Axioms for galactic set theory.
Overview
An axiomatisation in Higher Order Logic of a well-founded set theory with galaxies.
Introduction
Galactic set theory is a set theory with "galaxies" (previously known as "universes") axiomatised in Higher Order Logic.
Membership
The first thing we do is to introduce a new ProofPower theory and, in that theory, the new TYPE SET together with the membership relation and a psuedo-urelement injection.
Extensionality and Well-Foundedness
The axioms of extensionality and well-foundedness may be thought of as telling us what kind of thing a set is (later axioms tell us how many of these sets are to be found in our domain of discourse).
The Ontology Axiom
Here we define the subset relation and assert the existence of powersets and unions.
PowerSets and Union
Here we define the powerset and union operators.
Replacement
Pair and Unit sets
Pair is defined using replacement, and Unit using Pair.
Separation
Separation is introduced by conservative extension.
Union and Intersection
Binary union and distributed and binary intersection are defined.
Galaxies
A Galaxy is a transitive set closed under powerset formation, union and replacement. The Ontology axioms ensures that every set is a member of some galaxy. Here we define a galaxy constructor and establish some of its properties.
Proof Context
To simplify subsequent proofs a new "proof context" is created enabling automatic use of the results now available.
Listing of Theory gst-ax
Introduction
Galactic set theory is a set theory with "galaxies" (previously known as "universes") axiomatised in Higher Order Logic.
Scope
This document is mainly concerned with the axioms of galactic set theory, but includes in addition some definitions and theorems which might easily have been part of the axiomatisation. In the usual first order axiomatisations of set theory, for example, the pair constructor is introduced axiomatically. In this axiomatisation neither the empty set nor pair are primitive, they are introduced by definition once the axioms have been presented. Same goes for separation and intersection. The theory "gst-ax" created by this document, consists of an axiomatic development of a well-founded set theory in ProofPower HOL, and is created as a child of "basic-hol". This version of the theory is derived from a previous version in which "pseudo-urelements" were available, and in which the standard set theoretic vocabulary was used (which rendered the theory unusable in combination with the usual ProofPower HOL theory of sets). Pseudo-urelements were dropped because I don't need them, and, however slight the complication they introduce, its not necessary. To enable this theory to be used with the standard set theory (properties in set theoretic clothing) the volcabulary has been systematically subscripted with "g" (for galactic).
Why Galactic?
This document introduces Galactic Set Theory, which is similar to what has elsewhere been called Universal Set Theory (e.g. by Paul M. Cohn in his "Universal Algebra", but I dare say it came from somewhere else). The "universes" in Cohn, and the galaxies here are mostly models of ZFC, except the smallest in which there is no infinite set. The other main difference is that galactic set theory is formulated in higher order logic.
Membership
The first thing we do is to introduce a new ProofPower theory and, in that theory, the new TYPE SET together with the membership relation and a psuedo-urelement injection.
The Type GS
The sets under consideration will be the elements of a new type "GS" so the first thing we do is to introduce that new type. GST is a pure well-founded set theory. Since the theory will not be conservative, we make no attempt to relate the membership of "GS" to any of the types already available.
xl-sml
open_theory "basic_hol";
force_new_theory "gst-ax";
new_parent "wf_relp";
force_new_pc "gst-ax";
merge_pcs ["xl_cs_exist.gif_conv"] "gst-ax";
set_merge_pcs ["basic_hol", "gst-ax"];
new_type ("GS", 0);

Membership
The most important constant is membership, which is a relation over the sets. We can't define this constant (in this context) so it is introduced as a new constant (about which nothing is asserted except its name and type) and its properties are introduced axiomatically.
xl-sml
new_const ("isin.gifg", qqco.gifGSrarr.gifGSrarr.gifBOOLqqter.gif);
declare_infix (230,"isin.gifg");

Extensionality and Well-Foundedness
The axioms of extensionality and well-foundedness may be thought of as telling us what kind of thing a set is (later axioms tell us how many of these sets are to be found in our domain of discourse).
Extensionality
The most fundamental property of membership (or is it of sets?) is extensionality, which tells us what kind of thing a set is. The axiom tells us that if two sets have the same elements then they are in fact the same set.
xl-sml
val gs_ext_axiom = new_axiom (["gs_ext_axiom"],
qqtel.gif forall.gifs t:GSbull.gif
ftbr s = t equiv.gif forall.gifebull.gif e isin.gifg s equiv.gif e isin.gifg tqqter.gif);

It follows from the definitions of IsPue and IsSet and ue_inj_axiom that nothing is both a set and a urelement, and that urelements are equal iff the values from which they were obtained under Pue are equal.
Well-Foundedness
The axiom of well-foundedness asserts the requirement that the elements of ('a)GS are a subset of the cumulative heirarchy of sets formed by iteration of set formation beginning with the empty set.
xl-sml
val gs_wf_axiom =
fttabnew_axiom (["gs_wf_axiom"],
qqtel.gifwell_founded $isin.gifg
qqter.gif);

The form in which we have stated the axiom is not very informative and so the more usual formulation is immediately derived as a theorem.
xl-sml
val gs_wf_min_thm = save_thm ("gs_wf_min_thm",
fttab(ruarr.gif_elim (forall.gif_elim qqtel.gif$isin.gifgqqter.gif wf_min_thm) gs_wf_axiom));

We also save the axiom expanded out as an explicit induction theorem.
xl-sml
val gs_wf_ind_thm = save_thm ("gs_wf_ind_thm",
fttab(rewrite_rule [get_spec qqtel.gifwell_foundedqqter.gif] gs_wf_axiom));

The remaining axioms are intended to ensure that the subset is a large and well-rounded subset of the cumulative heirarchy. This is to be accomplished by defining a Galaxy as a set satisfying certain closure properties and then asserting that every set is a member of some Galaxy. It is convenient to introduce new constants and axioms for each of the Galactic closure properties before asserting the existence of the Galaxies.
The Ontology Axiom
Here we define the subset relation and assert the existence of powersets and unions.
Subsets
A subset s of t is a set all of whose members are also members of t.
xl-sml
declare_infix (230,"sube.gifg");


xl-holconst
$sube.gifg : GS rarr.gif GS rarr.gif BOOL
forall.gifs tbull.gif s sube.gifg t equiv.gif
fttabforall.gifebull.gif e isin.gifg s ruarr.gif e isin.gifg t

xl-sml
val sube.gifg_thm = get_spec qqtel.gif$sube.gifgqqter.gif;
val sube.gifg_eq_thm = save_thm ("sube.gifg_eq_thm",
fttabprove_rule [get_spec qqtel.gif$sube.gifgqqter.gif, gs_ext_axiom]
fttabqqtel.gifforall.gifA Bbull.gif A = B equiv.gif A sube.gifg B and.gif B sube.gifg Aqqter.gif);
val sube.gifg_refl_thm = save_thm ("sube.gifg_refl_thm",
fttabprove_rule [get_spec qqtel.gif$sube.gifgqqter.gif]
fttabqqtel.gifforall.gifAbull.gif A sube.gifg Aqqter.gif);
val isin.gifgsube.gifg_thm = save_thm ("isin.gifgsube.gifg_thm",
fttabprove_rule [get_spec qqtel.gif$sube.gifgqqter.gif]
fttabqqtel.gifforall.gife A Bbull.gif e isin.gifg A and.gif A sube.gifg B ruarr.gif e isin.gifg Bqqter.gif);
val sube.gifg_trans_thm = save_thm ("sube.gifg_trans_thm",
fttabprove_rule [get_spec qqtel.gif$sube.gifgqqter.gif]
fttabqqtel.gifforall.gifA B Cbull.gif A sube.gifg B and.gif B sube.gifg C ruarr.gif A sube.gifg Cqqter.gif);

ManyOne
The relations used in replacement must be "ManyOne" relations, otherwise the image may be larger than the domain, and Russell's paradox would reappear. This definition doesn't really belong here, it doesn't belong anywhere else either.
xl-holconst
ManyOne : ('a rarr.gif 'b rarr.gif BOOL) rarr.gif BOOL
forall.gifrbull.gif ManyOne r equiv.gif forall.gifx y zbull.gif r x y and.gif r x z ruarr.gif y = z
Galactic Ontology
We now specify with a single axiom the closure requirements which ensure that our universe is adequately populated. The ontology axiom states that every set is a member of some galaxy which is transitive and closed under formation of powersets and unions and under replacement.
xl-sml
val Ontology_axiom =
fttabnew_axiom (["Ontology_axiom"],
qqtel.gif forall.gifsbull.gif
fttabexist.gifgbull.gif s isin.gifg g
and.gif
fttabforall.giftbull.gif t isin.gifg g ruarr.gif t sube.gifg g
fttaband.gif (exist.gifpbull.gif (forall.gifvbull.gif v isin.gifg p equiv.gif v sube.gifg t) and.gif p isin.gifg g)
fttaband.gif (exist.gifubull.gif (forall.gifvbull.gif v isin.gifg u equiv.gif exist.gifwbull.gif v isin.gifg w and.gif w isin.gifg t) and.gif u isin.gifg g)
fttaband.gif (forall.gifrelbull.gif ManyOne rel ruarr.gif
fttabfttab(exist.gifrbull.gif (forall.gifvbull.gif v isin.gifg r equiv.gif exist.gifw bull.gif w isin.gifg t and.gif rel w v) and.gif
fttabfttabfttab(r sube.gifg g ruarr.gif r isin.gifg g)))qqter.gif
);

PowerSets and Union
Here we define the powerset and union operators.
PowerSets

xl-sml
set_goal([],qqtel.gifexist.gif pset.gifgbull.gif forall.gifs t:GSbull.gif t isin.gifg pset.gifg s equiv.gif t sube.gifg sqqter.gif);
a (prove_exist.gif_tac THEN strip_tac);
a (strip_asm_tac (forall.gif_elim qqtel.gifs'qqter.gif (Ontology_axiom)));
a (spec_nth_asm_tac 1 qqtel.gifs'qqter.gif);
a (exist.gif_tac qqtel.gifpqqter.gif THEN asm_rewrite_tac[]);
xl_set_cs_exist.gif_thm (pop_thm ());


xl-holconst
pset.gifg: GS rarr.gif GS
forall.gifs t:GSbull.gif t isin.gifg pset.gifg s equiv.gif t sube.gifg s
Union

xl-sml
set_goal([],qqtel.gifexist.giflcup.gifgbull.gif forall.gifs tbull.gif t isin.gifg lcup.gifg s equiv.gif exist.gifebull.gif t isin.gifg e and.gif e isin.gifg sqqter.gif);
a (prove_exist.gif_tac THEN strip_tac);
a (strip_asm_tac (forall.gif_elim qqtel.gifs'qqter.gif Ontology_axiom));
a (spec_nth_asm_tac 1 qqtel.gifs'qqter.gif);
a (exist.gif_tac qqtel.gifuqqter.gif THEN asm_rewrite_tac[]);
xl_set_cs_exist.gif_thm (pop_thm ());


xl-holconst
lcup.gifg: GS rarr.gif GS
forall.gifs tbull.gif t isin.gifg lcup.gifg s equiv.gif exist.gifebull.gif t isin.gifg e and.gif e isin.gifg s

xl-sml
val isin.gifglcup.gifg_thm = save_thm ("isin.gifglcup.gifg_thm",
fttabprove_rule [get_spec qqtel.giflcup.gifgqqter.gif, sube.gifg_thm]
fttabqqtel.gifforall.gifs t:GSbull.gif t isin.gifg s ruarr.gif t sube.gifg lcup.gifg sqqter.gif);

Relational Replacement
The constant RelIm is defined for relational replacement.
RelIm

xl-sml
set_goal([],qqtel.gifexist.gifRelImbull.gif forall.gifrel s tbull.gif ManyOne rel ruarr.gif (t isin.gifg RelIm rel s equiv.gif exist.gifebull.gif e isin.gifg s and.gif rel e t)qqter.gif);
a (prove_exist.gif_tac THEN REPEAT strip_tac);
a (strip_asm_tac (forall.gif_elim qqtel.gifs'qqter.gif Ontology_axiom));
a (spec_nth_asm_tac 1 qqtel.gifs'qqter.gif);
a (spec_nth_asm_tac 1 qqtel.gifrel'qqter.gif);
a (asm_rewrite_tac[]);
a (exist.gif_tac qqtel.gifrqqter.gif THEN strip_tac THEN strip_tac THEN asm_rewrite_tac[]);
a (exist.gif_tac qqtel.gifrqqter.gif THEN strip_tac THEN strip_tac THEN asm_rewrite_tac[]);
xl_set_cs_exist.gif_thm (pop_thm ());


xl-holconst
╷ RelIm: (GS rarr.gif GS rarr.gif BOOL) rarr.gif GS rarr.gif GS
forall.gifrel s tbull.gif ManyOne rel ruarr.gif (t isin.gifg RelIm rel s equiv.gif exist.gifebull.gif e isin.gifg s and.gif rel e t)
Separation
Separation is introduced by conservative extension.
Consistency Proof

The specification which follows is introduced after proving that it is satisfied by a term involving the use of the Image function and the empty set. (This is no longer ideal, a "nicer" proof that separation is conservative is now obtainable from the primitive replacement axiom.) The basic idea is that a non-empty subset of any set, consisting of just those elements which satisfy a give property, can be shown to exist using Imagep. The required subset is obtained using a function which is the identity function on elements of the original which satisfy the property, and which maps the rest to an element selected from those that do by the choice function. A special case is made of the empty subset, which cannot be constructed from a non-empty set using "Imagep". Thus, separation is definable in terms of Imagep but the definition depends on the existence of the empty set and the axiom of choice. Using the more primitive replacement axiom the existence of the empty set The proof script is omitted (but is available in the source code to this page and is invoked as the theory is loaded).

If I had formulated replacement in the more traditional manner, using a many-one relation rather than a (HOL) function, neither the axiom of choice not the empty set axiom would not have been necessary. It didn't occur to me at the time that there was a material difference! One day I will rework this with the relational replacement axiom, since the functional one would be definable.

The consistency claim and the first step in the proof script showing the witness used to prove the claim are:


xl-sml
fun equiv.gif_FC_T tac thm = GET_ASMS_T
fttab(tac o (fc_rule (fc_equiv.gif_canon thm)));
set_goal([],qqtel.gifexist.gifSepbull.gif forall.gifs p ebull.gif
e isin.gifg (Sep s p) equiv.gif e isin.gifg s and.gif p e
qqter.gif);
a (prove_exist.gif_tac THEN REPEAT strip_tac);
a (strip_asm_tac (list_forall.gif_elim [qqtel.gifs'qqter.gif] (Ontology_axiom)));
a (lemma_tac qqtel.gifexist.gifrelbull.gif rel = lambda.gifx ybull.gif p' x and.gif y = xqqter.gif
fttabTHEN1 prove_exist.gif_tac);
a (lemma_tac qqtel.gifManyOne relqqter.gif
fttabTHEN1 asm_rewrite_tac [get_spec qqtel.gifManyOne relqqter.gif]);
(* *** Goal "1" *** *)
a (REPEAT strip_tac THEN asm_rewrite_tac[]);
(* *** Goal "2" *** *)
a (exist.gif_tac qqtel.gifRelIm rel s'qqter.gif);
a (equiv.gif_FC_T asm_rewrite_tac (get_spec qqtel.gifRelImqqter.gif));
a (prove_tac[]);
xl_set_cs_exist.gif_thm (pop_thm());

Definition
This higher order formulation of separation is accomplished by defining a new constant which takes a property of sets p and a set s and returns the subset of s consisting of those elements which satisfy p. The definition uses the replacement principle, but since the image of a non-empty set cannot be empty a special case must be made where the result is the empty set. The HOL choice function is also used, making this defined version of separation dependent on the axiom of choice as well as replacement.
xl-holconst
Sep : GS rarr.gif (GS rarr.gif BOOL) rarr.gif GS
forall.gifs p ebull.gif e isin.gifg (Sep s p) equiv.gif e isin.gifg s and.gif p e

xl-sml
val Sep_thm = get_spec qqtel.gifSepqqter.gif;
add_pc_thms "gst-ax" [Sep_thm, sube.gifg_refl_thm];
set_merge_pcs ["basic_hol", "gst-ax"];

Galaxies
A Galaxy is a transitive set closed under powerset formation, union and replacement. The Ontology axioms ensures that every set is a member of some galaxy. Here we define a galaxy constructor and establish some of its properties.
Definition of Galaxy
First we define the property of being a galaxy.
xl-holconst
╷ galaxy: GS rarr.gif BOOL
forall.gifsbull.gif
fttabgalaxy s equiv.gif (exist.gifxbull.gif x isin.gifg s)
fttaband.gif forall.giftbull.gif t isin.gifg s
fttabfttabruarr.gif t sube.gifg s
fttabfttaband.gif pset.gifg t isin.gifg s
fttabfttaband.gif lcup.gifg t isin.gifg s
fttabfttaband.gif (forall.gifrelbull.gif ManyOne rel
fttabfttabfttabruarr.gif RelIm rel t sube.gifg s
fttabfttabfttabruarr.gif RelIm rel t isin.gifg s)

xl-gft
galaxies_exist.gif_thm =
fttabturnstil.gif forall.gifsbull.gif exist.gifgbull.gif s isin.gifg g and.gif galaxy g

Definition of Gx
Gx is a function which maps each set onto its smallest enclosing galaxy.
xl-holconst
╷ Gx: GS rarr.gif GS
forall.gifs tbull.gif t isin.gifg Gx s equiv.gif forall.gifgbull.gif galaxy g and.gif s isin.gifg g ruarr.gif t isin.gifg g

xl-tex
Each set is in its smallest enclosing galaxy, which is of course a galaxy and is contained in any other galaxy of which that set is a member:


xl-gft
t_in_Gx_t_thm =
fttabturnstil.gif forall.gif tbull.gif t isin.gifg Gx t
galaxy_Gx =
fttabturnstil.gif forall.gifsbull.gif galaxy (Gx s)
Gx_sube.gifg_galaxy =fttab
fttabturnstil.gif forall.gifs gbull.gif galaxy g and.gif s isin.gifg g ruarr.gif (Gx s) sube.gifg g

Galaxy Closure
The galaxy axiom asserts that a Galaxy is transitive and closed under construction of powersets, distributed union and replacement. Galaxies are also closed under most other ways of constructing sets, and we need to demonstrate these facts systematically as the theory is developed.
xl-holconst
transitive : GS rarr.gif BOOL
forall.gifsbull.gif transitive s equiv.gif forall.gifebull.gif e isin.gifg s ruarr.gif e sube.gifg s

xl-gft
GalaxiesTransitive_thm =
fttabturnstil.gif forall.gifsbull.gif galaxy s ruarr.gif transitive s
GCloseSep =
fttabturnstil.gif forall.gifgbull.gif galaxy g ruarr.gif forall.gifsbull.gif s isin.gifg g ruarr.gif forall.gifpbull.gif Sep s p isin.gifg g
Gx_transitive_thm =
fttabturnstil.gif forall.gif sbull.gif transitive (Gx s)
Gx_mono_thm =
fttabturnstil.gif forall.gifs tbull.gif s sube.gifg t ruarr.gif Gx s sube.gifg Gx t
Gx_mono_thm2 =
fttabturnstil.gif forall.gifs tbull.gif s isin.gifg t ruarr.gif Gx s sube.gifg Gx t
t_sub_Gx_t_thm =
fttabturnstil.gif forall.gif tbull.gif t sube.gifg Gx t
Gx_mono_thm3 =
fttabturnstil.gif forall.gif s tbull.gif s sube.gifg t ruarr.gif s sube.gifg Gx t
Gx_trans_thm2 =
fttabturnstil.gif forall.gif s tbull.gif s isin.gifg t ruarr.gif s isin.gifg Gx t
Gx_trans_thm3 =
fttabturnstil.gif forall.gif s t ubull.gif s isin.gifg t and.gif t isin.gifg Gx u ruarr.gif s isin.gifg Gx u

The Empty Set
We can now prove that there is an empty set as follows:
xl-sml
set_goal([], qqtel.gifexist.gif empty.gifgbull.gif forall.gifsbull.gif not.gif s isin.gifg empty.gifgqqter.gif);
a (exist.gif_tac qqtel.gifSep (epsilon.gifs:GSbull.gif T) (lambda.gifx:GSbull.gif F)qqter.gif
fttabTHEN rewrite_tac [get_specqqtel.gifSepqqter.gif]);
xl_set_cs_exist.gif_thm (pop_thm ());

So we define qqtel.gifempty.gifgqqter.gif as the empty set:
xl-holconst
empty.gifg : GS
forall.gifsbull.gif not.gif s isin.gifg empty.gifg
and the empty set is a member of every galaxy:
xl-sml
set_goal([],qqtel.gifforall.gifgbull.gif galaxy g ruarr.gif empty.gifg isin.gifg gqqter.gif);
a (REPEAT strip_tac);
a (fc_tac [GCloseSep, get_spec qqtel.gifgalaxyqqter.gif]);
a (list_spec_nth_asm_tac 1 [qqtel.gifxqqter.gif,qqtel.giflambda.gifx:GSbull.gif Fqqter.gif]);
a (lemma_tac qqtel.gifempty.gifg = Sep x (lambda.gif xbull.gif F)qqter.gif
fttabTHEN1 (rewrite_tac [gs_ext_axiom, get_spec qqtel.gifempty.gifgqqter.gif, get_spec qqtel.gifSepqqter.gif]));
a (asm_rewrite_tac[]);
val Gempty.gifgC = save_pop_thm "Gempty.gifgC";


xl-sml
val empty.gifgsube.gifg_thm = save_thm ("empty.gifgsube.gifg_thm",
fttabprove_rule [get_spec qqtel.gifempty.gifgqqter.gif, sube.gifg_thm]
fttabqqtel.gifforall.gifs:GSbull.gif empty.gifg sube.gifg tqqter.gif);
val lcup.gifgempty.gifg_thm = save_thm ("lcup.gifgempty.gifg_thm",
fttabprove_rule [get_spec qqtel.gifempty.gifgqqter.gif, get_spec qqtel.giflcup.gifgqqter.gif, gs_ext_axiom]
fttabqqtel.giflcup.gifg empty.gifg = empty.gifgqqter.gif);
val empty.gifg_spec = get_spec qqtel.gifempty.gifgqqter.gif;
add_pc_thms "gst-ax" (map get_spec [qqtel.gifpset.gifgqqter.gif, qqtel.giflcup.gifgqqter.gif] @ [empty.gifg_spec, empty.gifgsube.gifg_thm, lcup.gifgempty.gifg_thm]);
set_merge_pcs ["basic_hol", "gst-ax"];

Functional Replacement
The more convenient form of replacement which takes a function rather than a relation (and hence needs no "ManyOne" caveat) is introduced here.
Introduction

Though a functional formulation of replacement is most convenient for most applications, it has a number of small disadvantages which have persuaded me to stay closer to the traditional formulation of replacement in terms of relations. The more convenient functional version will then be introduced by definition (so if you don't know what I'm talking about, look forward to compare the two versions).

For the record the disadvantages of the functional one (if used as an axiom) are:
  1. It can't be used to prove the existence of the empty set.
  2. When used to define separation it requires the axiom of choice.
Imagep
Now we prove a more convenient version of replacement which takes a HOL function rather than a relation as its argument. It states that the image of any set under a function is also a set.
xl-sml
set_goal([],qqtel.gifexist.gifImagepbull.gif forall.giff:GS rarr.gif GSbull.gif forall.gifs: GSbull.gif
fttab(forall.gifxbull.gif x isin.gifg Imagep f s equiv.gif exist.gifebull.gif e isin.gifg s and.gif x = f e)qqter.gif);
a (prove_exist.gif_tac THEN REPEAT strip_tac);
a (lemma_tac qqtel.gifexist.giffrbull.gif fr = lambda.gifx ybull.gif y = f' xqqter.gif THEN1 prove_exist.gif_tac);
a (lemma_tac qqtel.gifManyOne frqqter.gif
fttabTHEN1 (asm_rewrite_tac [get_spec qqtel.gifManyOneqqter.gif]
fttabfttabTHEN REPEAT strip_tac
fttabfttabTHEN asm_rewrite_tac[]));
a (exist.gif_tac qqtel.gifRelIm fr s'qqter.gif);
a (equiv.gif_FC_T asm_rewrite_tac (get_spec qqtel.gifRelImqqter.gif));
xl_set_cs_exist.gif_thm (pop_thm ());

"Imagep f s" is the image of s through f.
xl-holconst
Imagep : (GS rarr.gif GS) rarr.gif GS rarr.gif GS
forall.giff sbull.gif
fttabforall.gifxbull.gif x isin.gifg Imagep f s
fttabequiv.gif exist.gifebull.gif e isin.gifg s and.gif x = f e

xl-sml
val Imagep_spec = get_spec qqtel.gifImagepqqter.gif;
add_pc_thms "gst-ax" (map get_spec [qqtel.gifImagepqqter.gif]);
set_merge_pcs ["basic_hol", "gst-ax"];

We now show that galaxies are closed under Image.
xl-sml
set_goal([],qqtel.gifforall.gifgbull.gif galaxy g
fttabruarr.gif forall.gifsbull.gif s isin.gifg g
fttabruarr.gif forall.giffbull.gif Imagep f s sube.gifg g
fttabruarr.gif Imagep f s isin.gifg gqqter.gif);
a (REPEAT_N 5 strip_tac);
a (lemma_tac qqtel.gifexist.giffrbull.gif fr = lambda.gifx ybull.gif y = f xqqter.gif THEN1 prove_exist.gif_tac);
a (lemma_tac qqtel.gifManyOne frqqter.gif
fttabTHEN1 (asm_rewrite_tac [get_spec qqtel.gifManyOneqqter.gif]
fttabfttabTHEN REPEAT strip_tac
fttabfttabTHEN asm_rewrite_tac[]));
a (lemma_tac qqtel.gifImagep f s = RelIm fr sqqter.gif);
(* *** Goal "1" *** *)
a (pure_rewrite_tac [gs_ext_axiom]);
a (equiv.gif_FC_T pure_once_rewrite_tac (get_spec qqtel.gifRelImqqter.gif));
a (asm_rewrite_tac[] THEN REPEAT strip_tac);
(* *** Goal "2" *** *)
a (once_asm_rewrite_tac[]);
a (fc_tac[get_spec qqtel.gifgalaxyqqter.gif]);
a (list_spec_nth_asm_tac 5 [qqtel.gifsqqter.gif,qqtel.giffrqqter.gif]
fttabTHEN asm_rewrite_tac[]);
val GImagepC = save_pop_thm "GImagepC";

Pair and Unit sets
Pair is defined using replacement, and Unit using Pair.
Pair
Pairs can be defined as the image of some two element set under a function defined by a conditional. A suitable two element set can be constructed from the empty set using the powerset construction a couple of times. However, having proven that this can be done (details omitted), we can introduce the pair constructor by conservative extension as follows. (the ProofPower tool shows that it has accepted my proof by putting this extension into the "definitions" section of the theory listing).
xl-holconst
Pair : GS rarr.gif GS rarr.gif GS
forall.gifs t e:GSbull.gif
fttabe isin.gifg Pair s t
fttabequiv.gif e = s or.gif e = tfttab
Pair equality theorem
Extensional proofs about equality of pairs are simplified by the following principle.
xl-sml
set_goal([],qqtel.gifforall.gifs t u vbull.gif
fttabPair s t = Pair u v
fttabequiv.gif s = u and.gif t = v
fttabor.gif s = v and.gif t = uqqter.gif);
a (rewrite_tac[
fttabforall.gif_elim qqtel.gifPair s tqqter.gif gs_ext_axiom,fttab
fttabget_spec qqtel.gifPairqqter.gif]
fttabTHEN REPEAT strip_tac
fttabTHEN_TRY all_var_elim_asm_tac
fttabTHEN REPEAT strip_tac);
(* *** Goal "1" *** *)
a (spec_nth_asm_tac 2 qqtel.gifsqqter.gif
fttabTHEN_TRY all_var_elim_asm_tac
fttabTHEN_TRY asm_rewrite_tac[]);
(* *** Goal "2" *** *)
a (spec_nth_asm_tac 2 qqtel.gifuqqter.gif
fttabTHEN_TRY all_var_elim_asm_tac
fttabTHEN_TRY asm_rewrite_tac[]);
(* *** Goal "3" *** *)
a (spec_nth_asm_tac 2 qqtel.gifvqqter.gif
fttabTHEN_TRY all_var_elim_asm_tac
fttabTHEN_TRY asm_rewrite_tac[]);
(* *** Goal "4" *** *)
a (spec_nth_asm_tac 2 qqtel.giftqqter.gif
fttabTHEN_TRY all_var_elim_asm_tac
fttabTHEN_TRY asm_rewrite_tac[]);
val Pair_eq_thm =
fttabsave_pop_thm "Pair_eq_thm";

Galaxy Closure

xl-sml
set_goal([],qqtel.gifforall.gifgbull.gif galaxy g ruarr.gif forall.gifs tbull.gif s isin.gifg g and.gif t isin.gifg g ruarr.gif Pair s t isin.gifg gqqter.gif);
a (REPEAT strip_tac);
a (lemma_tac qqtel.gifPair s t = Imagep (lambda.gifxbull.gif if x = empty.gifg then s else t) (pset.gifg (pset.gifg empty.gifg))qqter.gif);
(* *** Goal "1" *** *)
a (once_rewrite_tac [gs_ext_axiom]);
a (rewrite_tac (map get_spec [qqtel.gifPairqqter.gif,qqtel.gifImagepqqter.gif]));
a (REPEAT strip_tac THEN asm_rewrite_tac[]);
(* *** Goal "1.1" *** *)
a (exist.gif_tac qqtel.gifempty.gifgqqter.gif THEN rewrite_tac[get_spec qqtel.gif$sube.gifgqqter.gif]);
(* *** Goal "1.2" *** *)
a (exist.gif_tac qqtel.gifpset.gifg empty.gifgqqter.gif THEN rewrite_tac[get_spec qqtel.gif$sube.gifgqqter.gif]);
a (lemma_tac qqtel.gifnot.gif pset.gifg empty.gifg = empty.gifgqqter.gif);
(* *** Goal "1.2.1" *** *)
a (rewrite_tac [gs_ext_axiom]
fttabTHEN strip_tac
fttabTHEN exist.gif_tac qqtel.gifempty.gifgqqter.gif
fttabTHEN rewrite_tac[]);
(* *** Goal "1.2.2" *** *)
a (asm_rewrite_tac[]);
(* *** Goal "1.3" *** *)
a (cases_tac qqtel.gife' = empty.gifgqqter.gif
fttabTHEN asm_rewrite_tac[]);
a (asm_ante_tac qqtel.gife = (if e' = empty.gifg then s else t)qqter.gif
fttabTHEN asm_rewrite_tac[]);
(* *** Goal "2" *** *)
a (asm_rewrite_tac[]);
a (fc_tac [GImagepC]);
a (list_spec_nth_asm_tac 1 [qqtel.gifpset.gifg (pset.gifg empty.gifg)qqter.gif,qqtel.giflambda.gif xbull.gif if x = empty.gifg then s else tqqter.gif]);
a (fc_tac [Gempty.gifgC]);
a (lemma_tac qqtel.gifforall.gifsbull.gif s isin.gifg g ruarr.gif pset.gifg s isin.gifg gqqter.gif
fttabTHEN1 (REPEAT (fc_tac [get_spec qqtel.gifgalaxyqqter.gif])));
a (REPEAT (asm_fc_tac []));
(* *** Goal "2.2" *** *)
a (swap_nth_asm_concl_tac 1);
a (rewrite_tac [get_spec qqtel.gif$sube.gifgqqter.gif]);
a (REPEAT strip_tac);
a (POP_ASM_T ante_tac
fttabTHEN cases_tac qqtel.gife' = empty.gifgqqter.gif
fttabTHEN asm_rewrite_tac[]
fttabTHEN strip_tac
fttabTHEN asm_rewrite_tac[]);
val GClosePair = save_pop_thm "GClosePair";

Unit definition

xl-holconst
Unit : GS rarr.gif GS
forall.gifsbull.gif Unit s = Pair s s
Unit extension theorem
The following theorem tells you what the members of a unit sets are.
xl-sml
set_goal([],qqtel.gifforall.gifs ebull.gif
fttabe isin.gifg Unit s equiv.gif e = sqqter.gif);
a (rewrite_tac [
fttabget_specqqtel.gifUnitqqter.gif,
fttabget_specqqtel.gifPairqqter.gif]
fttabTHEN REPEAT strip_tac);
val Unit_thm = pop_thm ();
add_pc_thms "gst-ax" [get_spec qqtel.gifPairqqter.gif, Unit_thm];
set_merge_pcs ["basic_hol", "gst-ax"];

Unit equality theorem
The following theorem tells you when two unit sets are equal.
xl-sml
set_goal([],qqtel.gifforall.gifs tbull.gif
fttabUnit s = Unit t
fttabequiv.gif s = tqqter.gif);
a (prove_tac [
fttabforall.gif_elim qqtel.gifUnit sqqter.gif gs_ext_axiom]);
val Unit_eq_thm = pop_thm ();
add_pc_thms "gst-ax" [Unit_eq_thm];
set_merge_pcs ["basic_hol", "gst-ax"];

Galaxy Closure

xl-sml
set_goal([],qqtel.gifforall.gifgbull.gif galaxy g ruarr.gif forall.gifsbull.gif s isin.gifg g ruarr.gif Unit s isin.gifg gqqter.gif);
a (REPEAT strip_tac
fttabTHEN rewrite_tac [get_spec qqtel.gifUnitqqter.gif]);
a (REPEAT (asm_fc_tac[GClosePair]));
val GCloseUnit = save_pop_thm "GCloseUnit";

Unit-Pair equations
The following theorems tell you when Pairs are really Units.
xl-sml
set_goal([],
fttabqqtel.gifforall.gifs t ubull.gif
fttabUnit s = Pair t u
fttabequiv.gif s = t and.gif s = uqqter.gif);
a (prove_tac [
fttabforall.gif_elim qqtel.gifUnit sqqter.gif gs_ext_axiom]);
(* *** Goal "1" *** *)
a (spec_nth_asm_tac 1 qqtel.gifsqqter.gif
fttabTHEN spec_nth_asm_tac 2 qqtel.giftqqter.gif
fttabTHEN_TRY all_var_elim_asm_tac
fttabTHEN_TRY rewrite_tac[]);
(* *** Goal "2" *** *)
a (spec_nth_asm_tac 1 qqtel.gifuqqter.gif
fttabTHEN_TRY all_var_elim_asm_tac
fttabTHEN_TRY rewrite_tac[]);
val Unit_Pair_eq_thm = pop_thm ();


xl-sml
set_goal([],qqtel.gifforall.gifs t ubull.gif
fttabPair s t = Unit u
fttabequiv.gif s = u and.gif t = uqqter.gif);
a (prove_tac [
fttabforall.gif_elim qqtel.gifPair s tqqter.gif gs_ext_axiom]);
val Pair_Unit_eq_thm = pop_thm ();

Union and Intersection
Binary union and distributed and binary intersection are defined.
Binary Union

xl-holconst
$cup.gifg : GS rarr.gif GS rarr.gif GS
forall.gifs t ebull.gif e isin.gifg (s cup.gifg t) equiv.gif e isin.gifg s or.gif e isin.gifg t

xl-sml
val cup.gifg_thm = get_spec qqtel.gif$cup.gifgqqter.gif;
val sube.gifgcup.gifg_thm = save_thm ("sube.gifgcup.gifg_thm", prove_rule
fttab[sube.gifg_thm, cup.gifg_thm]
fttabqqtel.gifforall.gifA Bbull.gif A sube.gifg A cup.gifg B and.gif B sube.gifg A cup.gifg Bqqter.gif);
val cup.gifgsube.gifg_thm1 = save_thm ("cup.gifgsube.gifg_thm1", prove_rule
fttab[sube.gifg_thm, cup.gifg_thm]
fttabqqtel.gifforall.gifA B Cbull.gif A sube.gifg C and.gif B sube.gifg C ruarr.gif A cup.gifg B sube.gifg Cqqter.gif);
val cup.gifgsube.gifg_thm2 = save_thm ("cup.gifgsube.gifg_thm2", prove_rule
fttab[sube.gifg_thm, cup.gifg_thm]
fttabqqtel.gifforall.gifA B C Dbull.gif A sube.gifg C and.gif B sube.gifg D ruarr.gif (A cup.gifg B) sube.gifg (C cup.gifg D)qqter.gif);
val cup.gifgempty.gifg_clauses = save_thm ("cup.gifgempty.gifg_clauses", prove_rule
fttab[gs_ext_axiom, cup.gifg_thm]
fttabqqtel.gifforall.gifAbull.gif (A cup.gifg empty.gifg) = A
fttaband.gif (empty.gifg cup.gifg A) = Aqqter.gif);

Galaxy Closure

xl-sml
set_goal([],qqtel.gifforall.gifgbull.gif galaxy g ruarr.gif forall.gifs tbull.gif s isin.gifg g and.gif t isin.gifg g ruarr.gif s cup.gifg t isin.gifg gqqter.gif);
a (REPEAT strip_tac THEN fc_tac [get_spec qqtel.gifgalaxyqqter.gif]);
a (lemma_tac qqtel.gifs cup.gifg t = lcup.gifg (Pair s t)qqter.gif
fttabTHEN1 (once_rewrite_tac [gs_ext_axiom]
fttabfttabTHEN rewrite_tac [get_spec qqtel.giflcup.gifgqqter.gif, get_spec qqtel.gif$cup.gifgqqter.gif]
fttabfttabTHEN prove_tac[]));
a (asm_rewrite_tac []);
a (lemma_tac qqtel.gifPair s t isin.gifg gqqter.gif
fttabTHEN1 (REPEAT (asm_fc_tac [GClosePair])));
a (REPEAT (asm_fc_tac[]));
val GClosecup.gifg = save_pop_thm "GClosecup.gifg";

Distributed Intersection
Distributed intersection doesn't really make sense for the empty set, but under this definition it maps the empty set onto itself.
xl-holconst
lcap.gifg : GS rarr.gif GS
forall.gifsbull.gif lcap.gifg s = Sep (lcup.gifg s) (lambda.gifxbull.gif forall.giftbull.gif t isin.gifg s ruarr.gif x isin.gifg t)
Extensional Intersection Theorem

xl-sml
set_goal ([],qqtel.gifforall.gifx s ebull.gif x isin.gifg s ruarr.gif
fttab(e isin.gifg lcap.gifg s equiv.gif forall.gifybull.gif y isin.gifg s ruarr.gif e isin.gifg y)qqter.gif);
a (prove_tac [
fttabget_spec qqtel.giflcap.gifgqqter.gif]);
val lcap.gifg_thm = save_pop_thm "lcap.gifg_thm";


xl-sml
set_goal([],qqtel.gifforall.gifs tbull.gif s isin.gifg t ruarr.gif lcap.gifg t sube.gifg sqqter.gif);
a (rewrite_tac [lcap.gifg_thm, sube.gifg_thm]);
a (REPEAT strip_tac);
a (REPEAT (asm_fc_tac[lcap.gifg_thm]));
val lcap.gifgsube.gifg_thm = save_pop_thm "lcap.gifgsube.gifg_thm";

val sube.gifglcap.gifg_thm = save_thm ("sube.gifglcap.gifg_thm",
fttab(prove_rule [sube.gifg_thm, gs_ext_axiom,
fttabget_spec qqtel.gif$lcap.gifgqqter.gif]
fttabqqtel.gifforall.gifA Bbull.gif A isin.gifg B ruarr.gif forall.gifCbull.giffttab
fttab(forall.gifDbull.gif D isin.gifg B ruarr.gif C sube.gifg D)
fttabruarr.gif C sube.gifg lcap.gifg Bqqter.gif));

val lcap.gifgempty.gifg_thm = save_thm ("lcap.gifgempty.gifg_thm",
fttab(prove_rule [gs_ext_axiom,fttabget_spec qqtel.gif$lcap.gifgqqter.gif]
fttabqqtel.giflcap.gifg empty.gifg = empty.gifgqqter.gif));

Binary Intersection
Binary intersection could be defined in terms of distributed intersection, but its easier not to.
xl-sml
declare_infix (240, "cap.gifg");


xl-holconst
$cap.gifg : GS rarr.gif GS rarr.gif GS
forall.gifs tbull.gif s cap.gifg t = Sep s (lambda.gifxbull.gif x isin.gifg t)
Galaxy Closure

xl-sml
set_goal([],qqtel.gifforall.gifgbull.gif galaxy g ruarr.gif forall.gifsbull.gif s isin.gifg g ruarr.gif lcap.gifg s isin.gifg gqqter.gif);
a (REPEAT strip_tac
fttabTHEN rewrite_tac[get_spec qqtel.giflcap.gifgqqter.gif]);
a (fc_tac [GCloseSep, get_spec qqtel.gifgalaxyqqter.gif]);
a (list_spec_nth_asm_tac 1 [qqtel.giflcup.gifg sqqter.gif, qqtel.giflambda.gif xbull.gif forall.gif tbull.gif t isin.gifg s ruarr.gif x isin.gifg tqqter.gif]);
a (asm_fc_tac[]);
val GCloselcap.gifg = save_pop_thm "GCloselcap.gifg";


xl-sml
set_goal([],qqtel.gifforall.gifgbull.gif galaxy g ruarr.gif forall.gifs tbull.gif s isin.gifg g and.gif t isin.gifg g ruarr.gif s cap.gifg t isin.gifg gqqter.gif);
a (REPEAT strip_tac
fttabTHEN rewrite_tac[get_spec qqtel.gif$cap.gifgqqter.gif]);
a (fc_tac [GCloseSep]);
a (list_spec_nth_asm_tac 1 [qqtel.gifsqqter.gif, qqtel.giflambda.gif xbull.gif x isin.gifg tqqter.gif]);
val GClosecap.gifg = save_pop_thm "GClosecap.gifg";

Extensional Binary Intersection Theorem

xl-sml
set_goal ([],qqtel.gifforall.gifs t ebull.gif
fttabe isin.gifg s cap.gifg t equiv.gif e isin.gifg s and.gif e isin.gifg tqqter.gif);
a (prove_tac [
fttabget_spec qqtel.gif$cap.gifgqqter.gif]);
val cap.gifg_thm = save_thm ("cap.gifg_thm",
fttabprove_rule [get_spec qqtel.gif$cap.gifgqqter.gif]
fttabqqtel.gifforall.gifs t ebull.giffttabe isin.gifg s cap.gifg t equiv.gif e isin.gifg s and.gif e isin.gifg tqqter.gif);
val sube.gifgcap.gifg_thm = save_thm ("sube.gifgcap.gifg_thm",
fttabprove_rule [sube.gifg_thm, cap.gifg_thm]
fttabqqtel.gifforall.gifA Bbull.gif A cap.gifg B sube.gifg A and.gif A cap.gifg B sube.gifg Bqqter.gif);
val cap.gifgsube.gifg_thm1 = save_thm ("cap.gifgsube.gifg_thm1",
fttabprove_rule [sube.gifg_thm, cap.gifg_thm]
fttabqqtel.gifforall.gifA B Cbull.gif A sube.gifg C and.gif B sube.gifg C ruarr.gif A cap.gifg B sube.gifg Cqqter.gif);
val cap.gifgsube.gifg_thm2 = save_thm ("cap.gifgsube.gifg_thm2",
fttabprove_rule [sube.gifg_thm, cap.gifg_thm]
fttabqqtel.gifforall.gifA B C Dbull.gif A sube.gifg C and.gif B sube.gifg D ruarr.gif (A cap.gifg B) sube.gifg (C cap.gifg D)qqter.gif);
val cap.gifgsube.gifg_thm3 = save_thm ("cap.gifgsube.gifg_thm3",
fttabprove_rule [sube.gifg_thm, cap.gifg_thm]
fttabqqtel.gifforall.gifA B Cbull.gif C sube.gifg A and.gif C sube.gifg B ruarr.gif C sube.gifg A cap.gifg Bqqter.gif);

Proof Context
To simplify subsequent proofs a new "proof context" is created enabling automatic use of the results now available.
Principles

The only principle I know of which assists with elementary proofs in set theory is the principle that set theoretic conjectures can be reduced to the predicate calculus by using extensional rules for relations and for operators.

Too hasty a reduction can be overkill and may convert a simple conjecture into an unintelligible morass. We have sometimes in the past used made available two proof contexts, an aggressive extensional one, and a milder non-extensional one. However, the extensional rules for the operators are fairly harmless, expansion is triggered by the extensional rules for the relations (equality and subset), so a proof context containing the former together with a suitable theorem for the latter gives good control.

Theorems Used Recklessly
This is pretty much guesswork, only time will tell whether this is the best collection.
xl-sml
val gst_ax_thms = [
fttabempty.gifg_spec,
fttabget_spec qqtel.gifpset.gifgqqter.gif,
fttabget_spec qqtel.giflcup.gifgqqter.gif,
fttabImagep_spec,
fttabPair_eq_thm,
fttabget_spec qqtel.gifPairqqter.gif,
fttabUnit_eq_thm,
fttabUnit_thm,
fttabPair_Unit_eq_thm,
fttabUnit_Pair_eq_thm,
fttabSep_thm,
fttabcup.gifg_thm,
fttabcap.gifg_thm
];
val gst_opext_clauses =
fttab(all_forall.gif_intro
fttabo list_and.gif_intro
fttabo (map all_forall.gif_elim))
fttabgst_ax_thms;
save_thm ("gst_opext_clauses", gst_opext_clauses);

Theorems Used Cautiously
The following theorems are too aggressive for general use in the proof context but are needed when attempting automatic proof. When an extensional proof is appropriate it can be initiated by a cautious (i.e. a "once") rewrite using the following clauses, after which the extensional rules in the proof context will be triggered.
xl-sml
val gst_relext_clauses =
fttab(all_forall.gif_intro
fttabo list_and.gif_intro
fttabo (map all_forall.gif_elim))
fttab[gs_ext_axiom,
fttabget_specqqtel.gif$sube.gifgqqter.gif];
save_thm ("gst_relext_clauses", gst_relext_clauses);

There are a number of important theorems, such as well-foundedness and galaxy closure which have not been mentioned in this context. The character of these theorems makes them unsuitable for the proof context, their application requires thought.
Automatic Proof
The basic proof automation is augmented by adding a preliminary rewrite with the relational extensionality clauses.
xl-sml
fun gst_ax_prove_conv thl =
fttabTRY_C (pure_rewrite_conv [gst_relext_clauses])
fttabTHEN_C (basic_prove_conv thl);

Proof Context gst-ax

xl-sml
add_rw_thms gst_ax_thms "gst-ax";
add_sc_thms gst_ax_thms "gst-ax";
add_st_thms gst_ax_thms "gst-ax";
set_pr_conv gst_ax_prove_conv "gst-ax";
set_pr_tac
fttab(conv_tac o gst_ax_prove_conv)
fttab"gst-ax";
commit_pc "gst-ax";

Using the proof context "gst-ax" elementary results in gst are now provable automatically on demand. For this reason it is not necessary to prove in advance of needing them results such as the associativity of intersection, since they can be proven when required by an expression of the form "prove rule[] term" which proves term and returns it as a theorem. If the required proof context for doing this is not in place the form "merge_pcs_rule ["basic_hol", gst-ax"] (prove_rule []) term" may be used. Since this is a little cumbersome we define the function "gst_ax_rule" and illustrate its use as follows:

xl-sml
val gst_ax_rule =
fttab(merge_pcs_rule1
fttab["basic_hol", "gst-ax"]
fttabprove_rule) [];
val gst_ax_conv =
fttabMERGE_PCS_C1
fttab["basic_hol", "gst-ax"]
fttabprove_conv;
val gst_ax_tac =
fttabconv_tac o gst_ax_conv;

Examples
The following are examples of the elementary results which are now proven automatically:
xl-sml
gst_ax_rule qqtel.gif
fttaba cap.gifg (b cap.gifg c)
fttab= (a cap.gifg b) cap.gifg cqqter.gif;
gst_ax_rule qqtel.gifa cap.gifg b sube.gifg bqqter.gif;
gst_ax_rule qqtel.gifempty.gifg cup.gifg b = bqqter.gif;
gst_ax_rule qqtel.gif
fttaba sube.gifg b and.gif c sube.gifg d
fttabruarr.gif a cap.gifg c sube.gifg b cap.gifg dqqter.gif;
gst_ax_rule qqtel.gifSep b p sube.gifg bqqter.gif;
gst_ax_rule qqtel.gifa sube.gifg b ruarr.gif
fttabImagep f a sube.gifg Imagep f bqqter.gif;

up quick index © RBJ

$Id: gst-axioms.xml,v 1.3 2005/04/09 14:00:53 rbj Exp $

V