theory Nat_ZF_IML imports ZF.Arith
begin
The ZF set theory constructs natural numbers from the empty set and the notion of a one-element set. Namely, zero of natural numbers is defined as the empty set. For each natural number \(n\) the next natural number is defined as \(n\cup \{n\}\). With this definition for every non-zero natural number we get the identity \(n = \{0,1,2,..,n-1\}\). It is good to remember that when we see an expression like \(f: n \rightarrow X\). Also, with this definition the relation "less or equal than" becomes "\(\subseteq\)" and the relation "less than" becomes "\(\in\)".
Induction
The induction lemmas in the standard Isabelle's Nat.thy file like for example nat_induct require the induction step to be a higher order statement (the one that uses the \(\Longrightarrow\) sign). I found it difficult to apply from Isar, which is perhaps more of an indication of my Isar skills than anything else. Anyway, here we provide a first order version that is easier to reference in Isar declarative style proofs.
The next theorem is a version of induction on natural numbers that I was thought in school.
theorem ind_on_nat:
assumes A1: \( n\in nat \) and A2: \( P(0) \) and A3: \( \forall k\in nat.\ P(k)\longrightarrow P(succ(k)) \)
shows \( P(n) \)proof note A1, A2
moreover {
}
ultimately show \( P(n) \) by (rule nat_induct )
qed
fix \( x \)
assume \( x\in nat \), \( P(x) \)
with A3 have \( P(succ(x)) \)
A nonzero natural number has a predecessor.
lemma Nat_ZF_1_L3:
assumes A1: \( n \in nat \) and A2: \( n\neq 0 \)
shows \( \exists k\in nat.\ n = succ(k) \)proof from A1 have \( n \in \{0\} \cup \{succ(k).\ k\in nat\} \) using nat_unfold
with A2 show \( thesis \)
qed
What is succ, anyway?
lemma succ_explained:
shows \( succ(n) = n \cup \{n\} \) using succ_iffEmpty set is an element of every natural number which is not zero.
lemma empty_in_every_succ:
assumes A1: \( n \in nat \)
shows \( 0 \in succ(n) \)proof note A1
moreover
}
qed
have \( 0 \in succ(0) \)
moreover {
fix \( k \)
assume \( k \in nat \) and A2: \( 0 \in succ(k) \)
then have \( succ(k) \subseteq succ(succ(k)) \)
with A2 have \( 0 \in succ(succ(k)) \)
then have \( \forall k \in nat.\ 0 \in succ(k) \longrightarrow 0 \in succ(succ(k)) \)
ultimately show \( 0 \in succ(n) \) by (rule ind_on_nat )
If one natural number is less than another then their successors are in the same relation.
lemma succ_ineq:
assumes A1: \( n \in nat \)
shows \( \forall i \in n.\ succ(i) \in succ(n) \)proof note A1
moreover
}
}
qed
have \( \forall k \in 0.\ succ(k) \in succ(0) \)
moreover {
fix \( k \)
assume A2: \( \forall i\in k.\ succ(i) \in succ(k) \)
{
fix \( i \)
assume \( i \in succ(k) \)
then have \( i \in k \vee i = k \)
moreover {
}
moreover {
}
ultimately have \( succ(i) \in succ(succ(k)) \)
assume \( i\in k \)
with A2 have \( succ(i) \in succ(k) \)
hence \( succ(i) \in succ(succ(k)) \)
assume \( i = k \)
then have \( succ(i) \in succ(succ(k)) \)
then have \( \forall i \in succ(k).\ succ(i) \in succ(succ(k)) \)
then have \( \forall k \in nat.\ \)
\( ( (\forall i\in k.\ succ(i) \in succ(k)) \longrightarrow (\forall i \in succ(k).\ succ(i) \in succ(succ(k))) ) \)
ultimately show \( \forall i \in n.\ succ(i) \in succ(n) \) by (rule ind_on_nat )
For natural numbers if \(k\subseteq n\) the similar holds for their successors.
lemma succ_subset:
assumes A1: \( k \in nat \), \( n \in nat \) and A2: \( k\subseteq n \)
shows \( succ(k) \subseteq succ(n) \)proof from A1 have T: \( Ord(k) \) and \( Ord(n) \) using nat_into_Ord
with A2 have \( succ(k) \leq succ(n) \) using subset_imp_le
then show \( succ(k) \subseteq succ(n) \) using le_imp_subset
qed
For any two natural numbers one of them is contained in the other.
lemma nat_incl_total:
assumes A1: \( i \in nat \), \( j \in nat \)
shows \( i \subseteq j \vee j \subseteq i \)proof from A1 have T: \( Ord(i) \), \( Ord(j) \) using nat_into_Ord
then have \( i\in j \vee i=j \vee j\in i \) using Ord_linear
moreover {
}
moreover {
}
moreover {
}
ultimately show \( i \subseteq j \vee j \subseteq i \)
qed
assume \( i\in j \)
with T have \( i\subseteq j \vee j\subseteq i \) using lt_def, leI, le_imp_subset
assume \( i=j \)
then have \( i\subseteq j \vee j\subseteq i \)
assume \( j\in i \)
with T have \( i\subseteq j \vee j\subseteq i \) using lt_def, leI, le_imp_subset
The set of natural numbers is the union of all successors of natural numbers.
lemma nat_union_succ:
shows \( nat = (\bigcup n \in nat.\ succ(n)) \)proof show \( nat \subseteq (\bigcup n \in nat.\ succ(n)) \)
next
{
fix \( k \)
assume A2: \( k \in (\bigcup n \in nat.\ succ(n)) \)
then obtain \( n \) where T: \( n \in nat \) and I: \( k \in succ(n) \)
then have \( k \leq n \) using nat_into_Ord, lt_def
with T have \( k \in nat \) using le_in_nat
then show \( (\bigcup n \in nat.\ succ(n)) \subseteq nat \)
qed
Successors of natural numbers are subsets of the set of natural numbers.
lemma succnat_subset_nat:
assumes A1: \( n \in nat \)
shows \( succ(n) \subseteq nat \)proof from A1 have \( succ(n) \subseteq (\bigcup n \in nat.\ succ(n)) \)
then show \( succ(n) \subseteq nat \) using nat_union_succ
qed
Element of a natural number is a natural number.
lemma elem_nat_is_nat:
assumes A1: \( n \in nat \) and A2: \( k\in n \)
shows \( k \lt n \), \( k \in nat \), \( k \leq n \), \( \langle k,n\rangle \in Le \)proof from A1, A2 show \( k \lt n \) using nat_into_Ord, lt_def
with A1 show \( k \in nat \) using lt_nat_in_nat
from \( k \lt n \) show \( k \leq n \) using leI
with A1, \( k \in nat \) show \( \langle k,n\rangle \in Le \) using Le_def
qed
The set of natural numbers is the union of its elements.
lemma nat_union_nat:
shows \( nat = \bigcup nat \) using elem_nat_is_natA natural number is a subset of the set of natural numbers.
lemma nat_subset_nat:
assumes A1: \( n \in nat \)
shows \( n \subseteq nat \)proof from A1 have \( n \subseteq \bigcup nat \)
then show \( n \subseteq nat \) using nat_union_nat
qed
Adding natural numbers does not decrease what we add to.
lemma add_nat_le:
assumes A1: \( n \in nat \) and A2: \( k \in nat \)
shows \( n \leq n \ \sharp + k \), \( n \subseteq n \ \sharp + k \), \( n \subseteq k \ \sharp + n \)proof from A1, A2 have \( n \leq n \), \( 0 \leq k \), \( n \in nat \), \( k \in nat \) using nat_le_refl, nat_0_le
then have \( n \ \sharp + 0 \leq n \ \sharp + k \) by (rule add_le_mono )
with A1 show \( n \leq n \ \sharp + k \) using add_0_right
then show \( n \subseteq n \ \sharp + k \) using le_imp_subset
then show \( n \subseteq k \ \sharp + n \) using add_commute
qed
Result of adding an element of \(k\) is smaller than of adding \(k\).
lemma add_lt_mono:
assumes \( k \in nat \) and \( j\in k \)
shows \( (n \ \sharp + j) \lt (n \ \sharp + k) \), \( (n \ \sharp + j) \in (n \ \sharp + k) \)proof from assms have \( j \lt k \) using elem_nat_is_nat
moreover
qed
note \( k \in nat \)
ultimately show \( (n \ \sharp + j) \lt (n \ \sharp + k) \), \( (n \ \sharp + j) \in (n \ \sharp + k) \) using add_lt_mono2, ltD
A technical lemma about a decomposition of a sum of two natural numbers: if a number \(i\) is from \(m + n\) then it is either from \(m\) or can be written as a sum of \(m\) and a number from \(n\). The proof by induction w.r.t. to \(m\) seems to be a bit heavy-handed, but I could not figure out how to do this directly from results from standard Isabelle/ZF.
lemma nat_sum_decomp:
assumes A1: \( n \in nat \) and A2: \( m \in nat \)
shows \( \forall i \in m \ \sharp + n.\ i \in m \vee (\exists j \in n.\ i = m \ \sharp + j) \)proof note A1
moreover
qed
from A2 have \( \forall i \in m \ \sharp + 0.\ i \in m \vee (\exists j \in 0.\ i = m \ \sharp + j) \) using add_0_right
moreover have \( \forall k\in nat.\ \)
\( (\forall i \in m \ \sharp + k.\ i \in m \vee (\exists j \in k.\ i = m \ \sharp + j)) \longrightarrow \)
\( (\forall i \in m \ \sharp + succ(k).\ i \in m \vee (\exists j \in succ(k).\ i = m \ \sharp + j)) \)proof
ultimately show \( \forall i \in m \ \sharp + n.\ i \in m \vee (\exists j \in n.\ i = m \ \sharp + j) \) by (rule ind_on_nat )
{
}
}
}
fix \( k \)
assume A3: \( k \in nat \)
{
assume A4: \( \forall i \in m \ \sharp + k.\ i \in m \vee (\exists j \in k.\ i = m \ \sharp + j) \)
{
fix \( i \)
assume \( i \in m \ \sharp + succ(k) \)
then have \( i \in m \ \sharp + k \vee i = m \ \sharp + k \) using add_succ_right
moreover
from A4, A3 have \( i \in m \ \sharp + k \longrightarrow i \in m \vee (\exists j \in succ(k).\ i = m \ \sharp + j) \)
ultimately have \( i \in m \vee (\exists j \in succ(k).\ i = m \ \sharp + j) \)
then have \( \forall i \in m \ \sharp + succ(k).\ i \in m \vee (\exists j \in succ(k).\ i = m \ \sharp + j) \)
then have \( (\forall i \in m \ \sharp + k.\ i \in m \vee (\exists j \in k.\ i = m \ \sharp + j)) \longrightarrow \)
\( (\forall i \in m \ \sharp + succ(k).\ i \in m \vee (\exists j \in succ(k).\ i = m \ \sharp + j)) \)
then show \( thesis \)
qed
A variant of induction useful for finite sequences.
lemma fin_nat_ind:
assumes A1: \( n \in nat \) and A2: \( k \in succ(n) \) and A3: \( P(0) \) and A4: \( \forall j\in n.\ P(j) \longrightarrow P(succ(j)) \)
shows \( P(k) \)proof from A2 have \( k \in n \vee k=n \)
with A1 have \( k \in nat \) using elem_nat_is_nat
moreover
qed
from A3 have \( 0 \in succ(n) \longrightarrow P(0) \)
moreover from A1, A4 have \( \forall k \in nat.\ (k \in succ(n) \longrightarrow P(k)) \longrightarrow (succ(k) \in succ(n) \longrightarrow P(succ(k))) \) using nat_into_Ord, Ord_succ_mem_iff
ultimately have \( k \in succ(n) \longrightarrow P(k) \) by (rule ind_on_nat )
with A2 show \( P(k) \)
Some properties of positive natural numbers.
lemma succ_plus:
assumes \( n \in nat \), \( k \in nat \)
shows \( succ(n \ \sharp + j) \in nat \), \( succ(n) \ \sharp + succ(j) = succ(succ(n \ \sharp + j)) \) using assmsIntervals
In this section we consider intervals of natural numbers i.e. sets of the form \(\{n+j : j \in 0..k-1\}\).
The interval is determined by two parameters: starting point and length. Recall that in standard Isabelle's Arith.thy the symbol \( \ \sharp + \) is defined as the sum of natural numbers.
Definition
\( Nat \text{Interval}(n,k) \equiv \{n \ \sharp + j.\ j\in k\} \)
Subtracting the beginning af the interval results in a number from the length of the interval. It may sound weird, but note that the length of such interval is a natural number, hence a set.
lemma inter_diff_in_len:
assumes A1: \( k \in nat \) and A2: \( i \in Nat \text{Interval}(n,k) \)
shows \( i \ \sharp - n \in k \)proof from A2 obtain \( j \) where I: \( i = n \ \sharp + j \) and II: \( j \in k \) using NatInterval_def
from A1, II have \( j \in nat \) using elem_nat_is_nat
moreover
qed
from I have \( i \ \sharp - n = \text{natify}(j) \) using diff_add_inverse
ultimately have \( i \ \sharp - n = j \)
with II show \( thesis \)
Intervals don't overlap with their starting point and the union of an interval with its starting point is the sum of the starting point and the length of the interval.
lemma length_start_decomp:
assumes A1: \( n \in nat \), \( k \in nat \)
shows \( n \cap Nat \text{Interval}(n,k) = 0 \), \( n \cup Nat \text{Interval}(n,k) = n \ \sharp + k \)proof{
}
fix \( i \)
assume A2: \( i \in n \) and \( i \in Nat \text{Interval}(n,k) \)
then obtain \( j \) where I: \( i = n \ \sharp + j \) and II: \( j \in k \) using NatInterval_def
from A1 have \( k \in nat \) using elem_nat_is_nat
with II have \( j \in nat \) using elem_nat_is_nat
with A1, I have \( n \leq i \) using add_nat_le
moreover
from A1, A2 have \( i \lt n \) using elem_nat_is_nat
ultimately have \( False \) using le_imp_not_lt
thus \( n \cap Nat \text{Interval}(n,k) = 0 \)
from A1 have \( n \subseteq n \ \sharp + k \) using add_nat_le
moreover {
}
ultimately have \( n \cup Nat \text{Interval}(n,k) \subseteq n \ \sharp + k \)
fix \( i \)
assume \( i \in Nat \text{Interval}(n,k) \)
then obtain \( j \) where III: \( i = n \ \sharp + j \) and IV: \( j \in k \) using NatInterval_def
with A1 have \( j \lt k \) using elem_nat_is_nat
with A1, III have \( i \in n \ \sharp + k \) using add_lt_mono2, ltD
moreover
qed
from A1 have \( n \ \sharp + k \subseteq n \cup Nat \text{Interval}(n,k) \) using nat_sum_decomp, NatInterval_def
ultimately show \( n \cup Nat \text{Interval}(n,k) = n \ \sharp + k \)
Sme properties of three adjacent intervals.
lemma adjacent_intervals3:
assumes \( n \in nat \), \( k \in nat \), \( m \in nat \)
shows \( n \ \sharp + k \ \sharp + m = (n \ \sharp + k) \cup Nat \text{Interval}(n \ \sharp + k,m) \), \( n \ \sharp + k \ \sharp + m = n \cup Nat \text{Interval}(n,k \ \sharp + m) \), \( n \ \sharp + k \ \sharp + m = n \cup Nat \text{Interval}(n,k) \cup Nat \text{Interval}(n \ \sharp + k,m) \) using assms, add_assoc, length_start_decomp end
theorem ind_on_nat:
assumes \( n\in nat \) and \( P(0) \) and \( \forall k\in nat.\ P(k)\longrightarrow P(succ(k)) \)
shows \( P(n) \) lemma nat_union_succ: shows \( nat = (\bigcup n \in nat.\ succ(n)) \)
lemma elem_nat_is_nat:
assumes \( n \in nat \) and \( k\in n \)
shows \( k \lt n \), \( k \in nat \), \( k \leq n \), \( \langle k,n\rangle \in Le \) lemma nat_union_nat: shows \( nat = \bigcup nat \)
Definition of NatInterval:
\( Nat \text{Interval}(n,k) \equiv \{n \ \sharp + j.\ j\in k\} \)
lemma add_nat_le:
assumes \( n \in nat \) and \( k \in nat \)
shows \( n \leq n \ \sharp + k \), \( n \subseteq n \ \sharp + k \), \( n \subseteq k \ \sharp + n \) lemma nat_sum_decomp:
assumes \( n \in nat \) and \( m \in nat \)
shows \( \forall i \in m \ \sharp + n.\ i \in m \vee (\exists j \in n.\ i = m \ \sharp + j) \) lemma length_start_decomp:
assumes \( n \in nat \), \( k \in nat \)
shows \( n \cap Nat \text{Interval}(n,k) = 0 \), \( n \cup Nat \text{Interval}(n,k) = n \ \sharp + k \)
This page by Slawomir Kolodynski is licensed under a Creative Commons Attribution 3.0 License. BTC: 189qAMLvqevxMrCsZaABMJ3cLkXdSwMNK8