# Theory Rank

theory Rank
imports WF_absolute
```(*  Title:      ZF/Constructible/Rank.thy
Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
*)

section ‹Absoluteness for Order Types, Rank Functions and Well-Founded
Relations›

theory Rank imports WF_absolute begin

subsection ‹Order Types: A Direct Construction by Replacement›

locale M_ordertype = M_basic +
assumes well_ord_iso_separation:
"[| M(A); M(f); M(r) |]
==> separation (M, λx. x∈A ⟶ (∃y[M]. (∃p[M].
fun_apply(M,f,x,y) & pair(M,y,x,p) & p ∈ r)))"
and obase_separation:
―‹part of the order type formalization›
"[| M(A); M(r) |]
==> separation(M, λa. ∃x[M]. ∃g[M]. ∃mx[M]. ∃par[M].
ordinal(M,x) & membership(M,x,mx) & pred_set(M,A,a,r,par) &
order_isomorphism(M,par,r,x,mx,g))"
and obase_equals_separation:
"[| M(A); M(r) |]
==> separation (M, λx. x∈A ⟶ ~(∃y[M]. ∃g[M].
ordinal(M,y) & (∃my[M]. ∃pxr[M].
membership(M,y,my) & pred_set(M,A,x,r,pxr) &
order_isomorphism(M,pxr,r,y,my,g))))"
and omap_replacement:
"[| M(A); M(r) |]
==> strong_replacement(M,
λa z. ∃x[M]. ∃g[M]. ∃mx[M]. ∃par[M].
ordinal(M,x) & pair(M,a,x,z) & membership(M,x,mx) &
pred_set(M,A,a,r,par) & order_isomorphism(M,par,r,x,mx,g))"

text‹Inductive argument for Kunen's Lemma I 6.1, etc.
Simple proof from Halmos, page 72›
lemma  (in M_ordertype) wellordered_iso_subset_lemma:
"[| wellordered(M,A,r);  f ∈ ord_iso(A,r, A',r);  A'<= A;  y ∈ A;
M(A);  M(f);  M(r) |] ==> ~ <f`y, y> ∈ r"
apply (unfold wellordered_def ord_iso_def)
apply (elim conjE CollectE)
apply (erule wellfounded_on_induct, assumption+)
apply (insert well_ord_iso_separation [of A f r])
apply (simp, clarify)
apply (drule_tac a = x in bij_is_fun [THEN apply_type], assumption, blast)
done

text‹Kunen's Lemma I 6.1, page 14:
there's no order-isomorphism to an initial segment of a well-ordering›
lemma (in M_ordertype) wellordered_iso_predD:
"[| wellordered(M,A,r);  f ∈ ord_iso(A, r, Order.pred(A,x,r), r);
M(A);  M(f);  M(r) |] ==> x ∉ A"
apply (rule notI)
apply (frule wellordered_iso_subset_lemma, assumption)
apply (auto elim: predE)
(*Now we know  ~ (f`x < x) *)
apply (drule ord_iso_is_bij [THEN bij_is_fun, THEN apply_type], assumption)
(*Now we also know f`x  ∈ pred(A,x,r);  contradiction! *)
done

lemma (in M_ordertype) wellordered_iso_pred_eq_lemma:
"[| f ∈ ⟨Order.pred(A,y,r), r⟩ ≅ ⟨Order.pred(A,x,r), r⟩;
wellordered(M,A,r); x∈A; y∈A; M(A); M(f); M(r) |] ==> <x,y> ∉ r"
apply (frule wellordered_is_trans_on, assumption)
apply (rule notI)
apply (drule_tac x2=y and x=x and r2=r in
wellordered_subset [OF _ pred_subset, THEN wellordered_iso_predD])
apply (blast intro: predI dest: transM)+
done

text‹Simple consequence of Lemma 6.1›
lemma (in M_ordertype) wellordered_iso_pred_eq:
"[| wellordered(M,A,r);
f ∈ ord_iso(Order.pred(A,a,r), r, Order.pred(A,c,r), r);
M(A);  M(f);  M(r);  a∈A;  c∈A |] ==> a=c"
apply (frule wellordered_is_trans_on, assumption)
apply (frule wellordered_is_linear, assumption)
apply (erule_tac x=a and y=c in linearE, auto)
apply (drule ord_iso_sym)
(*two symmetric cases*)
apply (blast dest: wellordered_iso_pred_eq_lemma)+
done

text‹Following Kunen's Theorem I 7.6, page 17.  Note that this material is
not required elsewhere.›

text‹Can't use ‹well_ord_iso_preserving› because it needs the
strong premise @{term "well_ord(A,r)"}›
lemma (in M_ordertype) ord_iso_pred_imp_lt:
"[| f ∈ ord_iso(Order.pred(A,x,r), r, i, Memrel(i));
g ∈ ord_iso(Order.pred(A,y,r), r, j, Memrel(j));
wellordered(M,A,r);  x ∈ A;  y ∈ A; M(A); M(r); M(f); M(g); M(j);
Ord(i); Ord(j); ⟨x,y⟩ ∈ r |]
==> i < j"
apply (frule wellordered_is_trans_on, assumption)
apply (frule_tac y=y in transM, assumption)
apply (rule_tac i=i and j=j in Ord_linear_lt, auto)
txt‹case @{term "i=j"} yields a contradiction›
apply (rule_tac x1=x and A1="Order.pred(A,y,r)" in
wellordered_iso_predD [THEN notE])
apply (blast intro: wellordered_subset [OF _ pred_subset])
apply (blast intro: Ord_iso_implies_eq ord_iso_sym ord_iso_trans)
apply (simp_all add: pred_iff pred_closed converse_closed comp_closed)
txt‹case @{term "j<i"} also yields a contradiction›
apply (frule restrict_ord_iso2, assumption+)
apply (frule ord_iso_sym [THEN ord_iso_is_bij, THEN bij_is_fun])
apply (frule apply_type, blast intro: ltD)
―‹thus @{term "converse(f)`j ∈ Order.pred(A,x,r)"}›
apply (subgoal_tac
"∃h[M]. h ∈ ord_iso(Order.pred(A,y,r), r,
Order.pred(A, converse(f)`j, r), r)")
apply (clarify, frule wellordered_iso_pred_eq, assumption+)
apply (blast dest: wellordered_asym)
apply (intro rexI)
apply (blast intro: Ord_iso_implies_eq ord_iso_sym ord_iso_trans)+
done

lemma ord_iso_converse1:
"[| f: ord_iso(A,r,B,s);  <b, f`a>: s;  a:A;  b:B |]
==> <converse(f) ` b, a> ∈ r"
apply (frule ord_iso_converse, assumption+)
apply (blast intro: ord_iso_is_bij [THEN bij_is_fun, THEN apply_funtype])
apply (simp add: left_inverse_bij [OF ord_iso_is_bij])
done

definition
obase :: "[i=>o,i,i] => i" where
―‹the domain of ‹om›, eventually shown to equal ‹A››
"obase(M,A,r) == {a∈A. ∃x[M]. ∃g[M]. Ord(x) &
g ∈ ord_iso(Order.pred(A,a,r),r,x,Memrel(x))}"

definition
omap :: "[i=>o,i,i,i] => o" where
―‹the function that maps wosets to order types›
"omap(M,A,r,f) ==
∀z[M].
z ∈ f ⟷ (∃a∈A. ∃x[M]. ∃g[M]. z = <a,x> & Ord(x) &
g ∈ ord_iso(Order.pred(A,a,r),r,x,Memrel(x)))"

definition
otype :: "[i=>o,i,i,i] => o" where ―‹the order types themselves›
"otype(M,A,r,i) == ∃f[M]. omap(M,A,r,f) & is_range(M,f,i)"

text‹Can also be proved with the premise @{term "M(z)"} instead of
@{term "M(f)"}, but that version is less useful.  This lemma
is also more useful than the definition, ‹omap_def›.›
lemma (in M_ordertype) omap_iff:
"[| omap(M,A,r,f); M(A); M(f) |]
==> z ∈ f ⟷
(∃a∈A. ∃x[M]. ∃g[M]. z = <a,x> & Ord(x) &
g ∈ ord_iso(Order.pred(A,a,r),r,x,Memrel(x)))"
apply (simp add: omap_def Memrel_closed pred_closed)
apply (rule iffI)
apply (drule_tac [2] x=z in rspec)
apply (drule_tac x=z in rspec)
apply (blast dest: transM)+
done

lemma (in M_ordertype) omap_unique:
"[| omap(M,A,r,f); omap(M,A,r,f'); M(A); M(r); M(f); M(f') |] ==> f' = f"
apply (rule equality_iffI)
done

lemma (in M_ordertype) omap_yields_Ord:
"[| omap(M,A,r,f); ⟨a,x⟩ ∈ f; M(a); M(x) |]  ==> Ord(x)"

lemma (in M_ordertype) otype_iff:
"[| otype(M,A,r,i); M(A); M(r); M(i) |]
==> x ∈ i ⟷
(M(x) & Ord(x) &
(∃a∈A. ∃g[M]. g ∈ ord_iso(Order.pred(A,a,r),r,x,Memrel(x))))"
apply (auto simp add: omap_iff otype_def)
apply (blast intro: transM)
apply (rule rangeI)
apply (frule transM, assumption)
done

lemma (in M_ordertype) otype_eq_range:
"[| omap(M,A,r,f); otype(M,A,r,i); M(A); M(r); M(f); M(i) |]
==> i = range(f)"
apply (auto simp add: otype_def omap_iff)
apply (blast dest: omap_unique)
done

lemma (in M_ordertype) Ord_otype:
"[| otype(M,A,r,i); trans[A](r); M(A); M(r); M(i) |] ==> Ord(i)"
apply (rule OrdI)
prefer 2
apply (simp add: Ord_def otype_def omap_def)
apply clarify
apply (frule pair_components_in_M, assumption)
apply blast
apply (auto simp add: Transset_def otype_iff)
apply (blast intro: transM)
apply (blast intro: Ord_in_Ord)
apply (rename_tac y a g)
apply (frule ord_iso_sym [THEN ord_iso_is_bij, THEN bij_is_fun,
THEN apply_funtype],  assumption)
apply (rule_tac x="converse(g)`y" in bexI)
apply (frule_tac a="converse(g) ` y" in ord_iso_restrict_pred, assumption)
apply (safe elim!: predE)
apply (blast intro: restrict_ord_iso ord_iso_sym ltI dest: transM)
done

lemma (in M_ordertype) domain_omap:
"[| omap(M,A,r,f);  M(A); M(r); M(B); M(f) |]
==> domain(f) = obase(M,A,r)"
apply (rule equality_iffI)
apply (simp add: domain_iff omap_iff, blast)
done

lemma (in M_ordertype) omap_subset:
"[| omap(M,A,r,f); otype(M,A,r,i);
M(A); M(r); M(f); M(B); M(i) |] ==> f ⊆ obase(M,A,r) * i"
apply clarify
done

lemma (in M_ordertype) omap_funtype:
"[| omap(M,A,r,f); otype(M,A,r,i);
M(A); M(r); M(f); M(i) |] ==> f ∈ obase(M,A,r) -> i"
apply (simp add: domain_omap omap_subset Pi_iff function_def omap_iff)
apply (blast intro: Ord_iso_implies_eq ord_iso_sym ord_iso_trans)
done

lemma (in M_ordertype) wellordered_omap_bij:
"[| wellordered(M,A,r); omap(M,A,r,f); otype(M,A,r,i);
M(A); M(r); M(f); M(i) |] ==> f ∈ bij(obase(M,A,r),i)"
apply (insert omap_funtype [of A r f i])
apply (auto simp add: bij_def inj_def)
prefer 2  apply (blast intro: fun_is_surj dest: otype_eq_range)
apply (frule_tac a=w in apply_Pair, assumption)
apply (frule_tac a=x in apply_Pair, assumption)
apply (blast intro: wellordered_iso_pred_eq ord_iso_sym ord_iso_trans)
done

text‹This is not the final result: we must show @{term "oB(A,r) = A"}›
lemma (in M_ordertype) omap_ord_iso:
"[| wellordered(M,A,r); omap(M,A,r,f); otype(M,A,r,i);
M(A); M(r); M(f); M(i) |] ==> f ∈ ord_iso(obase(M,A,r),r,i,Memrel(i))"
apply (rule ord_isoI)
apply (erule wellordered_omap_bij, assumption+)
apply (insert omap_funtype [of A r f i], simp)
apply (frule_tac a=x in apply_Pair, assumption)
apply (frule_tac a=y in apply_Pair, assumption)
txt‹direction 1: assuming @{term "⟨x,y⟩ ∈ r"}›
apply (blast intro: ltD ord_iso_pred_imp_lt)
txt‹direction 2: proving @{term "⟨x,y⟩ ∈ r"} using linearity of @{term r}›
apply (rename_tac x y g ga)
apply (frule wellordered_is_linear, assumption,
erule_tac x=x and y=y in linearE, assumption+)
apply (blast elim: mem_irrefl)
txt‹the case @{term "⟨y,x⟩ ∈ r"}: handle like the opposite direction›
apply (blast dest: ord_iso_pred_imp_lt ltD elim: mem_asym)
done

lemma (in M_ordertype) Ord_omap_image_pred:
"[| wellordered(M,A,r); omap(M,A,r,f); otype(M,A,r,i);
M(A); M(r); M(f); M(i); b ∈ A |] ==> Ord(f `` Order.pred(A,b,r))"
apply (frule wellordered_is_trans_on, assumption)
apply (rule OrdI)
prefer 2 apply (simp add: image_iff omap_iff Ord_def, blast)
txt‹Hard part is to show that the image is a transitive set.›
apply (simp add: image_iff pred_iff apply_iff [OF omap_funtype [of A r f i]])
apply (rename_tac c j, clarify)
apply (frule omap_funtype [of A r f, THEN apply_funtype], assumption+)
apply (subgoal_tac "j ∈ i")
prefer 2 apply (blast intro: Ord_trans Ord_otype)
apply (subgoal_tac "converse(f) ` j ∈ obase(M,A,r)")
prefer 2
apply (blast dest: wellordered_omap_bij [THEN bij_converse_bij,
THEN bij_is_fun, THEN apply_funtype])
apply (rule_tac x="converse(f) ` j" in bexI)
apply (simp add: right_inverse_bij [OF wellordered_omap_bij])
apply (intro predI conjI)
apply (erule_tac b=c in trans_onD)
apply (rule ord_iso_converse1 [OF omap_ord_iso [of A r f i]])
done

lemma (in M_ordertype) restrict_omap_ord_iso:
"[| wellordered(M,A,r); omap(M,A,r,f); otype(M,A,r,i);
D ⊆ obase(M,A,r); M(A); M(r); M(f); M(i) |]
==> restrict(f,D) ∈ (⟨D,r⟩ ≅ ⟨f``D, Memrel(f``D)⟩)"
apply (frule ord_iso_restrict_image [OF omap_ord_iso [of A r f i]],
assumption+)
apply (drule ord_iso_sym [THEN subset_ord_iso_Memrel])
apply (blast dest: subsetD [OF omap_subset])
apply (drule ord_iso_sym, simp)
done

lemma (in M_ordertype) obase_equals:
"[| wellordered(M,A,r); omap(M,A,r,f); otype(M,A,r,i);
M(A); M(r); M(f); M(i) |] ==> obase(M,A,r) = A"
apply (rule equalityI, force simp add: obase_def, clarify)
apply (unfold obase_def, simp)
apply (frule wellordered_is_wellfounded_on, assumption)
apply (erule wellfounded_on_induct, assumption+)
apply (frule obase_equals_separation [of A r], assumption)
apply (simp, clarify)
apply (rename_tac b)
apply (subgoal_tac "Order.pred(A,b,r) ⊆ obase(M,A,r)")
apply (blast intro!: restrict_omap_ord_iso Ord_omap_image_pred)
apply (force simp add: pred_iff obase_def)
done

text‹Main result: @{term om} gives the order-isomorphism
@{term "⟨A,r⟩ ≅ ⟨i, Memrel(i)⟩"}›
theorem (in M_ordertype) omap_ord_iso_otype:
"[| wellordered(M,A,r); omap(M,A,r,f); otype(M,A,r,i);
M(A); M(r); M(f); M(i) |] ==> f ∈ ord_iso(A, r, i, Memrel(i))"
apply (frule omap_ord_iso, assumption+)
done

lemma (in M_ordertype) obase_exists:
"[| M(A); M(r) |] ==> M(obase(M,A,r))"
apply (insert obase_separation [of A r])
done

lemma (in M_ordertype) omap_exists:
"[| M(A); M(r) |] ==> ∃z[M]. omap(M,A,r,z)"
apply (insert omap_replacement [of A r])
apply (drule_tac x="obase(M,A,r)" in rspec)
apply (simp add: Memrel_closed pred_closed obase_def)
apply (erule impE)
apply (blast intro: Ord_iso_implies_eq ord_iso_sym ord_iso_trans, clarify)
apply (rule_tac x=Y in rexI)
apply (simp add: Memrel_closed pred_closed obase_def, blast, assumption)
done

declare rall_simps [simp] rex_simps [simp]

lemma (in M_ordertype) otype_exists:
"[| wellordered(M,A,r); M(A); M(r) |] ==> ∃i[M]. otype(M,A,r,i)"
apply (insert omap_exists [of A r])
apply (rule_tac x="range(x)" in rexI)
apply blast+
done

lemma (in M_ordertype) ordertype_exists:
"[| wellordered(M,A,r); M(A); M(r) |]
==> ∃f[M]. (∃i[M]. Ord(i) & f ∈ ord_iso(A, r, i, Memrel(i)))"
apply (insert obase_exists [of A r] omap_exists [of A r] otype_exists [of A r], simp, clarify)
apply (rename_tac i)
apply (subgoal_tac "Ord(i)", blast intro: omap_ord_iso_otype)
apply (rule Ord_otype)
apply (force simp add: otype_def range_closed)
done

lemma (in M_ordertype) relativized_imp_well_ord:
"[| wellordered(M,A,r); M(A); M(r) |] ==> well_ord(A,r)"
apply (insert ordertype_exists [of A r], simp)
apply (blast intro: well_ord_ord_iso well_ord_Memrel)
done

subsection ‹Kunen's theorem 5.4, page 127›

text‹(a) The notion of Wellordering is absolute›
theorem (in M_ordertype) well_ord_abs [simp]:
"[| M(A); M(r) |] ==> wellordered(M,A,r) ⟷ well_ord(A,r)"
by (blast intro: well_ord_imp_relativized relativized_imp_well_ord)

text‹(b) Order types are absolute›
theorem (in M_ordertype)
"[| wellordered(M,A,r); f ∈ ord_iso(A, r, i, Memrel(i));
M(A); M(r); M(f); M(i); Ord(i) |] ==> i = ordertype(A,r)"
by (blast intro: Ord_ordertype relativized_imp_well_ord ordertype_ord_iso
Ord_iso_implies_eq ord_iso_sym ord_iso_trans)

subsection‹Ordinal Arithmetic: Two Examples of Recursion›

text‹Note: the remainder of this theory is not needed elsewhere.›

(*FIXME: update to use new techniques!!*)
(*This expresses ordinal addition in the language of ZF.  It also
provides an abbreviation that can be used in the instance of strong
replacement below.  Here j is used to define the relation, namely
Memrel(succ(j)), while x determines the domain of f.*)
definition
is_oadd_fun :: "[i=>o,i,i,i,i] => o" where
(∀sj msj. M(sj) ⟶ M(msj) ⟶
successor(M,j,sj) ⟶ membership(M,sj,msj) ⟶
M_is_recfun(M,
%x g y. ∃gx[M]. image(M,g,x,gx) & union(M,i,gx,y),
msj, x, f))"

definition
is_oadd :: "[i=>o,i,i,i] => o" where
(~ ordinal(M,i) & ~ ordinal(M,j) & k=0) |
(~ ordinal(M,i) & ordinal(M,j) & k=j) |
(ordinal(M,i) & ~ ordinal(M,j) & k=i) |
(ordinal(M,i) & ordinal(M,j) &
(∃f fj sj. M(f) & M(fj) & M(sj) &
fun_apply(M,f,j,fj) & fj = k))"

definition
(*NEEDS RELATIVIZATION*)
omult_eqns :: "[i,i,i,i] => o" where
"omult_eqns(i,x,g,z) ==
Ord(x) &
(x=0 ⟶ z=0) &
(∀j. x = succ(j) ⟶ z = g`j ++ i) &
(Limit(x) ⟶ z = ⋃(g``x))"

definition
is_omult_fun :: "[i=>o,i,i,i] => o" where
"is_omult_fun(M,i,j,f) ==
(∃df. M(df) & is_function(M,f) &
is_domain(M,f,df) & subset(M, j, df)) &
(∀x∈j. omult_eqns(i,x,f,f`x))"

definition
is_omult :: "[i=>o,i,i,i] => o" where
"is_omult(M,i,j,k) ==
∃f fj sj. M(f) & M(fj) & M(sj) &
successor(M,j,sj) & is_omult_fun(M,i,sj,f) &
fun_apply(M,f,j,fj) & fj = k"

locale M_ord_arith = M_ordertype +
"[| M(i); M(j) |] ==>
strong_replacement(M,
λx z. ∃y[M]. pair(M,x,y,z) &
image(M,f,x,fx) & y = i ∪ fx))"

and omult_strong_replacement':
"[| M(i); M(j) |] ==>
strong_replacement(M,
λx z. ∃y[M]. z = <x,y> &
(∃g[M]. is_recfun(Memrel(succ(j)),x,%x g. THE z. omult_eqns(i,x,g,z),g) &
y = (THE z. omult_eqns(i, x, g, z))))"

text‹‹is_oadd_fun›: Relating the pure "language of set theory" to Isabelle/ZF›
"[| a≤j; M(i); M(j); M(a); M(f) |]
f ∈ a → range(f) & (∀x. M(x) ⟶ x < a ⟶ f`x = i ∪ f``x)"
apply (frule lt_Ord)
relation2_def is_recfun_abs [of "%x g. i ∪ g``x"]
image_closed is_recfun_iff_equation
Ball_def lt_trans [OF ltI, of _ a] lt_Memrel)
apply (blast dest: transM)
done

"[| M(i); M(j) |] ==>
strong_replacement(M,
λx z. ∃y[M]. z = <x,y> &
(∃g[M]. is_recfun(Memrel(succ(j)),x,%x g. i ∪ g``x,g) &
y = i ∪ g``x))"
apply (insert oadd_strong_replacement [of i j])
is_recfun_abs [of "%x g. i ∪ g``x"])
done

"[| Ord(j);  M(i);  M(j) |]
==> ∃f[M]. is_recfun(Memrel(succ(j)), j, %x g. i ∪ g``x, f)"
apply (rule wf_exists_is_recfun [OF wf_Memrel trans_Memrel])
done

"[| Ord(j);  M(i);  M(j) |] ==> ∃f[M]. is_oadd_fun(M,i,succ(j),succ(j),f)"
apply (erule Ord_succ, assumption, simp)
apply (rename_tac f)
apply (frule is_recfun_type)
apply (rule_tac x=f in rexI)
apply (simp add: fun_is_function domain_of_fun lt_Memrel apply_recfun lt_def
is_oadd_fun_iff Ord_trans [OF _ succI1], assumption)
done

"[| x < j; M(i); M(j); M(f); is_oadd_fun(M,i,j,j,f) |]
==> f`x = i ∪ (⋃k∈x. {f ` k})"
apply (frule lt_closed, simp)
apply (frule leI [THEN le_imp_subset])
done

"[| is_oadd_fun(M,i,J,J,f); M(i); M(J); M(f); Ord(i); Ord(j) |]
==> j<J ⟶ f`j = i++j"
apply (erule_tac i=j in trans_induct, clarify)
apply (subgoal_tac "∀k∈x. k<J")
apply (blast intro: lt_trans ltI lt_Ord)
done

"[| M(i); M(j); M(k); Ord(i); Ord(j) |] ==> is_oadd(M,i,j,k) ⟷ k = i++j"
apply (frule exists_oadd_fun [of j i], blast+)
done

"[| M(i); M(j); M(k) |] ==> is_oadd(M,i,j,k) ⟷ k = i++j"
apply (case_tac "Ord(i) & Ord(j)")
done

"[| M(i); M(j) |] ==> M(i++j)"
apply (frule exists_oadd_fun [of j i], auto)
done

subsubsection‹Ordinal Multiplication›

lemma omult_eqns_unique:
"[| omult_eqns(i,x,g,z); omult_eqns(i,x,g,z') |] ==> z=z'"
apply (erule Ord_cases, simp_all)
done

lemma omult_eqns_0: "omult_eqns(i,0,g,z) ⟷ z=0"

lemma the_omult_eqns_0: "(THE z. omult_eqns(i,0,g,z)) = 0"

lemma omult_eqns_succ: "omult_eqns(i,succ(j),g,z) ⟷ Ord(j) & z = g`j ++ i"

lemma the_omult_eqns_succ:
"Ord(j) ==> (THE z. omult_eqns(i,succ(j),g,z)) = g`j ++ i"

lemma omult_eqns_Limit:
"Limit(x) ==> omult_eqns(i,x,g,z) ⟷ z = ⋃(g``x)"
apply (blast intro: Limit_is_Ord)
done

lemma the_omult_eqns_Limit:
"Limit(x) ==> (THE z. omult_eqns(i,x,g,z)) = ⋃(g``x)"

lemma omult_eqns_Not: "~ Ord(x) ==> ~ omult_eqns(i,x,g,z)"

lemma (in M_ord_arith) the_omult_eqns_closed:
"[| M(i); M(x); M(g); function(g) |]
==> M(THE z. omult_eqns(i, x, g, z))"
apply (case_tac "Ord(x)")
prefer 2 apply (simp add: omult_eqns_Not) ―‹trivial, non-Ord case›
apply (erule Ord_cases)
done

lemma (in M_ord_arith) exists_omult:
"[| Ord(j);  M(i);  M(j) |]
==> ∃f[M]. is_recfun(Memrel(succ(j)), j, %x g. THE z. omult_eqns(i,x,g,z), f)"
apply (rule wf_exists_is_recfun [OF wf_Memrel trans_Memrel])
apply (blast intro: the_omult_eqns_closed)
done

lemma (in M_ord_arith) exists_omult_fun:
"[| Ord(j);  M(i);  M(j) |] ==> ∃f[M]. is_omult_fun(M,i,succ(j),f)"
apply (rule exists_omult [THEN rexE])
apply (erule Ord_succ, assumption, simp)
apply (rename_tac f)
apply (frule is_recfun_type)
apply (rule_tac x=f in rexI)
apply (simp add: fun_is_function domain_of_fun lt_Memrel apply_recfun lt_def
is_omult_fun_def Ord_trans [OF _ succI1])
apply (force dest: Ord_in_Ord'
the_omult_eqns_Limit, assumption)
done

lemma (in M_ord_arith) is_omult_fun_apply_0:
"[| 0 < j; is_omult_fun(M,i,j,f) |] ==> f`0 = 0"
by (simp add: is_omult_fun_def omult_eqns_def lt_def ball_conj_distrib)

lemma (in M_ord_arith) is_omult_fun_apply_succ:
"[| succ(x) < j; is_omult_fun(M,i,j,f) |] ==> f`succ(x) = f`x ++ i"
by (simp add: is_omult_fun_def omult_eqns_def lt_def, blast)

lemma (in M_ord_arith) is_omult_fun_apply_Limit:
"[| x < j; Limit(x); M(j); M(f); is_omult_fun(M,i,j,f) |]
==> f ` x = (⋃y∈x. f`y)"
apply (simp add: is_omult_fun_def omult_eqns_def domain_closed lt_def, clarify)
apply (drule subset_trans [OF OrdmemD], assumption+)
apply (simp add: ball_conj_distrib omult_Limit image_function)
done

lemma (in M_ord_arith) is_omult_fun_eq_omult:
"[| is_omult_fun(M,i,J,f); M(J); M(f); Ord(i); Ord(j) |]
==> j<J ⟶ f`j = i**j"
apply (erule_tac i=j in trans_induct3)
apply (safe del: impCE)
apply (subgoal_tac "x<J")
apply (blast intro: lt_trans)
apply (subgoal_tac "∀k∈x. k<J")
apply (blast intro: lt_trans ltI lt_Ord)
done

lemma (in M_ord_arith) omult_abs:
"[| M(i); M(j); M(k); Ord(i); Ord(j) |] ==> is_omult(M,i,j,k) ⟷ k = i**j"
apply (frule exists_omult_fun [of j i], blast+)
done

subsection ‹Absoluteness of Well-Founded Relations›

text‹Relativized to @{term M}: Every well-founded relation is a subset of some
inverse image of an ordinal.  Key step is the construction (in @{term M}) of a
rank function.›

locale M_wfrank = M_trancl +
assumes wfrank_separation:
"M(r) ==>
separation (M, λx.
∀rplus[M]. tran_closure(M,r,rplus) ⟶
~ (∃f[M]. M_is_recfun(M, %x f y. is_range(M,f,y), rplus, x, f)))"
and wfrank_strong_replacement:
"M(r) ==>
strong_replacement(M, λx z.
∀rplus[M]. tran_closure(M,r,rplus) ⟶
(∃y[M]. ∃f[M]. pair(M,x,y,z)  &
M_is_recfun(M, %x f y. is_range(M,f,y), rplus, x, f) &
is_range(M,f,y)))"
and Ord_wfrank_separation:
"M(r) ==>
separation (M, λx.
∀rplus[M]. tran_closure(M,r,rplus) ⟶
~ (∀f[M]. ∀rangef[M].
is_range(M,f,rangef) ⟶
M_is_recfun(M, λx f y. is_range(M,f,y), rplus, x, f) ⟶
ordinal(M,rangef)))"

text‹Proving that the relativized instances of Separation or Replacement
agree with the "real" ones.›

lemma (in M_wfrank) wfrank_separation':
"M(r) ==>
separation
(M, λx. ~ (∃f[M]. is_recfun(r^+, x, %x f. range(f), f)))"
apply (insert wfrank_separation [of r])
apply (simp add: relation2_def is_recfun_abs [of "%x. range"])
done

lemma (in M_wfrank) wfrank_strong_replacement':
"M(r) ==>
strong_replacement(M, λx z. ∃y[M]. ∃f[M].
pair(M,x,y,z) & is_recfun(r^+, x, %x f. range(f), f) &
y = range(f))"
apply (insert wfrank_strong_replacement [of r])
apply (simp add: relation2_def is_recfun_abs [of "%x. range"])
done

lemma (in M_wfrank) Ord_wfrank_separation':
"M(r) ==>
separation (M, λx.
~ (∀f[M]. is_recfun(r^+, x, λx. range, f) ⟶ Ord(range(f))))"
apply (insert Ord_wfrank_separation [of r])
apply (simp add: relation2_def is_recfun_abs [of "%x. range"])
done

text‹This function, defined using replacement, is a rank function for
well-founded relations within the class M.›
definition
wellfoundedrank :: "[i=>o,i,i] => i" where
"wellfoundedrank(M,r,A) ==
{p. x∈A, ∃y[M]. ∃f[M].
p = <x,y> & is_recfun(r^+, x, %x f. range(f), f) &
y = range(f)}"

lemma (in M_wfrank) exists_wfrank:
"[| wellfounded(M,r); M(a); M(r) |]
==> ∃f[M]. is_recfun(r^+, a, %x f. range(f), f)"
apply (rule wellfounded_exists_is_recfun)
apply (blast intro: wellfounded_trancl)
apply (rule trans_trancl)
apply (erule wfrank_separation')
apply (erule wfrank_strong_replacement')
done

lemma (in M_wfrank) M_wellfoundedrank:
"[| wellfounded(M,r); M(r); M(A) |] ==> M(wellfoundedrank(M,r,A))"
apply (insert wfrank_strong_replacement' [of r])
apply (rule strong_replacement_closed)
apply assumption+
apply (rule univalent_is_recfun)
apply (blast intro: wellfounded_trancl)
apply (rule trans_trancl)
apply (blast dest: transM)
done

lemma (in M_wfrank) Ord_wfrank_range [rule_format]:
"[| wellfounded(M,r); a∈A; M(r); M(A) |]
==> ∀f[M]. is_recfun(r^+, a, %x f. range(f), f) ⟶ Ord(range(f))"
apply (drule wellfounded_trancl, assumption)
apply (rule wellfounded_induct, assumption, erule (1) transM)
apply simp
apply (blast intro: Ord_wfrank_separation', clarify)
txt‹The reasoning in both cases is that we get @{term y} such that
@{term "⟨y, x⟩ ∈ r^+"}.  We find that
@{term "f`y = restrict(f, r^+ -`` {y})"}.›
apply (rule OrdI [OF _ Ord_is_Transset])
txt‹An ordinal is a transitive set...›
apply clarify
apply (frule apply_recfun2, assumption)
txt‹...of ordinals.  This second case requires the induction hyp.›
apply clarify
apply (rename_tac i y)
apply (frule apply_recfun2, assumption)
apply (frule is_recfun_imp_in_r, assumption)
apply (frule is_recfun_restrict)
(*simp_all won't work*)
apply (drule spec [THEN mp], assumption)
apply (subgoal_tac "M(restrict(f, r^+ -`` {y}))")
apply (drule_tac x="restrict(f, r^+ -`` {y})" in rspec)
apply assumption
apply (simp add: function_apply_equality [OF _ is_recfun_imp_function])
apply (blast dest: pair_components_in_M)
done

lemma (in M_wfrank) Ord_range_wellfoundedrank:
"[| wellfounded(M,r); r ⊆ A*A;  M(r); M(A) |]
==> Ord (range(wellfoundedrank(M,r,A)))"
apply (frule wellfounded_trancl, assumption)
apply (frule trancl_subset_times)
apply (rule OrdI [OF _ Ord_is_Transset])
prefer 2
txt‹by our previous result the range consists of ordinals.›
apply (blast intro: Ord_wfrank_range)
txt‹We still must show that the range is a transitive set.›
apply (simp add: Transset_def, clarify, simp)
apply (rename_tac x i f u)
apply (frule is_recfun_imp_in_r, assumption)
apply (subgoal_tac "M(u) & M(i) & M(x)")
prefer 2 apply (blast dest: transM, clarify)
apply (rule_tac a=u in rangeI)
apply (rule_tac x=u in ReplaceI)
apply simp
apply (rule_tac x="restrict(f, r^+ -`` {u})" in rexI)
apply (blast intro: is_recfun_restrict trans_trancl dest: apply_recfun2)
apply simp
apply blast
txt‹Unicity requirement of Replacement›
apply clarify
apply (frule apply_recfun2, assumption)
done

lemma (in M_wfrank) function_wellfoundedrank:
"[| wellfounded(M,r); M(r); M(A)|]
==> function(wellfoundedrank(M,r,A))"
apply (simp add: wellfoundedrank_def function_def, clarify)
txt‹Uniqueness: repeated below!›
apply (drule is_recfun_functional, assumption)
apply (blast intro: wellfounded_trancl)
done

lemma (in M_wfrank) domain_wellfoundedrank:
"[| wellfounded(M,r); M(r); M(A)|]
==> domain(wellfoundedrank(M,r,A)) = A"
apply (rule equalityI, auto)
apply (frule transM, assumption)
apply (frule_tac a=x in exists_wfrank, assumption+, clarify)
apply (rule_tac b="range(f)" in domainI)
apply (rule_tac x=x in ReplaceI)
apply simp
apply (rule_tac x=f in rexI, blast, simp_all)
txt‹Uniqueness (for Replacement): repeated above!›
apply clarify
apply (drule is_recfun_functional, assumption)
apply (blast intro: wellfounded_trancl)
done

lemma (in M_wfrank) wellfoundedrank_type:
"[| wellfounded(M,r);  M(r); M(A)|]
==> wellfoundedrank(M,r,A) ∈ A -> range(wellfoundedrank(M,r,A))"
apply (frule function_wellfoundedrank [of r A], assumption+)
apply (frule function_imp_Pi)
apply blast
done

lemma (in M_wfrank) Ord_wellfoundedrank:
"[| wellfounded(M,r); a ∈ A; r ⊆ A*A;  M(r); M(A) |]
==> Ord(wellfoundedrank(M,r,A) ` a)"
by (blast intro: apply_funtype [OF wellfoundedrank_type]
Ord_in_Ord [OF Ord_range_wellfoundedrank])

lemma (in M_wfrank) wellfoundedrank_eq:
"[| is_recfun(r^+, a, %x. range, f);
wellfounded(M,r);  a ∈ A; M(f); M(r); M(A)|]
==> wellfoundedrank(M,r,A) ` a = range(f)"
apply (rule apply_equality)
prefer 2 apply (blast intro: wellfoundedrank_type)
apply (rule ReplaceI)
apply (rule_tac x="range(f)" in rexI)
apply blast
apply simp_all
txt‹Unicity requirement of Replacement›
apply clarify
apply (drule is_recfun_functional, assumption)
apply (blast intro: wellfounded_trancl)
done

lemma (in M_wfrank) wellfoundedrank_lt:
"[| <a,b> ∈ r;
wellfounded(M,r); r ⊆ A*A;  M(r); M(A)|]
==> wellfoundedrank(M,r,A) ` a < wellfoundedrank(M,r,A) ` b"
apply (frule wellfounded_trancl, assumption)
apply (subgoal_tac "a∈A & b∈A")
prefer 2 apply blast
apply (simp add: lt_def Ord_wellfoundedrank, clarify)
apply (frule exists_wfrank [of concl: _ b], erule (1) transM, assumption)
apply clarify
apply (rename_tac fb)
apply (frule is_recfun_restrict [of concl: "r^+" a])
apply (rule trans_trancl, assumption)
txt‹Still the same goal, but with new ‹is_recfun› assumptions.›
apply (frule_tac a=a in wellfoundedrank_eq, assumption+)
apply (simp_all add: transM [of a])
txt‹We have used equations for wellfoundedrank and now must use some
for  ‹is_recfun›.›
apply (rule_tac a=a in rangeI)
apply (simp add: is_recfun_type [THEN apply_iff] vimage_singleton_iff
r_into_trancl apply_recfun r_into_trancl)
done

lemma (in M_wfrank) wellfounded_imp_subset_rvimage:
"[|wellfounded(M,r); r ⊆ A*A; M(r); M(A)|]
==> ∃i f. Ord(i) & r ⊆ rvimage(A, f, Memrel(i))"
apply (rule_tac x="range(wellfoundedrank(M,r,A))" in exI)
apply (rule_tac x="wellfoundedrank(M,r,A)" in exI)
apply (frule subsetD, assumption, clarify)
apply (simp add: rvimage_iff wellfoundedrank_lt [THEN ltD])
apply (blast intro: apply_rangeI wellfoundedrank_type)
done

lemma (in M_wfrank) wellfounded_imp_wf:
"[|wellfounded(M,r); relation(r); M(r)|] ==> wf(r)"
by (blast dest!: relation_field_times_field wellfounded_imp_subset_rvimage
intro: wf_rvimage_Ord [THEN wf_subset])

lemma (in M_wfrank) wellfounded_on_imp_wf_on:
"[|wellfounded_on(M,A,r); relation(r); M(r); M(A)|] ==> wf[A](r)"
apply (rule wellfounded_imp_wf)