | x = lft cst(s0 )
if Appl cst(s0 ) then
arb
val
(x,
v
)
:
x
∈
cst(s
)
|
x
=
lft
cst(s
)
arb
val
(y,
v
)
:
y
∈
cst(s
)
|
y
=
rgt
cst(s
else
Θ
0
0
0
Θ
0
0
0)
rvCst cst(s0 )
fi
fi
fi
(Stat3?)ELEM ⇒ valΘ cst(s0 ), v0 = rvCst cst(s0 )
h i,→T evalTerma (?) ⇒ Stat4 : h∀c, t | cst(t) = c → t = rvCst(c)i
hcst(s0 )i,→Stat4(Stat4?) ⇒ Stat5 : h∀t | cst(t)
= cst(s0 ) → t = rvCst cst(s0 ) i
hs0 i,→Stat5(Stat5?) ⇒ s0 = rvCst cst(s0 )
Discharge ⇒ Qed
Thm evalTerm2 : [Evaluation of a compound term, 1] Appl(T) → valΘ (T, V) = valΘ lft(T), V valΘ rgt(T), V . Proof:
Suppose not(t0 , v0 ) ⇒ Auto
Assump ⇒ Stat1 : h∀s, i, p, q | i ∈ N & Pair(p) & Appl(q) → cst(s) ∈
/ {i, p, q} & i ∈
/ {p, q} & p 6= qi
h i,→T evalTermb (?) ⇒ Stat2 : h∃p, q | Pair(p) & Appl(q)i
hp0 , q0 i,→Stat2(Stat2?) ⇒ Pair(p0 )
h i,→T nats1 (?) ⇒ Stat3 : ∅ ∈ N & Appl(t0 )
Suppose ⇒ t0 ∈ N
h∅, t0 , p0 , t0 i,→Stat1(Stat2?) ⇒ false;
Discharge ⇒ Auto
Suppose ⇒ Pair(t0 )
h∅, ∅, t0 , t0 i,→Stat1(Stat2?)
⇒ false;
Discharge ⇒ Auto
Use def valΘ (t0 , v0 ) ⇒ Auto
(Stat2?)ELEM ⇒ valΘ (t0 , v0 ) = arb({val
Θ (x, v0 ) : x ∈ t0 | x = lft(t0 )}) arb({valΘ (y, v0 ) : y ∈ t0 | y = rgt(t0 )})
EQUAL ⇒ Stat4 : valΘ lft(t0 ), v0 valΘ rgt(t0 ), v0 6= arb({valΘ (x, v0 ) : x ∈ t0 | x = lft(t0 )}) arb({valΘ (y, v0 ) : y ∈ t0 | y = rgt(t0 )})
Suppose ⇒ valΘ lft(t0 ), v0 = arb({valΘ (x, v0 ) : x ∈ t0 | x = lft(t0 )}) & valΘ rgt(t0 ), v0 = arb({valΘ (y, v0 ) : y ∈ t0 | y = rgt(t0 )})
EQUAL hStat4i ⇒ false;
Discharge ⇒ Auto
(Stat4)ELEM ⇒ Stat5 : {valΘ } lft(t0 ), v0 6= {valΘ (x, v0 ) : x ∈ t0 | x = lft(t0 )} ∨ {valΘ } rgt(t0 ), v0 6= {valΘ (y, v0 ) : y ∈ t0 | y = rgt(t0 )}
Suppose ⇒ Stat6 : valΘ lft(t0 ), v0 ∈
/ {valΘ (x, v0 ) : x ∈ t0 | x = lft(t0 )} ∨ valΘ rgt(t0 ), v0 ∈
/ {valΘ (y, v0 ) : y ∈ t0 | y = rgt(t0 )}
Assump ⇒ Stat7 : h∀p | Pair(p) ∨ Appl(p) → ∅ ∈
/ {lft(p), rgt(p)} i & h∀t | {lft(t), rgt(t)} ⊆ t ∪ {∅} i
ht0 , t0 i,→Stat7(Stat3, Stat3?) ⇒ lft(t0 ), rgt(t0 ) ∈ t0
hlft(t0 ), rgt(t0 )i,→Stat6(Stat7?) ⇒ false;
Discharge ⇒ Auto
(Stat5?)ELEM ⇒ Stat8 : {valΘ (x, v0 ) : x ∈ t0 | x = lft(t0 )} 6⊆ {valΘ } lft(t0 ), v0 ∨ {valΘ (y, v0 ) : y ∈ t0 | y = rgt(t0 )} 6⊆ {valΘ } rgt(t0 ), v0
hw0 , w1 i,→Stat8(Stat8?) ⇒ Stat9 : w0 ∈ {valΘ (x, v0 ) : x ∈ t0 | x = lft(t0 )}
&
w0 6= valΘ lft(t0 ), v0
∨
w1 ∈ {valΘ (y, v0 ) : y ∈ t0 | y = rgt(t0 )} & w1 6= valΘ rgt(t0 ), v0
Stat10 : w0 ∈ {valΘ (x, v0 ) : x ∈ t0 | x = lft(t0 )} & w0 6= valΘ lft(t0 ), v0
hz0 i,→Stat10(Stat9?) ⇒ z0 = lft(t0 ) & valΘ (z0 , v0 ) 6= valΘ lft(t0 ), v0
EQUAL hStat10i ⇒ false;
Discharge ⇒ Auto
(Stat9?)ELEM ⇒ Stat11 : w1 ∈ {valΘ (y, v0 ) : y ∈ t0 | y = rgt(t0 )} hz1 i,→Stat11(Stat9?) ⇒ z1 = rgt(t0 ) & valΘ (z1 , v0 ) 6= valΘ rgt(t0 ), v0
EQUAL hStat11i ⇒ false;
Discharge ⇒ Qed
Suppose ⇒
Thm evalTerm3 : [Evaluation of a compound term, 2] Pair(T) → valΘ (T, V) = valΘ lft(T), V , valΘ rgt(T), V . Proof:
Suppose not(t0 , v0 ) ⇒ Auto
Assump ⇒ Stat1 : h∀s, i, p, q | i ∈ N & Pair(p) & Appl(q) → cst(s) ∈
/ {i, p, q} & i ∈
/ {p, q} & p 6= qi
h i,→T evalTermb (?) ⇒ Stat2 : h∃p, q | Pair(p) & Appl(q)i
hp0 , q0 i,→Stat2(Stat2?) ⇒ Appl(q0 )
h i,→T nats1 (?) ⇒ Stat3 : ∅ ∈ N & Pair(t0 )
Suppose ⇒ t0 ∈ N
h∅, t0 , t0 , q0 i,→Stat1(Stat2?)
⇒ false;
Discharge ⇒ Auto
Use def valΘ (t0 , v0 ) ⇒ Auto
(Stat2?)ELEM ⇒ val
x ∈ t0 | x = lft(t0 )}), arb({valΘ (y, v0 ) : y ∈ t0 | y = rgt(t0 )})]
Θ (x, v0 ) : Θ (t0 , v0 ) = [arb({val
EQUAL ⇒ Stat4 : valΘ lft(t0 ), v0 , valΘ rgt(t0 ), v0 6= [arb({valΘ (x, v0 ) : x ∈ t0 | x = lft(t0 )}), arb({valΘ (y, v0 ) : y ∈ t0 | y = rgt(t0 )})]
TELEM ⇒ Stat4a : ∅ = ∅ Suppose ⇒ valΘ lft(t0 ), v0 = arb({valΘ (x, v0 ) : x ∈ t0 | x = lft(t0 )}) & valΘ rgt(t0 ), v0 = arb({valΘ (y, v0 ) : y ∈ t0 | y = rgt(t0 )})
EQUAL hStat4i ⇒ false;
Discharge ⇒ Auto
(Stat4a)ELEM ⇒ Stat5 : {valΘ } lft(t0 ), v0 6= {valΘ (x, v0 ) : x ∈ t0 | x = lft(t0 )} ∨ {valΘ } rgt(t0 ), v0 6= {valΘ (y, v0 ) : y ∈ t0 | y = rgt(t0 )}
Suppose ⇒ Stat6 : valΘ lft(t0 ), v0 ∈
/ {valΘ (x, v0 ) : x ∈ t0 | x = lft(t0 )} ∨ valΘ rgt(t0 ), v0 ∈
/ {valΘ (y, v0 ) : y ∈ t0 | y = rgt(t0 )}
Assump ⇒ Stat7 : h∀p | Pair(p) ∨ Appl(p) → ∅ ∈
/ {lft(p), rgt(p)} i & h∀t | {lft(t), rgt(t)} ⊆ t ∪ {∅} i
ht0 , t0 i,→Stat7(Stat3, Stat3?) ⇒ lft(t0 ), rgt(t0 ) ∈ t0
hlft(t0 ), rgt(t0 )i,→Stat6(Stat7?) ⇒ false;
Discharge ⇒ Auto
(Stat5?)ELEM ⇒ Stat8 : {valΘ (x, v0 ) : x ∈ t0 | x = lft(t0 )} 6⊆ {valΘ } lft(t0 ), v0 ∨ {valΘ (y, v0 ) : y ∈ t0 | y = rgt(t0 )} 6⊆ {valΘ } rgt(t0 ), v0
hw0 , w1 i,→Stat8(Stat8?) ⇒ Stat9 : w0 ∈ {valΘ (x, v0 ) : x ∈ t0 | x = lft(t0 )} & w0 6= valΘ lft(t0 ), v0 ∨
w1 ∈ {valΘ (y, v0 ) : y ∈ t0 | y = rgt(t0 )} & w1 6= valΘ rgt(t0 ), v0
Suppose ⇒ Stat10 : w0 ∈ {valΘ (x, v0 ) : x ∈ t0 | x = lft(t0 )} & w0 6= valΘ lft(t0 ), v0
hz0 i,→Stat10(Stat9?) ⇒ z0 = lft(t0 ) & valΘ (z0 , v0 ) 6= valΘ lft(t0 ), v0
EQUAL hStat10i ⇒ false;
Discharge ⇒ Auto
(Stat9?)ELEM ⇒ Stat11 : w1 ∈ {valΘ (y, v0 ) : y ∈ t0 | y = rgt(t0 )} hz1 i,→Stat11(Stat9?) ⇒ z1 = rgt(t0 ) & valΘ (z1 , v0 ) 6= valΘ rgt(t0 ), v0
EQUAL hStat11i ⇒
false;
Discharge ⇒
Qed
Thm evalTerm4 : [Evaluation of a variable] J ∈ N\ {∅} → valΘ (J, V) = th(J, V). Proof:
Suppose not(j0 , v0 ) ⇒ Auto
Use def valΘ (j0 , v0 ) ⇒ Auto
ELEM ⇒ false;
Discharge ⇒ Qed
Enter theory Set theory
Display evalTerm
Theory evalTerm th(J, L), cst(S), Pair(P), Appl(P), lft(P), rgt(P)
h∀s, t | cst(s) = cst(t) → s = ti
h∀s, i, p, q | i ∈ N & Pair(p) & Appl(q) → cst(s) ∈/ {i, p, q} & i ∈/ {p, q} & p 6= qi
h∀x, y | ∅ ∈/ {x, y} → h∃p, ∀q | Pair(p) & lft(p) = x & rgt(p) = y ↔ p = qii
h∀x, y | ∅ ∈/ {x, y} → h∃p, ∀q | Appl(p) & lft(p) = x & rgt(p) = y ↔ p = qii
h∀p | Pair(p) ∨ Appl(p) → ∅ ∈/ {lft(p), rgt(p)} i
h∀t | {lft(t), rgt(t)} ⊆ t ∪ {∅} i
⇒ (valΘ )
h∀s , v | valΘ cst(s), v = si
h∀t , v | Appl(t) → valΘ (t, v) = valΘ lft(t), v valΘ rgt(t), v i
h∀t , v | Pair(t) → valΘ (t, v) = valΘ lft(t), v , valΘ rgt(t), v i
h∀j , v | j ∈ N\ {∅} → valΘ (j, v) = th(j, v)i
End evalTerm
9
Filters and ultrafilters
k
Def filter1 : [Ultrafilter]
Def filter2 : [Filter]
Ultrafilter(F)
Filter(F)
↔Def
↔Def
h∀a ∈ F, b ∈ F | a ∩ b ∈ Fi & h∀a ⊆ F | a ∈/ F → F\a ∈ Fi & ∅ ∈/ F
S
S
h∀a ∈ F, b ∈ F | a ∩ b ∈ Fi & h∀a ⊆ F, b ∈ F | b ⊆ a → a ∈ Fi & ∅ ∈/ F ∪ {F}
Thm filter1 : [Ultrafilters are filters] Ultrafilter(F) → Filter(F). Proof:
S
Suppose not(f0 ) ⇒ Auto
Use def Ultrafilter(f0 ) ⇒ Auto
Use def(Filter)
S ⇒ Stat1 : S
h∀a ⊆ f0 | a ∈/ f0 → f0 \a ∈ f0 i & ∅ ∈/ f0 S
& Stat1a :
h∀a ∈ f0 , b ∈ f0 | a ∩ b ∈ f0 i & ¬h∀a ⊆ f0 , b ∈ f0 | b ⊆ a → a ∈ f0 i ∨ ∅ = f0
Suppose ⇒
∅ = f0
hf0 i,→T un0 (Stat1?) ⇒
f0 = ∅
S
h∅i,→Stat1(Stat1?) ⇒ false;
SDischarge ⇒ Stat2 : ¬h∀a ⊆ f0 , b ∈ f0 | b ⊆ a → a ∈ f0 i
ha0 , b0 i,→Stat2(Stat2?) ⇒S a0 ⊆ f0 & b0 ∈ f0 & b0 ⊆ a0 & a0 ∈/ f0
ha0 iS
,→Stat1(Stat2?) ⇒
f0 \a0 ∈ f0
hb0 , f0 \a0 i,→Stat1a(Stat2?) ⇒ ∅ ∈ f0
S
Discharge ⇒
10
Qed
The cumulative hierarchy
Def cumh0 : [Cumulative hierarchy]
VNL(L)
Thm cumh1 . h∃ell | VNL(ell) & S ∈ elli. Proof:
Suppose not(x0 ) ⇒ Auto
T somehow ⇒ false; - Da completare
Discharge ⇒ Qed
↔Def
L=
S
{Pell : ell ∈ L | VNL(ell)}

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz