--BEGIN HERE -- -- -- \section{Axioms of set theory} -- -- -- The \emph{regularity} postulate and the \emph{infinity} postulate are the only ones explicitly -- present in the \textsc{Theory} 'Set_theory' underlying the proof-checker Ref. -- All other axioms typical of set theory---and, to some extent, even the two just recalled---, -- are built into the inferential machinery of Ref. We now recast the said postulates in the -- form of two theorems: citing them will thus become handier, because universal -- quantifiers are left understood. -- Theorem 0: [Global choice] ((X = 0) & (arb(X) = 0)) or ((arb(X) in X) & ((arb(X) * X) = 0)). Proof: Suppose_not(x0) ==> Stat0: not(((x0 = 0) & (arb(x0) = 0)) or ((arb(x0) in x0) & ((arb(x0) * x0) = 0))) -- -- The quantifier restriction in the following sentence is fictitious (here $\Omega$ represents the class of all sets) -- Assump ==> Stat1: (FORALL s in OM | ( (s = 0) & (arb(s) = 0) ) or ((arb(s) in s) & ((arb(s) * s) = 0))) x0-->Stat1(Stat0*) ==> false; Discharge ==> QED -- -- In the statement of the following, it would be easy---but pointless, it seems to us---to -- replace $s_inf$ by a new constant $sp_inf$ satisfyng the stronger condition -- $(0 in sp_inf) & ((X in sp_inf) ¥imp ({X} in sp_inf))$: -- Theorem 00: [Axiom of Infinity] (s_inf /= 0) & ((X in s_inf) ¥imp ({X} in s_inf)). Proof: Suppose_not(x0) ==> AUTO Assump ==> Stat1: (FORALL x in s_inf | {x} in s_inf) & (s_inf /= 0) x0-->Stat1 ==> false Discharge ==> QED -- -- \section{Pairs and maps} -- -- -- We begin by making a trick, purely set-theoretic definition of the notion of \emph{ordered pair}. -- We also give formal definitions of both ordered-pair component extractor functions. -- These definitions are shown only for completeness: all that really counts, about them, -- is that they enforce the 'unique retrieval' law -- $(FORALL s, d | (car([s,d]) = s) & (cdr([s,d]) = d))$, -- which, anyway, is built-in in the extended version of multilevel syllogistic encompassed by -- the most central among Ref's inference primitives, named \textsc{ELEM}. -- Def pairs.0: [Ordered pair] Def([X,Y]) := {{X},{{X},{{Y},Y}}} Def pairs.1: [First component of ordered pair] car(X) := arb(arb(X)) Def pairs.2: [Second component of ordered pair] cdr(X) := arb(arb(arb(X - {arb(X)}) - {arb(X)})) -- -- The following operations are usually applied to sets of ordered pairs, here called \emph{maps}: -- Def maps.1: [Map domain] domain(F) := {car(x): x in F} Def maps.2: [Map Restriction] Def(f ¥ON a) := {p in f | car(p) in a} Def maps.3: [Value of single-valued function] Def(f~[x]) := cdr(arb(f ¥ON {x})) -- -- It is convenient to summarize some of the key results about \emph{maps} in auxiliary -- \textsc{Theory}s, such as the following one, that ease their use. -- We focus here on maps of the form ${[x,f(x)]: x in s}$, which are always single-valued. -- THEORY fcn_symbol(f(X),g,s) [Contains some elementary lemmas about single-valued functions] g = {[x,f(x)]: x in s} END fcn_symbol; -- ENTER_THEORY fcn_symbol -- Note: till we return from 'fcn_symbol' to set theory, we are -- reasoning within the theory, so $g = {[x,f(x)]: x in s}$ is available -- as an axiom, and all theorems proved are added to the set -- of conclusions of the theory, rather than to the set of conclusions -- of the top-level set-theory. -- -- First we show that the domain of $g$ is simply $s$. -- Theorem fcn_symbol.1: [Mapformer domain] domain(g) = s. Proof: Suppose_not ==> domain(g) /= s -- -- For in the contrary case we would have ${car(x): x in {[x,f(x)]: x in s}} /= s$ -- by definition, so there would exist an $x in s$ such that $car([x,f(x)]) /= x$, -- which is impossible. -- Use_def(domain) ==> {car(x): x in g} /= s Assump ==> g = {[y,f(y)]: y in s} EQUAL ==> {car(x): x in g} = {car(x): x in {[y,f(y)]: y in s}} ELEM ==> {car(x): x in {[y,f(y)]: y in s}} /= s SIMPLF ==> {car([y,f(y)]): y in s} /= {x: x in s} Set_monot ==> {car([y,f(y)]): y in s} = {y: y in s} Discharge ==> QED -- -- Next we show that $g~[x] = f(x)$ for any $x in s$. -- Theorem fcn_symbol.2: [Image by a mapformer] (XX in s) ¥imp (g~[XX] = f(XX)). Proof: Suppose_not(c) ==> (c in s) & (g~[c] /= f(c)) -- -- For suppose not, and let $c in s$ be a counterexample, so that by definition -- of functional application (and map restriction) we would have -- $cdr(arb({[x,f(x)]: x in s | car([x,f(x)]) in {c}})) /= f(c)$. -- Use_def(~) ==> cdr(arb(g ¥ON {c})) /= f(c) Use_def(¥ON) ==> cdr(arb({p in g | car(p) in {c}})) /= f(c) Assump ==> g = {[x,f(x)]: x in s} EQUAL ==> cdr(arb({p in {[x,f(x)]: x in s} | car(p) in {c}})) /= f(c) SIMPLF ==> cdr(arb({[x,f(x)]: x in s | car([x,f(x)]) in {c}})) /= f(c) -- -- We can simplify ${[x,f(x)]: x in s | car([x,f(x)]) in {c}}$ to ${[x,f(x)]: x in s | x in {c}}$, -- for if these sets were different there would be a $d in s$ such that the conditions -- $car([d,f(d)]) in {c}$ and $d in c$ were inequivalent, which is impossible. -- Suppose ==> Stat1: {[x,f(x)]: x in s | car([x,f(x)]) in {c}} /= {[x,f(x)]: x in s | x in {c}} d-->Stat1 ==> (d in s) & (not ((car([d,f(d)]) in {c}) ¥eq (d in {c}))) Discharge ==> {[x,f(x)]: x in s | car([x,f(x)]) in {c}} = {[x,f(x)]: x in s | x in {c}} -- -- But ${[x,f(x)]: x in s | x in {c}}$ simplifies in two steps to ${[x,f(x)]: x in {c}}$, -- which is the same as ${[c,f(c)]}$. Hence if our theorem is false we would have -- $cdr(arb({[c,f(c)]})) /= f(c)$, a contradiction proving the theorem. -- Suppose ==> Stat2: {[x,f(x)]: x in s | x in {c}} /= {[x,f(x)]: x in {c}} e-->Stat2 ==> ((e in {[x,f(x)]: x in s | x in {c}}) & (e notin {[x,f(x)]: x in {c}})) or ((e notin {[x,f(x)]: x in s | x in {c}}) & (e in {[x,f(x)]: x in {c}})) Suppose ==> Stat3: (e in {[x,f(x)]: x in s | x in {c}}) & Stat4: (e notin {[x,f(x)]: x in {c}}) e1-->Stat3 ==> (e = [e1,f(e1)]) & (e1 in s) & (e1 in {c}) e1-->Stat4 ==> false; Discharge ==> Stat5: (e notin {[x,f(x)]: x in s | x in {c}}) & Stat6: (e in {[x,f(x)]: x in {c}}) e2-->Stat6 ==> (e = [e2,f(e2)]) & (e2 in {c}) e2-->Stat5 ==> false; Discharge ==> {[x,f(x)]: x in s | x in {c}} = {[x,f(x)]: x in {c}} SIMPLF ==> {[x,f(x)]: x in {c}} = {[c,f(c)]} EQUAL ==> cdr(arb({[c,f(c)]})) /= f(c) Discharge ==> QED -- -- -- Our next theorem rounds out the preceding result by showing that $g~[x] = 0$ for $x notin s$. -- Theorem fcn_symbol.3: [Mapformer image in general] g~[Xp] = if Xp in s then f(Xp) else 0 end if. Proof: Suppose_not(c) ==> g~[c] /= if c in s then f(c) else 0 end if Suppose ==> c in s c-->Tfcn_symbol.2 ==> g~[c] = f(c) Discharge ==> Stat1: ((c notin s) & g~[c] /= 0) -- -- For suppose not, and (as the possibility $c in s$ gets readily discarded) let $c notin s$ -- be a counterexample. Then by definition of functional application (and map restriction) the value -- $arb({[x,f(x)]: x in s | car([x,f(x)]) in {c}})$ must be nonzero, -- and then by the axiom of choice so is the set ${[x,f(x)]: x in s | car([x,f(x)]) in {c}}$. -- Use_def(~) ==> (c notin s) & cdr(arb(g ¥ON {c})) /= 0 Suppose ==> arb(g ¥ON {c}) = 0 EQUAL ==> cdr(0) /= 0 Use_def(cdr) ==> arb(arb(arb(0 - {arb(0)}) - {arb(0)})) /= 0 TELEM ==> 0 - {arb(0)} = 0 EQUAL ==> arb(arb(arb(0) - {arb(0)})) /= 0 0-->T0(*) ==> arb(0) = 0 TELEM ==> arb(0) - {arb(0)} = 0 EQUAL ==> arb(arb(0)) /= 0 EQUAL ==> arb(0) /= 0 EQUAL ==> false; Discharge ==> arb(g ¥ON {c}) /= 0 Use_def(¥ON) ==> (g ¥ON {c}) = {p in g | car(p) in {c}} EQUAL ==> arb({p in g | car(p) in {c}}) /= 0 Assump ==> g = {[x,f(x)]: x in s} EQUAL ==> arb({p in {[x,f(x)]: x in s} | car(p) in {c}}) /= 0 SIMPLF ==> Stat2: arb({[x,f(x)]: x in s | car([x,f(x)]) in {c}}) /= 0 {[x,f(x)]: x in s | car([x,f(x)]) in {c}}-->T0(Stat2*) ==> Stat3: {[x,f(x)]: x in s | car([x,f(x)]) in {c}} /= 0 -- -- Hence there would exist a $d in s$ such that $car([d,f(d)]) in {c}$, implying $c in s$, -- a contradiction which proves our assertion. -- d-->Stat3() ==> Stat4: (d in s) & (car([d,f(d)]) in {c}) (Stat1,Stat4)Discharge ==> QED -- ENTER_THEORY Set_theory -- -- -- DISPLAY fcn_symbol -- -- THEORY fcn_symbol(f(X),g,s) [Contains some elementary lemmas about single-valued functions] -- g = {[x,f(x)]: x in s} -- ==> -- (domain(g) = s) -- (FORALL xp | (xp in s) ¥imp (g~[xp] = f(xp))) -- (FORALL xp | g~[xp] = if xp in s then f(xp) else 0 end if) -- END fcn_symbol; -- -- -- \section{Reachability in a big graph} -- THEORY reachability(V(X),E(X,Y)) -- -- This theory has two predicates, one monadic and the other dyadic, as arguments: -- these represent nodes (or 'vertices') and arcs (or 'edges') of a system. -- What we mean by 'system', following Aczel, is a structure akin to a graph -- but whose nodes and arcs might form proper classes. Anyway, we -- insist that the immediate descendants of each node $x$ must be included in a set -- (possibly a set which depends on $x$). (Cf. P. Aczel, "Non-well-founded sets", -- vol. 14 of CSLI Lecture Notes, CSLI, Stanford, CA, 1988) -- (FORALL x | V(x) ¥imp (EXISTS c | (FORALL y | (E(x,y) & V(y)) ¥imp (y in c)))) END reachability -- ENTER_THEORY reachability -- -- Inside this \textsc{Theory} 'reachability', we will use Skolemization to -- associate with every node the set of its children in the system. -- For each node $x$, we own a set $c$ comprising all the immediate -- descendants of $x$; hence separation enables us to form the set -- $ch={y in c | E(x,y) & V(y)}$ of all nodes which are immediate -- descendants of $x$ in the system. This set will be named $children(x)$ -- by the subsequent application of Skolemization. When $x$ is not a node, a forthcoming theorem -- will arrange things so that $children(x)=0$. -- Theorem reachability.0: [Every node has a set of children] (EXISTS ch | (FORALL y | (E(X,y) & V(X) & V(y)) ¥eq (y in ch))). Proof: Suppose_not(x0) ==> Stat0: not(EXISTS ch | (FORALL y | (E(x0,y) & V(x0) & V(y)) ¥eq (y in ch))) -- -- Suppose ==> (not V(x0)) 0-->Stat0(Stat0*) ==> Stat1: not(FORALL y | (E(x0,y) & V(x0) & V(y)) ¥eq (y in 0)) y-->Stat1(Stat0*) ==> false Discharge ==> AUTO Assump ==> Stat2: (FORALL x | V(x) ¥imp (EXISTS c | (FORALL y | (E(x,y) & V(y)) ¥imp (y in c)))) x0-->Stat2(Stat0*) ==> Stat3: (EXISTS c | (FORALL y | (E(x0,y) & V(y)) ¥imp (y in c))) & V(x0) k-->Stat3(Stat3*) ==> Stat4: (FORALL y | (E(x0,y) & V(y)) ¥imp (y in k)) Loc_def ==> kh = {y in k | E(x0,y) & V(y) } kh-->Stat0(Stat4*) ==> Stat5: (not(FORALL y | (E(x0,y) & V(x0) & V(y)) ¥eq (y in kh))) y0-->Stat5(Stat3*) ==> (E(x0,y0) & V(y0)) ¥neq (y0 in kh) Suppose ==> Stat6: E(x0,y0) & V(y0) (Stat4*)ELEM ==> Stat7: y0 notin {y in k | E(x0,y) & V(y)} y0-->Stat4(Stat6*) ==> y0 in k y0-->Stat7(Stat6*) ==> false (Stat4*)Discharge ==> Stat8: (y0 in {y in k | E(x0,y) & V(y)}) & (not (E(x0,y0) & V(y0))) ()-->Stat8(Stat8*) ==> false Discharge ==> QED -- -- Skolemize this last statement, rewriting it in the following form: -- APPLY(v1_thryvar:children) Skolem() ==> Theorem reachability.1a: [Children lemma, 0] (FORALL x | (FORALL y | (E(x,y) & V(x) & V(y)) ¥eq (y in children(x)))) -- -- Then recast the 'children lemma' just obtained in a form where universal quantifiers -- are left understood, because this new version of the lemma can be cited more easily. -- Theorem reachability.1: [Children lemma] (E(X,Y) & V(X) & V(Y)) ¥eq (Y in children(X)). Proof: Suppose_not(x,y) ==> AUTO Treachability.1a ==> Stat1: (FORALL x | (FORALL y | (E(x,y) & V(x) & V(y)) ¥eq (y in children(x)))) x-->Stat1 ==> Stat2: (FORALL y | (E(x,y) & V(x) & V(y)) ¥eq (y in children(x))) y-->Stat2 ==> false Discharge ==> QED -- -- Now we start to prepare more closely for the proof of a preliminary version of the principle -- of transfinite induction by making an auxiliary definition: we introduce the set -- $descs_thryvar(s)$ of those $x$ which either belong to $s$ or are -- descendants of elements of $s$ (i.e., children of $s$, children of children of $s$, and so on recursively). -- The construction of $descs_thryvar(s)$ will proceed in stages; as a preliminary, in fact, we define the -- sets $descs_x(s,le)$ of all nodes that are reachable from $s$ through paths of given 'length' $le$. -- In an intuitive discussion, we think that the length of a path is a natural number; -- but, as we do not own from the outset the set of all natural numbers, we exploit the basic infinite set -- $s_inf$ as a convenient surrogate of this set. -- Def reachability.0: [Recursively defined iterated children] descs_x(S,X) := if X = arb(s_inf) then S else {u: w in arb({descs_x(S,y): y in X | (y in s_inf)}), u in children(w) } end if -- -- Explanation: -- We know that $s_inf$ is a nonnull set satisfying the property that ${X} in s_inf$ follows from $X in s_inf$. -- Hence $arb(s_inf)=a$ and ${a}$, ${{a}}$,... are members of $s_inf$; and since each of them belongs to its immediate -- follower and membership does not form cycles (as one can deduce from regularity), they differ from one another -- and hence their supply is infinite. As natural numers have not been introduced yet, we can exploit $a$ -- in the role of 0, ${a}$ in the role of 1, ${{a}}$ of 2, etc. We have defined $descs_x(S,Le)$ in such a way -- that when $Le$ varies over $a$, ${a}$, ${{a}}$,... the sets $descs_x(S,Le)$ come to form a sequence -- $descs_x(S,a)$, $descs_x(S,{a})$, $descs_x(S,{{a}})$,... whose first component is $S$ and hence is formed -- by the same elements as $S$, the second is formed by the children of elements of $S$, the third by the -- children of children of $S$, and so on. At the end, by forming the union of all components of this sequence -- (see our next definition), we obtain the set $S$ of all nodes reachable from $S$ along paths formed by arcs -- of the system. -- Def reachability.1: [Ultimate descendants of a node] descs_thryvar(S) := {u: i in s_inf, u in descs_x(S,i)} -- -- The set just defined includes $s$; moreover, we will show that it is transitively closed under membership. -- First we need the following simple lemma: -- Theorem reachability.2: [Descendants indexed by the singletons in the basic infinite set] (X in s_inf) ¥imp (descs_x(S,{X}) = {u: w in descs_x(S,X), u in children(w)}). Proof: Suppose_not(x,s) ==> AUTO -- -- Since $x in s_inf$, ${x} /= arb(s_inf)$, -- and so $descs_x(s,{x}) = {u: v in arb({descs_x(s,y): y in {x}}), u in children({x})}$ by definition. -- Use_def(descs_x) ==> descs_x(s,{x}) = if {x} = arb(s_inf) then s else {u: w in arb({descs_x(s,y): y in {x} | (y in s_inf)}), u in children(w)} end if s_inf-->T0(*) ==> descs_x(s,{x}) = {u: w in arb({descs_x(s,y): y in {x} | (y in s_inf)}), u in children(w)} EQUAL ==> Stat1: {u: w in arb({descs_x(s,y): y in {x} | (y in s_inf)}), u in children(w)} /= {u: w in descs_x(s,x), u in children(w)} -- -- The left-hand side of this inequality reduces to ${u: w in descs_x(s,x), u in children(w)}$, -- which contradicts the initial hypothesis, and so proves our lemma. -- Suppose ==> Stat2: {descs_x(s,y): y in {x} | (y in s_inf)} /= {descs_x(s,x)} Set_monot ==> {descs_x(s,y): y in {x} | (y in s_inf)} ¥incin {descs_x(s,y): y in {x}} SIMPLF ==> {descs_x(s,y): y in {x}} = {descs_x(s,x)} (Stat2*)ELEM ==> Stat3: descs_x(s,x) notin {descs_x(s,y): y in {x} | (y in s_inf)} x-->Stat3(*) ==> false Discharge ==> {descs_x(s,y): y in {x} | (y in s_inf)} = {descs_x(s,x)} ({descs_x(s,x)})-->T0(*) ==> arb({descs_x(s,x)}) = descs_x(s,x) EQUAL(Stat1) ==> false Discharge ==> QED -- -- Now we can prove, for any set $s$, that $descs_thryvar(s)$ includes $s$ and is $E$-transitive. -- Theorem reachability.3: [Stepwise reachability] (S ¥incin descs_thryvar(S)) & (((X in descs_thryvar(S)) & V(X) & V(Y) & E(X,Y)) ¥imp (Y in descs_thryvar(S))). Proof: Suppose_not(s,x,y) ==> AUTO -- -- Arguing by contradiction, we must consider the following alternative: -- (x,y)-->Treachability.1 ==> ((s ¥nincin descs_thryvar(s)) or ((x in descs_thryvar(s)) & (y in children(x)) & (y notin descs_thryvar(s)))) -- -- The first of these cases is impossible, since an $xx$ in $s$ but not in $descs_thryvar(s)$ could not be in any -- of the sets $descs_x(s,v)$ where $v$ belongs to $s_inf$, contradicting the fact that $arb(s_inf)$ -- belongs to $s_inf$, while $descs_x(s,arb(s_inf)) = s$. -- Hence we need only consider the second case. -- Suppose ==> Stat1: s ¥nincin descs_thryvar(s) xx-->Stat1 ==> (xx in s) & (xx notin descs_thryvar(s)) Use_def(descs_thryvar) ==> Stat2: xx notin {y: v in s_inf, y in descs_x(s,v)} s_inf-->T0(*) ==> AUTO (arb(s_inf))-->T00(*) ==> arb(s_inf) in s_inf (arb(s_inf),xx)-->Stat2 ==> xx notin descs_x(s,arb(s_inf)) Use_def(descs_x) ==> descs_x(s,arb(s_inf)) = s (Stat1*)Discharge ==> Stat4: (x in descs_thryvar(s)) & (y in children(x)) & (y notin descs_thryvar(s)) -- -- But in this case there must exist some $d$ in $s_inf$ such that $x$ in $descs_x(s,d)$, -- and then $descs_x(s,{d}) = {w: v in descs_x(s,d), w in v}$ must have $y$ as a member. -- Since ${d}$ is a member of $s_inf$, this contradicts the fact that $y notin descs_thryvar(s)$, -- and so proves our theorem. -- Use_def(descs_thryvar) ==> Stat5: x in {w: v in s_inf, w in descs_x(S,v)} (d,w)-->Stat5 ==> Stat6: (d in s_inf) & (x in descs_x(s,d)) d-->T00 ==> {d} in s_inf Use_def(descs_thryvar) ==> Stat7: y notin {w: v in s_inf, w in descs_x(s,v)} ({d},y)-->Stat7 ==> y notin descs_x(s,{d}) (d,s)-->Treachability.2 ==> Stat8: y notin {u: w in descs_x(s,d), u in children(w)} (x,y)-->Stat8(Stat8,Stat6*) ==> Stat9: y notin children(x) (x,y)-->Treachability.1 ==> false Discharge ==> QED -- -- Transitivity of the reachability relation is proved next: if $Y$ is reachable from $X$ and $Z$ is reachable from $Y$, -- then $Z$ is reachable from $X$. -- Theorem reachability.4: [Transitivity of reachability] ((Y in descs_thryvar({X})) & (Z in descs_thryvar({Y}))) ¥imp (Z in descs_thryvar({X})). Proof: Suppose_not(y0,x,z) ==> AUTO -- -- Assume that $y0$ is reachable from ${x}$ and that $z$ is reachable from ${y0}$; however, -- to start an argument by contradiction, assume that $z$ is unreachable from ${x}$. -- Suppose ==> {s in s_inf | descs_x({y0},s) ¥nincin descs_thryvar({x})} = 0 -- -- It follows from the definition of the set $descs_thryvar({y0})$ of all sets reachable from ${y0}$ -- that at least one of the layers $descs_x({y0},i)$ (with $i in s_inf$) which compose -- $descs_thryvar({y0})$ has an element that is unreachable from ${x}$. -- Use_def(descs_thryvar({y0})) ==> AUTO ELEM ==> Stat1: (z in {u: i in s_inf, u in descs_x({y0},i)}) & (z notin descs_thryvar({x})) (i,u)-->Stat1 ==> (i in s_inf) & (z in descs_x({y0},i)) & Stat2: (i notin {s in s_inf | descs_x({y0},s) ¥nincin descs_thryvar({x})}) i-->Stat2(Stat1*) ==> false Discharge ==> AUTO -- -- So we can pick $s0 in s_inf$ in such a way that $descs_x({y0},s0) ¥nincin descs_thryvar({x})$ whereas -- $descs_x({y0},s) ¥incin descs_thryvar({x})$ holds for all $s in (s0 * s_inf)$. -- Loc_def ==> s0 = arb({s in s_inf | descs_x({y0},s) ¥nincin descs_thryvar({x})}) ({s in s_inf | descs_x({y0},s) ¥nincin descs_thryvar({x})})-->T0(*) ==> Stat3: (s0 in {s in s_inf | descs_x({y0},s) ¥nincin descs_thryvar({x})}) & (s0 * {s in s_inf | descs_x({y0},s) ¥nincin descs_thryvar({x})} = 0) ()-->Stat3(*) ==> Stat4: (descs_x({y0},s0) ¥nincin descs_thryvar({x})) & (s0 in s_inf) & (y0 in descs_thryvar({x})) -- -- The selected $s0$ cannot coincide with $arb(s_inf)$, because $descs_x({y0},arb(s_inf)) = {y0}$, whose -- only element we have assumed to be reachable from ${x}$. -- Use_def(descs_x({y0},s0)) ==> AUTO Suppose ==> s0 = arb(s_inf) (Stat4*)ELEM ==> descs_x({y0},s0) = {y0} (Stat4*)Discharge ==> descs_x({y0},s0) = {u: w in arb({descs_x({y0},y): y in s0 | (y in s_inf)}), u in children(w)} -- -- But then, observe that the expression $arb({descs_x({y0},y): y in s0 | (y in s_inf)})$ occurring in the -- specification of $descs_x({y0},s0)$ designates a set of the form $a = descs_x({y0},s1)$, with $s1 in (s0 * s_inf)$. -- There must exist a child $u0$ of an element $w0$ of this set that is unreachable from ${x}$. -- u0-->Stat4(Stat4*) ==> Stat5: (u0 in {u: w in arb({descs_x({y0},y): y in s0 | (y in s_inf)}), u in children(w) }) & (u0 notin descs_thryvar({x})) (w0,u1)-->Stat5(Stat5*) ==> Stat6: (w0 in arb({descs_x({y0},y): y in s0 | (y in s_inf)})) & (u0 in children(w0)) Loc_def ==> Stat7: a = arb({descs_x({y0},y): y in s0 | (y in s_inf)}) ({descs_x({y0},y): y in s0 | (y in s_inf)})-->T0(Stat5*) ==> Stat8: a in {descs_x({y0},y): y in s0 | (y in s_inf)} s1-->Stat8(Stat6,Stat7,Stat3*) ==> Stat9: (s1 notin {s in s_inf | descs_x({y0},s) ¥nincin descs_thryvar({x})}) & (s1 in s0) & (s1 in s_inf) & (w0 in descs_x({y0},s1)) -- -- By the minimality of $s0$, it turns out that $descs_x({y0},s1) ¥incin descs_thryvar({x})$, -- and therefore $w0 in descs_x({x0})$, holds. But then every child of $w0$, including $u0$, -- must belong to $descs_thryvar({x})$, as we know from Theorem reachability.1 -- that the children of any $w$ are the nodes directly accessible from $w$,... -- s1-->Stat9(Stat5,Stat6*) ==> Stat10: w0 in descs_thryvar({x}) (w0,u0)-->Treachability.1 ==> E(w0,u0) & V(w0) & V(u0) -- -- ...and this, with the aid of the previous Theorem reachability.3, leads us to a fact, -- $u0 in descs_thryvar({x})$, which blatantly conflicts with a fact established earlier. -- ({x},w0,u0)-->Treachability.3 ==> AUTO -- -- This contradiction gives us the desired conclusion. -- (Stat5*)Discharge ==> QED -- -- Then we show that the set of all descendants of a set $s$ is inclusion-minimal among all sets -- that include $s$ and are closed relative to the children-formation operation. -- Theorem reachability.5: [Minimality of the reachability set] ((S ¥incin T) & (FORALL x,y | ((x in T) & E(x,y) & V(x) & V(y)) ¥imp (y in T))) ¥imp (descs_thryvar(S) ¥incin T). Proof: Suppose_not(s,t) ==> Stat1: (FORALL x,y | ((x in t) & E(x,y) & V(x) & V(y)) ¥imp (y in t)) & (s ¥incin t) & (descs_thryvar(s) ¥nincin t) -- -- Assume that $s ¥incin t$ and that every node which is directly accessible from a node -- in $t$ belongs to $t$; however, to start an argument by contradiction, assume that -- not all sets reachable from $s$ are in $t$. -- Use_def(descs_thryvar(s)) ==> AUTO (Stat1*)ELEM ==> Stat2: {u: i in s_inf, u in descs_x(s,i)} ¥nincin t -- -- It follows from the definition of the set $descs_thryvar(s)$ of the descendants of $s$, -- that at least one of the layers $descs_x(s,i)$ (with $i in s_inf$) -- which compose $descs_thryvar(s)$ is not included in $t$. -- Suppose ==> Stat3: {i in s_inf | descs_x(s,i) ¥nincin t} = 0 u0-->Stat2(Stat2*) ==> Stat4: (u0 in {u: i in s_inf, u in descs_x(s,i)}) & (u0 notin t) (i,u)-->Stat4(Stat4*) ==> (i in s_inf) & (descs_x(s,i) ¥nincin t) i-->Stat3(Stat3*) ==> false Discharge ==> AUTO -- -- So we can pick $i0 in s_inf$ in such a way that $descs_x(s,i0) ¥nincin t$ whereas -- $descs_x(s,i) ¥incin t$ holds for all $i in (i0 * s_inf)$. -- Loc_def ==> i0 = arb({i in s_inf | descs_x(s,i) ¥nincin t}) ({i in s_inf | descs_x(s,i) ¥nincin t})-->T0(*) ==> Stat5: (i0 in {i in s_inf | descs_x(s,i) ¥nincin t}) & (i0 * {i in s_inf | descs_x(s,i) ¥nincin t} = 0) ()-->Stat5(Stat5*) ==> Stat6: (i0 in s_inf) & (descs_x(s,i0) ¥nincin t) Use_def(descs_x(s,i0)) ==> AUTO -- -- The selected $i0$ cannot coincide with $arb(s_inf)$, because $descs_x(s,arb(s_inf)) = s$, which -- we have assumed to be included in $t$. -- Suppose ==> i0 = arb(s_inf) (Stat6*)ELEM ==> Stat7: descs_x(s,i0) = s (Stat7,Stat6,Stat1*)Discharge ==> Stat8: {u: w in arb({descs_x(s,y): y in i0 | (y in s_inf)}), u in children(w)} ¥nincin t -- -- But then, observe that the expression $arb({descs_x(s,y): y in i0 | (y in s_inf)})$ occurring in the -- specification of $descs_x(s,i0)$ designates a set of the form $a = descs_x(s,i1)$, with $i1 in (i0 * s_inf)$. -- There must exist a child $u1$ of an element $w0$ of this set that does not belong to $t$. -- u1-->Stat8(Stat8*) ==> Stat9: (u1 in {u: w in arb({descs_x(s,y): y in i0 | (y in s_inf)}), u in children(w)}) & (u1 notin t) (w0,u2)-->Stat9(Stat9*) ==> (w0 in arb({descs_x(s,y): y in i0 | (y in s_inf)})) & (u1 in children(w0)) Loc_def ==> a = arb({descs_x(s,y): y in i0 | (y in s_inf)}) ({descs_x(s,y): y in i0 | (y in s_inf)})-->T0(Stat9*) ==> Stat10: a in {descs_x(s,y): y in i0 | (y in s_inf)} i1-->Stat10(Stat9*) ==> Stat11: (i1 in i0) & (i1 in s_inf) & (w0 in descs_x(s,i1)) -- -- By the minimality of $i0$, it turns out that $descs_x(s,i1) ¥incin t$, and therefore $w0 in t$, holds. -- But then every child of $w0$, including $u1$, must belong to $t$, as we know from Theorem reachability.1 -- that the children of any $w$ are the nodes directly accessible from $w$,... -- (Stat11,Stat5*)ELEM ==> Stat12: i1 notin {i in s_inf | descs_x(s,i) ¥nincin t} i1-->Stat12(Stat11*) ==> w0 in t (w0,u1)-->Treachability.1 ==> E(w0,u1) & V(w0) & V(u1) -- -- ...and we have initially assumed that nodes directly accessible from $t$ belong to $t$. -- This leads us into a contradiction, which gives us the desired conclusion. -- (w0,u1)-->Stat1(Stat9*) ==> false; Discharge ==> QED -- ENTER_THEORY Set_theory -- -- DISPLAY reachability -- -- THEORY reachability(V(X),E(X,Y)) -- (FORALL x | V(x) ¥imp (EXISTS c | (FORALL y | (E(x,y) & V(y)) ¥imp (y in c)))) -- ==>(descs_thryvar) -- (FORALL s,x,y | (s ¥incin descs_thryvar(s)) & (((x in descs_thryvar(s)) & V(x) & V(y) & E(x,y)) ¥imp (y in descs_thryvar(s)))) -- (FORALL y,x,z | ((y in descs_thryvar({x})) & (z in descs_thryvar({y}))) ¥imp (z in descs_thryvar({x}))) -- (FORALL s,t | ((s ¥incin t) & (FORALL x,y | ((x in t) & E(x,y) & V(x) & V(y)) ¥imp (y in t))) ¥imp (descs_thryvar(s) ¥incin t)) -- END reachability; -- -- -- \section{Basic laws on the power-set global operation} -- Def pow: [Family of all subsets of a given set] pow(S) := { x : x ¥incin S } -- -- -- Our next theorem characterizes the powerset formation operation in -- more usable terms than the very definition of this construct. It also -- proves that no set can equal is own powerset (else it should belong to itself, -- against the acyclicity of membership). -- Theorem 1: [Characterization of powerset; also: no set equals its own powerset] ((X incs Y) ¥eq (Y in pow(X))) & (X /= pow(X)). Proof: Suppose_not(x0,y0) ==> AUTO -- -- We begin by excluding the possibility that $x0 = pow(x0)$: -- Use_def(pow(x0)) ==> AUTO Suppose ==> x0 = pow(x0) ELEM ==> Stat0: x0 notin {y: y ¥incin x0} x0-->Stat0 ==> false; Discharge ==> AUTO -- -- Arguing by contradiction, if $x0,y0$ constituted a counterexample, -- then either one of the literals $x0 incs y0$ and $y0 in {y: y ¥incin x0}$ -- would be true and the other one would be false. -- EQUAL ==> Stat1: (x0 incs y0) ¥neq (y0 in {y: y ¥incin x0}) -- -- If it is the second that is true then, via a substitution in the setformer, -- we would contradict the falsity of the first. -- Suppose ==> Stat2: y0 in {y: y ¥incin x0} y1-->Stat2(Stat1*) ==> false; Discharge ==> Stat3: y0 notin {y: y ¥incin x0} -- -- But then the literals $x0 incs y0$ and $y0 notin {y: y ¥incin x0}$ should hold together, -- which gives us a contradiction if we replace the bounded variable $y$ of the setformer -- by $y0$. -- y0-->Stat3(Stat1*) ==>false Discharge ==> QED -- -- \section{Basic laws on the union-set global operation} -- Def unionset: [Family of all members of members of a set] Un(X) := {u: v in X, u in v} -- -- -- We show here that the union set of a set $s$ is the set-theoretic 'least upper bound' of all its elements, i.e. -- the smallest set which includes all these elements. -- Theorem 2: [Union set as an upper bound] ((X in S) ¥imp (X ¥incin Un(S))) & ((FORALL y in S | y ¥incin X) ¥imp (Un(S) ¥incin X)). Proof: Suppose_not(t,s) ==> ((t ¥nincin Un(s)) & (t in s)) or ((FORALL y in s | y ¥incin t) & (Un(s) ¥nincin t)) -- -- For if not, one of the two clauses of our theorem must be false. By definition of '$Un$', this -- cannot be the first clause, so it must be the second. -- Use_def(Un(s)) ==> AUTO Suppose ==> Stat1: (t ¥nincin Un(s)) & (t in s) c-->Stat1 ==> Stat2: (c notin {z: y in s, z in y}) & (c in t) (t,c)-->Stat2 ==> false; Discharge ==> Stat3: (Un(s) ¥nincin t) & (FORALL y in s | y ¥incin t) -- -- But a second use of the definition of '$Un$' shows that this case is also impossible, proving our theorem. -- d-->Stat3 ==> Stat4: (d in {z: y in s, z in y}) & (FORALL y in s | y ¥incin t) & (d notin t) (b,a,b)-->Stat4 ==> false; Discharge ==> QED -- THEORY imageOfDoubleton(f(X),x0,x1) END imageOfDoubleton -- ENTER_THEORY imageOfDoubleton -- Theorem imageOfDoubleton: [The image of a doubleton is either a doubleton or a singleton] ({f(v): v in 0 } = 0) & ({f(v): v in {x0} } = {f(x0)}) & ({f(v): v in {x0,x1} } = {f(x0),f(x1)}). Proof: Suppose_not() ==> AUTO -- -- Ref has the built-in ability to reduce ${f(v): v in 0}$ to $0$ and ${f(v): v in {x0}}$ to ${f(x0)}$; -- hence we are left with only the doubleton to consider. Let $c$ belong to one of -- ${f(v): v in {x0,x1}}$ and ${f(x0),f(x1)}$ but not the other. After excluding, through -- variable-substitution, the case $c notin {f(v): v in {x0,x1}}$, we easily discard both possibilities -- $c=f(x0)$ and $c=f(x1)$, through variable-substitution and equality propagation. -- SIMPLF ==> Stat1: {f(v): v in {x0,x1} } /= {f(x0),f(x1)} c-->Stat1 ==> (c in {f(v): v in {x0,x1}}) ¥neq (c in {f(x0),f(x1)}) Suppose ==> Stat2: (c notin {f(v): v in {x0,x1}}) & (c notin {f(v): v in {x0,x1}}) (x0,x1)-->Stat2 ==> AUTO Discharge ==> Stat3: (c in {f(v): v in {x0,x1}}) & (c notin {f(x0),f(x1)}) xp-->Stat3 ==> (xp in {x0,x1}) & (f(xp) /= f(x0)) & (f(xp) /= f(x1)) Suppose ==> xp = x0 EQUAL ==> false Discharge ==> xp = x1 EQUAL ==> false Discharge ==> QED -- ENTER_THEORY Set_theory -- -- DISPLAY imageOfDoubleton -- -- THEORY imageOfDoubleton(f(X),x0,x1) -- ({f(v): v in 0 } = 0) & ({f(v): v in {x0} } = {f(x0)}) & ({f(v): v in {x0,x1} } = {f(x0),f(x1)}) -- END imageOfDoubleton -- Theorem 2a: [Union of `elementary sets'] (Z = {X,Y}) ¥imp (Un(Z) = (X + Y)). Proof: Suppose_not(z0,x0,y0) ==> Stat0: (z0 = {x0,y0}) & (Un(z0) /= (x0 + y0)) -- -- Under the assumption that $(z0 = {x0,y0}) & (Un(z0) /= (x0 + y0))$ can hold, two citations -- of Theorem 2 enable us to get $x0 ¥incin Un(z0)$ and $y0 ¥incin Un(z0)$ from $z0={x0,y0}$. -- (x0,z0)-->T2 ==> AUTO (y0,z0)-->T2 ==> AUTO -- -- A third citation of the same Theorem 2 enables us to derive from $Un(z0) /= (x0 + y0)$ that -- some element of $z0={x0,y0}$ is not included in $x0+y0$, which is manifestly absurd. -- (x0+y0,z0)-->T2(Stat0*) ==> Stat1: not(FORALL y in z0 | y ¥incin (x0+y0)) v-->Stat1(Stat0,Stat0*) ==> (v in {x0,y0}) & (v ¥nincin (x0+y0)) (Stat1*)Discharge ==> QED -- Theorem 2b: [Union of union] Un(Un(X)) = Un({Un(y): y in X}). Proof: Suppose_not(x0) ==> AUTO Use_def(Un) ==> {z: y in {u: v in x0, u in v}, z in y} /= {s: r in {Un(y): y in x0}, s in r} SIMPLF ==> Stat1: {z: v in x0, u in v, z in u} /= {s: y in x0, s in Un(y)} z0-->Stat1 ==> AUTO Suppose ==> Stat3: (z0 in {z: v in x0, u in v, z in u}) & (z0 notin {s: y in x0, s in Un(y)}) Use_def(Un(v0)) ==> AUTO (v0,u0,z,v0,z0)-->Stat3(Stat1*) ==> Stat4: (z0 notin {z: u in v0, z in u}) & (v0 in x0) & (u0 in v0) & (z0 in u0) (u0,z0)-->Stat4(Stat4*) ==> false Discharge ==> Stat5: (z0 in {s: y in x0, s in Un(y)}) & Stat6: (z0 notin {z: v in x0, u in v, z in u}) Use_def(Un(y0)) ==> AUTO (y0,s0)-->Stat5(Stat5*) ==> Stat7: (z0 in {s: u in y0, s in u}) & (y0 in x0) (u1,s1)-->Stat7(Stat7*) ==> (z0 in u1) & (u1 in y0) (y0,u1,z0)-->Stat6(Stat7*) ==> false Discharge ==> QED -- Theorem 2c: [Additivity of monadic union] Un(X + Y) = (Un(X) + Un(Y)). Proof: Suppose_not(x0,y0) ==> AUTO {x0,y0}-->T2b ==> Un(Un({x0,y0})) = Un({Un(v): v in {x0,y0}}) APPLY() imageOfDoubleton(f(X)->Un(X),x0->x0,x1->y0) ==> {Un(v): v in {x0,y0}} = {Un(x0),Un(y0)} ({x0,y0},x0,y0)-->T2a ==> Un({x0,y0}) = (x0 + y0) ({Un(x0),Un(y0)},Un(x0),Un(y0))-->T2a ==> Un({Un(x0),Un(y0)}) = (Un(x0) + Un(y0)) EQUAL ==> false Discharge ==> QED -- Theorem 2d: [Monotonicity of monadic union] (X ¥incin Y) ¥imp (Un(X) ¥incin Un(Y)). Proof: Suppose_not(x0,y0) ==> (y0 = (x0 + y0)) & (Un(x0) ¥nincin Un(y0)) (x0,y0)-->T2c ==> AUTO EQUAL ==> Un(y0) = Un(x0) + Un(y0) Discharge ==> QED -- -- The statement of the following technical lemma may look unreasonably 'twisted'; -- however, this will offer the reward of versatility; in fact, by simple citation, this -- statement can be declined in at least three ways: -- $Un(X + {Y}) = (Y + Un(X))$, -- $(Y in Z) ¥imp (Un(Z) = (Y + Un(Z - {Y})))$, -- $(Z /= 0) ¥imp (Un(Z) = (arb(Z) + Un(Z - {arb(Z)})))$. -- Theorem 2q: [Union of union, 2] ((Y in Z) & (X in {Z, Z - {Y}})) ¥imp (Un(Z) = (Y + Un(X))). Proof: Suppose_not(y0,z0,x0) ==> AUTO ELEM ==> z0 = x0 + {y0} EQUAL ==> Un(x0 + {y0}) /= (y0 + Un(x0)) ({y0},y0,y0)-->T2a ==> AUTO (x0,{y0})-->T2c ==> false Discharge ==> QED -- -- An alternative, self-contained proof of the following theorem, which is the proof actually shown -- in the proof-pearl paper, is saved after the line "--END HERE" marking at the end of this scenario. -- Theorem 2e: [Union of adjunction] Un(X + {Y}) = (Y + Un(X)). Proof: Suppose_not(x0,y0) ==> AUTO (y0,x0+{y0},x0)-->T2q(*) ==> false Discharge ==> QED -- Theorem 2f: (Z /= 0) ¥imp (Un(Z) = (arb(Z) + Un(Z - {arb(Z)}))). Proof: Suppose_not(z0) ==> AUTO (arb(z0),z0,z0 - {arb(z0)})-->T2q ==> false Discharge ==> QED -- Theorem 2g: ((Y in Z) ¥imp (Un(Z) = (Y + Un(Z - {Y})))). Proof: Suppose_not(x0,z0) ==> AUTO (x0,z0,z0 - {x0})-->T2q(*) ==> false Discharge ==> QED -- Theorem 2h: [Union of singleton] Un({X}) = X. Proof: Suppose_not(x0) ==> AUTO ({x0},x0,x0)-->T2a ==> false Discharge ==> QED -- Theorem 2i: [Distributivity of intersection over union] Un({ X * z : z in Y }) = (X * Un(Y)). Proof: Suppose_not(x0,y0) ==> Stat0: AUTO c1-->Stat0 ==> (c1 in Un({ x0 * z : z in y0 })) ¥neq (c1 in (x0 * Un(y0))) Use_def(Un({ x0 * z : z in y0 })) ==> AUTO SIMPLF ==> Un({ x0 * z : z in y0 }) = { w: z in y0, w in (x0 * z) } Use_def(Un(y0)) ==> AUTO Suppose ==> Stat1: (c1 in { w: z in y0, w in (x0 * z) }) & (c1 notin (x0 * Un(y0))) (z1,w)-->Stat1 ==> (c1 in (x0 * z1)) & (z1 in y0) & Stat3: (c1 notin { w: y in y0, w in y }) (z1,c1) --> Stat3 ==> false Discharge ==> Stat5: (c1 in { w: y in y0, w in y }) & (c1 in x0) & (c1 notin Un({x0 * z : z in y0 })) (y2,c)-->Stat5 ==> (c1 in x0) & (c1 in y2) & (y2 in y0) & Stat6: (c1 notin { w: z in y0, w in (x0 * z) }) (y2,c1) --> Stat6 ==> false Discharge ==> QED -- -- -- \section{Transitive sets} -- -- Theorem unionset1: [Unionsets of near-equal sets are equal] (Un(0) = 0) & (Un(X+{0}) = Un(X)) & (Un(X-{0}) = Un(X)). Proof: Suppose_not(x0) ==> AUTO -- -- Suppose at least one of the three conjuncts is false. -- Which one? The first? No: if we suppose this, -- we readily get into a contradiction. -- Suppose ==> Un(0) /= 0 Use_def(Un) ==> Stat0: arb(Un(0)) in {u: v in 0, u in v} (v,u)-->Stat0 ==> false Discharge ==> AUTO -- -- With equal ease, we get a contradiction by negating either one of the other two conjuncts: -- Suppose ==> Un(x0+{0}) /= Un(x0) Use_def(Un)(Stat1) ==> Stat1: {u: v in (x0+{0}), u in v} /= {u: v in x0, u in v} Set_monot ==> {u: v in x0, u in v} ¥incin {u: v in (x0+{0}), u in v} a-->Stat1 ==> Stat2: (a in {u: v in (x0+{0}), u in v}) & (a notin {u: v in x0, u in v}) (v0,u0,v0,u0)-->Stat2 ==> false; Discharge ==> Stat3: Un(x0-{0}) /= Un(x0) Use_def(Un)(Stat3) ==> Stat4: {u: v in (x0-{0}), u in v} /= {u: v in x0, u in v} Set_monot ==> {u: v in x0-{0}, u in v} ¥incin {u: v in x0, u in v} e-->Stat4(Stat3*) ==> Stat5: (e in {u: v in x0, u in v}) & (e notin {u: v in (x0-{0}), u in v}) (v1,u1,v1,u1)-->Stat5 ==> false Discharge ==> QED -- Theorem unionset2: [Quasi-transitive sets have a transitive union-set] (Un(X) ¥incin (X+{0})) ¥imp (Un(Un(X)) ¥incin Un(X)). Proof: Suppose_not(x0) ==> AUTO x0-->Tunionset1 ==> (Un(x0) ¥incin (x0+{0})) & (Un(Un(x0)) ¥nincin Un(x0 + {0})) Use_def(Un) ==> Stat1: {u: v in Un(x0), u in v} ¥nincin {u: v in (x0 + {0}), u in v} c-->Stat1 ==> Stat2: (c in {u: v in Un(x0), u in v}) & (c notin {u: v in (x0 + {0}), u in v}) (v1,u1,v1,u1)-->Stat2 ==> false Discharge ==> QED -- Theorem unionset3: [0 belongs to the unionset of any nontrivial near-transitive set] ((X ¥nincin {0}) & (Un(X) ¥incin (X+{0}))) ¥imp (0 in Un(X)). Proof: Suppose_not(x0) ==> AUTO -- -- For, supposing that $x0$ exemplifies the contrary and taking $a=arb(x0-{0})$, we would have $a in x0$, $b in a$ for some $b$, and $a * (x0-{0}) = 0$. -- But then $b notin Un(x0)$, for otherwise we would have $b in (x0+{0})$ and hence $b=0$, whereas we have assumed that $0 notin Un(x0)$. -- Taking the definition of $Un(x0)$ into account, we fall into a contradiction, as desired, because $(b in a) & (a in x0)$ yields $b in x0$. -- Loc_def ==> a = arb(x0-{0}) ELEM ==> Stat1: (a /= 0) & (0 notin Un(x0)) & (a in x0) & (a * (x0-{0}) = 0) & (Un(x0) ¥incin (x0+{0})) Use_def(Un(x0)) ==> AUTO b-->Stat1(Stat1) ==> Stat2: (b notin {u: v in x0, u in v}) & (b in a) (a,b)-->Stat2(Stat1) ==> false Discharge ==> QED -- Theorem unionset4: [0 and 1 are transitive and 0 belongs to every non-null transitive set] ((Un(X) ¥incin X) ¥imp ((X = 0) or (0 in X))) & ((X ¥incin {0}) ¥imp (Un(X) = 0)). Proof: Suppose_not(x0) ==> AUTO Suppose ==> (x0 ¥incin {0}) & (Un(x0) /= 0) 0-->Tunionset1 ==> (Un(0) = 0) & (Un(0+{0}) = Un(0)) Suppose ==> x0 = 0 EQUAL ==> false; Discharge ==> (x0 = {0}) & (0+{0} = {0}) EQUAL ==> false; Discharge ==> AUTO x0-->Tunionset3 ==> false Discharge ==> QED -- THEORY allUn(s0,P(X),Q(Y)) (FORALL x in s0 | P(x)) (not P(Un(s0))) END allUn -- ENTER_THEORY allUn -- Def allUn: allUn_thryvar := arb( {x in s0+{Un(s0)} | P(x) ¥neq (FORALL y in x | Q(y)) } ) -- Theorem allUn0: (P(allUn_thryvar) ¥neq (FORALL y in allUn_thryvar | Q(y))). Proof: Suppose_not() ==> AUTO Suppose ==> Stat1: allUn_thryvar in { x in s0+{Un(s0)} | P(x) ¥neq (FORALL y in x | Q(y)) } ()-->Stat1 ==> false; Discharge ==> AUTO Use_def(allUn_thryvar) ==> Stat2: { x in s0+{Un(s0)} | P(x) ¥neq (FORALL y in x | Q(y)) } = 0 Assump ==> Stat3: (FORALL x in s0 | P(x)) & (not P(Un(s0))) (Un(s0))-->Stat2 ==> Stat4: not(FORALL y in Un(s0) | Q(y)) Use_def(Un(s0)) ==> AUTO y0-->Stat4 ==> Stat5: (y0 in {u: v in s0, u in v}) & (not Q(y0)) (v0,u0)-->Stat5 ==> (v0 in s0) & (y0 in v0) v0-->Stat3 ==> P(v0) v0-->Stat2 ==> Stat6: (FORALL y in v0 | Q(y)) y0-->Stat6 ==> false Discharge ==> QED -- Theorem allUn1: (allUn_thryvar notin s0+{0}) ¥imp (FORALL y in Un(s0) | Q(y)). Proof: Suppose_not() ==> AUTO Suppose ==> Stat1: allUn_thryvar notin { x in s0+{Un(s0)} | P(x) ¥neq (FORALL y in x | Q(y)) } Use_def(allUn_thryvar) ==> false Discharge ==> Stat3: allUn_thryvar in { x in s0+{Un(s0)} | P(x) ¥neq (FORALL y in x | Q(y)) } ()-->Stat3 ==> (allUn_thryvar = Un(s0)) & (P(allUn_thryvar) ¥neq (FORALL y in allUn_thryvar | Q(y))) EQUAL ==> P(Un(s0)) ¥neq (FORALL y in Un(s0) | Q(y)) Assump ==> (not P(Un(s0))) Discharge ==> QED -- ENTER_THEORY Set_theory -- -- DISPLAY allUn -- -- THEORY allUn(s0,P(X),Q(Y)) -- (FORALL x in s0 | P(x)) -- (not P(Un(s0))) -- ==>(allUn_thryvar) -- P(allUn_thryvar) ¥neq (FORALL y in allUn_thryvar | Q(y)) -- (allUn_thryvar notin s0+{0}) ¥imp (FORALL y in Un(s0) | Q(y)) -- END allUn -- Def transitivity: [Transitive, aka full, set] Trans(T) := {y in T | y ¥nincin T} = 0 -- Theorem 3: [Alternative characterization of a transitive set] Trans(T) ¥imp ((T ¥incin pow(T)) & ((X in T) ¥imp (X ¥incin T))). Proof: Suppose_not(t0,x0) ==> AUTO Use_def(Trans) ==> Stat1: ({y in t0 | y ¥nincin t0} = 0) & ((t0 ¥nincin pow(t0)) or ((x0 in t0) ¥imp (x0 ¥nincin t0))) Suppose ==> Stat2: t0 ¥nincin pow(t0) e-->Stat2 ==> (e notin pow(t0)) & (e in t0) e-->Stat1 ==> e ¥incin t0 (t0,e)-->T1 ==> false; Discharge ==> (x0 in t0) & (x0 ¥nincin t0) x0-->Stat1(Stat1*) ==> AUTO Discharge ==> QED -- Theorem 3a: [The unionset of a transitive set is included in it] Trans(T) ¥eq (T incs Un(T)). Proof: Suppose_not(t) ==> AUTO Use_def(Un(t)) ==> AUTO Use_def(Trans(t)) ==> AUTO Suppose ==> Stat1: (t ¥nincs Un(t)) & Trans(t) c-->Stat1(*) ==> Stat2: (c in {u: v in t, u in v}) & ({y in t | y ¥nincin t} = 0) & (c notin t) (v,u,v)-->Stat2(Stat2*) ==> false Discharge ==> Stat3: ({y in t | y ¥nincin t} /= 0) & (t incs {u: v in t, u in v}) Loc_def ==> a = arb(d - t) d-->Stat3(Stat3) ==> Stat4: (a notin {u: v in t, u in v}) & (d in t) & (a in d) & (a notin t) (d,a)-->Stat4(Stat4*) ==> false Discharge ==> QED -- Theorem 3b: [Incomparable elements $x,z$ of a transitive set $t$ are subsets of $t-{x,z}$] (Trans(T) & (X in T) & (Z in T) & (X notin Z) & (Z notin X)) ¥imp (X ¥incin (T-{X,Z})). Proof: Suppose_not(t,x,z) ==> AUTO t-->T3a ==> Stat1: (t = (t+{z})+{x}) & (not (Un(t) incs x + (z + Un(t)))) (t+{z},x)-->T2e ==> AUTO (t,z)-->T2e ==> AUTO EQUAL(Stat1) ==> false Discharge ==> QED -- Theorem 3c: [For a transitive set, elements are also subsets] (Trans(T) & (X in T)) ¥imp (X ¥incin T). Proof: Suppose_not(t,x) ==> AUTO t-->T3a ==> Stat1: (t = t+{x}) & (not (Un(t) incs x + Un(t))) (t,x)-->T2e ==> AUTO EQUAL(Stat1) ==> false Discharge ==> QED -- Theorem 3d: [Trapping phenomenon for trivial sets] (Trans(S) & (X in S) & (Z in S) & (X notin Z) & (Z notin X) & ((S-{X,Z}) ¥incin {0,{0}})) ¥imp (S ¥incin {0,{0},{{0}},{0,{0}}}). Proof: Suppose_not(s,x,z) ==> AUTO (s,x)-->T3c ==> AUTO (s,z)-->T3c ==> AUTO Discharge ==> QED -- -- Any strict subset of a transitive set $t$ owns a subset in $t$ which does not belong to it. -- -- Theorem 4: [Full-set comparison lemma] (Trans(T) & (S ¥incin T) & (S /= T)) ¥imp ((arb(T - S) in (T - S)) & (arb(T - S) ¥incin S)). Proof: Suppose_not(t,s) ==> AUTO -- -- For if our assertion is false, $t$ must have as a proper subset $s$, -- in which case the axiom of choice tells us that $t - s$ has a minimal element $arb(t - s)$ -- disjoint from $t - s$. Plainly $arb(t - s)$ is also a member of the superset $t$ of $t - s$. -- Loc_def ==> a = arb(t - s) (t-s)-->T0(*) ==> (a in (t - s)) & (a * (t - s) = 0) -- -- But then, by definition of full set, $arb(t - s)$ must be a subset of $s$, -- since it is disjoint from $t - s$. -- Use_def(Trans) ==> Stat1: {y in t | y ¥nincin t} = 0 a-->Stat1(*) ==> false Discharge ==> QED -- -- Any strict subset of a transitive set $t$, owns a subset in $t$ which does not belong to it. -- -- Theorem 4a: [Peddicord's lemma] (Trans(T) & (S ¥incin T) & (S /= T) & (A = arb(T-S))) ¥imp ((A ¥incin S) & (A in (T-S))). Proof: Suppose_not(t,s,a) ==> AUTO (t,a)-->T3c ==> a ¥incin t Discharge ==> QED -- -- -- \section{Ordinals} -- -- Def Is_ord: [Is-an-ordinal predicate] Ord(S) := (FORALL x in S | x ¥incin S) & (FORALL x in S, y in S | x in y or y in x or x = y) -- -- The successor of an ordinal has a simple and very general definition: -- Def next: [successor (defined for any set, including ordinals and integers)] next(S) := S + {S} -- -- -- The following theorem would be an immediate corollary of the theorem $Un(X+{Y}) = Y + Un(X)$, -- but we develop a stand-alone proof here. -- Theorem next0: Un(next(X)) = X + Un(X). Proof: Suppose_not(x0) ==> AUTO Use_def(next) ==> Stat1: Un(x0 + {x0}) /= x0 + Un(x0) c-->Stat1 ==> (c in Un(x0 + {x0})) ¥eq (c notin (x0 + Un(x0))) Use_def(Un) ==> Stat2: (c in {u: v in x0 + {x0}, u in v}) ¥eq (c notin (x0 + {u: v in x0, u in v})) Suppose ==> Stat3: c in {u: v in x0 + {x0}, u in v} TELEM ==> ((v0 in {x0}) & (u0 in v0)) ¥imp (u0 in x0) (v0,u0)-->Stat3(Stat2*) ==> Stat4: (u0 notin {u: v in x0, u in v}) & (v0 in x0) & (u0 in v0) (v0,u0)-->Stat4 ==> false Discharge ==> AUTO Suppose ==> Stat5: c in {u: v in x0, u in v} (v1,u1)-->Stat5 ==> Stat6: (u1 notin {u: v in x0 + {x0}, u in v}) & (v1 in x0) & (u1 in v1) (v1,u1)--> Stat6 ==> false Discharge ==> Stat7: (c notin {u: v in x0 + {x0}, u in v}) & (c in x0) (x0,c)-->Stat7 ==> false Discharge ==> QED -- Theorem 5: [Ordinals are full] Ord(T) ¥imp (Trans(T) & ((Y in T) ¥imp (Y ¥incin T))). Proof: Suppose_not(t0,y0) ==> AUTO Use_def(Ord) ==> Stat1: (FORALL x in t0 | x ¥incin t0) y0-->Stat1(*) ==> (not Trans(t0)) Use_def(Trans) ==> Stat2: {y in t0 | y ¥nincin t0} /= 0 Loc_def ==> a1 = arb({y in t0 | y ¥nincin t0}) (Stat2)ELEM ==> Stat3: a1 in {y in t0 | y ¥nincin t0} ()-->Stat3 ==> Stat4: (a1 in t0) & (a1 ¥nincin t0) a1-->Stat1(Stat4*) ==> false Discharge ==> QED -- Theorem 6: [Condition for a subset of an ordinal to be an ordinal] (Ord(T) & (S ¥incin T) & (FORALL x in S | x ¥incin S)) ¥imp Ord(S). Proof: Suppose_not(t,s) ==> AUTO Use_def(Ord(s)) ==> AUTO ELEM ==> Stat1: (not(FORALL x in s, y in s | x in y or y in x or x = y)) & (s ¥incin t) (b,c)-->Stat1 ==> (b in s) & (c in s) & (not(b in c or c in b or b = c)) Use_def(Ord) ==> Stat3: (FORALL x in t, y in t | x in y or y in x or x = y) (b,c)-->Stat3(Stat1*) ==> false Discharge ==> QED -- -- Next we prove a first basic property of ordinals: any member of an ordinal is an ordinal. -- This theorem will be exploited tacitly in proofs where the proof-by-structure mechanism -- is activated by means of the key word 'Proof+'. -- Theorem 7: [Members of ordinals are ordinals] (Ord(T) & (S in T)) ¥imp Ord(S). Proof: Suppose_not(t,s) ==> AUTO -- -- We proceed by contradiction. If our theorem is false, there is an ordinal $t$ -- having a member $s$ which is not an ordinal. -- (t,s)-->T5 ==> Stat1: Ord(t) & (s in t) & (s ¥incin t) & (not Ord(s)) (t,s)-->T6 ==> Stat2: not(FORALL x in s | x ¥incin s) Use_def(Ord) ==> Stat3: (FORALL x in t, y in t | x in y or y in x or x = y) -- -- Hence, by definition of ordinal, $s$ must either have a member $a$ not included in $s$, -- or a pair $b, c$ of distinct members not related by membership. The latter possibility -- is ruled out by the preceding theorem; thus we need only consider the first case, -- in which $a$ is a member but not a subset of $s$. In this case there plainly exists -- a $d$ in $a$ but not in $s$. Plainly $a$ is a member of $t$, -- and thus a subset of $t$; so $d$ is also a member of $t$. -- a-->Stat2(Stat2*) ==> Stat4: (a ¥nincin s) & (a in s) (t,a)-->T5(Stat1,Stat4*) ==> a ¥incin t d-->Stat4(Stat1*) ==> (d in a) & (d notin s) & (d in t) -- -- By the definition of ordinals, it follows that $d$ -- either equals $s$, is a member of $s$, or that $s$ is a -- member of $d$. But all three of these cases are impossible, -- since any would imply the existence of a membership cycle. -- This contradiction proves our theorem. -- (d,s)-->Stat3(Stat1*) ==> d in s or s in d or s = d (Stat4*)Discharge ==> QED -- -- It is easy to show that the successor of an ordinal is an ordinal. -- Theorem 8: [Ordinals are closed under the successor operation] (S /= next(S)) & (Ord(S) ¥imp (Ord(S+{S}) & Ord(next(S)))). Proof: Suppose_not(s0) ==> AUTO Use_def(next) ==> Ord(s0) & (not Ord(s0+{s0})) Use_def(Ord) ==> Stat1: (FORALL x in s0, y in s0 | x in y or y in x or x = y) & Stat2: (FORALL x in s0 | x ¥incin s0) Use_def(Ord(s0+{s0})) ==> AUTO Suppose ==> Stat3: (not(FORALL x in s0+{s0} | x ¥incin (s0+{s0}))) x0-->Stat3 ==> (x0 in s0+{s0}) & (x0 ¥nincin (s0+{s0})) x0-->Stat2(Stat3*) ==> false Discharge ==> Stat4: (not(FORALL x in s0+{s0}, y in s0+{s0} | x in y or y in x or x = y)) (x1,y1)-->Stat4 ==> AUTO (x1,y1)-->Stat1 ==> false Discharge ==> QED -- -- \subsection{The transitive closure operation} -- Theorem act_reachability.0: [Activation of reachability] (FORALL x | (0=0) ¥imp (EXISTS c | (FORALL y | ((y in x) & (0=0)) ¥imp (y in c)))). Proof: Suppose_not() ==> Stat1: AUTO x-->Stat1(*) ==> Stat2: not(EXISTS c | (FORALL y | ((y in x) & (0=0)) ¥imp (y in c))) x-->Stat2 ==> Stat3: not(FORALL y | ((y in x) & (0=0)) ¥imp (y in x)) y-->Stat3 ==> false Discharge ==> QED -- APPLY(descs_thryvar:trCl) reachability(V(X)->(0=0),E(X,Y)->(Y in X)) ==> Theorem 9a: [Recursively defined iterated members] (FORALL s,x,y | (s ¥incin trCl(s)) & (((x in trCl(s)) & (0=0) & (0=0) & (y in x)) ¥imp (y in trCl(s)))) & (FORALL y,x,z | ((y in trCl({x})) & (z in trCl({y}))) ¥imp (z in trCl({x}))) & (FORALL s,t | ((s ¥incin t) & (FORALL x,y | ((x in t) & (y in x) & (0=0) & (0=0)) ¥imp (y in t))) ¥imp (trCl(s) ¥incin t)) -- -- Now we can prove that, for any set $s$, $trCl(s)$ includes $s$ and is membership-transitive. -- Theorem 9: [Stepwise reachability of ultimate members] (S ¥incin trCl(S)) & (((X in trCl(S)) & (Y in X)) ¥imp (Y in trCl(S))). Proof: -- -- We proceed by contradiction. Suppose that our theorem is false, and let $s$, $x$, and $y$ be a counterexample. -- Suppose_not(s,x,y) ==> AUTO T9a ==> Stat1: (FORALL s,x,y | (s ¥incin trCl(s)) & (((x in trCl(s)) & (0=0) & (0=0) & (y in x)) ¥imp (y in trCl(s)))) (s,x,y)-->Stat1 ==> false Discharge ==> QED -- Theorem 10: [Transitivity of iterated membership] ((Y in trCl({X})) & (Z in trCl({Y}))) ¥imp (Z in trCl({X})). Proof: Suppose_not(y,x,z) ==> AUTO T9a ==> Stat1: (FORALL y,x,z | ((y in trCl({x})) & (z in trCl({y}))) ¥imp (z in trCl({x}))) (y,x,z)-->Stat1 ==> false Discharge ==> QED -- Theorem 11: [Minimality of the set of ultimate members] ((S ¥incin T) & Trans(T)) ¥imp (trCl(S) ¥incin T). Proof: Suppose_not(s,t) ==> AUTO T9a ==> Stat1: (FORALL s, t | ((s ¥incin t) & (FORALL x, y | ((x in t) & (y in x) & (0=0) & (0=0)) ¥imp (y in t))) ¥imp (trCl(s) ¥incin t)) (s,t)-->Stat1(Stat1*) ==> ((s ¥incin t) & (FORALL x, y | ((x in t) & (y in x) & (0=0) & (0=0)) ¥imp (y in t))) ¥imp (trCl(s) ¥incin t) ELEM ==> ((x in t) & (y in x) & (0=0) & (0=0)) ¥eq ((x in t) & (y in x)) EQUAL ==> (FORALL x, y | ((x in t) & (y in x)) ¥imp (y in t)) ¥imp (trCl(s) ¥incin t) ELEM ==> Stat2: not(FORALL x, y | ((x in t) & (y in x)) ¥imp (y in t)) (x,y)-->Stat2 ==> (x in t) & (y in x) & (y notin t) (t,x)-->T3 ==> false Discharge ==> QED -- -- \subsection{A basic form of the principle of transfinite induction} -- -- Next we state a basic form of the principle of transfinite induction, -- which simply asserts that if there is any $n$ satisfying a property $P(X)$, -- there is a memership-minimal $m$ such that $P(m)$. -- We formulate this as a theory providing just one theorem. -- THEORY transfinite_induction(n,P(X)) P(n) END transfinite_induction; -- ENTER_THEORY transfinite_induction -- Def transfinite_induction.0: [Witness for transfinite induction argument] mt1_thryvar := arb({m: m in trCl({n}) | P(m)}) -- Theorem transfinite_induction.1: [Transfinite membership induction] P(mt1_thryvar) & ((K in mt1_thryvar) ¥imp (not P(K))). Proof: Suppose_not(k) ==> (not P(mt1_thryvar)) or ((k in mt1_thryvar) & P(k)) -- -- Proceed by contradiction, first noting that ${m: m in trCl({n}) | P(m)}$ cannot be null -- since $n$ belongs to it. -- Suppose ==> Stat1: {m: m in trCl({n}) | P(m)} = 0 Assump ==> P(n) ({n},junk,bunk)-->T9 ==> n in trCl({n}) n-->Stat1 ==> false Discharge ==> AUTO -- -- The axiom of choice now tells us that there is a minimal element -- $mt1_thryvar$ of ${m: m in trCl({n}) | P(m)}$. -- This necessarily satisfies $mt1_thryvar in trCl({n}) & P(mt1_thryvar)$. -- ({m: m in trCl({n}) | P(m)})-->T0 ==> (arb({m: m in trCl({n}) | P(m)}) in {m: m in trCl({n}) | P(m)}) & ((arb({m: m in trCl({n}) | P(m)}) * {m: m in trCl({n}) | P(m)}) = 0) Use_def(mt1_thryvar) ==> Stat2: (mt1_thryvar in {u: u in trCl({n}) | P(u)}) & (mt1_thryvar * {u: u in trCl({n}) | P(u)} = 0) mt1_thryvar-->Stat2 ==> (mt1_thryvar in trCl({n})) & P(mt1_thryvar) -- -- The negative of our theorem now tells us that there is a $k in mt1_thryvar$ such that $P(k)$; -- but such a $k$ would clearly belong to ${u: trCl({n}) | P(u)}$, and so contradict -- the minimality of $mt1_thryvar$. -- This contradiction proves our theorem. -- ({n},mt1_thryvar,k)-->T9 ==> k in trCl({n}) Suppose ==> Stat3: k notin {u: u in trCl({n}) | P(u)} k-->Stat3 ==> false; Discharge ==> k in {u: u in trCl({n}) | P(u)} Discharge ==> QED -- ENTER_THEORY Set_theory -- -- Now we have a preliminary form of the principle of transfinite induction, -- which is given by the following theory: -- -- DISPLAY transfinite_induction -- -- THEORY transfinite_induction(n,P(X)) -- P(n) -- ==>(mt1_thryvar) -- (FORALL k | P(mt1_thryvar) & ((k in mt1_thryvar) ¥imp (not P(k)))) -- END transfinite_induction; -- -- \subsection{Some basic facts on ordinal numbers} -- Theorem 12: [Ordinal comparison lemma] (Ord(S) & Ord(T) & (T ¥incin S)) ¥imp ((T = S) or ((T = arb(S - T)) & (T in (S - T)))). Proof: Suppose_not(s,t) ==> Ord(s) & Ord(t) & (t ¥incin s) & (t /= s) & (not((t = arb(s - t)) & (t in s))) -- -- For if our assertion is false, $s$ must have as a proper subset $t$, -- in which case the axiom of choice tells us that $s - t$ has a minimal element $arb(s - t)$ -- disjoint from $s - t$. Plainly $arb(s - t)$ is also a member of the superset $s$ of $s - t$. -- But then, by definition of ordinal, $arb(s - t)$ must be a subset of $s * t$, -- since it is disjoint from $s - t$. Therefore $arb(s - t)$ cannot include $t$, otherwise the initial -- assumption $t /= arb(s - t)$ would be contradicted. -- Loc_def ==> Stat1: a = arb(s - t) s-->T5(*) ==> Trans(s) (s,t)-->T4 ==> Stat2: (t ¥nincin a) & (a in s) & Ord(s) & Ord(t) & (t ¥incin s) & (t /= s) -- -- Since $arb(s - t)$ fails to include $t$, there must be some $b$ in $t$ but not in $arb(s - t)$. -- By the definition of ordinals, this implies that $arb(s - t) = b or arb(s - t) in b$. -- b-->Stat2(Stat2*) ==> (b in t) & (b notin a) Use_def(Ord) ==> Stat3: (FORALL x in s, y in s | (x in y or y in x or x = y)) (a,b)-->Stat3(Stat2*) ==> (a in b or a = b) -- -- Using the definition of ordinals once more, this time for $t$, we see that $b$ must be a subset of $t$, -- which rules out both $arb(s - t) in b$ and $arb(s - t) = b$, because either of these would yield -- $arb(s - t) in t$, which is impossible. We have contradicted our original assumption, and so proved our theorem. -- (t,b)-->T5(Stat1*) ==> b ¥incin t (Stat1)Discharge ==> QED -- -- -- Theorem 13: [Second ordinal comparison lemma; Boolean closure properties of ordinals] Ord(0) & ((Ord(S) & Ord(T)) ¥imp (((S ¥incin T) or (T ¥incin S)) & Ord(S*T) & Ord(S+T))). Proof: Suppose_not(s,t) ==> AUTO Suppose ==> (not Ord(0)) Use_def(Ord) ==> Stat0: (not(FORALL x in 0 | x ¥incin 0)) or (not(FORALL x in 0, y in 0 | x in y or y in x or x = y)) (x2,x1,y1)-->Stat0 ==> false Discharge ==> AUTO Use_def(Ord) ==> Stat1: (FORALL x in s | x ¥incin s) & (FORALL x in t | x ¥incin t) Suppose ==> not(Ord(s*t)) (t,s*t)-->T6 ==> Stat2: not(FORALL x in (s*t) | x ¥incin (s*t)) x0-->Stat2(Stat2*) ==> (x0 in (s*t)) & (x0 ¥nincin (s*t)) (x0,x0)-->Stat1(Stat2*) ==> false Discharge ==> AUTO -- -- Now we prove the related but slightly less elementary result that -- one of any pair of ordinals must include the other. -- -- -- For if not, neither of these ordinals is included in the other, so neither can equal -- the intersection of the two, which is an ordinal as just seen. -- Suppose ==> (s ¥nincin t) & (t ¥nincin s) -- -- It now follows, using Theorem 29 twice, that $s * t$ is equal to both $arb(s - (s * t))$ and $arb(t - (s * t))$, -- and so, since neither of these sets is empty, is a member of both -- $s - (s * t)$ and $t - (s * t)$, which is impossible since the intersection of these two sets is empty. -- This contradiction proves our theorem. -- (s,s*t)-->T12(*) ==> Stat3: (s * t) in (s - (s * t)) (t,s*t)-->T12(*) ==> (s * t) in (t - (t * s)) (Stat3*)Discharge ==> AUTO -- -- We are now left with only one case to consider, namely that $not Ord(s+t)$. -- Taking into account the facts already proved along the way, this case is settled -- easily, leading us the overall conclusion. -- Suppose ==> s ¥incin t ELEM ==> (s + t = t) & (s * t = s) EQUAL ==> false; Discharge ==> (s + t = s) & (s * t = t) EQUAL ==> false Discharge ==> QED -- -- Next we show that the class of all ordinals (we will see soon that this is not a set) -- is totally (and strictly) ordered by membership. -- Theorem 14: [Ordinal membership comparison] (Ord(S) & Ord(T)) ¥imp ((S in T) or (T in S) or (S = T)). Proof: Suppose_not(s,t) ==> Stat0: Ord(s) & Ord(t) & (s notin t) & (t notin s) and (s /= t) -- -- For if we suppose the contrary, and note that by Theorem 30 and Theorem 29 one must include the other -- but not be equal to it, it follows (by the axiom of choice) -- that one must be a member of the other, a contradiction which proves our theorem. -- (s,t)-->T13 ==> (s ¥incin t) or (t ¥incin s) (s,t)-->T12(Stat0,Stat0*) ==> t ¥nincin s (t,s)-->T12(Stat0*) ==> false Discharge ==> QED -- -- Next we show that the class of ordinals is not a set -- Theorem 15: [The class of ordinals is not a set] not(FORALL x | ((x in OS) ¥eq Ord(x))). Proof+: Suppose_not(o) ==> Stat1: AUTO -- -- For suppose the contrary, so that there is a set $o$ consisting of all ordinals. -- But we can show that $o$ must be an ordinal. Indeed, if it were not, -- then by the definition of ordinals there would exist $a$, $b$, $c$ -- such that either $a$ was a member but not a subset of $o$, -- or $b$ and $c$ are two members of $o$ not related by membership. -- Suppose ==> not Ord(o) Use_def(Ord) ==> Stat2: not((FORALL x in o | x ¥incin o) & (FORALL x in o, y in o | (x in y) or (y in x) or (x = y))) (a,b,c)-->Stat2 ==> ((a in o) & (a ¥nincin o)) or ((b in o) & (c in o) & (not((b in c) or (c in b) or (b = c)))) -- -- In the second of these cases $b$ and $c$ are both plainly ordinals, so that -- this case is ruled out by Theorem 31. Hence only the first case need be considered. -- Suppose ==> (b in o) & (c in o) & (not((b in c) or (c in b) or (b = c))) b-->Stat1 ==> Ord(b) c-->Stat1 ==> Ord(c) (b,c)-->T14 ==> false Discharge ==> Stat3: (a in o) & (not(a ¥incin o)) -- -- In this case the set $a$, which must plainly be an ordinal, -- must have a member $d$ which is not in $o$, and hence not an ordinal -- by Stat1 above, which is impossible, so our theorem is proved. -- a-->Stat1 ==> Ord(a) d-->Stat3 ==> (d in a) & (d notin o) -- -- Tacit recourse to proof-by-structure makes it unnecessary to cite here a previous theorem to infer -- $Ord(d)$ from $Ord(a)$ and $d in a$. -- d-->Stat1 ==> false Discharge ==> Ord(o) o-->Stat1 ==> false; Discharge ==> QED -- -- Our next theorem shows that, for ordinals, inclusion is equivalent to the disjunction of identity and membership. -- Theorem 16: [Third ordinal comparison lemma] (Ord(S) & Ord(T)) ¥imp ((T ¥incin S) ¥eq ((T in S) or (T = S))). Proof: Suppose_not(s,t) ==> AUTO -- -- For in the contrary case there must exist two ordinals $s$ and $t$ such that either -- $t$ is a member but not a subset of $s$, or $t$ is a subset of $s$ but neither a member of, or equal to, $s$; -- ELEM ==> ((t ¥nincin s) & (t in s)) or ((t ¥incin s) & (t notin s) & (t /= s)) -- -- but the first case is ruled out by definition of ordinal and the second case by Theorem 12, -- proving our theorem. -- (s,t)-->T5 ==> Stat1: (t ¥incin s) & (t notin s) & (t /= s) (s,t)-->T12 ==> false Discharge ==> QED -- -- It is sometimes convenient to use this theorem in the following modified form. -- Theorem 17: [Ordinal membership and comparison] (Ord(S) & Ord(T)) ¥imp ((T notin S) ¥eq (S ¥incin T)). Proof: Suppose_not(s,t) ==> Ord(s) & Ord(t) & (t notin s) & (s ¥nincin t) -- -- Since $(t in s) & (s ¥incin t)$ is impossible, a counterexample to our assertion must satisfy -- $(t notin s) & (s ¥nincin t)$. But by Theorem 14 and 13 we then have $s ¥incin t$, -- a contradiction which proves the present corollary. -- (s,t)-->T14 ==> (s in t) or (s = t) (t,s)-->T13 ==> false; Discharge ==> QED -- -- Our next lemma tells us that, for ordinals, membership in the successor of an ordinal $s$ is equivalent to inclusion in $s$. -- Theorem 18: [Membership in the successor of an ordinal $s$] Ord(S) ¥imp ((T in next(S)) ¥eq ((T ¥incin S) & Ord(T))). Proof: Suppose_not(s,t) ==> AUTO Use_def(next) ==> Stat1: Ord(s) & (not((t in (s + {s})) ¥eq ((t ¥incin s) & Ord(t)))) Suppose ==> Stat2: ((t in s) or (t = s)) & (not((t ¥incin s) & Ord(t))) Suppose ==> Stat3: t = s EQUAL(Stat1,Stat3) ==> Stat4: false; (Stat4)Discharge ==> Stat5: t in s (s,t)-->T7(Stat1,Stat5) ==> Stat6: Ord(t) (s,t)-->T16(Stat1,Stat2,Stat5,Stat6) ==> Stat7: false (Stat7)Discharge ==> Stat8: not(((t in s) or (t = s)) & (not((t ¥incin s) & Ord(t)))) (s,t)-->T16(Stat1,Stat8) ==> Stat9: false (Stat9)Discharge ==> QED -- Theorem 19: [Membership of $s$ in an ordinal $t$ implies inclusion of $next(s)$ in $t$] (Ord(T) & (S in T)) ¥imp (next(S) ¥incin T). Proof+: Suppose_not(m,i) ==> Ord(m) & (i in m) & Stat1: (next(i) ¥nincin m) j-->Stat1 ==> (j in next(i)) & (j notin m) Use_def(next) ==> j in i (j,m)-->T16 ==> m ¥nincin j -- -- The following step exploits the fact, derived by means of proof-by-structure -- behind the scenes, that $j$ is an ordinal. Indeed, since $i$ belongs to $m$ which is an -- ordinal, it is an ordinal in its turn and the same holds for $next(i)$ and -- for $j$ which belongs to it. -- (m,j)-->T17 ==> false Discharge ==> QED -- -- \section{Zorn's lemma} -- -- -- For subsequent use, we reformulate a few special cases of the principle of transfinite definition as -- \mathsc{Theory}s that can be applied internally within the proofs of theorems. -- THEORY transfinite_definition_0_params(g(X),h1(Xp)) END transfinite_definition_0_params; -- ENTER_THEORY transfinite_definition_0_params -- Def transfinite_definition_0_params.0a: [Function defined by a 1-parameter transfinite recursion] f_thryvar(X) := g({h1(f_thryvar(t)): t in X}) -- Theorem transfinite_definition_0_params1: [One-parameter transfinite recursive function definition] f_thryvar(X) = g({h1(f_thryvar(t)): t in X}). Proof: Suppose_not(x) ==> f_thryvar(x) /= g({h1(f_thryvar(t)): t in x}) Use_def(f_thryvar) ==> f_thryvar(x) = g({h1(f_thryvar(t)): t in x}) Discharge ==> QED -- ENTER_THEORY Set_theory -- -- DISPLAY transfinite_definition_0_params -- -- THEORY transfinite_definition_0_params(g(X),h1(Xp)) -- ==>(f_thryvar) -- (FORALL x | f_thryvar(x) = g({h1(f_thryvar(t)): t in x})) -- END transfinite_definition_0_params; -- -- -- Our next proof establishes a first, purely set-theoretic form of the well-known Zorn's Lemma. -- We prove that if $t$ is any collection of sets such that every subfamily of $t$ -- linearly ordered by inclusion admits an upper bound in $t$, then $t$ has an element maximal for inclusion, -- i.e. not properly included in any other element of $t$. -- Theorem 20: [Zorn's lemma] (FORALL x ¥incin T | ((FORALL u in x,v in x | (u incs v or v incs u)) ¥imp (EXISTS w in T |(FORALL y in x | w incs y)))) ¥imp (EXISTS y in T | (FORALL x in T | not ((x incs y) & (x /= y)))). Proof+: Suppose_not(t) ==> Stat1: (FORALL x ¥incin t | ((FORALL u in x,v in x | (u incs v or v incs u)) ¥imp (EXISTS w in t |(FORALL y in x | w incs y)))) & Stat2: (not (EXISTS y in t | (FORALL x in t | not ((x incs y) & (x /= y))))) -- -- For supposing the contrary, we can define a mapping of $t$ into $t$ which sends each element of $t$ into a strictly -- larger element, and also a mapping of every subset of $t$ linearly ordered by inclusion into an upper bound -- for it in $t$. -- Loc_def ==> larger = {[x,arb({y in t | ((y incs x) & (y /= x))})]: x in t} APPLY() fcn_symbol(f(X)->arb({y in t | ((y incs X) & (y /= X))}),g->larger,s->t) ==> Stat3: (FORALL x | larger~[x] = if x in t then arb({y in t | ((y incs x) & (y /= x))}) else 0 end if) Loc_def ==> upper_bound = {[x,arb({y in t | (FORALL u in x | y incs u)})]: x in pow(t)} APPLY() fcn_symbol(f(X)->arb({y in t | (FORALL u in X | y incs u)}),g->upper_bound,s->pow(t)) ==> Stat4: (FORALL x | upper_bound~[x] = if x in pow(t) then arb({y in t | (FORALL u in x | y incs u)}) else 0 end if) -- -- Now we use the functions 'upper_bound' and 'larger' to introduce the following (recursively defined) function, -- which we will then show maps each ordinal into $t$, and is strictly monotone increasing. -- APPLY(f_thryvar:Zo) transfinite_definition_0_params(g(x)->larger~[upper_bound~[x]],h1(x)->x) ==> Stat5: (FORALL x | Zo(x) = larger~[upper_bound~[{Zo(y): y in x}]]) Suppose ==> Stat6: (EXISTS x | Ord(x) & (Zo(x) notin t or (EXISTS u in x | not((Zo(x) incs Zo(u)) & (Zo(x) /= Zo(u)))))) -- -- For if there exists some counterexample to this last assertion, then by transfinite induction -- there exists a smallest such counterexample $c$. -- d-->Stat6 ==> Ord(d) & ((Zo(d) notin t) or (EXISTS u in d | not((Zo(d) incs Zo(u)) & (Zo(d) /= Zo(u))))) APPLY(mt1_thryvar:c) transfinite_induction(n->d,P(x)->(Ord(x) & ((Zo(x) notin t) or (EXISTS u in x | not((Zo(x) incs Zo(u)) & (Zo(x) /= Zo(u))))))) ==> Stat7: (FORALL x | (Ord(c) & ((Zo(c) notin t) or (EXISTS u in c | not((Zo(c) incs Zo(u)) & (Zo(c) /= Zo(u)))))) & ((x in c) ¥imp (not(Ord(x) & ((Zo(x) notin t) or (EXISTS u in x | not((Zo(x) incs Zo(u)) & (Zo(x) /= Zo(u))))))))) 0-->Stat7 ==> (Ord(c) & ((Zo(c) notin t) or (EXISTS u in c | not((Zo(c) incs Zo(u)) & (Zo(c) /= Zo(u)))))) Suppose ==> Stat8: not(FORALL x in c | not (Ord(x) & ((Zo(x) notin t) or (EXISTS u in x | not((Zo(x) incs Zo(u)) & (Zo(x) /= Zo(u))))))) x0-->Stat8 ==> (x0 in c) & Ord(x0) & ((Zo(x0) notin t) or (EXISTS u in x0 | not((Zo(x0) incs Zo(u)) & (Zo(x0) /= Zo(u))))) x0-->Stat7 ==> false; Discharge ==> Stat9: (FORALL x in c | not (Ord(x) & ((Zo(x) notin t) or (EXISTS u in x | not((Zo(x) incs Zo(u)) & (Zo(x) /= Zo(u))))))) -- -- For this minimal counterexample $c$, the set ${Zo(y): y in c}$ must be a collection of subsets of $t$ -- and must be linearly ordered by inclusion. -- Suppose ==> Stat10: not (t incs {Zo(y): y in c}) x1-->Stat10 ==> Stat11: (x1 in {Zo(y): y in c}) & (x1 notin t) y1-->Stat11 ==> (y1 in c) & (x1 = Zo(y1)) y1-->Stat9 ==> not(Ord(y1) & (Zo(y1) notin t)) & Ord(y1) (Stat11)Discharge ==> t incs {Zo(y): y in c} Suppose ==> Stat12: not(FORALL u in {Zo(y): y in c},v in {Zo(y): y in c} | (u incs v or v incs u)) (a,b)-->Stat12 ==> Stat13: (a in {Zo(y): y in c}) & (b in {Zo(y): y in c}) & (not(a incs b or b incs a)) -- -- The following step exploits proof-by-structure to infer $Ord(o1)$ and $Ord(o2)$ from -- $Ord(c)$ and $o1 in c$, $o2 in c$. -- (o1,o2)-->Stat13 ==> Stat14: (o1 in c) & (o2 in c) & (not (Zo(o1) incs Zo(o2) or Zo(o2) incs Zo(o1))) & Ord(o1) & Ord(o2) o1-->Stat9 ==> Stat15: not(EXISTS u in o1 | not((Zo(o1) incs Zo(u)) & (Zo(o1) /= Zo(u)))) o2-->Stat9 ==> Stat16: not(EXISTS u in o2 | not((Zo(o2) incs Zo(u)) & (Zo(o2) /= Zo(u)))) (o1,o2)-->T14 ==> o1 in o2 or o2 in o1 or o1 = o2 Suppose ==> o1 = o2 EQUAL ==> Zo(o1) = Zo(o2) (Stat14)Discharge ==> o1 in o2 or o2 in o1 Suppose ==> o2 in o1 o2-->Stat15 ==> false; Discharge ==> o1 in o2 o1-->Stat16 ==> false; Discharge ==> (FORALL u in {Zo(y): y in c},v in {Zo(y): y in c} | (u incs v or v incs u)) -- -- Thus, by definition, ${Zo(y): y in c}$ must have an upper bound $cb$ which is a subset of $t$, and therefore -- by the axiom of choice $upper_bound~[{Zo(z1): z1 in c}]$ must belong to $t$ and include every element of ${Zo(y): y in c}$. -- ({Zo(z1): z1 in c})-->Stat1 ==> Stat17: (EXISTS w in t | (FORALL y in {Zo(z1): z1 in c} | w incs y)) cb-->Stat17 ==>(cb in t) & (FORALL y in {Zo(z1): z1 in c} | cb incs y) ({Zo(z1): z1 in c})-->Stat4 ==> upper_bound~[{Zo(z1): z1 in c}] = if {Zo(z1): z1 in c} in pow(t) then arb({y in t | (FORALL u in {Zo(z1): z1 in c} | y incs u)}) else 0 end if Suppose ==> {Zo(z1): z1 in c} notin pow(t) (t,{Zo(z1): z1 in c})-->T1(Stat9*) ==> false; Discharge ==> upper_bound~[{Zo(z1): z1 in c}] = arb({y in t | (FORALL u in {Zo(z1): z1 in c} | y incs u)}) Suppose ==> Stat19: {y in t | (FORALL u in {Zo(z1): z1 in c} | y incs u)} = 0 cb-->Stat19 ==> false; Discharge ==> {y in t | (FORALL u in {Zo(z1): z1 in c} | y incs u)} /= 0 ({y in t | (FORALL u in {Zo(z1): z1 in c} | y incs u)})-->T0 ==> arb({y in t | (FORALL u in {Zo(z1): z1 in c} | y incs u)}) in {y in t | (FORALL u in {Zo(z1): z1 in c} | y incs u)} (Stat17)ELEM ==> Stat20: upper_bound~[{Zo(z1): z1 in c}] in {y in t | (FORALL u in {Zo(z1): z1 in c} | y incs u)} ()-->Stat20 ==> (upper_bound~[{Zo(z1): z1 in c}] in t) & Stat21: (FORALL u in {Zo(z1): z1 in c} | upper_bound~[{Zo(z1): z1 in c}] incs u) -- -- It follows by a second use of the axiom of choice that $larger~[upper_bound~[{Zo(z1): z1 in c}]] = Zo(c)$ is an element of $t$ -- properly including every element of ${Zo(y): y in c}$. This refutes our earlier supposition, and so -- lets us conclude that $Zo$ sends ordinals into $t$ and is strictly monotone increasing. -- (upper_bound~[{Zo(z1): z1 in c}])-->Stat3 ==> larger~[upper_bound~[{Zo(z1): z1 in c}]] = arb({y in t | ((y incs upper_bound~[{Zo(z1): z1 in c}]) & (y /= upper_bound~[{Zo(z1): z1 in c}]))}) (upper_bound~[{Zo(z1): z1 in c}])-->Stat2 ==> Stat22: not (FORALL x in t | not ((x incs upper_bound~[{Zo(z1): z1 in c}]) & (x /= upper_bound~[{Zo(z1): z1 in c}]))) cu-->Stat22 ==> (cu in t) & (cu incs upper_bound~[{Zo(z1): z1 in c}]) & (cu /= upper_bound~[{Zo(z1): z1 in c}]) Suppose ==> Stat23: {y in t | (y incs upper_bound~[{Zo(z1): z1 in c}]) & (y /= upper_bound~[{Zo(z1): z1 in c}])} = 0 cu-->Stat23 ==> false; Discharge ==> {y in t | (y incs upper_bound~[{Zo(z1): z1 in c}]) & (y /= upper_bound~[{Zo(z1): z1 in c}])} /= 0 ({y in t | (y incs upper_bound~[{Zo(z1): z1 in c}]) & (y /= upper_bound~[{Zo(z1): z1 in c}])})-->T0 ==> arb({y in t | (y incs upper_bound~[{Zo(z1): z1 in c}]) & (y /= upper_bound~[{Zo(z1): z1 in c}])}) in {y in t | (y incs upper_bound~[{Zo(z1): z1 in c}]) & (y /= upper_bound~[{Zo(z1): z1 in c}])} (Stat20)ELEM ==> larger~[upper_bound~[{Zo(z1): z1 in c}]] in {y in t | (y incs upper_bound~[{Zo(z1): z1 in c}]) & (y /= upper_bound~[{Zo(z1): z1 in c}])} c-->Stat5 ==> Stat24: Zo(c) in {y in t | (y incs upper_bound~[{Zo(z1): z1 in c}]) & (y /= upper_bound~[{Zo(z1): z1 in c}])} ()-->Stat24 ==> (Zo(c) in t) & (Zo(c) incs upper_bound~[{Zo(z1): z1 in c}]) & (Zo(c) /= upper_bound~[{Zo(z1): z1 in c}]) ELEM ==> Stat25: (EXISTS u in c | not((Zo(c) incs Zo(u)) & (Zo(c) /= Zo(u)))) cv-->Stat25 ==> (cv in c) & (not((Zo(c) incs Zo(cv)) & (Zo(c) /= Zo(cv)))) (Stat22)ELEM ==> not(upper_bound~[{Zo(z1): z1 in c}] incs Zo(cv)) (Zo(cv))-->Stat21 ==> Stat26: Zo(cv) notin {Zo(z1): z1 in c} cv-->Stat26 ==> false; Discharge ==> Stat27: not(EXISTS x | Ord(x) & (Zo(x) notin t or (EXISTS u in x | not((Zo(x) incs Zo(u)) & (Zo(x) /= Zo(u)))))) -- -- Thus $Zo$ is a 1-1 map of all ordinals into the set $t$, a thing impossible. -- One way of seeing this is to consider the inverse $zoInv$ of the restriction of $Zo$ to the ordinals, -- extended arbitrarily so that all of its images are ordinal numbers. -- Then the set ${zoInv(x): x in t}$ should coincide with the class of all ordinals, -- which is known to be a proper class. -- Suppose ==> Stat30: not(FORALL y | (EXISTS x | Ord(x) & ((Zo(x) = y) or (not(EXISTS xp | Ord(xp) & (Zo(xp) = y)))))) y2-->Stat30(Stat30*) ==> Stat31: not(EXISTS x | Ord(x) & ((Zo(x) = y2) or (not(EXISTS xp | Ord(xp) & (Zo(xp) = y2))))) & Ord(0) Suppose ==> Stat32: (EXISTS xp | Ord(xp) & (Zo(xp) = y2)) x2-->Stat32 ==> AUTO x2-->Stat31(Stat31*) ==> false Discharge ==> AUTO 0-->Stat31(Stat31*) ==> false Discharge ==> (FORALL y | (EXISTS x | Ord(x) & ((Zo(x) = y) or (not(EXISTS xp | Ord(xp) & (Zo(xp)=y)))))) APPLY(v1_thryvar:zoInv) Skolem() ==> Stat33: (FORALL y | Ord(zoInv(y)) & ((Zo(zoInv(y)) = y) or (not(EXISTS xp | Ord(xp) & (Zo(xp) = y))))) ({zoInv(x): x in t})-->T15 ==> Stat34: not(FORALL x | ((x in {zoInv(x): x in t}) ¥eq Ord(x))) e-->Stat34(Stat34*) ==> (e in {zoInv(x): x in t}) ¥neq Ord(e) Suppose ==> Stat35: e in {zoInv(x): x in t} x3-->Stat35(Stat34*) ==> (x3 in t) & (e = zoInv(x3)) & (not Ord(e)) x3-->Stat33(Stat33,Stat33*) ==> Ord(zoInv(x3)) EQUAL(Stat35) ==> false Discharge ==> AUTO e-->Stat27(Stat34*) ==> Stat36: (e notin {zoInv(x): x in t}) & Ord(e) & (Zo(e) in t) & Stat37: (not(EXISTS u in e | not((Zo(e) incs Zo(u)) & (Zo(e) /= Zo(u))))) (Zo(e))-->Stat36(Stat36,Stat36*) ==> e /= zoInv(Zo(e)) Suppose ==> Stat38: not(EXISTS xp | Ord(xp) & (Zo(xp) = Zo(e))) e-->Stat38(Stat36*) ==> false; Discharge ==> AUTO (Zo(e))-->Stat33(Stat36*) ==> Ord(zoInv(Zo(e))) & (Zo(zoInv(Zo(e))) = Zo(e)) (e,zoInv(Zo(e)))-->T14(Stat36*) ==> (e in zoInv(Zo(e))) or (zoInv(Zo(e)) in e) Suppose ==> zoInv(Zo(e)) in e (zoInv(Zo(e)))-->Stat37(Stat36*) ==> false Discharge ==> AUTO (zoInv(Zo(e)))-->Stat27(Stat34*) ==> Stat39: (not(EXISTS u in (zoInv(Zo(e))) | not((Zo(zoInv(Zo(e))) incs Zo(u)) & (Zo(zoInv(Zo(e))) /= Zo(u))))) e-->Stat39(Stat36*) ==> false Discharge ==> QED -- -- The following corollary of the preceding theorem shows that if $s$ is any member of a family $t$ of sets -- satisfying the hypotheses of that theorem, then $s$ is contained in an element of $t$ maximal in $t$. -- Theorem 21: [Zorn's lemma, generalized form] (FORALL x ¥incin T | ((FORALL u in x,v in x | (u incs v or v incs u)) ¥imp (EXISTS w in T | (FORALL y in x | w incs y)))) ¥imp (FORALL u in T | (EXISTS y in T | (y incs u) & (FORALL x in T | (x incs y) ¥imp (x = y)))). Proof: Suppose_not(t) ==> Stat1: (FORALL x ¥incin t | ((FORALL u in x,v in x | (u incs v or v incs u)) ¥imp (EXISTS w in t | (FORALL y in x | w incs y)))) & Stat2: (not (FORALL u in t | (EXISTS y in t | (y incs u) & (FORALL x in t | (x incs y) ¥imp (x = y))))) -- -- For suppose that $u in t$ contradicts the conclusion of our theorem, and consider the subset $tt$ of all elements of $t$ -- which contain $u$. It is clear that every collection of subsets of $tt$ linearly ordered by inclusion has an upper bound in $tt$, -- and so by the preceding theorem $tt$ contains an element $ma$ maximal for inclusions among all the sets in $tt$. -- u-->Stat2 ==> (u in t) & Stat3: (not (EXISTS y in t | (y incs u) & (FORALL x in t | (x incs y) ¥imp (x = y)))) Loc_def ==> tt = {x in t | x incs u} Suppose ==> Stat4: not(t incs tt) c-->Stat4 ==> (c notin t) & Stat5: (c in {x in t | x incs u}) ()-->Stat5 ==> false; Discharge ==> t incs tt Suppose ==> Stat6: not(FORALL x ¥incin tt | ((FORALL u in x,v in x | (u incs v or v incs u)) ¥imp (EXISTS w in tt | (FORALL y in x | w incs y)))) d-->Stat6 ==> (d ¥incin tt) & (FORALL u in d,v in d | (u incs v or v incs u)) & Stat7: (not(EXISTS w in tt | (FORALL y in d | w incs y))) d-->Stat1 ==> Stat8: (EXISTS w in t | (FORALL y in d | w incs y)) wd-->Stat8 ==> (wd in t) & Stat9: (FORALL y in d | wd incs y) -- -- Since $u in tt$, $d$ cannot be null, from which it is easily seen that $wd$ must contain $u$, and so $wd in tt$. -- Thus it follows by Theorem 20 that $tt$ has an element $ma$ maximal (for inclusion) in $tt$. -- Suppose ==> u notin tt ELEM ==> Stat10: u notin {x in t | x incs u} ()-->Stat10 ==> false; Discharge ==> u in tt Suppose ==> d = 0 u-->Stat7 ==> Stat11: not (FORALL y in d | u incs y) a-->Stat11 ==> false; Discharge ==> Stat12: d /= 0 b-->Stat12 ==> b in d b-->Stat9 ==> wd incs b ELEM ==> Stat13: b in {x in t | x incs u} ()-->Stat13 ==> wd incs u Suppose ==> wd notin tt ELEM ==> Stat14: wd notin {x in t | x incs u} ()-->Stat14 ==> false; Discharge ==> wd in tt wd-->Stat7 ==> false; Discharge ==> (FORALL x ¥incin tt | ((FORALL u in x,v in x | (u incs v or v incs u)) ¥imp (EXISTS w in tt | (FORALL y in x | w incs y)))) tt-->T20 ==> Stat15: (EXISTS y in tt | (FORALL x in tt | not ((x incs y) & (x /= y)))) ma-->Stat15 ==> (ma in tt) & Stat16: (FORALL x in tt | not ((x incs ma) & (x /= ma))) -- -- But it is easily seen that $ma$ is maximal in the whole collection $t$, and so our theorem is proved. -- ma-->Stat3 ==> not ((ma incs u) & (FORALL x in t | (x incs ma) ¥imp (x = ma))) ELEM ==> Stat17: ma in {x in t | x incs u} ()-->Stat17 ==> ma incs u ELEM ==> Stat18: not (FORALL x in t | (x incs ma) ¥imp (x = ma)) e-->Stat18 ==> (e in t) & (e incs ma) & (e /= ma) ELEM ==> e incs u Suppose ==> e notin tt ELEM ==> Stat19: e notin {x in t | x incs u} ()-->Stat19 ==> false; Discharge ==> e in tt e-->Stat16 ==> false; Discharge ==> QED -- -- Next we note a special case common in applications of Theorem 21, namely that in which the union of any -- linearly ordered collection of elements of $t$ is a subset of $t$. -- Theorem 22: [Zorn's lemma for union-closed collections] (FORALL x ¥incin T | ((FORALL u in x,v in x | (u incs v or v incs u)) ¥imp (Un(x) in T))) ¥imp (FORALL u in T | (EXISTS y in T | (y incs u) & (FORALL x in T | (x incs y) ¥imp (x = y)))). Proof: Suppose_not(t) ==> Stat1: (FORALL x ¥incin t | ((FORALL u in x,v in x | (u incs v or v incs u)) ¥imp (Un(x) in t))) & (not (FORALL u in t | (EXISTS y in t | (y incs u) & (FORALL x in t | (x incs y) ¥imp (x = y))))) -- -- For given any subcollection of $t$ linearly ordered by inclusion, $Un(t)$ plainly includes all the sets in $t$, -- and so our present assertion follows immediately from the preceding theorem. -- T21 ==> Stat2: not (FORALL x ¥incin t | ((FORALL u in x,v in x | (u incs v or v incs u)) ¥imp (EXISTS w in t | (FORALL y in x | w incs y)))) a-->Stat2 ==> (a ¥incin t) & (FORALL u in a,v in a | (u incs v or v incs u)) & Stat3: (not (EXISTS w in t | (FORALL y in a | w incs y))) a-->Stat1 ==> Un(a) in t (Un(a))-->Stat3 ==> Stat4: not(FORALL y in a | Un(a) incs y) b-->Stat4 ==> (b in a) & Stat5: (not(Un(a) incs b)) (b,a)-->T2 ==> false; Discharge ==> QED -- -- \section{Finiteness} -- -- \subsection{Basic laws on the finiteness property} -- Theorem 23: [Monotonicity of powerset] (S incs X) ¥imp ((pow(X) + {0,X}) ¥incin pow(S)). Proof: Suppose_not(s0,x0) ==> AUTO Set_monot ==> { x : x ¥incin x0 } ¥incin { x : x ¥incin s0 } Use_def(pow) ==> Stat1: (0 notin { x : x ¥incin s0 }) or (x0 notin { x : x ¥incin s0 }) (0,x0)-->Stat1 ==> false Discharge ==> QED -- Theorem 23a: [Powerset of null set and of singletons] (pow(0) = {0}) & (pow({X}) = {0,{X}}). Proof: Suppose_not(x0) ==> AUTO Suppose ==> pow(0) /= {0} (0,0)-->T23 ==> Stat0: pow(0) ¥nincin {0} y0-->Stat0(Stat0*) ==> Stat1: (y0 in pow(0)) & (y0 notin {0}) (0,y0)-->T1(Stat1*) ==> false Discharge ==> (pow({x0}) /= {0,{x0}}) ({x0},{x0})-->T23 ==> Stat2: pow({x0}) ¥nincin {0,{x0}} y1-->Stat2 ==> Stat3: (y1 in pow({x0})) & (y1 notin {0,{x0}}) ({x0},y1)-->T1(Stat3*) ==> false Discharge ==> QED -- -- Traditionally, finiteness is defined through the notion of cardinality of a set: -- a set is finite if its cardinality precedes the first infinite ordinal. As a shortcut, to begin -- developing an acceptable formal treatment of finiteness without much preparatory work, we adopt -- here the following definition (reminiscent of Tarski's 1924 paper "Sur les ensembles fini"): -- a set $F$ is \emph{finite} if every non-null family of subsets of $F$ owns an inclusion-minimal element. -- This notion can be specified very succinctly in terms of the powerset operator. -- Def Fin: [Finiteness property] Finite(F) := (FORALL g in (pow(pow(F)) - {0}) | (EXISTS m | (g * pow(m)) = {m})) -- -- Theorem 24: [Monotonicity of finiteness] ((Y incs X) & Finite(Y)) ¥imp Finite(X). Proof: Suppose_not(y0,x0) ==> AUTO (y0,x0)-->T23(*) ==> pow(y0) incs pow(x0) Use_def(Finite) ==> Stat1: (not(FORALL g in (pow(pow(x0)) - {0}) | (EXISTS m | (g * pow(m)) = {m}))) & (FORALL gp in (pow(pow(y0)) - {0}) | (EXISTS m | (gp * pow(m)) = {m})) (pow(y0),pow(x0))-->T23(*) ==> pow(pow(y0)) incs pow(pow(x0)) (g0,g0)-->Stat1(Stat1*) ==> (not(EXISTS m | (g0 * pow(m)) = {m})) & (EXISTS m | (g0 * pow(m)) = {m}) Discharge ==> QED -- -- Theorem 25a: [Finiteness of the union of two finite sets] (Finite(X) & Finite(Y)) ¥imp Finite(X + Y). Proof: Suppose_not(x0,y0) ==> AUTO -- -- Arguing by contradiction, suppose that $x0$ and $y0$ are finite sets whose union is not finite. -- Then a nonnull set $g0$ of subsets of $x0+y0$ must exist which is devoid of inclusion-minimal elements. -- Use_def(Finite) ==> Stat1: (not(FORALL g in (pow(pow(x0+y0)) - {0}) | (EXISTS m | (g * pow(m)) = {m}))) & Stat2: (FORALL gp in (pow(pow(x0)) - {0}) | (EXISTS m | (gp * pow(m)) = {m})) & Stat3: (FORALL gq in (pow(pow(y0)) - {0}) | (EXISTS m | (gq * pow(m)) = {m})) g0-->Stat1 ==> Stat4: (not (EXISTS m | (g0 * pow(m)) = {m})) & (g0 in (pow(pow(x0+y0)) - {0})) -- -- Indicate by $g1$ the set of all intersections $x0 * v$, with $v$ ranging over $g0$. -- Since $g0$ is nonnull, $g1$ cannot be null. -- Loc_def ==> Stat5: g1 = { x0 * v : v in g0 } Suppose ==> Stat6: (x0 * arb(g0)) notin { x0 * v : v in g0 } (arb(g0))-->Stat6(Stat4) ==> false Discharge ==> Stat7: (x0 * arb(g0)) in g1 -- -- Thus, since we have supposed $x0$ to be finite, and since $g1$ is formed by subsets -- of $x0$, $g1$ must have an inclusion-minimal element $m1$. -- Suppose ==> g1 notin pow(pow(x0)) Use_def(pow)(Stat7*) ==> Stat8: g1 notin {y: y ¥incin {z: z ¥incin x0}} g1-->Stat8(Stat8*) ==> Stat9: g1 ¥nincin {z: z ¥incin x0} x1-->Stat9(Stat5,Stat9*) ==> Stat10: (x1 in { x0 * v : v in g0 }) & (x1 notin {z: z ¥incin x0}) (v1,x0*v1)-->Stat10(Stat10*) ==> false Discharge ==> AUTO g1-->Stat2(Stat7*) ==> Stat11: (EXISTS m | (g1 * pow(m)) = {m}) m1-->Stat11(Stat11*) ==> (g1 * pow(m1)) = {m1} -- -- Indicate by $g2$ the set of all intersections $y0 * v$, with $v$ ranging over those -- elements of $g0$ whose intersection with $x0$ is $m1$. -- Since there must exist at least one such element in $g0$, $g2$ cannot be null. -- Loc_def ==> Stat12: g2 = { y0 * v : v in g0 | x0 * v = m1 } Suppose ==> Stat13: { y0 * v : v in g0 | x0 * v = m1 } = 0 ELEM ==> Stat14: m1 in { x0 * v : v in g0 } v0-->Stat14 ==> AUTO v0-->Stat13(Stat14*) ==> false Discharge ==> AUTO -- -- Therefore, since we have supposed $y0$ to be finite, and in view of the fact that $g2$ -- is constituted by subsets of $y0$, $g2$ must have an inclusion-minimal element $m2$. -- Suppose ==> Stat15: g2 notin pow(pow(y0)) Use_def(pow)(Stat15*) ==> Stat16: g2 notin {y: y ¥incin {z: z ¥incin y0}} g2-->Stat16(Stat16*) ==> Stat17: g2 ¥nincin {z: z ¥incin y0} x2-->Stat17(Stat12,Stat17*) ==> Stat18: (x2 in { y0 * v : v in g0 | x0 * v = m1 }) & (x2 notin {z: z ¥incin y0}) (v2,y0*v2)-->Stat18(Stat18*) ==> false Discharge ==> AUTO g2-->Stat3(Stat11*) ==> Stat19: (EXISTS m | (g2 * pow(m)) = {m}) m2-->Stat19(Stat19*) ==> (g2 * pow(m2)) = {m2} -- -- Vedremo ora che $m1+m2$ e` minimale in $g0$, contro l'assurda ipotesi con cui eravamo partiti. -- Cominciamo con l'osservare che $m1+m2$ appartiene in effetti a $g0$, dal momento che -- coincide con un elemento $w0$ di $g0$ che ha con $x0$ l'intersezione $m1$ e con $y0$ -- l'intersezione $m2$. -- (Stat12*)ELEM ==> Stat20: m2 in { y0 * v : v in g0 | x0 * v = m1 } w0-->Stat20(Stat20,Stat4*) ==> (m2 = (y0 * w0)) & (w0 in g0) & ((x0 * w0) = m1) & (g0 in pow(pow(x0+y0))) Use_def(pow)(Stat20*) ==> Stat21: g0 in {y: y ¥incin {z: z ¥incin (x0+y0)}} y1-->Stat21(Stat20*) ==> Stat22: w0 in {z: z ¥incin (x0+y0)} z1-->Stat22(Stat20*) ==> w0 = (m1+m2) -- -- Poiche` $w0$ non e` minimale in $g0$, indichiamone con $w1$ un sottoinsieme stretto che appartenga -- a $g0$, per cui risultera` che o $x0 * w1$ e` sottoinsieme stretto di $x0 * w0$ oppure $y0 * w1$ -- lo e` di $y0 * w0$. -- (w0,w0)-->T23(Stat20*) ==> w0 in (g0 * pow(w0)) w0-->Stat4(Stat22*) ==> Stat23: (g0 * pow(w0)) ¥nincin {w0} Use_def(pow(w0)) ==> AUTO w1-->Stat23(Stat23*) ==> Stat24: (w1 in {y: y ¥incin w0}) & (w1 /= w0) & (w1 in g0) y2-->Stat24(Stat20*) ==> (w1 ¥incin w0) & (((x0 * w1) /= m1) or ((y0 * w1) /= m2)) -- -- Consideriamo dapprima l'eventualita` che $x0 * w1 /= x0 * w0$. Facile vedere che -- un siffatto elemento, inficiando la minimalita` di $m1 = x0 * w0$ in $g1$, ci porterebbe -- a una contraddizione. -- Suppose ==> (x0 * w1) /= m1 Suppose ==> (x0 * w1) notin g1 EQUAL(Stat5) ==> Stat25: (x0 * w1) notin { x0 * v : v in g0 } w1-->Stat25(Stat24,Stat24*) ==> false Discharge ==> AUTO Use_def(pow(m1)) ==> AUTO (Stat11*)ELEM ==> Stat26: (x0 * w1) notin {z: z ¥incin m1} (x0 * w1)-->Stat26(Stat20*) ==> false Discharge ==> Stat27: ((x0 * w1) = m1) & ((y0 * w1) /= m2) -- -- Consideriamo allora l'eventualita` che $y0 * w1 /= y0 * w0$ mentre $x0 * w1 = x0 * w0$. -- In questo caso verrebbe inficiata la minimalita` di $m2 = y0 * w0$ in $g2$; in questo caso -- la contraddizione non ha vi e d'uscita e ci fornisce la conclusione che stavamo cercando -- attraverso l'argomento per assurdo. -- Suppose ==> (y0 * w1) notin g2 EQUAL(Stat12) ==> Stat28: (y0 * w1) notin { y0 * v : v in g0 | x0 * v = m1 } w1-->Stat28(Stat24,Stat27*) ==> false Discharge ==> AUTO Use_def(pow(m2)) ==> AUTO (Stat19*)ELEM ==> Stat29: (y0 * w1) notin {z: z ¥incin m2} (y0 * w1)-->Stat29(Stat20*) ==> false Discharge ==> QED -- Theorem 25b: [Finiteness of singletons] Finite({X}) & Finite(0). Proof: Suppose_not(x0) ==> AUTO ({x0},0)-->T24 ==> not Finite({x0}) Use_def(Finite) ==> Stat1: (not(FORALL g in (pow(pow({x0})) - {0}) | (EXISTS m | (g * pow(m)) = {m}))) g0-->Stat1 ==> Stat2: (not (EXISTS m | (g0 * pow(m)) = {m})) & (g0 in (pow(pow({x0})) - {0})) Use_def(pow) ==> Stat3: g0 in {y: y ¥incin pow({x0})} x0-->T23a ==> AUTO y0-->Stat3(Stat2*) ==> Stat4: (g0 /= 0) & (g0 ¥incin {0,{x0}}) Suppose ==> 0 in g0 0-->Stat2(Stat3*) ==> false Discharge ==> g0 = {{x0}} ({x0})-->Stat2(Stat3*) ==> false Discharge ==> QED -- Theorem 25c: [Finiteness of doubletons] (Z = {X,Y}) ¥imp Finite(Z). Proof: Suppose_not(z0,x0,y0) ==> AUTO (x0)-->T25b ==> AUTO (y0)-->T25b ==> AUTO ({x0},{y0})-->T25a ==> Finite({x0}+{y0}) & (({x0}+{y0}) = {x0,y0}) EQUAL ==> false Discharge ==> QED -- THEORY finiteInduction(s0, P(S)) Finite(s0) & P(s0) END finiteInduction -- ENTER_THEORY finiteInduction -- Theorem finiteInduction1: (EXISTS m | ({s ¥incin s0 | P(s)} * pow(m)) = {m}). Proof: Suppose_not() ==> AUTO Assump ==> Finite(s0) & P(s0) Use_def(Finite) ==> Stat1: (FORALL g in (pow(pow(s0)) - {0}) | (EXISTS m | (g * pow(m)) = {m})) ({s ¥incin s0 | P(s)})-->Stat1 ==> {s ¥incin s0 | P(s)} notin (pow(pow(s0)) - {0}) Suppose ==> Stat2: s0 notin {s ¥incin s0 | P(s)} s0-->Stat2 ==> false; Discharge ==> {s ¥incin s0 | P(s)} notin (pow(pow(s0))) Use_def(pow) ==> Stat3: {s ¥incin s0 | P(s)} notin {y: y ¥incin {z: z ¥incin s0}} ({s ¥incin s0 | P(s)})-->Stat3 ==> Stat4: {s ¥incin s0 | P(s)} ¥nincin {z: z ¥incin s0} s1-->Stat4 ==> Stat5: (s1 in {s: s ¥incin s0 | P(s)}) & (s1 notin {z: z ¥incin s0}) (s,s1)-->Stat5(Stat5*) ==> false Discharge ==> QED -- APPLY(v1_thryvar:fin_thryvar) Skolem() ==> Theorem finiteInduction0: ({s ¥incin s0 | P(s)} * pow(fin_thryvar)) = {fin_thryvar} -- Theorem finiteInduction2: [Minimal finite set satisfying $P$] (S ¥incin fin_thryvar) ¥imp( Finite(S) & ( P(S) ¥eq (S = fin_thryvar)) ). Proof: Suppose_not(s1) ==> AUTO ()-->TfiniteInduction0 ==> (({s ¥incin s0 | P(s)} * pow(fin_thryvar)) = {fin_thryvar}) & Stat1: (fin_thryvar in {s ¥incin s0 | P(s)}) ()-->Stat1 ==> (fin_thryvar ¥incin s0) & P(fin_thryvar) Assump ==> Finite(s0) (s0,fin_thryvar)-->T24 ==> Finite(fin_thryvar) (fin_thryvar,s1)-->T24 ==> P(s1) ¥neq (s1 = fin_thryvar) Suppose ==> s1 = fin_thryvar EQUAL ==> false; Discharge ==> (s1 notin ({s ¥incin s0 | P(s)} * pow(fin_thryvar))) & P(s1) Suppose ==> s1 notin pow(fin_thryvar) Use_def(pow) ==> Stat2: s1 notin {y: y ¥incin fin_thryvar} s1--> Stat2 ==> false Discharge ==> Stat3: s1 notin {s ¥incin s0 | P(s)} s1-->Stat3 ==> false Discharge ==> QED -- ENTER_THEORY Set_theory -- -- DISPLAY finiteInduction -- -- THEORY finiteInduction(s0,P(S)) -- Finite(s0) & P(s0) -- ==>(fin_thryvar) -- (FORALL S | (S ¥incin fin_thryvar) ¥imp ( Finite(S) & ( P(S) ¥eq (S = fin_thryvar)) )) -- END finiteInduction -- Theorem 25: [Finiteness of the union of a finite set with a singleton] Finite(F) ¥imp Finite(F + {X}). Proof: Suppose_not(f0,x0) ==> AUTO -- -- Arguing by contradiction, suppose that $f0$ and $x0$ are such that $f0$ is finite but $f0 + {x0}$ is not. -- A nonnull familiy $g0$ of subsets of $f0 +{x0}$ must then exist none of whose elements is minimal. -- On the other hand ${y-{x0}: y in g0}$, which is also nonnull but consists entirely of subsets of $f0$, -- must have a minimal element $m0=y0-{x0}$, with $y0 in g0$. -- Use_def(Finite) ==> Stat0: (not(FORALL g in (pow(pow(f0+{x0})) - {0}) | (EXISTS m | (g * pow(m)) = {m}))) & Stat1: (FORALL h in (pow(pow(f0)) - {0}) | (EXISTS m | (h * pow(m)) = {m})) g0-->Stat0(Stat0) ==> Stat2: (not (EXISTS m | (g0 * pow(m)) = {m})) & (g0 in pow(pow(f0+{x0}))) & (g0 /= 0) Loc_def ==> Stat3: h0 = {y-{x0}: y in g0} Suppose ==> h0 notin (pow(pow(f0)) - {0}) Suppose ==> Stat4: {y-{x0}: y in g0} = 0 (arb(g0))-->Stat4(Stat2,Stat2) ==> false; Discharge ==> AUTO Use_def(pow) ==> Stat5: h0 notin {h: h ¥incin {k: k ¥incin f0}} h0-->Stat5(Stat5*) ==> Stat6: h0 ¥nincin {k: k ¥incin f0} k0-->Stat6(Stat3*) ==> Stat7: (k0 in {y-{x0}: y in g0}) & (k0 notin {k: k ¥incin f0}) (y1,k0)-->Stat7(Stat7*) ==> (y1 in g0) & (y1 ¥nincin (f0 + {x0})) Use_def(pow)(Stat2,Stat2) ==> Stat8: g0 in {h: h ¥incin {k: k ¥incin (f0 + {x0})}} h1-->Stat8(Stat7*) ==> Stat9: y1 in {k: k ¥incin (f0 + {x0})} k1-->Stat9(Stat7*) ==> false Discharge ==> AUTO (h0,m0)-->Stat1(Stat3*) ==> Stat10: (m0 in {y-{x0}: y in g0}) & ((h0 * pow(m0)) = {m0}) y0-->Stat10(Stat10*) ==> Stat11: (m0 = (y0-{x0})) & (y0 in g0) -- -- We will reach the desired contradiction by showing that either $m0$ or $y0=m0+{x0}$ is minimal in $g0$. -- We check first that $m0$ itself must be minimal when $m0 in g0$. -- Suppose ==> m0 in g0 m0-->Stat2(Stat10*) ==> Stat12: (g0 * pow(m0)) ¥nincin {m0} Use_def(pow(m0)) ==> AUTO z0-->Stat12(Stat3*) ==> Stat13: (z0 in {h: h ¥incin m0}) & (z0 notin {y-{x0}: y in g0}) & (z0 in g0) (h2,z0)-->Stat13(Stat11*) ==> false Discharge ==> AUTO -- -- Suppose next that $m0 notin g0$; we will reach a contradiction by showing that $y0$ is minimal in $g0$. -- (y0,y0)-->T23(Stat11*) ==> y0 in pow(y0) y0-->Stat2(Stat11*) ==> Stat14: (g0 * pow(y0)) ¥nincin {y0} Use_def(pow(y0)) ==> AUTO z1-->Stat14(Stat11*) ==> Stat15: (z1 in {h: h ¥incin y0}) & (z1 in g0) & ((z1-{x0}) /= (y0-{x0})) EQUAL(Stat10) ==> (h0 * pow(y0-{x0})) = {y0-{x0}} Suppose ==> (z1-{x0}) notin pow(y0-{x0}) Use_def(pow)(Stat15) ==> Stat16: (z1-{x0}) notin {h: h ¥incin (y0-{x0})} (z1-{x0})-->Stat16(Stat16*) ==> (z1-{x0}) ¥nincin (y0-{x0}) h3-->Stat15(Stat16*) ==> false Discharge ==> AUTO Suppose ==> Stat17: (z1-{x0}) notin {y-{x0}: y in g0} z1-->Stat17(Stat15*) ==> false; Discharge ==> (z1-{x0}) in h0 (Stat15*)Discharge ==> QED -- Theorem 26: [Finiteness of the union of two finite sets] (Finite(X) & Finite(Y)) ¥imp Finite(X + Y). Proof: Suppose_not(x0,y1) ==> AUTO -- -- Arguing by contradiction, suppose that $x0$ and $y1$ are finite sets whose union is not finite. -- Then finite induction enables us to take a minimal subset $y0$ of $y1$ for which $x0+y0$ is not finite. -- APPLY(fin_thryvar:y0) finiteInduction(s0->y1,P(S)->(not Finite(x0+S))) ==> Stat1: (FORALL s | (s ¥incin y0) ¥imp ( Finite(s) & ( (not(Finite(x0+s))) ¥eq (s = y0)) )) y0-->Stat1(Stat1*) ==> Finite(y0) & (not Finite(x0+y0)) Loc_def ==> a0 = arb(y0) -- -- Since $y0$ cannot be empty, the union $x0+y0$ can be decomposed as $(x0+(y0-{arb(y0)}))+{arb(y0)}$, -- where $x0+(y0-{arb(y0)})$ is finite by inductive hypothesis. But then $x0+y0$ must also be finite, -- by the preceding theorem. -- Suppose ==> (x0 + y0) = x0 EQUAL(Stat1) ==> not Finite(x0) Discharge ==> Stat2: ((y0 - {a0}) /= y0) & (((x0+(y0 - {a0})) + {a0}) = (x0 + y0)) (y0 - {a0})-->Stat1(Stat1*) ==> Finite(x0+(y0 - {a0})) (x0+(y0 - {a0}),a0)-->T25(Stat2*) ==> Finite(((x0+(y0 - {a0})) + {a0})) EQUAL ==> false Discharge ==> QED -- THEORY finiteImage(s0,f(X)) Finite(s0) END finiteImage -- ENTER_THEORY finiteImage -- Theorem finiteImage: Finite({f(x): x in s0}). Proof: Suppose_not() ==> AUTO -- -- Possiamo dimostrare l'enunciato utilizzando l'induzione finita. Supponendo per assurdo che $s0$ abbia, -- tramite la funzione globale $f(X)$, immagine infinita, prendiamo un $s1$ -- finito e minimale rispetto all'inclusione che abbia, del pari, immagine ${f(x): x in s1}$ infinita. -- Si vede facilmente che $s1 /= 0$, per cui togliendo ad $s1$ un elemento $a$, -- troviamo che ${f(x): x in (s1 - {a})}$ e` finito per la supposta minimalita` di $s1$. -- Visto che l'unione di due insiemi finiti e` finita, avremo che ${f(x): x in (s1 - {a})} + {f(a)}$ e` -- finita e dunque differisce da ${f(x): x in s1}$. -- Assump ==> Finite(s0) APPLY(fin_thryvar:s1) finiteInduction(s0->s0,P(S)->(not Finite({f(x): x in S}))) ==> Stat1: (FORALL s | (s ¥incin s1) ¥imp ( Finite(s) & ((not Finite({f(x): x in s})) ¥eq (s = s1)) )) s1-->Stat1 ==> not Finite({f(x): x in s1}) Loc_def ==> Stat0: a = arb(s1) (f(a))-->T25b ==> Finite({f(a)}) & Finite(0) Suppose ==> s1 = 0 ELEM ==> {f(x): x in 0} = 0 EQUAL ==> false Discharge ==> AUTO (Stat0)ELEM ==> Stat2: ((s1 - {a}) ¥incin s1) & ((s1 - {a}) /= s1) Suppose ==> {f(x): x in s1} = ({f(x): x in (s1 - {a})} + {f(a)}) (s1 - {a})-->Stat1(Stat2*) ==> Finite({f(x): x in (s1 - {a})}) ({f(x): x in (s1 - {a})},{f(a)})-->T25a(Stat1*) ==> Finite({f(x): x in (s1 - {a})} + {f(a)}) EQUAL(Stat1) ==> false Discharge ==> AUTO -- -- Ma in realta` ${f(x): x in (s1 - {a})} + {f(a)}$ ed ${f(x): x in s1}$ sono uguali: in effetti $a in s1$ e dunque -- $f(a) in {f(x): x in s1}$; inoltre, per monotonicita` ${f(x): x in (s1 - {a})} ¥incin {f(x): x in s1}$ ed infine... -- Set_monot ==> {f(x): x in (s1 - {a})} ¥incin {f(x): x in s1} Suppose ==> Stat3: f(a) notin {f(x): x in s1} a-->Stat3(Stat2,Stat2*) ==> false; Discharge ==> Stat4: {f(x): x in s1} ¥nincin ({f(x): x in (s1 - {a})} + {f(a)}) -- -- ...e` facile vedere che ${f(x): x in s1} ¥incin ({f(x): x in (s1 - {a})} + {f(a)})$, ... -- b-->Stat4(Stat4*) ==> Stat5: (b in {f(x): x in s1}) & (b notin ({f(x): x in (s1 - {a})} + {f(a)})) x0-->Stat5(Stat5*) ==> (f(x0) notin {f(x): x in (s1 - {a})}) & (x0 in s1) & (f(x0) /= f(a)) Suppose ==> x0 = a EQUAL(Stat5) ==> false; Discharge ==> Stat6: (f(x0) notin {f(x): x in (s1 - {a})}) & (x0 /= a) & (x0 in s1) x0-->Stat6(Stat6*)==> false -- -- il che ci porta alla contraddizione cercata. -- Discharge ==> QED -- -- ENTER_THEORY Set_theory -- -- DISPLAY finiteImage -- -- THEORY finiteImage(s0,f(X)) -- Finite(s0) -- ==> -- Finite({f(x): x in s0}) -- END finiteImage -- -- -- -- \section{Some combinatorics of the union-set operation} -- Theorem 31d: [Unionset of 0 and 1] (Y ¥incin {0}) ¥eq (Un(Y) = 0). Proof: Suppose_not(x0) ==> AUTO Use_def(Un(x0)) ==> AUTO Suppose ==> Stat1: { z: y in x0, z in y } /= 0 (y0,z1)-->Stat1 ==> false; Discharge ==> Stat2: (x0 ¥nincin {0}) & ({ z: y in x0, z in y } = 0) (y1,y1,arb(y1))-->Stat2 ==> false Discharge ==> QED -- Theorem 31e: [Monotonicity of a set obtained through removal] (Un(X-{Y}) incs (Un(X)-Y)) & (Un(X) incs Un(X-{Y})). Proof: Suppose_not(x,y) ==> AUTO (x-{y},x)-->T2d(*) ==> Stat1: Un(x-{y}) ¥nincs (Un(x)-y) c-->Stat1(Stat1*) ==> Stat2: (c in (Un(x)-y)) & (c notin Un(x-{y})) Use_def(Un) ==> Stat3: (c in {u: v in x, u in v}) & (c notin {u: v in (x-{y}), u in v}) & (c notin y) (v0,u0,v0,u0)-->Stat3(Stat3*) ==> false Discharge ==> QED -- Theorem 31f: [Unionset of a set obtained through removal followed by adjunction] ((Un(M) incs P) & ((Q+R) = (P+S))) ¥imp (Un((M-{P})+{Q,R}) = (Un(M) + S)). Proof: Suppose_not(m,p,q,r,s) ==> AUTO TELEM ==> ((m-{p})+{q})+{r} = (m-{p})+{q,r} EQUAL ==> Un(((m-{p})+{q})+{r}) = Un((m-{p})+{q,r}) (m-{p},q)-->T2e ==> AUTO ((m-{p})+{q},r)-->T2e(*) ==> Un((m-{p})+{q,r}) = Un(m-{p}) + (p+s) (m,p)-->T31e(*) ==> false Discharge ==> QED -- Theorem 31g: [Incomparability of pre-pivotal elements] ((Y in X) & (X in Z) & (X in S) & (Z in S)) ¥imp (Y in Un(S*Un(S))). Proof: Suppose_not(y,x,z,s) ==> (Y in X) & (X in Z) & (X in S) & (Z in S) & (Y notin Un(S*Un(S))) Use_def(Un) ==> Stat1: y notin {v: u in s * Un(s), v in u} Use_def(Un(s)) ==> AUTO (x,y)-->Stat1(*) ==> Stat2: x notin {t: w in s, t in w} (z,x)-->Stat2(*) ==> false Discharge ==> QED -- -- Preparatory to a technique to which we will resort for extending perfect matchings, -- we introduce the following trivial combinatorial lemma: -- Theorem 31h: [Less-one lemma for unionset] ((Un(M) = T-{C}) & (S=T+X+{V}) & (Y in S*{C,V})) ¥imp (EXISTS d | Un(M+{X+{Y}}) = S-{d}). Proof: Suppose_not(m,t,c,s,x,v,y) ==> Stat0: (not(EXISTS d | Un(m+{x+{y}}) = s-{d})) & (Un(m) = t-{c}) & (s=t+x+{v}) & ((y = v) or ((c = y) & (y in s))) -- -- For, supposing the contrary, $Un(m+{x+{y}})$ would differ from each of $s-{s}$, $s-{c}$, and $s-{v}$, the first of which equals $s$. -- Thanks to Theorem 2e, we can rewrite $Un(m+{x+{y}})$ as $x+{y}+Un(m)$; but then the decidable fragment of set theory known as -- 'multi-level syllogistic with singleton' immediately yields a contradiction. -- s-->Stat0(*) ==> Un(m+{x+{y}}) /= s c-->Stat0(*) ==> Un(m+{x+{y}}) /= (s-{c}) v-->Stat0(*) ==> Un(m+{x+{y}}) /= (s-{v}) (m,x+{y})-->T2e ==> AUTO EQUAL ==> Stat1: ((x+{y} + Un(m)) /= (s-{c})) & ((x+{y} + Un(m)) /= (s-{v})) & ((x+{y} + Un(m)) /= s) (Stat0,Stat1*)Discharge ==> QED -- -- -- Theorem 32: [Finite, non-null sets own sources] (Finite(F) & (F /= 0)) ¥imp ((F - Un(F)) /= 0). Proof: Suppose_not(f1) ==> AUTO -- -- Arguing by contradiction, suppose that there are counterexamples to the claim. -- Then, by exploiting finite induction, we can pick a minimal counterexample, $f0$. -- APPLY(fin_thryvar:f0) finiteInduction(s0->f1,P(S)->((S/=0) & ((S - Un(S)) = 0))) ==> Stat0: (FORALL s | (s ¥incin f0) ¥imp ( Finite(s) & ( ((s/=0) & ((s - Un(s)) = 0)) ¥eq (s = f0)) )) Loc_def ==> a = arb(f0) f0-->Stat0(Stat0) ==> Stat1: Finite(f0) & (a in f0) & (f0 - Un(f0) = 0) -- -- Momentarily supposing that $f0={a}$, one gets $Un(f0) ¥nincin a$, because $Un(f0) ¥incin a$ would imply -- $f0-Un(f0) incs {a}-a$ and hence would imply the emptiness of ${a}-a$, entailing the manifest absurdity -- $a in a$. But, on the other hand, $Un({a}) ¥incin a$ trivially holds; therefore -- we must exclude that $f0$ is a singleton ${a}$. -- Suppose ==> (f0 = {a}) & (Un(f0) ¥nincin a) EQUAL ==> Un({a}) ¥nincin a Use_def(Un) ==> {u: v in {a}, u in v} ¥nincin a SIMPLF ==> false Discharge ==> AUTO -- -- Due to our minimality assumption, the strict non-null subset $f0 - {arb(f0)}$ of $f0$ cannot be a -- counterexample to the claim; therefore it has sources and hence $f0 - Un(f0 - {arb(f0)}) /= 0$. -- (f0-{a},a)-->T2e(Stat1,Stat1*) ==> (Un((f0 - {a})+{a}) = Un(f0 - {a}) + a) & ((f0 - {a}) + {a} = f0) (f0-{a})-->Stat0(Stat1*) ==> Stat2: f0-Un(f0-{a}) /= 0 -- -- Since $arb(f0)$ does not intersect $f0$, the inequality just found conflicts with the equality -- $f0 - (Un(f0 - {arb(f0)}) + arb(f0)) = 0$ which one gets from Theorem 2e through equality propagation. -- EQUAL ==> (f0 - (Un(f0 - {a}) + a) = 0) & (a = arb(f0)) (Stat2)Discharge ==> QED -- -- \section{Further properties of the union-set operation} -- -- THEORY doubleUnion(f(X),x0) END doubleUnion -- ENTER_THEORY doubleUnion -- Theorem doubleUnion: [Double union of a setformer] Un(Un({f(w): w in x0})) = Un({Un(f(w)): w in x0}). Proof: Suppose_not() ==> AUTO ({f(w): w in x0})-->T2b ==> Un({Un(v): v in {f(w): w in x0}}) /= Un({Un(f(w)): w in x0}) SIMPLF ==> false Discharge ==> QED -- ENTER_THEORY Set_theory -- -- -- Illustriamo l'utilita` del principio d'induzione finita introdotto sopra dimostrando che l'unione -- di una famiglia finita d'insiemi finiti e` finita. In modo analogo, ma piu` semplice, si dimostrera` -- che gli aperti di uno spazio topologico sono chiusi rispetto all'intersezione monadica di famiglie -- finite (visto che sono chiusi rispetto all'intersezione diadica). -- Theorem 33: [The union of a finite family of finite sets is finite] Finite(F) ¥imp Finite(Un({v in F | Finite(v)})). Proof: Suppose_not(f0) ==> AUTO APPLY(fin_thryvar:f1) finiteInduction(s0->f0, P(S)->(not Finite(Un({v in S | Finite(v)})))) ==> Stat1: (FORALL s | (s ¥incin f1) ¥imp( Finite(s) & ( (not Finite(Un({v in s | Finite(v)}))) ¥eq (s = f1)) )) f1-->Stat1(Stat1*) ==> Finite(f1) & (not(Finite(Un({v in f1 | Finite(v)})))) Loc_def ==> a = arb(f1) Suppose ==> f1 = 0 ELEM ==> {v in 0 | Finite(v)} = 0 EQUAL ==> {v in f1 | Finite(v)} = 0 ({v in f1 | Finite(v)})-->T31d ==> Un({v in f1 | Finite(v)}) = 0 0-->T25b ==> Finite(0) EQUAL(Stat1) ==> false Discharge ==> AUTO (Stat1)ELEM ==> Stat2: a in f1 Suppose ==> Stat3: {v in f1 | Finite(v)} /= (if Finite(a) then {a} else 0 end if + {v in (f1-{a}) | Finite(v)}) e-->Stat3(Stat3*) ==> (e in {v in f1 | Finite(v)}) ¥eq (e notin (if Finite(a) then {a} else 0 end if + {v in (f1-{a}) | Finite(v)})) Suppose ==> Stat4: e in {v in f1 | Finite(v)} ()-->Stat4(Stat3*) ==> Stat5: (e notin {v in (f1-{a}) | Finite(v)}) & (e in f1) & Finite(e) & (e notin if Finite(a) then {a} else 0 end if) e-->Stat5(Stat5*) ==> (e = a) & (not Finite(a)) EQUAL ==> false Discharge ==> AUTO Suppose ==> e in if Finite(a) then {a} else 0 end if (Stat3*)ELEM ==> Stat6: (e notin {v: v in f1 | Finite(v)}) & (e = a) & Finite(a) a-->Stat6(Stat6,Stat2*) ==> false Discharge ==> AUTO Set_monot ==> {v in f1 | Finite(v)} incs {v in (f1-{a}) | Finite(v)} (Stat3*)Discharge ==> AUTO (Stat2*)ELEM ==> {v in f1 | Finite(v)} = (if Finite(a) then {a} else 0 end if + {v in (f1-{a}) | Finite(v)}) (if Finite(a) then {a} else 0 end if,{v in (f1-{a}) | Finite(v)})-->T2c ==> AUTO EQUAL ==> Stat7: not Finite(Un(if Finite(a) then {a} else 0 end if) + Un({v in (f1-{a}) | Finite(v)})) (f1-{a})-->Stat1(Stat2,Stat2*) ==> Finite(Un({v in (f1-{a}) | Finite(v)})) (Un(if Finite(a) then {a} else 0 end if),Un({v in (f1-{a}) | Finite(v)}))-->T25a(Stat7*) ==> Stat8: not Finite(Un(if Finite(a) then {a} else 0 end if)) a-->T25b ==> Finite(0) & Finite({a}) Suppose ==> not Finite(a) 0-->T31d(Stat7*) ==> (if Finite(a) then {a} else 0 end if = 0) & (Un(0) = 0) EQUAL(Stat8) ==> false Discharge ==> AUTO a-->T2h(Stat8*) ==> (if Finite(a) then {a} else 0 end if = {a}) & (Un({a}) = a) EQUAL(Stat8) ==> false Discharge ==> QED -- -- Per dimostrare l'esistenza di un insieme infinito introduciamo, a partire dall'insieme predefinito $s_inf$ e da una -- correlata nozione $prk$ di pseudo-rango, l'insieme $nats$ dei numeri naturali intesi alla von Neumann. -- Def pseudoRank: [A global function sending each set to a natural number intended a` la von Neumann] prk(X) := arb({prk(y) + {prk(y)} : y in X | (X = {y}) & (y in s_inf)}) -- Def natural_numbers: [Natural numbers] nats := {prk(x): x in s_inf} -- Theorem 10045: [Existence of an infinite set] not Finite(nats). Proof: Suppose_not() ==> AUTO Use_def(Finite) ==> Stat0: (FORALL g in (pow(pow(nats)) - {0}) | (EXISTS m | (g * pow(m)) = {m})) -- -- Se per assurda ipotesi $nats$ fosse un insieme finito, ogni famiglia non vuota di suoi sottoinsiemi finiti -- avrebbe un elemento minimale. Cio` sarebbe vero in particolare per la famiglia -- $g0 = {nats - n : n in nats}$, -- poiche` in effetti, come subito verificheremo, a tale famiglia appartiene $nats$ ed e` inoltre chiaro che tutti -- i suoi elementi sono sottoinsiemi di $nats$. -- Loc_def ==> Stat1: g0 = {nats - n : n in nats} -- -- Richiamiamo che $s_inf /= 0$, in base all'assioma che riguarda questa costante; -- percio` risulta $prk(arb(s_inf)) = 0$ e dunque $0 in nats$ e dunque $nats in g0$. -- Suppose ==> nats notin g0 EQUAL ==> Stat2: nats notin {nats - n : n in nats} 0-->Stat2(Stat2*) ==> 0 notin nats Use_def(nats) ==> Stat3: 0 notin {prk(x): x in s_inf} Assump ==> s_inf /= 0 Use_def(prk) ==> prk(arb(s_inf)) = arb({prk(y) + {prk(y)} : y in arb(s_inf) | (arb(s_inf) = {y}) & (y in s_inf)}) (arb(s_inf))-->Stat3(Stat3) ==> Stat4: {prk(y) + {prk(y)} : y in arb(s_inf) | (arb(s_inf) = {y}) & (y in s_inf)} /= 0 y0-->Stat4(Stat4) ==> false Discharge ==> AUTO Suppose ==> g0 notin pow(pow(nats)) Use_def(pow) ==> Stat5: g0 notin {x: x ¥incin {y: y ¥incin nats}} g0-->Stat5(Stat5*) ==> Stat6: g0 ¥nincin {y: y ¥incin nats} s0-->Stat6(Stat1,Stat1*) ==> Stat7: (s0 in {nats - n : n in nats}) & (s0 notin {y: y ¥incin nats}) (n1,nats-n1)-->Stat7(Stat7*) ==> false Discharge ==> AUTO g0-->Stat0(Stat1*) ==> Stat8: (EXISTS m | (g0 * pow(m)) = {m}) m0-->Stat8(Stat1,Stat1*) ==> ({nats - n : n in nats} * pow(m0)) = {m0} (Stat8*)ELEM ==> Stat9: m0 in {nats - n : n in nats} n0-->Stat9(Stat9*) ==> (n0 in nats) & (m0 = (nats - n0)) Use_def(nats)(Stat9) ==> Stat10: n0 in {prk(x): x in s_inf} x0-->Stat10(Stat10*) ==> (n0 = prk(x0)) & (x0 in s_inf) Assump ==> Stat11: (FORALL x in s_inf | {x} in s_inf) x0-->Stat11(Stat10*) ==> {x0} in s_inf Suppose ==> prk({x0}) notin nats Use_def(nats) ==> Stat12: prk({x0}) notin {prk(x): x in s_inf} ({x0})-->Stat12(Stat11*) ==> false Discharge ==> AUTO Suppose ==> Stat13: prk({x0}) /= (prk(x0) + {prk(x0)}) Use_def(prk)(Stat11) ==> prk({x0}) = arb({prk(y) + {prk(y)} : y in {x0} | ({x0} = {y}) & (y in s_inf)}) (Stat13)ELEM ==> Stat14: {prk(x0) + {prk(x0)}} /= {prk(y) + {prk(y)} : y in {x0} | ({x0} = {y}) & (y in s_inf)} Suppose ==> Stat15: (prk(x0) + {prk(x0)}) notin {prk(y) + {prk(y)} : y in {x0} | ({x0} = {y}) & (y in s_inf)} x0-->Stat15(Stat10*) ==> false; Discharge ==> AUTO c0-->Stat14(Stat14*) ==> Stat16: (c0 in {prk(y) + {prk(y)} : y in {x0} | ({x0} = {y}) & (y in s_inf)}) & (c0 /= (prk(x0) + {prk(x0)})) y1-->Stat16(Stat10*) ==> (x0 = y1) & ((prk(y1) + {prk(y1)}) /= (prk(x0) + {prk(x0)})) EQUAL(Stat16) ==> false Discharge ==> AUTO (Stat8*)ELEM ==> Stat17: (prk({x0}) in nats) & ({x0} in s_inf) & ((nats - prk({x0})) ¥incin m0) & ((nats - prk({x0})) notin ({nats - n : n in nats} * pow(m0))) Suppose ==> (nats - prk({x0})) notin pow(m0) Use_def(pow) ==> Stat18: (nats - prk({x0})) notin {y: y ¥incin m0} (nats - prk({x0}))-->Stat18(Stat17*) ==> false; Discharge ==> Stat19: (nats - prk({x0})) notin {nats - n : n in nats} (prk({x0}))-->Stat19(Stat17*) ==> false Discharge ==> QED Theorem 10046: [Existence of an infinite set, 2] not Finite(s_inf). Proof: Suppose_not() ==> AUTO APPLY() finiteImage(s0->s_inf,f(X)->prk(X)) ==> Finite({prk(x): x in s_inf}) T10045 ==> not Finite(nats) Use_def(nats) ==> nats = {prk(x): x in s_inf} EQUAL ==> false Discharge ==> QED -- -- -- In sede di prima verifica delle precedenti dimostrazioni sulla finitezza era stato impiegato il nome di predicato 'Fin' -- del tutto sconosciuto a Ref, onde evitare possibili interferenze, nelle dimostrazioni, di meccanismi built-in. -- Aggirata in questo modo una questione metodologica, si è poi tornati al nome consueto. -- -- -- =============================================== -- Def maps.4: [Map range] range(F) := {cdr(x): x in F} Def maps.5: [Map] Is_map(F) := (FORALL p in F | p = [car(p),cdr(p)]) Def maps.6: [Single-valued map predicate] Svm(F) := Is_map(F) & (FORALL p in F, q in F | (car(p) = car(q)) ¥imp (p = q)) Def maps.7: [One-one map predicate] One_1_map(F) := Svm(F) & (FORALL p in F, q in F | (cdr(p) = cdr(q)) ¥imp (p = q)) Def maps.8: [Map Product] Def(F @ G) := {[car(x),cdr(y)]: x in G, y in F | cdr(x) = car(y)} Def maps.9: [Inverse of map] inv(F) := {[cdr(p),car(p)]: p in F} -- -- -- The next small theory simply tells us that any setformer of the form ${[a(x),b(x)]: x in s}$ -- is a map. The proof of the one theorem it provides is an elementary consequence -- of the definition of 'Is_map' -- THEORY Iz_map(a(x),b(x),s) END Iz_map; -- ENTER_THEORY Iz_map -- Theorem iz_map.1: [Mapformers are maps] Is_map({[a(x),b(x)]: x in s}) & (domain({[a(x),b(x)]: x in s}) = {a(x): x in s}) & (range({[a(x),b(x)]: x in s}) = {b(x): x in s}). Proof: Suppose_not ==> AUTO Use_def(domain) ==> domain({[a(x),b(x)]: x in s}) = {car(y): y in {[a(x),b(x)]: x in s}} SIMPLF ==> domain({[a(x),b(x)]: x in s}) = {car([a(x),b(x)]): x in s} Suppose ==> Stat1: {car([a(x),b(x)]): x in s} /= {a(x): x in s} c1-->Stat1 ==> false; Discharge ==> domain({[a(x),b(x)]: x in s}) = {a(x): x in s} Use_def(range) ==> range({[a(x),b(x)]: x in s}) = {cdr(y): y in {[a(x),b(x)]: x in s}} SIMPLF ==> range({[a(x),b(x)]: x in s}) = {cdr([a(x),b(x)]): x in s} Suppose ==> Stat2: {cdr([a(x),b(x)]): x in s} /= {b(x): x in s} c2-->Stat2 ==> false; Discharge ==> range({[a(x),b(x)]: x in s}) = {b(x): x in s} Use_def(Is_map) ==> Stat3: not(FORALL p in {[a(x),b(x)]: x in s} | p = [car(p),cdr(p)]) p0-->Stat3 ==> Stat4: (p0 in {[a(x),b(x)]: x in s}) & (p0 /= [car(p0),cdr(p0)]) c-->Stat4(Stat4) ==> false Discharge ==> QED -- ENTER_THEORY Set_theory -- -- DISPLAY Iz_map -- -- THEORY Iz_map(a(x),b(x),s) -- ==> -- Is_map({[a(x),b(x)]: x in s}) & (domain({[a(x),b(x)]: x in s}) = {a(x): x in s}) & (range({[a(x),b(x)]: x in s}) = {b(x): x in s}) -- END Iz_map; -- -- Our next utility theory tells us that a setformer of the form ${[a(x),b(x)]: x in s}$ is a single -- valued map unless there are $x$ and $y$ in $s$ such that $a(x) = a(y)$ does not imply $b(x) = b(y)$, -- and that ${[x,b(x)]: x in s}$ is always a single valued map. -- THEORY Svm_test(a(x),b(x),s) END Svm_test; -- ENTER_THEORY Svm_test -- Def Svm_test.0a: [Witness to non-singlevaluedness] xy2_thryvar := arb({[x,y]: x in s, y in s | (a(x) = a(y)) & (b(x) /= b(y))}) Def Svm_test.0b: [First component of witness to non-singlevaluedness] x3_thryvar := car(xy2_thryvar) Def Svm_test.0c: [Second component of witness to non-singlevaluedness] y3_thryvar := cdr(xy2_thryvar) -- Theorem Svm_test.1: [Single-valuedness test] ((x3_thryvar in s) & (y3_thryvar in s) & (a(x3_thryvar) = a(y3_thryvar)) & (b(x3_thryvar) /= b(y3_thryvar))) or Svm({[a(x),b(x)]: x in s}). Proof: Suppose_not ==> (not ((x3_thryvar in s) & (y3_thryvar in s) & (a(x3_thryvar) = a(y3_thryvar)) & (b(x3_thryvar) /= b(y3_thryvar)))) & (not Svm({[a(x),b(x)]: x in s})) -- -- By definition, the contrary of our assertion can only be true if ${[a(x),b(x)]: x in s}$ -- is either not a map or fails the single-valuedness test. But the preceding theory $Iz_map$ -- tells us that the first case is impossible, and an elementary simplification shows -- that the second case is impossible also. -- Use_def(Svm) ==> not(Is_map({[a(x),b(x)]: x in s})) or (not (FORALL u in {[a(x),b(x)]: x in s}, v in {[a(x),b(x)]: x in s} | (car(u) = car(v)) ¥imp (u = v))) APPLY() Iz_map(a(x)->a(x),b(x)->b(x),s->s) ==> Is_map({[a(x),b(x)]: x in s}) SIMPLF ==> Stat1: (not (FORALL x in s, y in s | (car([a(x),b(x)]) = car([a(y),b(y)])) ¥imp ([a(x),b(x)] = [a(y),b(y)]))) (x,y)-->Stat1 ==> (x in s) & (y in s) & (car([a(x),b(x)]) = car([a(y),b(y)])) & ([a(x),b(x)] /= [a(y),b(y)]) Suppose ==> Stat2: {[x,y]: x in s, y in s | (a(x) = a(y)) & (b(x) /= b(y))} = 0 (x,y)-->Stat2 ==> not((x in s) & (y in s) & (a(x) = a(y)) & (b(x) /= b(y))) Discharge ==> {[x,y]: x in s, y in s | (a(x) = a(y)) & (b(x) /= b(y))} /= 0 ({[x,y]: x in s, y in s | (a(x) = a(y)) & (b(x) /= b(y))})-->T0 ==> arb({[x,y]: x in s, y in s | (a(x) = a(y)) & (b(x) /= b(y))}) in {[x,y]: x in s, y in s | (a(x) = a(y)) & (b(x) /= b(y))} Use_def(xy2_thryvar) ==> Stat3: xy2_thryvar in {[x,y]: x in s, y in s | (a(x) = a(y)) & (b(x) /= b(y))} (xx,yy)-->Stat3 ==> Stat4: (xx in s) & (yy in s) & (xy2_thryvar = [xx,yy]) & (a(xx) = a(yy)) & (b(xx) /= b(yy)) (Stat4)ELEM ==> (xx = car(xy2_thryvar)) & (yy = cdr(xy2_thryvar)) Use_def(x3_thryvar) ==> x3_thryvar = car(xy2_thryvar) Use_def(y3_thryvar) ==> y3_thryvar = cdr(xy2_thryvar) EQUAL ==> false; Discharge ==> QED -- ENTER_THEORY Set_theory -- -- DISPLAY Svm_test -- -- THEORY Svm_test(a,b,s) -- ==> -- ((x3_thryvar in s) & (y3_thryvar in s) & (a(x3_thryvar) = a(y3_thryvar)) & (b(x3_thryvar) /= b(y3_thryvar))) or -- Svm({[a(x),b(x)]: x in s}) -- END Svm_test; -- -- -- -- The next mini-theory simply specializes $Svm_test$ to the form in which it is most commonly used. -- The proof required is completely elementary. -- The following final small theories in the present utility series adapt -- $Svm_test$ and its multivariable analogs to the form more conveniently used in proving -- that a map is 1-1. Once more the sole theorem provided has an easy proof. -- THEORY one_1_test(a(x),b(x),s) END one_1_test; -- ENTER_THEORY one_1_test -- Def one_1_test.0a: [Witness to non-one-oneness of a map] xy5_thryvar := arb({[x,y]: x in s, y in s | ((a(x) = a(y)) ¥neq (b(x) = b(y)))}) Def one_1_test.0b: [First component of witness to map non-one-oneness] x6_thryvar := car(xy5_thryvar) Def one_1_test.0c: [Second component of witness to map non-one-oneness] y6_thryvar := cdr(xy5_thryvar) -- Theorem one_1_test.1: [One-one map former test] ((x6_thryvar in s) & (y6_thryvar in s) & (((a(x6_thryvar) = a(y6_thryvar)) ¥neq (b(x6_thryvar) = b(y6_thryvar))))) or One_1_map({[a(x),b(x)]: x in s}). Proof: Suppose_not ==> (not((x6_thryvar in s) & (y6_thryvar in s) & (((a(x6_thryvar) = a(y6_thryvar)) ¥neq (b(x6_thryvar) = b(y6_thryvar)))))) & (not One_1_map({[a(u),b(u)]: u in s})) -- -- For let $s$ be a counterexample to our assertion. Then the set -- -- (*) ${[x,y]: x in s, y in s | ((a(x) = a(y)) ¥neq (b(x) = b(y)))}$ -- -- cannot be empty, since if it were ${[a(x),b(x)]: x in s}$ would necessarily be single valued, -- in which case there would have to exist two elements $xx$, $yy$ of $s$ for which $((b(xx) = b(yy)) & (a(xx) /= a(yy)))$, -- an impossibility given that the set (*) seen above is empty. -- Use_def(One_1_map) ==> Stat1: (not Svm({[a(u),b(u)]: u in s})) or (not (FORALL x in {[a(u),b(u)]: u in s}, y in {[a(v),b(v)]: v in s} | (cdr(x) = cdr(y)) ¥imp (x = y))) Suppose ==> Stat2: {[x,y]: x in s, y in s | ((a(x) = a(y)) ¥neq (b(x) = b(y)))} = 0 Suppose ==> not Svm({[a(x),b(x)]: x in s}) APPLY(x3_thryvar:x,y3_thryvar:y) Svm_test(a(x)->a(x),b(x)->b(x),s->s) ==> ((x in s) & (y in s) & (a(x) = a(y)) & (b(x) /= b(y))) or Svm({[a(x),b(x)]: x in s}) ELEM ==> (x in s) & (y in s) & (a(x) = a(y)) & (b(x) /= b(y)) (x,y)-->Stat2 ==> (a(x) = a(y)) ¥eq (b(x) = b(y)) ELEM ==> false; Discharge ==> (not (FORALL x in {[a(u),b(u)]: u in s}, y in {[a(v),b(v)]: v in s} | (cdr(x) = cdr(y)) ¥imp (x = y))) SIMPLF ==> Stat3: (not (FORALL u in s, v in s | (cdr([a(u),b(u)]) = cdr([a(v),b(v)])) ¥imp ([a(u),b(u)] = [a(v),b(v)]))) (xx,yy)-->Stat3 ==> (xx in s) & (yy in s) & (cdr([a(xx),b(xx)]) = cdr([a(yy),b(yy)])) & ([a(xx),b(xx)] /= [a(yy),b(yy)]) ELEM ==> (xx in s) & (yy in s) & (b(xx) = b(yy)) & (a(xx) /= a(yy)) (xx,yy)-->Stat2 ==> (a(xx) = a(yy)) ¥eq (b(xx) = b(yy)) ELEM ==> false; Discharge ==> {[x,y]: x in s, y in s | ((a(x) = a(y)) ¥neq (b(x) = b(y)))} /= 0 -- -- It therefore follows by the axiom of choice that $xy5_thryvar$, as defined above, is an element of the set (*), -- and thus its two components $x6_thryvar$ and $y6_thryvar$ stand in contradiction to the hypotheses of the -- present theorem. This contradiction proves our assertion. -- ({[x,y]: x in s, y in s | ((a(x) = a(y)) ¥neq (b(x) = b(y)))})-->T0 ==> arb({[x,y]: x in s, y in s | ((a(x) = a(y)) ¥neq (b(x) = b(y)))}) in {[x,y]: x in s, y in s | ((a(x) = a(y)) ¥neq (b(x) = b(y)))} Use_def(xy5_thryvar) ==> Stat4: xy5_thryvar in {[x,y]: x in s, y in s | ((a(x) = a(y)) ¥neq (b(x) = b(y)))} (x2,y2)-->Stat4 ==> (xy5_thryvar = [x2,y2]) & (x2 in s) & (y2 in s) & (((a(x2) = a(y2)) ¥neq (b(x2) = b(y2)))) ELEM ==> (car(xy5_thryvar) = x2) & (cdr(xy5_thryvar) = y2) Use_def(x6_thryvar) ==> x6_thryvar = car(xy5_thryvar) Use_def(y6_thryvar) ==> y6_thryvar = cdr(xy5_thryvar) EQUAL ==> false; Discharge ==> QED -- ENTER_THEORY Set_theory -- -- The utility theory just developed can be summarized as follows. -- DISPLAY one_1_test -- -- THEORY one_1_test(a(x),b(x),s) -- ==>(x6_thryvar,y6_thryvar) -- ((x6_thryvar in s) & (y6_thryvar in s) & (not((a(x6_thryvar) = a(y6_thryvar)) ¥eq (b(x6_thryvar) = b(y6_thryvar))))) or -- One_1_map({[a(x),b(x)]: x in s}) -- END one_1_test; -- -- We momentarily re-enter the theory 'fcn_symbol' to enrich it with more theorems. -- ENTER_THEORY fcn_symbol -- -- It follows immediately using our previously derived $Svm_test$ THEORY that $g$ must be single-valued. -- Theorem fcn_symbol.4: [Single-valuedness of a map obtained by restricting a global function to a set] Svm(g). Proof: Suppose_not ==> not Svm(g) APPLY(x3_thryvar:x,y3_thryvar:y) Svm_test(a(x)->x,b(x)->f(x),s->s) ==> (((x = y) & (f(x) /= f(y))) or Svm({[x,f(x)]: x in s})) Assump ==> g = {[x,f(x)]: x in s} EQUAL ==> (((x = y) & (f(x) /= f(y))) or Svm(g)) ELEM ==> (x = y) & (f(x) /= f(y)) EQUAL ==> false; Discharge ==> QED -- -- It is easy to derive the following formula for the range of a map $g$: -- Theorem fcn_symbol.5: [Range of a mapformer] range(g) = {f(xx) : xx in s}. Proof: Suppose_not ==> range(g) /= {f(x) : x in s} -- -- For if not, it follows by definition of range that -- ${cdr([x,f(x)]): x in s} /= {f(x) : x in s}$, -- implying the existence of an x such that $cdr([x,f(x)]) /= f(x)$, -- which is impossible. -- Use_def(range) ==> range(g) = {cdr(x): x in g} Assump ==> g = {[x,f(x)]: x in s} EQUAL ==> {cdr(x): x in {[x,f(x)]: x in s}} /= {f(x) : x in s} SIMPLF ==> {cdr([x,f(x)]): x in s} /= {f(x) : x in s} Set_monot ==> {cdr([x,f(x)]): x in s} = {f(x) : x in s} Discharge ==> QED -- ENTER_THEORY Set_theory -- Note: this exits the subtheory 'fcn_symbol', and re-enters the main Set_theory. -- Note: if we used 'DISPLAY fcn_symbol' at this point, the result would be as follows: -- -- DISPLAY fcn_symbol -- -- THEORY fcn_symbol(f(X),g,s) [Contains some elementary lemmas about single-valued functions] -- g = {[x,f(x)]: x in s} -- ==> -- (domain(g) = s) -- (FORALL xp | (xp in s) ¥imp (g~[xp] = f(xp))) -- (FORALL xp | g~[xp] = if xp in s then f(xp) else 0 end if) -- Svm(g) -- range(g) = {f(xx) : xx in s} -- END fcn_symbol; -- -- The first of these simply says that a restriction of a map $f$ is a subset of $f$, -- a fact immediate if we use proof by monotonicity. -- Theorem 48: [Map restriction lemma] (F ¥ON A) ¥incin F. Proof: Suppose_not(f,a) ==> not((f ¥ON a) ¥incin f) Use_def(¥ON) ==> not({p: p in f | car(p) in a} ¥incin f) Set_monot ==> {p: p in f | car(p) in a} ¥incin {p: p in f} Discharge ==> QED -- -- To show that a map product is always a map, we have only to expand the definition and simplify. -- Theorem 55: [Map compositions are maps] Is_map(F @ G). Proof: Suppose_not(f,g) ==> not Is_map(f @ g) Use_def(Is_map(f @ g)) ==> AUTO Use_def(@) ==> Stat1: not(FORALL p in {[car(x),cdr(y)]: x in g, y in f | cdr(x) = car(y)} | p = [car(p),cdr(p)]) p0-->Stat1 ==> Stat2: (p0 in {[car(x),cdr(y)]: x in g, y in f | cdr(x) = car(y)}) & (p0 /= [car(p0),cdr(p0)]) (x0,y0)-->Stat2 ==> p0 = [car(x0),cdr(y0)] (Stat2)Discharge ==> QED -- Theorem 58: [Restrictions of one-one maps are one-one] One_1_map(F) ¥imp One_1_map(F ¥ON S). Proof: Suppose_not(f,s) ==> Stat0: One_1_map(f) & (not One_1_map(f ¥ON s)) Use_def(One_1_map(f)) ==> AUTO Use_def(Svm(f)) ==> AUTO Use_def(Is_map(f)) ==> AUTO EQUAL ==> Stat1: (FORALL x in f | x = [car(x),cdr(x)]) & (FORALL x in f, y in f | (car(x) = car(y)) ¥imp (x = y)) & (FORALL x in f, y in f | (cdr(x) = cdr(y)) ¥imp (x = y)) Use_def(¥ON) ==> Stat2: (f ¥ON s) = {p in f | car(p) in s} Set_monot ==> {p in f | car(p) in s} ¥incin {p in f | true} (Stat0*)ELEM ==> Stat3: ((f ¥ON s) ¥incin f) & (not One_1_map(f ¥ON s)) Suppose ==> not(FORALL x in (f¥ON s) | x = [car(x),cdr(x)]) (Stat1*)ELEM ==> Stat4: (not(FORALL x in (f¥ON s) | x = [car(x),cdr(x)])) & (FORALL x in f | x = [car(x),cdr(x)]) (x1,x1)-->Stat4(Stat3*) ==> false Discharge ==> AUTO Suppose ==> not(FORALL x in (f¥ON s), y in (f¥ON s) | (car(x) = car(y)) ¥imp (x = y)) (Stat1*)ELEM ==> Stat5: (not(FORALL x in (f¥ON s), y in (f¥ON s) | (car(x) = car(y)) ¥imp (x = y))) & (FORALL x in f, y in f | (car(x) = car(y)) ¥imp (x = y)) (x2,y2,x2,y2)-->Stat5(Stat3*) ==> false Discharge ==> AUTO Suppose ==> not(FORALL x in (f¥ON s), y in (f¥ON s) | (cdr(x) = cdr(y)) ¥imp (x = y)) (Stat1*)ELEM ==> Stat6: (not(FORALL x in (f¥ON s), y in (f¥ON s) | (cdr(x) = cdr(y)) ¥imp (x = y))) & (FORALL x in f, y in f | (cdr(x) = cdr(y)) ¥imp (x = y)) (x3,y3,x3,y3)-->Stat6(Stat3*) ==> false Discharge ==> AUTO Use_def(One_1_map(f¥ON s)) ==> AUTO Use_def(Svm(f¥ON s)) ==> AUTO Use_def(Is_map(f¥ON s)) ==> AUTO (Stat3*)Discharge ==> QED -- -- Next we state two entirely elementary facts concerning the range and domain of a map $f$: -- for each $x in f$, $car(x)$ is in $domain(f)$ and $cdr(x)$ is in $range(f)$. -- Theorem 60: [Domain membership lemma] (X in F) ¥imp (car(X) in domain(F)). Proof: Suppose_not(c,f) ==> AUTO Use_def(domain) ==> Stat1: not car(c) in {car(x): x in f} c-->Stat1 ==> AUTO Discharge ==> QED -- Theorem 61: [Range membership lemma] (X in F) ¥imp (cdr(X) in range(F)). Proof: Suppose_not(c,f) ==> AUTO Use_def(range) ==> Stat1: not(cdr(c) in {cdr(x): x in f}) c-->Stat1 ==> AUTO Discharge ==> QED -- -- It is also an elementary consequence of the definition that the union of two maps is a map. -- Theorem 62: [Map unions are maps] (Is_map(F) & Is_map(G)) ¥imp Is_map(F + G). Proof: Suppose_not(f,g) ==> AUTO Use_def(Is_map) ==> Stat1: (not(FORALL r in f+g | r = [car(r), cdr(r)])) & (FORALL p in f | p = [car(p), cdr(p)]) & (FORALL q in g | q = [car(q), cdr(q)]) (p0,p0,p0)-->Stat1(Stat1*) ==> false Discharge ==> QED -- Theorem 62a: [Svm unions are Svm] (Svm(F) & Svm(G) & (domain(F) * domain(G) = 0)) ¥imp Svm(F + G). Proof: Suppose_not(t0,s0) ==> AUTO (t0,s0)-->T62 ==> AUTO Use_def(Svm) ==> Stat4: (not (FORALL p in t0+s0, q in t0+s0 | (car(p) = car(q)) ¥imp (p = q))) & (FORALL p in t0, q in t0 | (car(p) = car(q)) ¥imp (p = q)) & (FORALL p in s0, q in s0 | (car(p) = car(q)) ¥imp (p = q)) & (domain(t0) * domain(s0) = 0) -- -- Let $a1,b1$ witness the non-single-valuedness of $t0+s0$. On the one hand, $a1,b1$ cannot belong -- simultaneously to $t0$ or to $s0$, because this would conflict with the single-valuedness of $t0$ and of $s0$. -- (a1,b1,a1,b1,a1,b1)-->Stat4(Stat4*) ==> (car(a1) = car(b1)) & (((a1 in t0) & (b1 in s0)) or ((a1 in s0) & (b1 in t0))) -- -- On the other hand, since $a1,b1$ share their first component, assuming that one belongs to $s0$ and the other -- to $t0$ contradicts the assumed disjointness of the domains of $s0,t0$. -- (b1,s0)-->T60 ==> AUTO (a1,t0)-->T60 ==> AUTO (a1,s0)-->T60 ==> AUTO (b1,t0)-->T60(Stat4*) ==> false Discharge ==> QED -- -- Theorem 62b: [The unionset of a set of maps is a map] (FORALL f in S | Is_map(f)) ¥imp Is_map(Un(S)). Proof: Suppose_not(s0) ==> AUTO APPLY(allUn_thryvar:x0) allUn(s0->s0,P(X)->Is_map(X),Q(Y)->(Y=[car(Y),cdr(Y)])) ==> Is_map(x0) ¥neq (FORALL p in x0 | p = [car(p),cdr(p)]) Use_def(Is_map) ==> false Discharge ==> QED -- Theorem 62c: [The unionset of a set of pairwise compatible single-valued maps is a single_valued map] (FORALL f in S, g in S | Svm(f+g)) ¥imp Svm(Un(S)). Proof: Suppose_not(s0) ==> Stat1: (FORALL f in s0, g in s0 | Svm(f+g)) & (not Svm(Un(s0))) Suppose ==> (not Is_map(Un(s0))) s0-->T62b ==> Stat2: (not (FORALL f in s0 | Is_map(f))) g0-->Stat2 ==> (g0 in s0) & (not Is_map(g0)) (g0,g0)-->Stat1 ==> Svm(g0+g0) & (g0+g0 = g0) EQUAL ==> Svm(g0) Use_def(Svm) ==> false Discharge ==> AUTO Use_def(Svm) ==> Stat3: (not (FORALL p in Un(s0), q in Un(s0) | (car(p) = car(q)) ¥imp (p = q))) Use_def(Un(s0)) ==> AUTO (p0,q0)-->Stat3 ==> Stat4: (p0 in {u: v in s0, u in v}) & (q0 in {u: v in s0, u in v}) & (car(p0) = car(q0)) & (p0 /= q0) (f0,u0,f1,v0)-->Stat4 ==> (f0 in s0) & (p0 in f0) & (f1 in s0) & (q0 in f1) (f0,f1)-->Stat1 ==> Svm(f0+f1) Use_def(Svm) ==> Stat5: (FORALL p in f0+f1, q in f0+f1 | (car(p) = car(q)) ¥imp (p = q)) (p0,q0)-->Stat5(Stat4*) ==> false Discharge==>QED -- -- Next we show that the map restriction operation is additive in its second argument. -- Again, this is an entirely elementary consequence of the definition, by set monotonicity. -- Theorem 63: [Map restriction is additive] F ¥ON (A + B) = (F ¥ON A) + (F ¥ON B). Proof: Suppose_not(f,a,b) ==> AUTO Use_def(¥ON) ==> {p in f | car(p) in a + b} /= {p in f | car(p) in a} + {p in f | car(p) in b} Set_monot ==> {p in f | car(p) in a + b} = {p in f | (car(p) in a) or (car(p) in b)} Set_monot ==> {p in f | (car(p) in a) or (car(p) in b)} = {p in f | car(p) in a} + {p in f | car(p) in b} Discharge ==> QED -- -- The map restriction operation is also additive in its first argument -- the argument being similar and equally elementary. -- Theorem 64: [Restriction of union maps] (F + G) ¥ON A = (F ¥ON A) + (G ¥ON A). Proof: Suppose_not(f,g,a) ==> ((f + g) ¥ON a) /= (f ¥ON a) + (g ¥ON a) Use_def(¥ON) ==> {p in (f + g) | car(p) in a} /= {p in f | car(p) in a} + {p in g | car(p) in a} Set_monot ==> {p in (f + g) | car(p) in a} = {p in f | car(p) in a} + {p in g | car(p) in a} Discharge ==> QED -- -- The fact that the range and domain of a map $f$ are both monotone increasing functions of $f$ -- also follows immediately by set monotonicity. -- Theorem 65: [Monotonicity of range and domain sets] (F ¥incin G) ¥imp ((range(F) ¥incin range(G)) & (domain(F) ¥incin domain(G))). Proof: Suppose_not(f,g) ==> AUTO Set_monot ==> {car(x): x in f} ¥incin {car(x): x in g} Set_monot ==> {cdr(x): x in f} ¥incin {cdr(x): x in g} Use_def(domain) ==> domain(f) ¥incin domain(g) Use_def(range) ==> false Discharge ==> QED -- -- Our next theorem states the important but elementary fact that map composition is associative. -- Theorem 66: [Associativity of map multiplication] F @ (G @ H) = (F @ G) @ H. Proof: Suppose_not(f,g,h) ==> f @ (g @ h) /= (f @ g) @ h Use_def(@) ==> f @ (g @ h) = {[car(x),cdr(v)]: x in {[car(x),cdr(y)]: x in h, y in g | cdr(x) = car(y)}, v in f | cdr(x) = car(v)} Use_def(@) ==> (f @ g) @ h = {[car(x),cdr(y)]: x in h, y in {[car(y),cdr(v)]: y in g, v in f | cdr(y) = car(v)} | cdr(x) = car(y)} ELEM ==> {[car(x),cdr(v)]: x in {[car(x),cdr(y)]: x in h, y in g | cdr(x) = car(y)}, v in f | cdr(x) = car(v)} /= {[car(x),cdr(y)]: x in h, y in {[car(y),cdr(v)]: y in g, v in f | cdr(y) = car(v)} | cdr(x) = car(y)} -- -- For if not, simplification after using the definition of map composition -- gives us the following inequality, and so the elementary inequality seen just below it. -- But since this is impossible our lemma follows. -- SIMPLF ==> Stat1: {[car([car(x),cdr(y)]),cdr(v)]: x in h, y in g, v in f | (cdr(x) = car(y)) & (cdr([car(x),cdr(y)]) = car(v))} /= {[car(x),cdr([car(y),cdr(v)])]: x in h, y in g , v in f | (cdr(y) = car(v)) & (cdr(x) = car([car(y),cdr(v)]))} (x,y,v)-->Stat1 ==> ([car([car(x),cdr(y)]),cdr(v)] /= [car(x),cdr([car(y),cdr(v)])]) or (not(((cdr(x) = car(y)) & (cdr([car(x),cdr(y)]) = car(v))) ¥eq ((cdr(y) = car(v)) & (cdr(x) = car([car(y),cdr(v)]))))) Discharge ==> QED -- -- Now we show that the restriction of a map $f$ to its own domain is simply $f$. -- Theorem 67: [Restriction of a map to its own domain] F ¥ON domain(F) = F. Proof: Suppose_not(f) ==> not((f ¥ON domain(f)) = f) -- -- For if not, it follows by Theorem 48 that there must be -- some element $a in f$ which is not in ${p in f | car(p) in domain(f)}$, -- which is clearly impossible by Theorem 60. -- (f,domain(f))-->T48 ==> (f ¥ON domain(f)) ¥incin f ELEM ==> not((f ¥ON domain(f)) incs f) Use_def(¥ON) ==> Stat1: not({p in f | car(p) in domain(f)} incs f) (a)-->Stat1 ==> (a in f) & Stat2: (not(a in {p in f | car(p) in domain(f)})) (a)-->Stat2 ==> car(a) notin domain(f) (a,f)-->T60 ==> false; Discharge ==> QED -- Theorem 71: [Map image elements belong to the map range] (X in domain(F)) ¥imp ((F~[X]) in range(F)). Proof: Suppose_not(x0,f) ==> AUTO Use_def(domain(f)) ==> AUTO Use_def(range(f)) ==> AUTO Use_def(~) ==> Stat1: (x0 in {car(p): p in f}) & (cdr(arb(f ¥ON {x0})) notin {cdr(p): p in f}) Use_def(¥ON) ==> (f ¥ON {x0}) = {p in f | car(p) in {x0}} p0-->Stat1(Stat1*) ==> Stat2: (x0 = car(p0)) & (p0 in f) EQUAL ==> Stat3: (cdr(arb({p in f | car(p) in {car(p0)}})) notin {cdr(p): p in f}) (arb({p in f | car(p) in {car(p0)}}))-->Stat3(Stat3*) ==> Stat4: arb({p in f | car(p) in {car(p0)}}) notin f Suppose ==> Stat5: p0 notin {p in f | car(p) in {car(p0)}} p0-->Stat5(Stat2,Stat2*) ==> false; Discharge ==> AUTO Loc_def ==> a = arb({p in f | car(p) in {car(p0)}}) (Stat4)ELEM ==> Stat6: (a in {p in f | car(p) in {car(p0)}}) & (a notin f) ()-->Stat6(Stat6*) ==> false Discharge ==> QED -- -- -- Theorem 71a: [Alternative characterization of a map] Is_map(F) ¥eq (F = {[car(y),cdr(y)]: y in F}). Proof: Suppose_not(f0) ==> AUTO Use_def(Is_map(f0)) ==> AUTO Suppose ==> Stat1: ({y: y in f0} /= {[car(y),cdr(y)]: y in f0}) & (FORALL p in f0 | p = [car(p),cdr(p)]) (y0,y0)-->Stat1(Stat1*) ==> false; Discharge ==> Stat2: (not(FORALL p in f0 | p = [car(p),cdr(p)])) & (f0 = {[car(y),cdr(y)]: y in f0}) p0-->Stat2(Stat2*) ==> Stat3: (p0 in {[car(y),cdr(y)]: y in f0}) & (p0 /= [car(p0),cdr(p0)]) y1-->Stat3(Stat3) ==> false Discharge ==> QED -- Theorem 72a: [Meaning of application of a single-valued map] ( Svm(F) & (P in F) ) ¥imp (P = [car(P),F~[car(P)]]). Proof: Suppose_not(f,p0) ==> AUTO Use_def(Svm(f)) ==> AUTO Use_def(Is_map) ==> Stat0: (FORALL p in f | p = [car(p),cdr(p)]) & Stat1: (FORALL p in f, q in f | (car(p) = car(q)) ¥imp (p = q)) p0-->Stat0(*) ==> p0 = [car(p0),cdr(p0)] Suppose ==> cdr(p0) = f~[car(p0)] EQUAL ==> false; Discharge ==> AUTO Use_def(~) ==> cdr(p0) /= cdr(arb(f ¥ON {car(p0)})) Use_def(¥ON) ==> cdr(p0) /= cdr(arb({p in f | car(p) in {car(p0)}})) EQUAL(Stat0) ==> Stat2: p0 /= arb({p in f | car(p) in {car(p0)}}) Suppose ==> Stat3: p0 notin {p in f | car(p) in {car(p0)}} p0-->Stat3(*) ==> false; Discharge ==> AUTO Loc_def ==> p1 = arb({p in f | car(p) in {car(p0)}}) (Stat2)ELEM ==> Stat4: (p1 in {p in f | car(p) in {car(p0)}}) & (p0 /= p1) ()-->Stat4(Stat4*) ==> (p1 in f) & (car(p1) = car(p0)) (p1,p0)-->Stat1(*) ==> false Discharge ==> QED -- -- Single valued maps can always be represented in the following convenient form. -- Theorem 72: [Form of a single-valued map, 1] Svm(F) ¥eq (F = {[x,F~[x]]: x in domain(F)}). Proof: Suppose_not(f) ==> AUTO Suppose ==> (f = {[x,f~[x]]: x in domain(f)}) & (not Svm(f)) Use_def(Svm) ==> not( Is_map(f) & (FORALL p in f, q in f | (car(p) = car(q)) ¥imp (p = q))) Suppose ==> (not Is_map(f)) Use_def(Is_map(f)) ==> AUTO EQUAL ==> Stat1: not(FORALL p in {[x,f~[x]]: x in domain(f)} | p = [car(p),cdr(p)]) p0-->Stat1(Stat1*) ==> Stat2: (p0 in {[x,f~[x]]: x in domain(f)}) & (p0 /= [car(p0),cdr(p0)]) x0-->Stat2(Stat2) ==> false Discharge ==> Stat3: (not(FORALL p in f, q in f | (car(p) = car(q)) ¥imp (p = q))) (p1,q1)-->Stat3(*) ==> Stat4: (p1 in {[x,f~[x]]: x in domain(f)}) & (q1 in {[x,f~[x]]: x in domain(f)}) & (car(p1) = car(q1)) & (p1 /= q1) (x1,y1)-->Stat4(Stat4*) ==> Stat5: (p1 = [x1,f~[x1]]) & (q1 = [y1,f~[y1]]) & (car(p1) = car(q1)) (Stat5)ELEM ==> x1 = y1 EQUAL(Stat4) ==> false Discharge ==> Stat6: (f /= {[x,f~[x]]: x in domain(f)}) & Svm(f) p2-->Stat6(Stat6*) ==> (p2 in f) ¥neq (p2 in {[x,f~[x]]: x in domain(f)}) Use_def(domain) ==> (p2 in f) ¥neq (p2 in {[x,f~[x]]: x in {car(p): p in f}}) SIMPLF ==> (p2 in f) ¥neq (p2 in {[car(p),f~[car(p)]]: p in f}) Suppose ==> Stat7: p2 in {[car(p),f~[car(p)]]: p in f} p3-->Stat7(Stat6*) ==> (p3 in f) & ([car(p3),f~[car(p3)]] notin f) (f,p3)-->T72a(Stat6*) ==> false Discharge ==> Stat13: (p2 notin {[car(p),f~[car(p)]]: p in f}) & (p2 in f) p2-->Stat13(Stat13*) ==> p2 /= [car(p2),f~[car(p2)]] (f,p2)-->T72a(Stat6*) ==> false Discharge ==> QED -- Theorem 74: [Map image formula] (Svm(F) & (P in F)) ¥imp ((F~[car(P)]) = cdr(P)). Proof: Suppose_not(f,p0) ==> AUTO Use_def(Is_map(f)) ==> AUTO Use_def(Svm) ==> Stat0: (FORALL q in f | q = [car(q),cdr(q)]) & Stat1: (FORALL q in f, p in f | (car(q) = car(p)) ¥imp (q = p)) & (p0 in f) & ((f~[car(p0)]) /= cdr(p0)) Use_def(~) ==> (f~[car(p0)]) = cdr(arb(f ¥ON {car(p0)})) p0-->Stat0(Stat0*) ==> Stat2: (p0 = [car(p0),cdr(p0)]) & (p0 in f) & (cdr(arb(f ¥ON {car(p0)})) /= cdr(p0)) Use_def(¥ON) ==> Stat3: (f ¥ON {car(p0)}) = {p in f | car(p) in {car(p0)}} Suppose ==> Stat4: p0 notin {p in f | car(p) in {car(p0)}} p0-->Stat4(Stat2,Stat2*) ==> false; Discharge ==> AUTO Set_monot ==> {p in f | car(p) in {car(p0)}} ¥incin {p in f | true} Loc_def ==> p1 = arb(f ¥ON {car(p0)}) (Stat3)ELEM ==> Stat5: (p1 in {p in f | car(p) in {car(p0)}}) & (p1 in f) ()-->Stat5(Stat5*) ==> Stat6: car(p1) = car(p0) (p0,p1)-->Stat1(Stat0,Stat5,Stat6*) ==> p1 = p0 EQUAL(Stat2) ==> false Discharge ==> QED -- -- The following lemma simply states the elementary fact that every element of a map is a pair. -- Theorem 76: [Map members are pairs, 2] (Is_map(F) & (U in F)) ¥imp (U = [car(U),cdr(U)]). Proof: Suppose_not(g,u) ==> Is_map(g) & (u in g) & (u /= [car(u),cdr(u)]) Use_def(Is_map) ==> Stat1: (FORALL p in g | p = [car(p),cdr(p)]) u-->Stat1(*) ==> false Discharge ==> QED -- -- Theorem 79: [Map ranges are additive] range(F + G) = range(F) + range(G). Proof: Suppose_not(f,g) ==> range(f + g) /= range(f) + range(g) Use_def(range) ==> {cdr(x): x in f + g} /= {cdr(x): x in f} + {cdr(x): x in g} Set_monot ==> {cdr(x): x in f + g} = {cdr(x): x in f} + {cdr(x): x in g} Discharge ==> QED -- -- The following is a corollary of Theorem 48 and Theorem 79. -- Theorem 80: [Range of a restriction map] range(F ¥ON S) ¥incin range(F). Proof: Suppose_not(f,s) ==> not(range(f ¥ON s) ¥incin range(f)) (f,s)-->T48 ==> f = (f ¥ON s) + (f - (f ¥ON s)) (f ¥ON s,f - (f ¥ON s))-->T79 ==> range((f ¥ON s) + (f - (f ¥ON s))) = range(f ¥ON s) + range(f - (f ¥ON s)) EQUAL ==> range(f) = range(f ¥ON s) + range(f - (f ¥ON s)) ELEM ==> false; Discharge ==> QED -- -- THEORY Must_be_svm(b(X),s,u) END Must_be_svm -- ENTER_THEORY Must_be_svm -- Theorem Must_be_svm.1: [Single-valued map former] Svm({[x,b(x)]: x in s}) & (domain({[x,b(x)]: x in s}) = s) & (range({[x,b(x)]: x in s}) = {b(x): x in s}) & ((u in s) ¥imp (({[x,b(x)]: x in s}~[u]) = b(u))). Proof: Suppose_not() ==> AUTO Suppose ==> Stat1: not Svm({[x,b(x)]: x in s}) Use_def(Is_map({[x,b(x)]: x in s})) ==> AUTO Use_def(Svm)(Stat1) ==> not( (FORALL q in {[x,b(x)]: x in s} | q = [car(q),cdr(q)]) & (FORALL q in {[x,b(x)]: x in s}, p in {[x,b(x)]: x in s} | (car(q) = car(p)) ¥imp (q = p))) Suppose ==> Stat2: not (FORALL q in {[x,b(x)]: x in s} | q = [car(q),cdr(q)]) q0-->Stat2(Stat2*) ==> Stat3: (q0 in {[x,b(x)]: x in s}) & (q0 /= [car(q0),cdr(q0)]) x0-->Stat3(Stat3) ==> false Discharge ==> Stat4: not (FORALL q in {[x,b(x)]: x in s}, p in {[x,b(x)]: x in s} | (car(q) = car(p)) ¥imp (q = p)) (q1,p1)-->Stat4(Stat4*) ==> Stat5: (q1 in {[x,b(x)]: x in s}) & (p1 in {[x,b(x)]: x in s}) & (car(q1) = car(p1)) & (q1 /= p1) (x1,x2)-->Stat5(Stat5*) ==> Stat5a: (q1 = [x1,b(x1)]) & (p1 = [x2,b(x2)]) & (car(q1) = car(p1)) (Stat5a)ELEM ==> x1 = x2 EQUAL(Stat5) ==> false Discharge ==> AUTO Suppose ==> Stat6: domain({[x,b(x)]: x in s}) /= s Use_def(domain)(Stat6) ==> {car(p): p in {[x,b(x)]: x in s}} /= s SIMPLF(Stat6*) ==> Stat7: {car([x,b(x)]): x in s} /= s e-->Stat7(Stat7*) ==> (e in {car([x,b(x)]): x in s}) ¥neq (e in s) Suppose ==> Stat8: e in {car([x,b(x)]): x in s} x3-->Stat8(Stat7*) ==> false; Discharge ==> Stat9: (e notin {car([x,b(x)]): x in s}) & (e in s) e-->Stat9(Stat9*) ==> false Discharge ==> AUTO Suppose ==> Stat10: range({[x,b(x)]: x in s}) /= {b(x): x in s} Use_def(range)(Stat10) ==> {cdr(p): p in {[x,b(x)]: x in s}} /= {b(x): x in s} SIMPLF(Stat10*) ==> Stat11: {cdr([x,b(x)]): x in s} /= {b(x): x in s} c-->Stat11(Stat11) ==> false Discharge ==> Stat14: (u in s) & (({[x,b(x)]: x in s}~[u]) /= b(u)) Use_def(~)(Stat14) ==> cdr(arb({[x,b(x)]: x in s} ¥ON {u})) /= b(u) Use_def(¥ON)(Stat14) ==> ({[x,b(x)]: x in s} ¥ON {u}) = {p in {[x,b(x)]: x in s} | car(p) in {u}} SIMPLF(Stat14*) ==> {p in {[x,b(x)]: x in s} | car(p) in {u}} = {[x,b(x)]: x in s | car([x,b(x)]) in {u}} EQUAL(Stat14) ==> cdr(arb({[x,b(x)]: x in s | car([x,b(x)]) in {u}})) /= b(u) Loc_def ==> Stat15: a = arb({[x,b(x)]: x in s | car([x,b(x)]) in {u}}) Suppose ==> Stat16: {[x,b(x)]: x in s | car([x,b(x)]) in {u}} = 0 u-->Stat16(Stat14,Stat16) ==> false; Discharge ==> AUTO (Stat15)ELEM ==> Stat17: a in {[x,b(x)]: x in s | car([x,b(x)]) in {u}} x4-->Stat17(Stat17) ==> (x4 = u) & (cdr(a) = b(x4)) EQUAL(Stat14) ==> false Discharge ==> QED -- ENTER_THEORY Set_theory -- -- DISPLAY Must_be_svm -- -- THEORY Must_be_svm(b(X),s,u) -- ==> -- Svm({[x,b(x)]: x in s}) & (domain({[x,b(x)]: x in s}) = s) & (range({[x,b(x)]: x in s}) = {b(x): x in s}) & ((u in s) ¥imp (({[x,b(x)]: x in s}~[u]) = b(u))) -- END Must_be_svm -- -- -- The following simple lemma will be useful in our later work with map inverses. -- Theorem 90: [Members of the inverse map] Is_map(F) ¥imp (([X,Y] in F) ¥eq ([Y,X] in inv(F))). Proof: Suppose_not(f,x,y) ==> Is_map(f) & (not(([x,y] in f) ¥eq ([y,x] in inv(f)))) -- -- In the contrary case, and first considering the subcase in which $[x,y]$ belongs to $f$, -- use of the definition leads to an immediate contradiction, so that we must have -- $[x,y] notin f$ and $[y,x] in inv(f)$. -- Suppose ==> ([x,y] in f) & ([y,x] notin inv(f)) Use_def(inv) ==> Stat1: [y,x] notin {[cdr(u),car(u)]: u in f} ([x,y])-->Stat1 ==> [y,x] /= [cdr([x,y]),car([x,y])] Discharge ==> ([x,y] notin f) & ([y,x] in inv(f)) -- -- But in this case use of the definition also leads, via Theorem 76, -- to an immediate contradiction, which completes the proof of the present lemma. -- Use_def(inv) ==> ([x,y] notin f) & Stat2: ([y,x] in {[cdr(u),car(u)]: u in f}) u-->Stat2 ==> ([y,x] = [cdr(u),car(u)]) & (u in f) ELEM ==> [car(u),cdr(u)] /= u; (f,u)-->T76 ==> false; Discharge ==> QED -- Theorem 92: [Doubletons as maps] Is_map({[X,Y],[Z,W]}) & (domain({[X,Y],[Z,W]}) = {X,Z}) & (range({[X,Y],[Z,W]}) = {Y,W}) & ((X /= Z) ¥imp Svm({[X,Y],[Z,W]})). Proof: Suppose_not(x0,y0,z0,w0) ==> AUTO Suppose ==> not Is_map({[x0,y0],[z0,w0]}) Use_def(Is_map) ==> Stat1: not (FORALL p in {[x0,y0],[z0,w0]} | p = [car(p),cdr(p)]) p1-->Stat1(Stat1*) ==> ((p1 = [x0,y0]) or (p1 = [z0,w0])) & (p1 /= [car(p1),cdr(p1)]) Suppose ==> p1 = [x0,y0] TELEM ==> [x0,y0] = [car([x0,y0]),cdr([x0,y0])] EQUAL(Stat1) ==> false Discharge ==> AUTO (Stat1*)ELEM ==> p1 = [z0,w0] TELEM ==> [z0,w0] = [car([z0,w0]),cdr([z0,w0])] EQUAL(Stat1) ==> false Discharge ==> AUTO Suppose ==> Stat2: domain({[x0,y0],[z0,w0]}) /= {x0,z0} Use_def(domain({[x0,y0],[z0,w0]})) ==> AUTO Suppose ==> Stat3: x0 notin {car(p): p in {[x0,y0],[z0,w0]}} ([x0,y0])-->Stat3(Stat3*) ==> false; Discharge ==> AUTO Suppose ==> Stat4: z0 notin {car(p): p in {[x0,y0],[z0,w0]}} ([z0,w0])-->Stat4(Stat4*) ==> false; Discharge ==> AUTO (Stat2*)ELEM ==> Stat5: domain({[x0,y0],[z0,w0]}) ¥nincin {x0,z0} e-->Stat5(Stat2*) ==> Stat6: (e in {car(p): p in {[x0,y0],[z0,w0]}}) & (e notin {x0,z0}) p-->Stat6(Stat6) ==> false Discharge ==> AUTO Use_def(Svm({[x0,y0],[z0,w0]})) ==> AUTO Suppose ==> Stat7: range({[x0,y0],[z0,w0]}) /= {y0,w0} Use_def(range({[x0,y0],[z0,w0]})) ==> AUTO Suppose ==> Stat8: y0 notin {cdr(q): q in {[x0,y0],[z0,w0]}} ([x0,y0])-->Stat8(Stat8*) ==> false; Discharge ==> AUTO Suppose ==> Stat9: w0 notin {cdr(q): q in {[x0,y0],[z0,w0]}} ([z0,w0])-->Stat9(Stat9*) ==> false; Discharge ==> AUTO (Stat7*)ELEM ==> Stat10: range({[x0,y0],[z0,w0]}) ¥nincin {y0,w0} d-->Stat10(Stat7*) ==> Stat11: (e in {car(q): q in {[x0,y0],[z0,w0]}}) & (e notin {x0,z0}) q-->Stat11(Stat11) ==> false Discharge ==> Stat12: (not (FORALL p in {[x0,y0],[z0,w0]}, q in {[x0,y0],[z0,w0]} | (car(p) = car(q)) ¥imp (p = q))) & (x0 /= z0) (p0,q0)-->Stat12(Stat12*) ==> ((p0 = [x0,y0]) or (p0 = [z0,w0])) & ((q0 = [x0,y0]) or (q0 = [z0,w0])) & (p0 /= q0) & (car(p0) = car(q0)) TELEM ==> (x0 /= z0) ¥imp (car([x0,y0]) /= car([z0,w0])) Suppose ==> (p0 = [x0,y0]) & (q0 = [z0,w0]) EQUAL(Stat12) ==> false Discharge ==> AUTO (Stat12*)ELEM ==> (q0 = [x0,y0]) & (p0 = [z0,w0]) EQUAL(Stat12) ==> false Discharge ==> QED -- Theorem 93: [Doubletons as maps, 2] (X /= Z) ¥imp ({[X,Y],[Z,W]}~[X] = Y). Proof: Suppose_not(x,z,y,w) ==> AUTO Use_def(~) ==> cdr(arb({[x,y],[z,w]} ¥ON {x})) /= y Use_def(¥ON) ==> ({[x,y],[z,w]} ¥ON {x}) = {p in {[x,y],[z,w]} | car(p) in {x}} EQUAL ==> cdr(arb({p in {[x,y],[z,w]} | car(p) in {x}})) /= y Suppose ==> Stat1: {p in {[x,y],[z,w]} | car(p) in {x}} = 0 ([x,y])-->Stat1(Stat1) ==> false; Discharge ==> Stat2: {p: p in {[x,y],[z,w]} | car(p) in {x}} /= 0 Loc_def ==> a = arb({p in {[x,y],[z,w]} | car(p) in {x}}) (Stat2)ELEM ==> Stat3: a in {p in {[x,y],[z,w]} | car(p) in {x}} ()-->Stat3(Stat3*) ==> Stat4: (a in {[x,y],[z,w]}) & (car(a) = x) EQUAL ==> Stat5: (cdr(a) /= y) & (x /= z) (Stat4,Stat5)Discharge ==> QED -- ENTER_THEORY Set_theory -- Theorem 94: [Domain of restriction] domain(F ¥ON S) = domain(F) * S. Proof: Suppose_not(f,s) ==> AUTO Use_def(¥ON) ==> Stat0: domain({q in f | car(q) in s}) /= (domain(f) * s) Use_def(domain)(Stat0) ==> {car(p): p in {q in f | car(q) in s}} /= ({car(p): p in f} * s) SIMPLF ==> Stat1: {car(p): p in f | car(p) in s} /= ({car(p): p in f} * s) e-->Stat1(Stat1*) ==> Stat2: (e in {car(p): p in f | car(p) in s}) ¥neq (e in ({car(p): p in f} * s)) Suppose ==> Stat3: e in {car(p): p in f | car(p) in s} p0-->Stat3(Stat2*) ==> Stat4: (car(p0) notin {car(p): p in f}) & (p0 in f) p0-->Stat4(Stat4*) ==> false Discharge ==> Stat5: (e in {car(p): p in f}) & (e notin {car(p): p in f | car(p) in s}) & (e in s) (p1,p1)-->Stat5(Stat5*) ==> false Discharge ==> QED -- -- The following theorem gives formulae for the range and domain of a product map $f @ g$, -- under the simplifying hypothesis that the range of $g$ is included in the domain of $f$. -- Theorem 95: [Range and domain of map product] (range(F @ G) = range(F ¥ON range(G))) & ((range(G) ¥incin domain(F)) ¥imp (domain(F @ G) = domain(G))). Proof: Suppose_not(f,g) ==> Stat1: (range(f @ g) /= range(f ¥ON range(g))) or ((range(g) ¥incin domain(f)) & (domain(f @ g) /= domain(g))) -- -- Proceeding by contradiction, we have two cases to consider. First suppose that the two ranges -- appearing in the theorem are different. Use the definitions -- of the functions involved and simplify. -- Suppose ==> range(f @ g) /= range(f ¥ON range(g)) Use_def(range) ==> range(f @ g) = {cdr(x): x in f @ g} Use_def(@) ==> range(f @ g) = {cdr(x): x in {[car(x),cdr(y)]: x in g, y in f | cdr(x) = car(y)}} SIMPLF ==> range(f @ g) = {cdr([car(x),cdr(y)]): x in g, y in f | cdr(x) = car(y)} -- -- But $range(f @ g)$ can be simplified further to ${cdr(x): x in f | car(x) in range(g)}$. -- Suppose ==> Stat2: {cdr([car(x),cdr(y)]): x in g, y in f | cdr(x) = car(y)} /= {cdr(y): x in g, y in f | cdr(x) = car(y)} (ap,bp)-->Stat2 ==> cdr([car(ap),cdr(bp)]) /= cdr(bp) Discharge ==> range(f @ g) = {cdr(y): x in g, y in f | cdr(x) = car(y)} -- -- From this, using the definitions of '$range$' and '$¥ON$', we get the set inequality seen below. -- Use_def(range) ==> range(f ¥ON range(g)) = {cdr(x): x in f ¥ON range(g)} Use_def(¥ON) ==> range(f ¥ON range(g)) = {cdr(x): x in {x in f | car(x) in range(g)}} SIMPLF ==> range(f ¥ON range(g)) = {cdr(x): x in f | car(x) in range(g)} ELEM ==> Stat3: {cdr(y): x in g, y in f | cdr(x) = car(y)} /= {cdr(x): x in f | car(x) in range(g)} -- -- Hence there is a $c$ which is in one of these sets but not the other. -- Suppose first that $c$ is in the first of these sets, and so has the form seen below. -- c-->Stat3 ==> ((c in {cdr(y): x in g, y in f | cdr(x) = car(y)}) & (c notin {cdr(x): x in f | car(x) in range(g)})) or ((c notin {cdr(y): x in g, y in f | cdr(x) = car(y)}) & (c in {cdr(x): x in f | car(x) in range(g)})) Suppose ==> Stat4: (c in {cdr(y): x in g, y in f | cdr(x) = car(y)}) & Stat5: (c notin {cdr(x): x in f | car(x) in range(g)}) (a,b)-->Stat4 ==> (c = cdr(b)) & (a in g) & (b in f) & (cdr(a) = car(b)) -- -- Then by Stat5 $car(b)$ is not in $range(g)$, which, using the definition of $range$, -- leads to an immediate contradiction with Stat6 -- b-->Stat5 ==> car(b) notin range(g) Use_def(range) ==> Stat7: not (car(b) in {cdr(x): x in g}) a-->Stat7 ==> false; -- -- Hence $c$ must be in the second of the sets considered above, -- but not in the first, and so must have the form seen below. -- Discharge ==> Stat8: (c notin {cdr(y): x in g, y in f | cdr(x) = car(y)}) & Stat9: (c in {cdr(x): x in f | car(x) in range(g)}) u-->Stat9 ==> (c = cdr(u)) & (u in f) & (car(u) in range(g)) Use_def(range) ==> Stat10: car(u) in {cdr(x): x in g} v-->Stat10 ==> (car(u) = cdr(v)) & (v in g) -- -- But this leads to an immediate contradiction with Stat8, -- and so rules out the first of our two main cases, -- leaving the only case $domain(f @ g) /= domain(g)$ to be considered. -- (v,u)-->Stat8 ==> not(c = cdr(u) & (u in f) & (v in g) & (cdr(v) = car(u))) Discharge ==> Stat11: range(f @ g) = range(f ¥ON range(g)) (Stat11,Stat1)ELEM ==> domain(f @ g) /= domain(g) -- -- This can be handled in much the same way as the case just analyzed. Using the definitions -- of the functions involved, we see that the two sets displayed below must differ. -- Use_def(domain) ==> {car(x): x in f @ g} /= {car(x): x in g} Use_def(@) ==> {car(x): x in {[car(x),cdr(y)]: x in g, y in f | cdr(x) = car(y)}} /= {car(x): x in g} SIMPLF ==> {car([car(x),cdr(y)]): x in g, y in f | cdr(x) = car(y)} /= {car(x): x in g} (car(X),cdr(Y))-->T7 ==> car([car(X),cdr(Y)]) = car(X) EQUAL ==> Stat12: {car(x): x in g, y in f | cdr(x) = car(y)} /= {car(x): x in g} -- -- Hence there is a $ca$ which is in one of these sets but not the other. -- Suppose first that $ca$ is in the first of these sets, and so has the form seen below. -- ca-->Stat12 ==> ((ca in {car(x): x in g, y in f | cdr(x) = car(y)}) & (ca notin {car(x): x in g})) or ((ca notin {car(x): x in g, y in f | cdr(x) = car(y)}) & (ca in {car(x): x in g})) Suppose ==> Stat13: (ca in {car(x): x in g, y in f | cdr(x) = car(y)}) & Stat14: (ca notin {car(x): x in g}) -- -- Then by Stat15 $car(ba)$ is not in ${car(x): x in f}$, -- which leads to an immediate contradiction. -- (aa,ba)-->Stat13 ==> (ca = car(aa)) & (aa in g) & (ba in f) & (cdr(aa) = car(ba)) aa-->Stat14 ==> false Discharge ==> Stat16: (ca notin {car(x): x in g, y in f | cdr(x) = car(y)}) & Stat17: (ca in {car(x): x in g}) -- -- Hence $ca$ must be in the second of the sets considered above, -- but not in the first. Thus $ca$ must have the form $car(x)$ for some $x in g$. -- Since $cdr(x)$ belongs to $range(g) ¥incin domain(f)$, it follows that -- $cdr(x) = car(y)$ for some $y in f$. Substitution of $x$ and $y$ into -- Stat18 31 now leads immediately to a contradiction which completes our proof. -- x-->Stat17 ==> (ca = car(x)) & (x in g) Suppose ==> Stat19: cdr(x) notin {cdr(x): x in g} x-->Stat19 ==> false; Discharge ==> cdr(x) in {cdr(x): x in g} Use_def(range) ==> cdr(x) in range(g) ELEM ==> cdr(x) in domain(f) Use_def(domain) ==> Stat20: cdr(x) in {car(y): y in f} y-->Stat20 ==> (cdr(x) = car(y)) & (y in f) (x,y)-->Stat16 ==> false; Discharge ==> QED -- -- If the range of $g$ equals the domain of $f$, the following slightly stronger corollary -- to the preceding result applies. The proof simply combines Theorem 95 and Theorem 67. -- Theorem 96: [Range and domain of map product, 2] (range(G) = domain(F)) ¥imp ((range(F @ G) = range(F)) & (domain(F @ G) = domain(G))). Proof: Suppose_not(g,f) ==> (range(g) = domain(f)) & (not((range(f @ g) = range(f)) & (domain(f @ g) = domain(g)))) (f,g)-->T95 ==> (range(f @ g) = range(f ¥ON range(g))) & (domain(f @ g) = domain(g)) EQUAL ==> (range(f @ g) = range(f ¥ON domain(f))) & (domain(f @ g) = domain(g)) f-->T67 ==> (f ¥ON domain(f)) = f EQUAL ==> range(f ¥ON domain(f)) = range(f) Discharge ==> QED -- -- It is sometimes convenient to use the following corollary of Theorem 95 -- rather than the theorem itself. -- Theorem 97: [Range and domain of map product, 3] (range(G) ¥incin domain(F)) ¥imp ((range(F @ G) ¥incin range(F)) & (domain(F @ G) = domain(G))). Proof: Suppose_not(g,f) ==> Stat1: (range(g) ¥incin domain(f)) & ((not(range(f @ g) ¥incin range(f))) or domain(f @ g) /= domain(g)) (f,g)-->T95 ==> (range(f @ g) = range(f ¥ON range(g))) & (domain(f @ g) = domain(g)) ELEM ==> not(range(f ¥ON range(g)) ¥incin range(f)) (f,range(g))-->T80 ==> false; Discharge ==> QED -- -- Our next easy theorem tells us that a 1-1 map, combined with the 'range' operator, -- induces a 1-1 map on the set of subsets of its domain. -- Theorem 98: [Range of restriction of one-one map] (One_1_map(F) & (S ¥incin domain(F)) & (S /= domain(F))) ¥imp ((range(F ¥ON S) ¥incin range(F)) & (range(F ¥ON S) /= range(F))). Proof: Suppose_not(f,s) ==> One_1_map(f) & (s ¥incin domain(f)) & Stat1: (s /= domain(f)) & (not((range(f ¥ON s) ¥incin range(f)) & (range(f ¥ON s) /= range(f)))) (f,s)-->T80 ==> range(f ¥ON s) = range(f) c-->Stat1 ==> (c in domain(f)) & (c notin s) Use_def(domain) ==> Stat2: c in {car(x): x in f} x-->Stat2 ==> (c = car(x)) & (x in f) Use_def(range) ==> range(f) = {cdr(x): x in f} Suppose ==> cdr(x) notin range(f) ELEM ==> Stat3: cdr(x) notin {cdr(x): x in f} x-->Stat3 ==> false; Discharge ==> cdr(x) in range(f ¥ON s) Use_def(range) ==> cdr(x) in {cdr(x): x in (f ¥ON s)} Use_def(¥ON) ==> cdr(x) in {cdr(x): x in {y in f | car(y) in s}} SIMPLF ==> Stat4: cdr(x) in {cdr(y): y in f | car(y) in s} y-->Stat4 ==> (cdr(x) = cdr(y)) & (y in f) & (car(y) in s) Use_def(One_1_map) ==> Stat5: (FORALL x in f, y in f | (cdr(x) = cdr(y)) ¥imp (x = y)) (x,y)-->Stat5 ==> x = y Discharge ==> QED -- -- -- Next we turn to a discussion of map inverses. The following theorem tells us that -- the inverse of a map $f$ is always a map, whose range and domain are respectively the domain and range of $f$. -- Theorem 99: [Inverse map basic properties] Is_map(inv(F)) & (range(inv(F)) = domain(F)) & (domain(inv(F)) = range(F)). Proof: Suppose_not(f) ==> not(Is_map(inv(f)) & range(inv(f)) = domain(f) & domain(inv(f)) = range(f)) -- -- For by our utility $Iz_map$ theory $inv(f)$ must clearly be a map. -- Use_def(inv) ==> inv(f) = {[cdr(x),car(x)]: x in f} APPLY() Iz_map(a(x)->cdr(x),b(x)->car(x),s->f) ==> Is_map({[cdr(x),car(x)]: x in f}) EQUAL ==> Is_map(inv(f)) ELEM ==> not((range(inv(f)) = domain(f)) & (domain(inv(f)) = range(f))) -- -- If $range(inv(f))$ and $domain(f)$ are different, then by definition the two sets -- seen below are different, so that there exists a $y$ such that -- $cdr([cdr(y),car(y)]) /= car(y)$, another impossibility, leaving only the -- third alternative $domain(inv(f)) /= range(f)$ to be considered. -- Suppose ==> range(inv(f)) /= domain(f) Use_def(range) ==> {cdr(x): x in inv(f)} /= domain(f) Use_def(domain) ==> {cdr(x): x in inv(f)} /= {car(x): x in f} EQUAL ==> {cdr(x): x in {[cdr(x),car(x)]: x in f}} /= {car(x): x in f} SIMPLF ==> Stat1: {cdr([cdr(x),car(x)]): x in f} /= {car(x): x in f} y-->Stat1 ==> (y in f) & (cdr([cdr(y),car(y)]) /= car(y)) Discharge ==> domain(inv(f)) /= range(f) -- -- But $domain(inv(f)) /= range(f)$ leads to the third set inequality seen below, and through it to -- the impossible inequality $car([cdr(u),car(u)]) /= cdr(u)$, -- a contradiction which proves our theorem. -- Use_def(range) ==> domain(inv(f)) /= {cdr(x): x in f} Use_def(domain) ==> {car(x): x in inv(f)} /= {cdr(x): x in f} EQUAL ==> {car(x): x in {[cdr(x),car(x)]: x in f}} /= {cdr(x): x in f} SIMPLF ==> Stat2: {car([cdr(x),car(x)]): x in f} /= {cdr(x): x in f} u-->Stat2 ==> car([cdr(u),car(u)]) /= cdr(u) Discharge ==> QED -- -- -- Next we show that the iterated inverse of a map is the map itself. -- This follows in an elementary way from the definitions involved, -- by an evident set-theoretic simplification. -- Theorem 100: [Double inverse map] Is_map(F) ¥imp (F = inv(inv(F))). Proof: Suppose_not(f) ==> Is_map(f) & (f /= inv(inv(f))) Use_def(Is_map) ==> Stat1: (FORALL p in f | p = [car(p),cdr(p)]) Use_def(inv) ==> (f /= {[cdr(x),car(x)]: x in {[cdr(y),car(y)]: y in f}}) SIMPLF ==> f /= {[cdr([cdr(y),car(y)]),car([cdr(y),car(y)])]: y in f} Set_monot ==> Stat2: {x: x in f} /= {[car(x),cdr(x)]: x in f} p-->Stat2 ==> Stat3: (p in f) & (p /= [car(p),cdr(p)]) p-->Stat1(Stat3*) ==> false Discharge ==> QED -- -- The following theorem tells us that if a map is one-to-one, so is its inverse. -- The result follows easily by use of the two preceding theorems and use of the $one_1_test$ -- THEORY given earlier. -- Theorem 101: [Inverse of a one-one map] One_1_map(F) ¥imp (One_1_map(inv(F)) & (F = inv(inv(F))) & (range(inv(F)) = domain(F)) & (domain(inv(F)) = range(F))). Proof: Suppose_not(f) ==> Stat1: One_1_map(f) & (not ((One_1_map(inv(f)) & (f = inv(inv(f))) & (range(inv(f)) = domain(f)) & (domain(inv(f)) = range(f))))) Use_def(One_1_map) ==> Svm(f) Use_def(Svm) ==> Is_map(f) -- -- Suppose that one of the assertions of our theorem is false. Theorem 99 and Theorem 100 -- this can only be the assertion concerning one-to-one-ness of $inv(f)$. -- f-->T99 ==> not (One_1_map(inv(f)) & (f = inv(inv(f)))) Suppose ==> One_1_map(inv(f)) Use_def(One_1_map) ==> Svm(inv(f)) f-->T100 ==> f = inv(inv(f)) Discharge ==> not One_1_map(inv(f)) Use_def(inv) ==> not One_1_map({[cdr(x),car(x)]: x in f}) -- -- Since $inv(f)$ can be expressed as a setformer, the $one_1_test$ theory given earlier -- tells us that $f$ must have elements $x$ and $y$ for which -- $cdr(x) = cdr(y)$ and $x = y$ are inequivalent. -- APPLY(x6_thryvar:x,y6_thryvar:y) one_1_test(a(x)->car(x),b(x)->cdr(x),s->f) ==> (((x in f) & (y in f) & (not((cdr(x) = cdr(y)) ¥eq (car(x) = car(y))))) or One_1_map({[cdr(x),car(x)]: x in f})) ELEM ==> not((cdr(x) = cdr(y)) ¥eq (car(x) = car(y))) -- -- But using the definition of $One_1_map$ we see at once that this is impossible, -- a contradiction which proves our theorem. -- Use_def(One_1_map) ==> Svm(f) & Stat2: (FORALL x in f, y in f | (cdr(x) = cdr(y)) ¥imp (x = y)) Use_def(Svm) ==> Is_map(f) & Stat3: (FORALL x in f, y in f | (car(x) = car(y)) ¥imp (x = y)) (x,y)-->Stat2 ==> (cdr(x) = cdr(y)) ¥imp (x = y) (x,y)-->Stat3 ==> (car(x) = car(y)) ¥imp (x = y) EQUAL ==> (x = y) ¥imp (car(x) = car(y)) Discharge ==> QED -- Theorem 102: [Having equal images via a 1-1 map implies being equal] (One_1_map(F) & (A in domain(F)) & (B in domain(F)) & ((F~[A]) = (F~[B]))) ¥imp (A = B). Proof: Suppose_not(f,a,b) ==> AUTO Use_def(One_1_map(f)) ==> AUTO f-->T72 ==> Stat1: (FORALL p in f, q in f | (cdr(p) = cdr(q)) ¥imp (p = q)) & (f = {[x,f~[x]]: x in domain(f)}) & ((f~[a]) = (f~[b])) & (a in domain(f)) & (b in domain(f)) & (a /= b) Suppose ==> Stat2: [a,f~[a]] notin {[x,f~[x]]: x in domain(f)} a-->Stat2(Stat1*) ==> false; Discharge ==> AUTO Suppose ==> Stat3: [b,f~[b]] notin {[x,f~[x]]: x in domain(f)} b-->Stat3(Stat1*) ==> false; Discharge ==> AUTO EQUAL(Stat1) ==> [b,f~[a]] in {[x,f~[x]]: x in domain(f)} TELEM ==> cdr([a,f~[a]]) = cdr([b,f~[a]]) ([a,f~[a]],[b,f~[b]])-->Stat1(Stat1) ==> false Discharge ==> QED -- Theorem 102a: [Cross images of a 1-1 map imply equality] (One_1_map(F) & (X in domain(F)) & (Y in range(F)) & (X = inv(F)~[Y]) & (Z = F~[X])) ¥imp (Y = Z). Proof: Suppose_not(f,x0,y0,z0) ==> AUTO f-->T101(*) ==> One_1_map(inv(f)) & (domain(inv(f)) = range(f)) Use_def(One_1_map) ==> Stat1: Svm(f) & Svm(inv(f)) Suppose ==> [f~[x0],x0] notin inv(f) f-->T72(*) ==> f = {[v,f~[v]]: v in domain(f)} Use_def(Svm(f)) ==> AUTO (f,x0,f~[x0])-->T90(*) ==> Stat2: [x0,f~[x0]] notin {[v,f~[v]]: v in domain(f)} x0-->Stat2 ==> false Discharge ==> AUTO (inv(f),[f~[x0],x0])-->T74(Stat1) ==> inv(f)~[f~[x0]] = x0 (x0,f)-->T71(*) ==> f~[x0] in range(f) (inv(f),y0,f~[x0])-->T102(*) ==> false Discharge ==> QED -- Theorem 102b: [Double application of a 1-1 map gives back the initial value] (One_1_map(F) & (Y in range(F))) ¥imp (F~[inv(F)~[Y]] = Y). Proof: Suppose_not(f,y0) ==> AUTO f-->T101(*) ==> One_1_map(inv(f)) & (domain(inv(f)) = range(f)) & (range(inv(f)) = domain(f)) (y0,inv(f))-->T71(*) ==> inv(f)~[y0] in domain(f) (f,inv(f)~[y0],y0,f~[inv(f)~[y0]])-->T102a(*) ==> false Discharge ==> QED -- -- The following proof shows that the inverse of a product map is the -- product of the inverses, taken in the reverse order. -- Theorem 120: [Product of Inverses] (Is_map(F) & Is_map(G)) ¥imp (inv(F @ G) = inv(G) @ inv(F)). Proof: Suppose_not(f,g) ==> Is_map(f) & Is_map(g) & (inv(f @ g) /= inv(g) @ inv(f)) -- -- For if we expand all the definitions involved, simplify, and reverse the order of the bound -- variables in the setformers which appear, we get the set inequality seen below. -- f-->T71a ==> AUTO g-->T71a ==> (f = {[car(x),cdr(x)]: x in f}) & (g = {[car(x),cdr(x)]: x in g}) & (inv(f @ g) /= inv(g) @ inv(f)) Use_def(@) ==> inv({[car(x),cdr(y)]: x in g, y in f | cdr(x) = car(y)}) /= {[car(x),cdr(y)]: x in inv(f), y in inv(g) | cdr(x) = car(y)} Use_def(inv) ==> {[cdr(u),car(u)]: u in {[car(x),cdr(y)]: x in g, y in f | cdr(x) = car(y)}} /= {[car(x),cdr(y)]: x in {[cdr(u),car(u)]: u in f}, y in {[cdr(v),car(v)]: v in g} | cdr(x) = car(y)} SIMPLF ==> {[cdr([car(x),cdr(y)]),car([car(x),cdr(y)])]: x in g, y in f | cdr(x) = car(y)} /= {[car([cdr(u),car(u)]),cdr([cdr(v),car(v)])]: u in f, v in g | cdr([cdr(u),car(u)]) = car([cdr(v),car(v)])} Set_monot ==> {[cdr([car(x),cdr(y)]),car([car(x),cdr(y)])]: x in g, y in f | cdr(x) = car(y)} = {[cdr(y),car(x)]: x in g, y in f | cdr(x) = car(y)} Set_monot ==> {[car([cdr(u),car(u)]),cdr([cdr(v),car(v)])]: u in f, v in g | cdr([cdr(u),car(u)]) = car([cdr(v),car(v)])} = {[cdr(u),car(v)]: u in f, v in g | car(u) = cdr(v)} ELEM ==> Stat1: {[cdr(y),car(x)]: x in g, y in f | cdr(x) = car(y)} /= {[cdr(u),car(v)]: u in f, v in g | car(u) = cdr(v)} -- -- Thus there must exist an element $c$ which belongs to one of these two last sets but not the other, -- say the first but not the second. his leads immediately to an elementary contradiction, ruling out this case. -- c-->Stat1 ==> ((c in {[cdr(y),car(x)]: x in g, y in f | cdr(x) = car(y)}) & (c notin {[cdr(u),car(v)]: u in f, v in g | car(u) = cdr(v)})) or ((c notin {[cdr(y),car(x)]: x in g, y in f | cdr(x) = car(y)}) & (c in {[cdr(u),car(v)]: u in f, v in g | car(u) = cdr(v)})) Suppose ==> Stat2: (c in {[cdr(y),car(x)]: x in g, y in f | cdr(x) = car(y)}) & (c notin {[cdr(u),car(v)]: u in f, v in g | car(u) = cdr(v)}) (x,y,y,x)-->Stat2 ==> (x in g) & (y in f) & (c = [cdr(y),car(x)]) & (not((x in g) & (y in f) & (c = [cdr(y),car(x)]))) Discharge ==> Stat3: (c in {[cdr(u),car(v)]: u in f, v in g | car(u) = cdr(v)}) & (c notin {[cdr(y),car(x)]: x in g, y in f | cdr(x) = car(y)}) -- -- But the case in which $c$ belongs to the second but not the first leads to an exactly similar contradiction, -- thereby proving that our assertion holds in every possible case. -- (x2,y2,y2,x2)-->Stat3 ==> (x2 in f) & (y2 in g) & (c = [cdr(x2),car(y2)]) & (not((x2 in f) & (y2 in g) & (c = [cdr(x2),car(y2)]))) Discharge ==> QED -- -- Next we prove that a map is 1-1 if and only if it and its inverse are both single-valued. -- Theorem 121: [One-one-ness and singlevaluedness] One_1_map(F) ¥eq (Svm(F) & Svm(inv(F))). Proof: Suppose_not(f) ==> Stat1: not(One_1_map(f) ¥eq (Svm(f) & Svm(inv(f)))) -- -- Suppose the contrary, and first consider the case in which $f$ and $inv(f)$ -- are both single-valued, but f is not 1-1, so that by definition there exist -- distinct elements of the form $[car(u),cdr(u)]$ with $u in f$ having identical -- second components but different first components. -- Suppose ==> Svm(f) & Svm(inv(f)) Use_def(One_1_map) ==> Stat2: not (FORALL x in f, y in f | (cdr(x) = cdr(y)) ¥imp (x = y)) (x,y)-->Stat2 ==> Stat3: (x in f) & (y in f) & (cdr(x) = cdr(y)) & (x /= y) Use_def(Svm) ==> Is_map(f) f-->T71a ==> Stat4: (x in {[car(u),cdr(u)]: u in f}) & Stat5: (y in {[car(u),cdr(u)]: u in f}) u-->Stat4 ==> Stat6: (x = [car(u),cdr(u)]) & (u in f) v-->Stat5 ==> Stat7: (y = [car(v),cdr(v)]) & (v in f) (Stat3,Stat6,Stat7*)ELEM ==> (cdr(x) = cdr(y)) & (x /= y) & (x = [car(u),cdr(u)]) & (y = [car(v),cdr(v)]) EQUAL ==> Stat8: (cdr([car(u),cdr(u)]) = cdr([car(v),cdr(v)])) & ([car(u),cdr(u)] /= [car(v),cdr(v)]) (Stat8)ELEM ==> Stat9: (cdr(u) = cdr(v)) Suppose ==> car(u) = car(v) EQUAL ==> [car(u),cdr(u)] = [car(v),cdr(v)] (Stat8*)Discharge ==> Stat10: (car(u) /= car(v)) -- -- But then, by Theorem 90, $[cdr(u),car(u)]$ and $[cdr(v),car(v)]$ -- both belong to $inv(f)$, contradicting its single-valuedness. -- (f,car(u),cdr(u))-->T90 ==> Stat11: [cdr(u),car(u)] in inv(f) (f,car(v),cdr(v))-->T90 ==> Stat12: [cdr(v),car(v)] in inv(f) Use_def(Svm) ==> Stat13: (FORALL x in inv(f), y in inv(f) | (car(x) = car(y)) ¥imp (x = y)) ([cdr(u),car(u)],[cdr(v),car(v)])-->Stat13 ==> Stat14: not(([cdr(u),car(u)] in inv(f)) & ([cdr(v),car(v)] in inv(f)) & (car([cdr(u),car(u)]) = car([cdr(v),car(v)])) & ([cdr(u),car(u)] /= [cdr(v),car(v)])) -- -- The single, direct step -- (Stat9,Stat10,Stat11,Stat12,Stat14)ELEM ==> false; Discharge ==> (not(Svm(f) & Svm(inv(f)))) & One_1_map(f) -- takes very long, and therefore we expand it into the following five steps. -- (Stat11,Stat12,Stat14*)ELEM ==> Stat15: (car([cdr(u),car(u)]) /= car([cdr(v),car(v)])) or ([cdr(u),car(u)] = [cdr(v),car(v)]) Suppose ==> Stat16: car([cdr(u),car(u)]) /= car([cdr(v),car(v)]) (Stat9,Stat16)Discharge ==> Stat17: car([cdr(u),car(u)]) = car([cdr(v),car(v)]) (Stat15,Stat17*)ELEM ==> Stat18: [cdr(u),car(u)] = [cdr(v),car(v)] (Stat10,Stat18)ELEM ==> false; Discharge ==> (not(Svm(f) & Svm(inv(f)))) & One_1_map(f) -- -- Next consider the case in which $f$ is 1-1, but $f$ and $inv(f)$ are not both single-valued. -- By definition of 'One_1_map', it must be $inv(f)$ that is not single valued, -- so that there must exist distinct $xx$ and $yy$ in $inv(f)$ with identical first components. -- Since these are in effect distinct elements of $f$ with identical second components, -- they violate the fact that $f$ is 1-1, a contradiction which -- completes the proof of the present theorem. -- Use_def(One_1_map) ==> not(Svm(inv(f))) & Stat19: (FORALL x in f, y in f | ((cdr(x) = cdr(y)) ¥imp (x = y))) Use_def(Svm) ==> not(Is_map(inv(f)) & (FORALL x in inv(f), y in inv(f) | ((car(x) = car(y)) ¥imp (x = y)))) f-->T99 ==> Stat20: not(FORALL x in inv(f), y in inv(f) | ((car(x) = car(y)) ¥imp (x = y))) (xx,yy)-->Stat20 ==> Stat21: (xx in inv(f)) & (yy in inv(f)) & (car(xx) = car(yy)) & (xx /= yy) Use_def(inv) ==> Stat22: xx in {[cdr(u),car(u)]: u in f} vv-->Stat22 ==> (xx = [cdr(vv),car(vv)]) & (vv in f) Use_def(inv) ==> Stat23: yy in {[cdr(u),car(u)]: u in f} w-->Stat23 ==> (yy = [cdr(w),car(w)]) & (w in f) (Stat21*)ELEM ==> Stat24: (xx /= yy) & (xx = [cdr(vv),car(vv)]) & (yy = [cdr(w),car(w)]) Suppose ==> vv = w EQUAL ==> yy = [cdr(vv),car(vv)] (Stat24*)Discharge ==> vv /= w (Stat21*)ELEM ==> (car(xx) = car(yy)) & (xx = [cdr(vv),car(vv)]) & (yy = [cdr(w),car(w)]) EQUAL ==> Stat25: car([cdr(vv),car(vv)]) = car([cdr(w),car(w)]) (Stat25)ELEM ==> (cdr(vv) = cdr(w)) (vv,w)-->Stat19 ==> false; Discharge ==> QED -- -- -- The following elementary lemma expresses the restriction of a single-valued map as a setformer. -- Theorem 123: [Single-valued map restrictions as setformers] Svm(F) ¥imp (((F ¥ON S) = {[x,F~[x]]: x in domain(F) | x in S}) & (domain(F ¥ON S) = {x: x in domain(F) | x in S}) & (range(F ¥ON S) = {F~[x]: x in domain(F) | x in S})). Proof: Suppose_not(f,s) ==> Svm(f) & ((f ¥ON s) /= {[x,f~[x]]: x in domain(f) | x in s} or domain(f ¥ON s) /= {x: x in domain(f) | x in s} or range(f ¥ON s) /= {f~[x]: x in domain(f) | x in s}) -- -- For if we suppose the first clause of our theorem to be false, use the definitions of the operators involved, -- and simplify, we are led to the impossible inequalities seen below. Thus only the second and third -- conclusion of the theorem need be considered. -- f-->T72 ==> f = {[u,f~[u]]: u in domain(f)} Use_def(¥ON) ==> (f ¥ON s) = {x: x in f | car(x) in s} EQUAL ==> (f ¥ON s) = {x: x in {[u,f~[u]]: u in domain(f)} | car(x) in s} SIMPLF ==> (f ¥ON s) = {[x,f~[x]]: x in domain(f) | car([x,f~[x]]) in s} Suppose ==> (f ¥ON s) /= {[x,f~[x]]: x in domain(f) | x in s} ELEM ==> Stat1: {[x,f~[x]]: x in domain(f) | x in s} /= {[x,f~[x]]: x in domain(f) | car([x,f~[x]]) in s} x-->Stat1 ==> (x in domain(f)) & (not ((x in s) ¥eq (car([x,f~[x]]) in s))) Discharge ==> f ¥ON s = {[x,f~[x]]: x in domain(f) | x in s} -- -- Next suppose that our theorem's second conclusion is false. Using the relevant definitions -- and simplifying much as above, we are led to a second impossible inequality. Hence only the -- third conclusion of our theorem could be false. -- Suppose ==> range(f ¥ON s) /= {f~[x]: x in domain(f) | x in s} Use_def(range) ==> range(f ¥ON s) = {cdr(x): x in (f ¥ON s)} EQUAL ==> range(f ¥ON s) = {cdr(x): x in {[x,f~[x]]: x in domain(f) | x in s}} SIMPLF ==> range(f ¥ON s) = {cdr([x,f~[x]]): x in domain(f) | x in s} ELEM ==> Stat2: {f~[x]: x in domain(f) | x in s} /= {cdr([x,f~[x]]): x in domain(f) | x in s} Set_monot ==> {f~[x]: x in domain(f) | x in s} = {cdr([x,f~[x]]): x in domain(f) | x in s} Discharge ==> domain(f ¥ON s) /= {x: x in domain(f) | x in s} -- -- But the domain can be handled in much the same way as the range, and so leads us to a final -- contradiction which completes the proof of the present theorem. -- Use_def(domain) ==> domain(f ¥ON s) = {car(x): x in (f ¥ON s)} EQUAL ==> domain(f ¥ON s) = {car(x): x in {[x,f~[x]]: x in domain(f) | x in s}} SIMPLF ==> domain(f ¥ON s) = {car([x,f~[x]]): x in domain(f) | x in s} ELEM ==> Stat3: {x: x in domain(f) | x in s} /= {car([x,f~[x]]): x in domain(f) | x in s} Set_monot ==> {x: x in domain(f) | x in s} = {car([x,f~[x]]): x in domain(f) | x in s} Discharge ==> QED -- -- Next we show that the composition of two single-valued maps is single valued. -- Theorem 128: [Composition of single-valued maps] (Svm(F) & Svm(G)) ¥imp Svm(F @ G). Proof: Suppose_not(f,g) ==> Svm(f) & Svm(g) & (not Svm(f @ g)) -- -- For suppose the contrary. Then by definition and using Theorem 55 it follows that -- there exist $a$, $b$ in $f @ g$ with identical first components but distinct second components: -- Use_def(Svm) ==> Is_map(f) & Stat1: (FORALL x in f, y in f | ((car(x) = car(y)) ¥imp (x = y))) & Is_map(g) & Stat2: (FORALL x in g, y in g | ((car(x) = car(y)) ¥imp (x = y))) & (not(Is_map(f @ g) & (FORALL x in (f @ g), y in (f @ g) | ((car(x) = car(y)) ¥imp (x = y))))) (f,g)-->T55 ==> Is_map(f @ g) ELEM ==> Stat3: not(FORALL x in (f @ g), y in (f @ g)| ((car(x) = car(y)) ¥imp (x = y))) (a,b)-->Stat3 ==> (a in (f @ g)) & (b in (f @ g)) & (car(a) = car(b)) & (a /= b) -- -- Thus, by definition of map multiplication, there exist $c$, $d$, $u$, $v$, with $c$, $u$ in $g$ and $d$, $v$ in $f$, -- satisfying the condition displayed below. -- Use_def(@) ==> Stat4: (a in {[car(x),cdr(y)]: x in g, y in f | cdr(x) = car(y)}) & (b in {[car(x),cdr(y)]: x in g, y in f | cdr(x) = car(y)}) (c,d,u,v)-->Stat4 ==> Stat5: (c in g) & (d in f) & (a = [car(c),cdr(d)]) & (cdr(c) = car(d)) & (u in g) & (v in f) & (b = [car(u),cdr(v)]) & (cdr(u) = car(v)) & (car(a) = car(b)) & (a /= b) -- -- But then $car(c) = car(u)$, so by Stat5 we have $car(d) = car(v)$. -- (Stat5*)ELEM ==> Stat6: (c in g) & (u in g) & (car(a) = car(b)) & (a = [car(c),cdr(d)]) & (b = [car(u),cdr(v)]) EQUAL ==> Stat7: car([car(c),cdr(d)]) = car([car(u),cdr(v)]) (Stat7)ELEM ==> Stat8: car(c) = car(u) (c,u)-->Stat2 ==> Stat9: ((c in g) & (u in g) & (car(c) = car(u))) ¥imp (c = u) (Stat6,Stat9,Stat8*)ELEM ==> Stat10: c = u EQUAL ==> cdr(c) = cdr(u) (Stat5*)ELEM ==> car(d) = car(v) -- -- It follows by Stat5 that $cdr(d) = cdr(v)$, contradicting $a /= b$ and so proving our theorem. -- (d,v)-->Stat1 ==> Stat11: d = v (Stat5*)ELEM ==> Stat12: [car(c),cdr(d)] /= [car(u),cdr(v)] EQUAL ==> false; Discharge ==> QED -- -- Theorem 121 also lets us give a purely algebraic argument to show that -- the product of one-to-one mappings is one-to-one. -- Theorem 133: [Composition of one-one maps] (One_1_map(F) & One_1_map(G)) ¥imp One_1_map(F @ G). Proof: Suppose_not(f,g) ==> One_1_map(f) & One_1_map(g) & (not One_1_map(f @ g)) -- -- For suppose the contrary, in which case it follows by Theorem 121 that -- $f$, $g$ and their inverses are single-valued, but $f @ g$ is not. -- f-->T121 ==> Svm(f) & Svm(inv(f)) g-->T121 ==> Svm(g) & Svm(inv(g)) (f @ g)-->T121 ==> not(Svm(f @ g) & Svm(inv(f @ g))) -- -- But Theorem 128 tells us that $f @ g$ is single-valued, and Theorem 120 allows -- $inv(f @ g)$ to be rewritten as a product of inverses which must be single-valued, -- proving the present theorem. -- (f,g)-->T128 ==> Svm(f @ g) Use_def(Svm) ==> Is_map(f) Use_def(Svm) ==> Is_map(g) (f,g)-->T120 ==> inv(f @ g) = inv(g) @ inv(f) (inv(g),inv(f))-->T128 ==> Svm(inv(g) @ inv(f)) EQUAL ==> false; Discharge ==> QED -- -- Def cartesianProduct: [Cartesian Product] Def(S ¥PROD T) := {[x,y]: x in S, y in T} -- Theorem 141: [Subsets of Cartesian products] (Y ¥incin (S ¥PROD T)) ¥eq (Is_map(Y) & (domain(Y) ¥incin S) & (range(Y) ¥incin T)). Proof: -- -- This follows trivially from the fact that a map is a set each -- of whose elements $x$ is a pair $[car(x),cdr(x)]$ -- Suppose_not(y0,s,t) ==> AUTO Use_def(¥PROD) ==> Stat0: (y0 ¥incin {[x,y]: x in s, y in t}) ¥neq (Is_map(y0) & (domain(y0) ¥incin s) & (range(y0) ¥incin t)) Suppose ==> Stat1: y0 ¥incin {[x,y]: x in s, y in t} Suppose ==> Stat2: domain(y0) ¥nincin s Use_def(domain)(Stat2) ==> Stat3: {car(x): x in y0} ¥nincin s p-->Stat3 ==> Stat4: (p in {car(x): x in y0}) & (p notin s) a-->Stat4(Stat1*) ==> Stat5: (a in {[x,y]: x in s, y in t}) & (car(a) notin s) (x1,y1)-->Stat5(Stat5) ==> false Discharge ==> AUTO Suppose ==> Stat6: range(y0) ¥nincin t Use_def(range)(Stat6) ==> Stat7: {cdr(x): x in y0} ¥nincin t q-->Stat7 ==> Stat8: (q in {cdr(x): x in y0}) & (q notin t) b-->Stat8(Stat1*) ==> Stat9: (b in {[x,y]: x in s, y in t}) & (cdr(b) notin t) (x2,y2)-->Stat9(Stat9) ==> false Discharge ==> AUTO Use_def(Is_map(y0)) ==> AUTO (Stat0*)ELEM ==> Stat10: not (FORALL p in y0 | p = [car(p),cdr(p)]) p0-->Stat10(Stat1*) ==> Stat11: (p0 in {[x,y]: x in s, y in t}) & (p0 /= [car(p0),cdr(p0)]) (x3,y3)-->Stat11(Stat11) ==> false Discharge ==> AUTO Use_def(Is_map(y0)) ==> AUTO Use_def(domain(y0)) ==> AUTO Use_def(range(y0)) ==> AUTO (Stat0*)ELEM ==> Stat12: (y0 ¥nincin {[x,y]: x in s, y in t}) & (FORALL p in y0 | p = [car(p), cdr(p)]) & ({car(q): q in y0} ¥incin s) & ({cdr(q): q in y0} ¥incin t) (p1,p1)-->Stat12(Stat12*) ==> Stat13: (p1 notin {[x,y]: x in s, y in t}) & (p1 in y0) & (p1 = [car(p1),cdr(p1)]) (car(p1),cdr(p1))-->Stat13(Stat13*) ==> (car(p1) notin s) or (cdr(p1) notin t) Suppose ==> car(p1) notin s (Stat12*)ELEM ==> Stat14: car(p1) notin {car(q): q in y0} p1-->Stat14(Stat13*) ==> false Discharge ==> AUTO (Stat12*)ELEM ==> Stat15: cdr(p1) notin {cdr(q): q in y0} p1-->Stat15(Stat13*) ==> false Discharge ==> QED -- -- -- Our next theorem states that if the domain of a single-valued map is finite, so is its range. -- Theorem 189a: [A single-valued map with finite domain has a finite range] Svm(F) ¥imp (Finite(domain(F)) ¥imp Finite(range(F))). Proof: Suppose_not(f0) ==> Svm(f0) & Finite(domain(f0)) & (not Finite(range(f0))) f0-->T72 ==> f0 = {[x,f0~[x]]: x in domain(f0)} APPLY() fcn_symbol(f(X)->(f0~[X]),g->f0,s->domain(f0)) ==> range(f0) = {f0~[x]: x in domain(f0)} APPLY() finiteImage(s0->domain(f0),f(X)->(f0~[X])) ==> Finite({f0~[x]: x in domain(f0)}) EQUAL ==> false Discharge ==> QED -- -- If $s$ is a 1-1 map, the implication given in the preceding theorem can be strengthened to an equivalence: -- Theorem 191: [One-one maps preserve finiteness] One_1_map(F) ¥imp (Finite(domain(F)) ¥eq Finite(range(F))). Proof: Suppose_not(f) ==> AUTO Use_def(One_1_map(f)) ==> AUTO f-->T189a ==> Finite(domain(f)) ¥imp Finite(range(f)) -- -- For in this case Theorem 189a applies to both $f$ and its inverse, -- giving us a pair of implications, and so yielding the asserted equivalence. -- f-->T101 ==> One_1_map(inv(f)) & (domain(inv(f)) = range(f)) & (range(inv(f)) = domain(f)) Use_def(One_1_map(inv(f))) ==> AUTO (inv(f))-->T189a ==> Finite(domain(inv(f))) ¥imp Finite(range(inv(f))) EQUAL ==> Finite(range(f)) ¥imp Finite(domain(f)) Discharge ==> QED -- Def togglingMap: Is_tog(T) := Svm(T) & (inv(T) = T) & (FORALL p in T | car(p) /= cdr(p)) -- Theorem 884: (Is_tog(T) & (X in domain(T))) ¥imp (((T~[X]) in domain(T)) &((T~[X]) /= X) & ((T~[T~[X]]) = X)). Proof: Suppose_not(t0,x0) ==> AUTO Use_def(Is_tog) ==> Stat0: (FORALL p in t0 | car(p) /= cdr(p)) & Svm(t0) & (inv(t0) = t0) Suppose ==> (t0~[x0]) notin domain(t0) t0-->T99(*) ==> Is_map(inv(t0)) & (range(inv(t0)) = domain(t0)) EQUAL ==> range(t0) = domain(t0) (x0,t0)-->T71(*) ==> false Discharge ==> AUTO t0-->T72 ==> t0 = {[x,t0~[x]]: x in domain(t0)} Suppose ==> Stat1: [x0,t0~[x0]] notin {[x,t0~[x]]: x in domain(t0)} x0-->Stat1(*) ==> false; Discharge ==> AUTO Suppose ==> Stat2: [t0~[x0],t0~[t0~[x0]]] notin {[x,t0~[x]]: x in domain(t0)} (t0~[x0]-->Stat2(*) ==> false Discharge ==> AUTO EQUAL ==> Stat3: ([x0,t0~[x0]] in t0) & ([t0~[x0],t0~[t0~[x0]]] in t0) Suppose ==> Stat4: (t0~[x0]) = x0 ([x0,t0~[x0]])-->Stat0(Stat3*) ==> car([x0,t0~[x0]]) /= cdr([x0,t0~[x0]]) (Stat4)Discharge ==> Stat5: (t0~[t0~[x0]]) /= x0 Use_def(Svm) ==> Is_map(t0) & Stat6: (FORALL p in t0, q in t0 | (car(p)=car(q)) ¥imp (p=q)) (t0,x0,t0~[x0])-->T90(*) ==> Stat7: [t0~[x0],x0] in t0 ([t0~[x0],t0~[t0~[x0]]],[t0~[x0],x0])-->Stat6(Stat3,Stat7) ==> Stat8: (car([t0~[x0],t0~[t0~[x0]]])=car([t0~[x0],x0])) ¥imp ([t0~[x0],t0~[t0~[x0]]] = [t0~[x0],x0]) (Stat8,Stat5)Discharge ==> QED -- Theorem 885: (Is_tog(T) & (X in domain(T)) & (Y in {X,T~[X]})) ¥imp ({X,T~[X]} = {Y,T~[Y]}). Proof: Suppose_not(t0,x0,y0) ==> AUTO Suppose ==> y0 = x0 EQUAL ==> false Discharge ==> (t0~[x0]) = y0 (t0,x0)-->T884(*) ==> t0~[t0~[x0]] = x0 EQUAL ==> x0 = t0~[y0] Discharge ==> QED -- Theorem 886: (Is_tog(T) & (W = domain(T))) ¥imp ({X,T~[X]} ¥nincin {arb({v,T~[v]}): v in W}). Proof: Suppose_not(t,w,x) ==> Stat1: (x in {arb({v,t~[v]}): v in w}) & (t~[x] in {arb({v,t~[v]}): v in w}) & Is_tog(t) & (w = domain(t)) -- -- For, assuming the contrary, we would have $x = arb({v,t~[v]})$ and $t~[x] = arb({u,t~[u]})$ for suitable $u,v$ in $w$. -- Since these imply that $x in {v,t~[v]}$ and $t~[x] in {u,t~[u]}$, taking into account that $t~[t~[x]]=x$, the preceding -- theorem implies that ${x,t~[x]} = {v,t~[v]}$ and ${x,t~[x]} = {u,t~[u]}$. But then $arb({v,t~[v]}) = arb({u,t~[u]})$ follows -- from the equality ${v,t~[v]} = {u,t~[u]}$, and therefore we have $x = t~[x]$, which conflicts with an earlier theorem -- stating that no toggling map has fixpoints. -- (v,u)-->Stat1 ==> Stat2: (x = arb({v,t~[v]})) & (t~[x] = arb({u,t~[u]})) & (v in w) & (u in w) & Is_tog(t) & (w = domain(t)) (t,v)-->T884(Stat2) ==> Stat3: x in w (t,x)-->T884(Stat2*) ==> Stat4: (t~[x] in w) & (w = domain(t)) & (t~[x] /= x) & (t~[t~[x]] = x) (Stat2,Stat2)ELEM ==> Stat6: (t~[x] in {u,t~[u]}) (t,u,t~[x])-->T885(Stat2,Stat4,Stat6*) ==> {x,t~[x]} = {u,t~[u]} (Stat2,Stat2)ELEM ==> Stat7: (x in {v,t~[v]}) (t,v,x)-->T885(Stat2,Stat4,Stat7*) ==> {x,t~[x]} = {v,t~[v]} EQUAL(Stat2) ==> false Discharge ==> QED -- Theorem 887: [0 is a tog] (X = 0) ¥imp (Is_map(X) & Svm(X) & One_1_map(X) & Is_tog(X)). Proof: Suppose_not(x0) ==> AUTO EQUAL ==> not(Is_map(0) & Svm(0) & One_1_map(0) & Is_tog(0)) Suppose ==> not Is_map(0) Use_def(Is_map) ==> Stat0: not(FORALL p in 0 | p = [car(p),cdr(p)]) p0-->Stat0 ==> false Discharge ==> AUTO Suppose ==> not Svm(0) Use_def(Svm) ==> Stat1: not(FORALL p in 0, q in 0 | (car(p) = car(q)) ¥imp (p = q)) (p1,q1)-->Stat1 ==> false Discharge ==> AUTO Suppose ==> not One_1_map(0) Use_def(One_1_map) ==> Stat2: not(FORALL p in 0, q in 0 | (cdr(p) = cdr(q)) ¥imp (p = q)) (p2,q2)-->Stat2 ==> false Discharge ==> AUTO Use_def(Is_tog) ==> not((inv(0) = 0) & (FORALL p in 0 | car(p) /= cdr(p))) Suppose ==> Stat3: not(FORALL p in 0 | car(p) /= cdr(p)) p3-->Stat3 ==> false; Discharge ==> inv(0) /= 0 Use_def(inv) ==> Stat4: {[cdr(p),car(p)]: p in 0} /= 0 p4-->Stat4 ==> false Discharge ==> QED -- -- -- Theorem 888a: [The unionset of pairwise compatible togs is a tog] (FORALL t in F, tp in F | Is_tog(t+tp)) ¥imp Is_tog(Un(F)). Proof: Suppose_not(f0) ==> Stat0: (FORALL t in f0, tp in f0 | Is_tog(t+tp)) & (not Is_tog(Un(f0))) Suppose ==> Stat0a: not(FORALL t in f0 | Is_tog(t)) t-->Stat0a ==> (t in f0) & (not Is_tog(t)) (t,t)-->Stat0 ==> Is_tog(t+t) & (t = t+t) EQUAL ==> false Discharge ==> Stat1: (FORALL t in f0 | Is_tog(t)) -- -- Arguing by contradiction, assume that for some set $f0$, entirely formed by togs, the unionset is not a tog. -- Use_def(Is_tog(Un(f0))) ==> AUTO Use_def(Un) ==> Stat9: Un(f0) = {u: v in f0, u in v} -- -- One reason why $Un(f0)$ is not a tog might be that it is not its own inverse; -- i.e., for some $p1 in Un(f0)$, by interchanging its two components we get an element -- $[cdr(p1),car(p1)]$ lying outside $Un(f0)$;... -- Suppose ==>Stat5: inv(Un(f0)) /= Un(f0) Use_def(inv) ==> Stat6: Un(f0) /= {[cdr(p),car(p)]: p in Un(f0)} p1-->Stat6 ==> Stat7: (p1 in Un(f0)) ¥neq (p1 in {[cdr(p),car(p)]: p in Un(f0)}) -- -- ...but this is untenable, because $p1$ should then belong to some $t1 in f0$, which must -- be a tog, and hence must have $[cdr(p1),car(p1)]$ among its elements, which entails that -- $[cdr(p1),car(p1)] in Un(f0). -- Suppose ==> Stat8: p1 in {[cdr(p),car(p)]: p in Un(f0)} p2-->Stat8(Stat7,Stat8,Stat9*) ==> Stat10: (p2 in {u: v in f0, u in v}) & ([cdr(p2),car(p2)] notin {u: v in f0, u in v}) (t1,u1,{[cdr(p),car(p)]: p in t1},[cdr(p2),car(p2)])-->Stat10(Stat10*) ==> Stat11: (t1 in f0) & (p2 in t1) & (({[cdr(p),car(p)]: p in t1} notin f0) or ([cdr(p2),car(p2)] notin {[cdr(p),car(p)]: p in t1})) Use_def(Is_tog(t1)) ==> AUTO Use_def(inv(t1)) ==> AUTO t1-->Stat1(Stat11*) ==> Stat14: [cdr(p2),car(p2)] notin {[cdr(p),car(p)]: p in t1} p2-->Stat14(Stat11,Stat11*) ==> false Discharge ==> Stat15a: (p1 in {u: v in f0, u in v}) & Stat15: (p1 notin {[cdr(p),car(p)]: p in Un(f0)}) (s1,w1)-->Stat15a ==> (s1 in f0) & (p1 in s1) s1-->Stat1(Stat1*) ==> Is_tog(s1) Use_def(Is_tog) ==> inv (s1)=s1 Use_def(inv) ==> Stat17: p1 in {[cdr(p),car(p)]: p in s1} r4-->Stat17==>Stat18:(r4 in s1) & ([cdr(r4),car(r4)]=p1) r4-->Stat15 ==> Stat19: r4 notin {u: v in f0, u in v} (s1,r4)-->Stat19 ==> false Discharge ==> AUTO -- -- Another reason why $Un(f0)$ could fail to be a tog is its not being a single-valued map. -- Suppose ==> Stat31: not(Svm(Un(f0))) f0-->T62c(Stat31*) ==> Stat32: not(FORALL f in f0, g in f0 | Svm(f+g)) (t2,t3)-->Stat32(Stat32*) ==> Stat33: (t2 in f0) & (t3 in f0) & (not Svm(t2+t3)) (t2,t3)-->Stat0 ==> Is_tog(t2+t3) Use_def(Is_tog) ==> Svm(t2+t3) Discharge ==> AUTO -- -- We are left with only one possible explanation of why $Un(f0)$ is not a tog: -- the two components, $car(p0),cdr(p0)$ of one of its element $p0$ are equal;... -- (Stat0*)ELEM ==> Stat2: not(FORALL p in Un(f0) | car(p) /= cdr(p)) -- -- ...but this is untenable: then, in fact, an element $t0$ of $f0$ would have $p0$ -- among its elements and $t0$ could not be a tog. -- APPLY(allUn_thryvar:t0) allUn(s0->f0,P(X)->Is_tog(X),Q(Y)->(car(Y)/=cdr(Y))) ==> (Is_tog(t0) ¥neq (FORALL y in t0 | car(y) /= cdr(y))) & ((t0 notin f0+{0}) ¥imp (FORALL y in Un(f0) | car(y) /= cdr(y))) t0-->T887 ==> AUTO Use_def(Is_tog(t0)) ==> AUTO t0-->Stat1 ==> false Discharge ==> QED -- Theorem 888c: [The union of two toggling maps $t$ and $s$ whose domains are disjoint is a toggling map] (Is_tog(T) & Is_tog(S) & (domain(T) * domain(S) = 0)) ¥imp Is_tog(T+S). Proof: Suppose_not(t0,s0) ==> AUTO Use_def(Is_tog) ==> (not(Svm(t0+s0) & (inv(t0+s0)=t0+s0) & (FORALL p in (t0 + s0) | car(p) /= cdr(p)))) & Svm(t0) & Svm(s0) & (inv(t0)=t0) & (inv(s0)=s0) Suppose ==> inv(t0+s0) /= t0+s0 Set_monot ==> ({[cdr(p),car(p)]: p in t0} + {[cdr(p),car(p)]: p in s0}) ¥incin {[cdr(p),car(p)]: p in t0+s0} Use_def(inv)==>Stat25: ({[cdr(p),car(p)]: p in t0}+{[cdr(p),car(p)]: p in s0}) ¥nincs {[cdr(p),car(p)]: p in t0+s0} p2-->Stat25 ==> Stat26: (p2 in {[cdr(p),car(p)]: p in t0+s0}) & (p2 notin {[cdr(p),car(p)]: p in t0}) & (p2 notin {[cdr(p),car(p)]: p in s0}) (p3,p3,p3)-->Stat26(Stat26*) ==> false Discharge ==> AUTO Suppose ==> Stat1: not(FORALL p in (t0 + s0)| car(p) /= cdr(p)) p1-->Stat1 ==> Stat2: ((p1 in t0) or (p1 in s0)) & (car(p1) = cdr(p1)) Use_def(Is_tog) ==> Stat3: (FORALL p in t0 | car(p) /= cdr(p)) & (FORALL p in s0 | car(p) /= cdr(p)) (p1,p1)-->Stat3(Stat2) ==> false Discharge ==> AUTO -- -- The only reason left why $t0+s0$ might fail to be a tog, namely that $not Svm(t0+s0)$, will lead to -- the desired contradiction which completes our proof. -- (t0,s0)-->T62a ==> AUTO Discharge ==> QED Theorem 888d: [If a toggling map is defined on a subset of $S$ leaving out two elements of $S$, then it can be enlarged] (Is_tog(T) & ({X,Y} * domain(T) = 0) & (X /= Y)) ¥imp Is_tog(T + {[X,Y],[Y,X]}). Proof: Suppose_not(t0,x0,y0) ==> AUTO Use_def(Is_tog({[x0,y0],[y0,x0]})) ==> AUTO (t0,{[x0,y0],[y0,x0]})-->T888c ==> AUTO (x0,y0,y0,x0)-->T92 ==> Svm({[x0,y0],[y0,x0]}) & (domain({[x0,y0],[y0,x0]}) = {x0,y0}) Suppose ==> Stat4: not(FORALL p in {[x0,y0],[y0,x0]} | car(p) /= cdr(p)) p0-->Stat4(Stat4) ==> x0 = y0 Discharge ==> AUTO Use_def(inv) ==> Stat6: {[cdr(p),car(p)]: p in {[x0,y0],[y0,x0]}} /= {[x0,y0],[y0,x0]} APPLY() imageOfDoubleton(f(X)->[cdr(X),car(X)],x0->[y0,x0],x1->[x0,y0]) ==> Stat7: {[cdr(p),car(p)]: p in {[x0,y0],[y0,x0]}} = {[cdr([y0,x0]),car([y0,x0])],[cdr([x0,y0]),car([x0,y0])]} (Stat6*)Discharge ==> QED -- -- Every set (finite or infinite) supports a toggling map which leaves out at most one element of it. -- Theorem 888: (EXISTS t, x | Is_tog(t) & (domain(t) = S - {x})). Proof: Suppose_not(s0) ==> Stat0: (not (EXISTS t, x | Is_tog(t) & (domain(t) = s0 - {x}))) Loc_def ==> Stat1: togs = {g ¥incin (s0 ¥PROD s0) | Is_tog(g)} -- -- Arguing by contradiction, suppose that $s0$ is a counterexample to the claim. -- Let us first check that the condition for applying Zorn's lemma to $togs$ is met. -- Suppose ==> Stat2: not(FORALL x ¥incin togs | ((FORALL u in x, v in x | (u incs v or v incs u)) ¥imp (Un(x) in togs))) f0-->Stat2 ==> Stat3: (FORALL u in f0,v in f0 | (u incs v or v incs u)) & (f0 ¥incin {g ¥incin (s0 ¥PROD s0) | Is_tog(g)}) & Stat5: (Un(f0) notin {g ¥incin (s0 ¥PROD s0) | Is_tog(g)}) ()-->Stat5(Stat3*) ==> Stat6: (not(Is_tog(Un(f0)))) or (Un(f0) ¥nincin (s0 ¥PROD s0 )) Suppose ==> Stat11: not( FORALL j in f0 | j¥incin (s0 ¥PROD s0 ) ) r0-->Stat11 ==> Stat13: (r0 in {g ¥incin (s0 ¥PROD s0) | Is_tog(g)}) & (r0 ¥nincin (s0 ¥PROD s0)) ()-->Stat13 ==> false Discharge ==> Stat14: (FORALL j in f0 | j ¥incin (s0 ¥PROD s0)) (s0 ¥PROD s0,f0)-->T2 ==> not(Is_tog(Un(f0))) f0-->T888a ==> Stat7: not(FORALL t in f0, tp in f0 | Is_tog(t+tp)) (j0,j1)-->Stat7 ==> (j0 in f0) & (j1 in f0) & (not Is_tog(j0+j1)) (j0,j1)-->Stat3 ==> Stat8: j0+j1 in {g ¥incin (s0 ¥PROD s0) | Is_tog(g)} ()-->Stat8(Stat7*) ==> false Discharge ==> AUTO -- -- Now, by exploiting the version of Zorn's lemma for union-closed collections, we get that -- every $u in togs$ is included in a $y in togs$ which is maximal. Since $0 in togs$, this -- can be exploited to find a maximal element $m0 in togs$ -- togs-->T22 ==> Stat17: (FORALL u in togs | (EXISTS y in togs | (y incs u) & (FORALL x in togs | (x incs y) ¥imp (x = y)))) Suppose ==> Stat18: 0 notin {g ¥incin (s0 ¥PROD s0) | Is_tog(g)} 0-->Stat18 ==> not Is_tog(0) 0-->T887 ==> false Discharge ==> 0 in togs 0-->Stat17 ==> Stat24: (EXISTS y in togs | (y incs 0) & (FORALL x in togs | (x incs y) ¥imp (x = y))) m0-->Stat24 ==> Stat25: (m0 in {g ¥incin (s0 ¥PROD s0) | Is_tog(g)}) & Stat26: (FORALL x in togs | (x incs m0) ¥imp (x = m0)) (m0,s0,s0)-->T141 ==> (m0 ¥incin (s0 ¥PROD s0)) ¥imp (domain(m0) ¥incin s0) ()-->Stat25 ==> Stat27: (m0 ¥incin (s0 ¥PROD s0)) & Is_tog(m0) & (domain(m0) ¥incin s0) -- -- We must exclude that $domain(m0)=s0$, and hence we can find an element $a in s0-domain(m0)$. -- Loc_def ==> a = arb( s0-domain(m0) ) (m0,s0)-->Stat0(Stat27) ==> Stat28: (a in s0) & (a notin domain(m0)) -- -- We must also exclude that $s0-{a}-domain(m0)={a}$, and hence we can find an element $b in s0-{a}-domain(m0)$. -- (m0,a)-->Stat0(Stat27) ==> Stat29: (s0-{a}) ¥nincin domain(m0) b-->Stat29 ==> Stat30: (b in s0 - {a}) & (b notin domain(m0)) -- -- Henceforth we will prove that $m0+{[a,b],[b,a]}$, strictly including $m0$ -- is a tog whose domain is included in $s0$. This will contradict the maximality of $m0$, -- leading us to the desired contradiction. -- (m0+{[a,b],[b,a]})-->Stat26(Stat27*) ==> ((m0+{[a,b],[b,a]}) notin togs) or (m0+{[a,b],[b,a]} = m0) Suppose ==> m0+{[a,b],[b,a]} = m0 TELEM ==> b in domain({[a,b],[b,a]}) ({[a,b],[b,a]},m0+{[a,b],[b,a]})-->T65(Stat30*) ==> b in domain(m0+{[a,b],[b,a]}) EQUAL ==> false Discharge ==> AUTO (m0,a,b)-->T888d(Stat27*) ==> Stat31: ((m0+{[a,b],[b,a]}) notin togs) & Is_tog(m0+{[a,b],[b,a]}) (Stat1,Stat31*)ELEM ==> Stat32: (m0+{[a,b],[b,a]}) notin {g ¥incin (s0 ¥PROD s0) | Is_tog(g)} ()-->Stat32(Stat31,Stat27*) ==> not( {[a,b],[b,a]} ¥incin (s0 ¥PROD s0) ) Use_def(¥PROD)(Stat32) ==> Stat33: ([a,b] notin {[x,y]: x in s0, y in s0}) or ([b,a] notin {[x,y]: x in s0, y in s0}) (a,b,b,a)-->Stat33(Stat28,Stat30*) ==> false Discharge ==> QED -- -- Def intersection: [Monadic intersection] inters(X) := { z in arb(X) | (FORALL y in X | z in y) } -- -- THEORY inters(d0) d0 /= 0 END inters -- ENTER_THEORY inters -- Def multipleInters: [Polyadic intersection] inters_thryvar(S) := {z in d0 | (FORALL y in S | z in y)} -- Theorem inters0: ((S /= 0) & (S ¥incin {x : x ¥incin d0})) ¥imp (inters_thryvar(S) = inters(S)). Proof: Suppose_not(s0) ==> AUTO Loc_def ==> a0 = arb(s0) Use_def(inters(s0)) ==> AUTO EQUAL ==> inters(s0) = { z in a0 | (FORALL y in s0 | z in y) } Use_def(inters_thryvar) ==> Stat1: ({z in d0 | (FORALL y in s0 | z in y)} /= { z in a0 | (FORALL y in s0 | z in y) }) & Stat2: (a0 in {x : x ¥incin d0}) & (a0 in s0) a1-->Stat2(Stat1*) ==> Stat3: a0 ¥incin d0 z0-->Stat1(Stat1*) ==> (z0 in {z in d0 | (FORALL y in s0 | z in y)}) ¥neq (z0 in { z in a0 | (FORALL y in s0 | z in y) }) Suppose ==> Stat4: (z0 in {z in a0 | (FORALL y in s0 | z in y) }) & (z0 notin {z in d0 | (FORALL y in s0 | z in y)}) ()-->Stat4(Stat1*) ==> Stat5: (z0 notin {z in d0 | (FORALL y in s0 | z in y)}) & Stat6: (FORALL y in s0 | z0 in y) & (z0 in a0) z0-->Stat5(Stat1*) ==> Stat7: not(FORALL y in s0 | z0 in y) y0-->Stat7(Stat7*) ==> (y0 in s0) & (z0 notin y0) y0-->Stat6(Stat7*) ==> false Discharge ==> AUTO (Stat3*)ELEM ==> Stat8: (z0 in {z in d0 | (FORALL y in s0 | z in y)}) & (z0 notin {z in a0 | (FORALL y in s0 | z in y) }) ()-->Stat8(Stat8*) ==> Stat9: (FORALL y in s0 | z0 in y) & (z0 notin {z in a0 | (FORALL y in s0 | z in y) }) (a0,z0)-->Stat9(Stat1*) ==> Stat10: not(FORALL y in s0 | z0 in y) y1-->Stat10(Stat10*) ==> (y1 in s0) & (z0 notin y1) y1-->Stat9(Stat10*) ==> false Discharge ==> QED -- Theorem inters1: inters_thryvar(S) = d0 - Un({d0 - v : v in S}). Proof: Suppose_not(f0) ==> AUTO Use_def(inters_thryvar(f0)) ==> AUTO Use_def(Un({d0 - x : x in f0})) ==> AUTO SIMPLF ==> Stat0: {y in d0 | (FORALL x in f0 | y in x)} /= ( d0 - {u: x in f0, u in d0 - x} ) y0-->Stat0 ==> ( y0 in {y in d0 | (FORALL x in f0 | y in x)} ) ¥neq ( y0 in ( d0 - {u: x in f0, u in d0 - x} ) ) Suppose ==> Stat1: y0 in {y in d0 | (FORALL x in f0 | y in x)} ()-->Stat1(Stat0*) ==> Stat2: (y0 in {u: x in f0, u in d0 - x}) & (FORALL x in f0 | y0 in x) & (y0 in d0) (x0,u0,x0)-->Stat2 ==> false Discharge ==> Stat3: (y0 notin {y in d0 | (FORALL x in f0 | y in x)}) & (y0 in d0) y0-->Stat3(Stat0*) ==> Stat4: (not(FORALL x in f0 | y0 in x)) & (y0 notin {u: x in f0, u in d0 - x}) (x1,x1,y0)-->Stat4(Stat3*) ==> false Discharge ==> QED -- Theorem inters2: (FORALL y in S | y ¥incin d0) ¥imp ((inters_thryvar(S) = d0) ¥eq (S ¥incin {d0})). Proof: Suppose_not(x0) ==> AUTO Use_def(inters_thryvar(x0)) ==> AUTO Suppose ==> Stat0: x0 ¥incin {d0} ELEM ==> Stat1: {y in d0 | (FORALL x in x0 | y in x)} /= d0 Set_monot ==> {y in d0 | (FORALL x in x0 | y in x)} ¥incin {y in d0 | true} y1-->Stat1 ==> Stat2: (y1 notin {y in d0 | (FORALL x in x0 | y in x)}) & (y1 in d0) y1-->Stat2 ==> Stat7: not(FORALL x in x0 | y1 in x) x1-->Stat7(Stat0*) ==> false Discharge ==> Stat3: (x0 ¥nincin {d0}) & ({y in d0 | (FORALL x in x0 | y in x)} = d0) y2-->Stat3(*) ==> Stat4: (FORALL y in x0 | y ¥incin d0) & (y2 /= d0) & (y2 in x0) (y2,y3)-->Stat4(Stat3*) ==> Stat5: (y3 in {y in d0 | (FORALL x in x0 | y in x)} ) & (y3 notin y2) & (y2 ¥incin d0) ()-->Stat5(Stat5*) ==> Stat6: (FORALL x in x0 | y3 in x) y2-->Stat6(Stat4*) ==> false Discharge ==> QED -- Theorem inters3: inters_thryvar(0) = d0. Proof: Suppose_not() ==> AUTO 0-->Tinters2 ==> Stat1: not(FORALL y in 0 | y ¥incin d0) y0-->Stat1 ==> false Discharge ==> QED -- Theorem inters4: inters_thryvar(S+T) = inters_thryvar(S) * inters_thryvar(T). Proof: Suppose_not(x0,y0) ==> AUTO (x0+y0)-->Tinters1 ==> AUTO x0-->Tinters1 ==> AUTO y0-->Tinters1 ==> AUTO Suppose ==> Un({d0 - v : v in (x0+y0)}) = (Un({d0 - v : v in x0}) + Un({d0 - v : v in y0})) ELEM ==> false Discharge ==> AUTO Use_def(Un) ==> Stat1: {u: w in {d0 - v : v in (x0+y0)}, u in w} /= {u: w in {d0 - v : v in x0}, u in w} + {u: w in {d0 - v : v in y0}, u in w} Set_monot ==> {u: v in x0, u in d0 - v} + {u: v in y0, u in d0 - v} ¥incin {u: v in (x0+y0), u in d0 - v} SIMPLF(Stat1) ==> Stat2: {u: v in (x0+y0), u in d0 - v} ¥nincin ({u: v in x0, u in d0 - v} + {u: v in y0, u in d0 - v}) u0-->Stat2(Stat2*) ==> Stat3: (u0 in {u: v in (x0+y0), u in d0 - v}) & (u0 notin {u: v in x0, u in d0 - v}) & (u0 notin {u: v in y0, u in d0 - v}) (v1,u1,v1,u1,v1,u1)-->Stat3(Stat3*) ==> false Discharge ==> QED -- Theorem inters5: (Z in S) ¥imp (inters_thryvar(S) = inters_thryvar(S-{Z}) * Z). Proof: Suppose_not(a0,f0) ==> Stat7: (a0 in f0) & (inters_thryvar(f0-{a0}) * a0 /= inters_thryvar(f0)) Set_monot ==> {y in d0 | (FORALL x in f0 | y in x)} ¥incin {y in d0 | (FORALL x in f0-{a0} | y in x)} Use_def(inters_thryvar)(Stat7) ==> (({y in d0 | (FORALL x in f0-{a0} | y in x)} * a0) ¥nincin {y in d0 | (FORALL x in f0 | y in x)}) or ({y in d0 | (FORALL x in f0 | y in x)} ¥nincin a0) Suppose ==> Stat8: {y in d0 | (FORALL x in f0 | y in x)} ¥nincin a0 y2-->Stat8(Stat8*) ==> Stat9: (y2 in {y in d0 | (FORALL x in f0 | y in x)}) & (y2 notin a0) ()-->Stat9(Stat9*) ==> Stat10: (FORALL x in f0 | y2 in x) a0-->Stat10(Stat7,Stat9,Stat10*) ==> false Discharge ==> Stat11: ({y in d0 | (FORALL x in f0-{a0} | y in x)} * a0) ¥nincin {y in d0 | (FORALL x in f0 | y in x)} y3-->Stat11 ==> Stat12: (y3 in {y: y in d0 | (FORALL x in f0-{a0} | y in x)}) & (y3 notin {y: y in d0 | (FORALL x in f0 | y in x)}) & (y3 in a0) (y4,y4)-->Stat12 ==> Stat13: (not (FORALL x in f0 | y4 in x)) & (FORALL x in f0-{a0} | y4 in x) & (y4 = y3) (x4,x4)-->Stat13(Stat12*) ==> false Discharge ==> QED -- Theorem inters6: (S = {Z}) ¥imp (inters_thryvar(S) = d0 * Z). Proof: Suppose_not(x0,z0) ==> AUTO (z0,x0)-->Tinters5(*) ==> (inters_thryvar(x0) = inters_thryvar(x0-{z0}) * z0) & (x0-{z0} = 0) Tinters3 ==> inters_thryvar(0) = d0 EQUAL ==> false Discharge ==> QED -- Theorem inters7: inters_thryvar(S+{Z}) = inters_thryvar(S) * Z. Proof: Suppose_not(s0,z0) ==> AUTO (s0,{z0})-->Tinters4 ==> inters_thryvar(s0+{z0}) = inters_thryvar(s0) * inters_thryvar({z0}) ({z0},z0)-->Tinters6 ==> inters_thryvar({z0}) = d0 * z0 s0-->Tinters1 ==> false Discharge ==> QED -- ENTER_THEORY Set_theory -- -- DISPLAY inters -- -- THEORY inters(d0) -- d0 /= 0 -- ==>(inters_thryvar) -- (FORALL S | inters_thryvar(S) = {y in d0 | (FORALL x in S | y in x)}) -- (FORALL S | ((S /= 0) & (FORALL x in S | x ¥incin d0)) ¥imp (inters_thryvar(S) = inters(S))) -- (FORALL S | inters_thryvar(S) = d0 - Un({d0 - v : v in S})) -- (FORALL S | (FORALL y in S | y ¥incin d0) ¥imp ((inters_thryvar(S) = d0) ¥eq (S ¥incin {d0}))) -- inters_thryvar(0) = d0 -- -- (FORALL S, T | (inters_thryvar(S+T) = inters_thryvar(S) * inters_thryvar(T))) -- (FORALL z, S | (z in S) ¥imp (inters_thryvar(S) = inters_thryvar(S-{z}) * z)) -- (FORALL S, z | (S = {z}) ¥imp (inters_thryvar(S) = d0 * z)) -- (FORALL S, z | inters_thryvar(S+{z}) = inters_thryvar(S) * z) -- -- (FORALL f | (FORALL x in f | (x ¥incin d0) ¥imp (inters_thryvar(Un(f)) = inters_thryvar({inters_thryvar(x): x in f})))) -- END inters -- =============================================== PROOF OF STONE's THEOREM =========================== --PAUSE HERE -- -- Our next theory, 'pord', provides a simple example of a representation theorem: -- every partial ordering turns out to be isomorphic to an inclusion ordering. -- -- -- Our next theory shows how to represent any non-strict partial ordering as an inclusion ordering. -- This is a sort of analogue, in the small, of the Stone representation theorem for Boolean algebras, -- whose proof will be developed soon. -- THEORY pord(dd,Le(U,V)) -- dychotomy (FORALL x, y | ({x,y} ¥incin dd) ¥imp ((Le(x,y) & Le(y,x)) ¥eq (x = y))) -- transitivity (FORALL x, y, z | ({x, y, z} ¥incin dd) ¥imp ((Le(x,y) & Le(y,z)) ¥imp Le(x,z))) END pord ENTER_THEORY pord Def pord_1: [standard isomorphism between a partial ordering and an inclusion ordering] poIso_thryvar := {[x,{v in dd | Le(v,x)}]: x in dd} Theorem pord_0: [reflexivity of partial orderings] (X in dd) ¥imp (Le(X,X) & ((poIso_thryvar~[X]) = {v in dd | Le(v,X)})). Proof: Suppose_not(x0) ==> AUTO Suppose ==> (poIso_thryvar~[x0]) /= {v in dd | Le(v,x0)} ELEM ==> Stat1: (car([x0,{v in dd| Le(v,x0)}]) = x0) & (cdr([x0,{v in dd| Le(v,x0)}]) = {v in dd| Le(v,x0)}) ({[x,{v in dd| Le(v,x)}]: x in dd},[x0,{v in dd| Le(v,x0)}])-->T74(Stat1*) ==> ([x0,{v in dd| Le(v,x0)}] in {[x,{v in dd| Le(v,x)}]: x in dd}) ¥imp (({[x,{v in dd| Le(v,x)}]: x in dd}~[car([x0,{v in dd| Le(v,x0)}])]) = {v in dd| Le(v,x0)}) Use_def(poIso_thryvar) ==> poIso_thryvar = {[x,{v in dd| Le(v,x)}]: x in dd} EQUAL(Stat1) ==> ([x0,{v in dd| Le(v,x0)}] in {[x,{v in dd| Le(v,x)}]: x in dd}) ¥imp ((poIso_thryvar~[x0]) = {v in dd| Le(v,x0)}) Suppose ==> Stat2: [x0,{v in dd| Le(v,x0)}] notin {[x,{v in dd| Le(v,x)}]: x in dd} x0-->Stat2(*) ==> false; Discharge ==> false Discharge ==> AUTO Assump ==> Stat3: (FORALL x, y | ({x,y} ¥incin dd) ¥imp ((Le(x,y) & Le(y,x)) ¥eq (x = y))) (x0,x0)-->Stat3 ==> false Discharge ==> QED Theorem pord_1: [order homomorphism property] ({X,Y} ¥incin dd) ¥imp (Le(X,Y) ¥eq ((poIso_thryvar~[X]) ¥incin (poIso_thryvar~[Y]))). Proof: Suppose_not(x0,y0) ==> AUTO x0-->Tpord_0 ==> Stat1: (poIso_thryvar~[x0]) = {v in dd | Le(v,x0)} y0-->Tpord_0 ==> (poIso_thryvar~[y0]) = {v in dd | Le(v,y0)} Suppose ==> Stat2: (poIso_thryvar~[x0]) ¥nincin (poIso_thryvar~[y0]) z0-->Stat2(Stat1*) ==> Stat3: (z0 in {v: v in dd | Le(v,x0)}) & (z0 notin {v: v in dd | Le(v,y0)}) (z1,z1)-->Stat3(Stat3*) ==> (z1 in dd) & Le(z1,x0) & (not Le(z1,y0)) Assump ==> Stat4: (FORALL x, y, z | ({x, y, z} ¥incin dd) ¥imp ((Le(x,y) & Le(y,z)) ¥imp Le(x,z))) (z1,x0,y0)-->Stat4(*) ==> false Discharge ==> (not Le(x0,y0)) & ({v: v in dd| Le(v,x0)} ¥incin {v: v in dd| Le(v,y0)}) Suppose ==> Stat6: x0 notin {v in dd| Le(v,x0)} ()-->Stat6(*) ==> (x0 in dd) & (not Le(x0,x0)) x0-->Tpord_0(Stat6*) ==> false Discharge ==> Stat7: (x0 in {v in dd| Le(v,y0)}) & (not Le(x0,y0)) ()-->Stat7(Stat7*) ==> false Discharge ==> QED Theorem pord_2: [injectivity of the homomorphism] One_1_map(poIso_thryvar) & (domain(poIso_thryvar) = dd). Proof: Suppose_not() ==> AUTO -- -- Arguing by contradiction, let us assume that the claim is false. Then, since by its very definition -- $poIso_thryvar$ is a single-valued map and has the domain indicated in the claim, there must be -- distinct pairs $p,q$ in $poIso_thryvar$ whose second components coincide. -- Use_def(poIso_thryvar) ==> Svm(poIso_thryvar) & (domain(poIso_thryvar) = dd) Use_def(One_1_map) ==> Stat1: (not (FORALL p in poIso_thryvar, q in poIso_thryvar | (cdr(p) = cdr(q)) ¥imp (p = q)) ) (p,q)-->Stat1(Stat1*) ==> Stat2: (p in poIso_thryvar) & (q in poIso_thryvar) & (cdr(p) = cdr(q)) & (p /= q) -- -- It follows from the definition of $poIso_thryvar$ that if $x0,x1$ are the respective first components of $p,q$, -- then the corresponding images ${v in dd | Le(v,x0)} = (poIso_thryvar~[x0])$ and ${v in dd | Le(v,x1)} = poIso_thryvar~[x1]$ -- coincide. -- Use_def(poIso_thryvar) ==> Stat3: (p in {[x,{v in dd | Le(v,x)}]: x in dd}) & (q in {[x,{v in dd | Le(v,x)}]: x in dd}) (x0,x1)-->Stat3(Stat3*) ==> Stat4: (x0 in dd) & (x1 in dd) & (p = [x0,{v in dd | Le(v,x0)}]) & (q = [x1,{v in dd | Le(v,x1)}]) (Stat4*)ELEM ==> (car([x0,{v in dd| Le(v,x0)}]) = x0) & (cdr([x0,{v in dd| Le(v,x0)}]) = {v in dd| Le(v,x0)}) & (car([x1,{v in dd| Le(v,x1)}]) = x1) & (cdr([x1,{v in dd| Le(v,x1)}]) = {v in dd| Le(v,x1)}) EQUAL(Stat2) ==> {v in dd| Le(v,x0)} = {v in dd| Le(v,x1)} Suppose ==> x0 = x1 EQUAL(Stat2) ==> false Discharge ==> AUTO x0-->Tpord_0 ==> AUTO x1-->Tpord_0 ==> AUTO -- -- This implies, by the preceding Theorem pord_1, that $Le(x0,x1)$ and $Le(x1,x0)$ hold together, -- and hence that $x0=x1$, conflicting with $p /= q$, and hence leading to the desired contradiction. -- (x0,x1)-->Tpord_1(Stat4*) ==> Le(x0,x1) (x1,x0)-->Tpord_1(Stat4*) ==> Le(x1,x0) Assump ==> Stat9: (FORALL x, y | ({x,y} ¥incin dd) ¥imp ((Le(x,y) & Le(y,x)) ¥eq (x = y))) (x0,x1)-->Stat9(Stat4*) ==> false Discharge ==> QED -- ENTER_THEORY Set_theory -- -- DISPLAY pord -- -- THEORY pord(dd,Le(U,V)) -- (FORALL x, y | ({x,y} ¥incin dd) ¥imp ((Le(x,y) & Le(y,x)) ¥eq (x = y))) -- (FORALL x, y, z | ({x, y, z} ¥incin dd) ¥imp ((Le(x,y) & Le(y,z)) ¥imp Le(x,z))) -- ==>(poIso_thryvar) -- poIso_thryvar = {[x,{v in dd| Le(v,x)}]: x in dd} -- (FORALL x | (x in dd) ¥imp (Le(x,x) & ((poIso_thryvar~[x]) = {v in dd | Le(v,x)}))) -- (FORALL x, y | ({x,y} ¥incin dd) ¥imp (Le(x,y) ¥eq ((poIso_thryvar~[x]) ¥incin (poIso_thryvar~[y])))) -- One_1_map(poIso_thryvar) & (domain(poIso_thryvar) = dd) -- END pord -- -- In sight of an analogous representation theorem, referring no longer to a generic partial ordering -- but to a distributive complemented lattice, we introduce the algebraic counterpart of this structure, -- in two steps: first Boolean rings, then Boolean rings with multiplicative unit, to be called in brief -- Boolean algebras. See Lectures in Abstract Algebra of N. Jacobson (1951). -- -- -- Preliminary to the theory of Boolean algebras, our next theory introduces an abstract algebraic -- structure which differs from Boolean algebra only because it may lack a multiplicative unit. -- -- A ring is said to be Boolean when each $X$ belonging to its domain of support is -- self-inverse relative to addition and idempotent relative to multiplication: -- $X + X = 0$, -- $X * X = X$. -- -- These two laws confer such a richness of structure to the algebraic variety of Boolean rings to cause even embarrassment, -- to say it with Halmos. For example, the first of them makes it superfluous to postulate the commutativity of addition -- (since it implies it); the second enables one to easily prove that multiplication is commutative. When a multiplicative unit -- $1$ is available, it is customary to say that the Boolean ring is a Boolean algebra. -- -- The richness in structure of Boolean rings emerges also from the observation that the relation -- $leq(X,Y) := (X * Y = X)$ -- is a partial ordering, in which every pair $X,Y$ of elements admits greatest lower bound $glb(X,Y) := X * Y$ and -- least upper bound $lub(X,Y) := X * Y + X + Y$. -- In this ordering the additive unit $0$ acts as the minimum and---when available---$1$ acts as maximum. Historically, -- Boolean algebras were first classed as lattices satisfying peculiar features (namely, being distributive and complemented). -- Emphasis was, in the original approach, placed on the operations $glb,lub$, and the algebraic kinship with numerical rings -- was was noticed later. From the algebraic viewpoint---the one which we will favor in the ongoing---the complementation -- operation is $bar(X) := 1 + X$. -- --BEGIN HERE -- THEORY booleanRing(bb,dot(U,V),pls(U,V)) -- non-vacuity assumption bb /= 0 -- closure properties (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) in bb)) (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) in bb)) -- associativity laws (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(x,dot(y,z)) = dot(dot(x,y),z))) (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (pls(x,pls(y,z)) = pls(pls(x,y),z))) -- distributivity law (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(pls(x,y),z) = pls(dot(z,y),dot(z,x)))) -- additive zero (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,x) = pls(y,y))) -- self-annichilation law (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,pls(y,x)) = y)) -- idempotency of multiplication (FORALL x | (x in bb) ¥imp (dot(x,x) = x)) END booleanRing ENTER_THEORY booleanRing Def booleanRing_0: [Additive zero] zz_thryvar := pls(arb(bb),arb(bb)) Theorem booleanRing_1: [Additive zero law] ((X in bb) ¥imp ((pls(X,X) = zz_thryvar) & (pls(X,zz_thryvar) = X) & (pls(zz_thryvar,X) = X))) & (zz_thryvar in bb). Proof: Suppose_not(x0) ==> AUTO -- -- For, assuming the contrary to hold for some $x0$ in $bb$, one would have either -- $pls(x0,x0) /= pls(arb(bb),arb(bb))$, conflicting with an assumptions of this THEORY, or -- $pls(pls(x0,x0),x0) /= x0$, conflicting with another assumption. -- Assump ==> Stat1: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) in bb)) & Stat2: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,x) = pls(y,y))) & (bb /= 0) Use_def(zz_thryvar) ==> zz_thryvar = pls(arb(bb),arb(bb)) (arb(bb),arb(bb),x0,arb(bb))-->Stat1 ==> (zz_thryvar in bb) & (pls(x0,x0) = zz_thryvar) EQUAL ==> (pls(x0,zz_thryvar) = pls(x0,pls(x0,x0))) & (pls(zz_thryvar,x0) = pls(pls(x0,x0),x0)) Assump ==> Stat3: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,pls(y,x)) = y)) & (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (pls(x,pls(y,z)) = pls(pls(x,y),z))) (x0,x0,x0,x0,x0)-->Stat3 ==> false Discharge ==> QED Theorem booleanRing_2: [Commutativity of addition] ({X,Y} ¥incin bb) ¥imp (pls(X,Y) = pls(Y,X)). Proof: Suppose_not(x0,y0) ==> AUTO Assump ==> Stat1: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,pls(y,x)) = y)) & Stat2: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) in bb)) (y0,x0,y0,x0)-->Stat1 ==> (pls(y0,pls(x0,y0)) = x0) & (pls(y0,x0) in bb) (x0,y0)-->Stat1 ==> pls(x0,pls(y0,x0)) = y0 (pls(y0,x0),pls(y0,x0))-->Stat1 ==> pls(pls(y0,x0),pls(pls(y0,x0),pls(y0,x0))) = pls(y0,x0) -- -- Writing $+,x,y$ instead of $pls,x0,y0$ for brevity, note that $(y+(x+y))+(x+(y+x))=((y+x)+y)+(x+(y+x))$, -- $((y+x)+y)+(x+(y+x))=(y+x)+(y+(x+(y+x)))$, and $(y+x)+(y+(x+(y+x)))=(y+x)+((y+x)+(y+x))$ by associativity, -- and therefore $(y+(x+y))+(x+(y+x))=(y+x)+((y+x)+(y+x))$ where, as already seen in this proof, -- the left-hand side equals $x+y$ and the right-hand side equals $y+x$. -- Suppose ==> pls(pls(y0,pls(x0,y0)),pls(x0,pls(y0,x0))) /= pls(pls(y0,x0),pls(pls(y0,x0),pls(y0,x0))) Assump ==> Stat3: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (pls(x,pls(y,z)) = pls(pls(x,y),z))) (y0,x0,y0)-->Stat3 ==> pls(y0,pls(x0,y0)) = pls(pls(y0,x0),y0) (x0,pls(y0,x0))-->Stat2 ==> pls(x0,pls(y0,x0)) in bb (pls(y0,x0),y0,pls(x0,pls(y0,x0)))-->Stat3 ==> pls(pls(y0,x0),pls(y0,pls(x0,pls(y0,x0)))) = pls(pls(pls(y0,x0),y0),pls(x0,pls(y0,x0))) (y0,x0,pls(y0,x0))-->Stat3 ==> pls(y0,pls(x0,pls(y0,x0))) = pls(pls(y0,x0),pls(y0,x0)) EQUAL ==> false Discharge ==> pls(pls(y0,pls(x0,y0)),pls(x0,pls(y0,x0))) = pls(pls(y0,x0),pls(pls(y0,x0),pls(y0,x0))) EQUAL ==> false Discharge ==> QED Theorem booleanRing_3: [Commutativity of multiplication] ({X,Y} ¥incin bb) ¥imp (dot(X,Y) = dot(Y,X)). Proof: Suppose_not(x0,y0) ==> AUTO -- -- Writing $+,*,x,y,0$ instead of $pls,dot,x0,y0,zz_thryvar$ for brevity, we observe that -- $x+y=(x+y)*(x+y)$, $(x+y)*(x+y)=(x+y)*y+(x+y)*x$, $(x+y)*y+(x+y)*x=y*y+y*x+x*y+x*x$, $y*y+y*x+x*y+x*x=y+y*x+x*y+x$, -- and hence (by adding $x+y$ to both sides of the resulting equality) $0=y*x+x*y$. Therefore, as one sees by adding $x*y$ -- to both sides, $x*y=y*x$. The formal details of this proof follow. -- Assump ==> Stat1: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) in bb)) & Stat2: (FORALL x | (x in bb) ¥imp (dot(x,x) = x)) & Stat3: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(pls(x,y),z) = pls(dot(z,y),dot(z,x)))) (x0,y0,pls(x0,y0),x0,y0,pls(x0,y0))-->Stat1 ==> (pls(x0,y0) in bb) & (dot(pls(x0,y0),pls(x0,y0)) = pls(x0,y0)) & (pls(x0,y0) = pls(dot(pls(x0,y0),y0),dot(pls(x0,y0),x0))) (y0,x0,y0,y0)-->Stat2 ==> (dot(y0,y0) = y0) & (dot(pls(x0,y0),y0) = pls(dot(y0,y0),dot(y0,x0))) (x0,x0,y0,x0)-->Stat2 ==> (dot(x0,x0) = x0) & (dot(pls(x0,y0),x0) = pls(dot(x0,y0),dot(x0,x0))) (pls(x0,y0))-->TbooleanRing_1 ==> pls(pls(x0,y0),pls(x0,y0)) = zz_thryvar EQUAL(Stat1) ==> Stat4: zz_thryvar = pls(pls(x0,y0),pls(pls(y0,dot(y0,x0)),pls(dot(x0,y0),x0))) Assump ==> Stat5: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) in bb)) & Stat6: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (pls(x,pls(y,z)) = pls(pls(x,y),z))) (x0,y0)-->Stat5 ==> dot(x0,y0) in bb (dot(x0,y0),x0)-->Stat1 ==> pls(dot(x0,y0),x0) in bb (y0,x0,y0,dot(y0,x0),pls(dot(x0,y0),x0))-->Stat5 ==> (dot(y0,x0) in bb) & (pls(y0,pls(dot(y0,x0),pls(dot(x0,y0),x0))) = pls(pls(y0,dot(y0,x0)),pls(dot(x0,y0),x0))) EQUAL(Stat4) ==> Stat7: zz_thryvar = pls(pls(x0,y0),pls(y0,pls(dot(y0,x0),pls(dot(x0,y0),x0)))) (dot(y0,x0),pls(dot(x0,y0),x0))-->Stat1 ==> pls(dot(y0,x0),pls(dot(x0,y0),x0)) in bb (pls(x0,y0),y0,pls(dot(y0,x0),pls(dot(x0,y0),x0)))-->Stat6 ==> pls(pls(x0,y0),pls(y0,pls(dot(y0,x0),pls(dot(x0,y0),x0)))) = pls(pls(pls(x0,y0),y0),pls(dot(y0,x0),pls(dot(x0,y0),x0))) (pls(x0,y0),y0)-->TbooleanRing_2 ==> pls(pls(x0,y0),y0) = pls(y0,pls(x0,y0)) Assump ==> Stat8: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,pls(y,x)) = y)) (y0,x0)-->Stat8 ==> pls(y0,pls(x0,y0)) = x0 EQUAL(Stat7) ==> Stat9: zz_thryvar = pls(x0,pls(dot(y0,x0),pls(dot(x0,y0),x0))) (dot(y0,x0),dot(x0,y0),x0)-->Stat6 ==> pls(dot(y0,x0),pls(dot(x0,y0),x0)) = pls(pls(dot(y0,x0),dot(x0,y0)),x0) EQUAL(Stat9) ==> pls(x0,pls(dot(y0,x0),pls(dot(x0,y0),x0))) = pls(x0,pls(pls(dot(y0,x0),dot(x0,y0)),x0)) (dot(y0,x0),dot(x0,y0))-->Stat1(Stat5) ==> pls(dot(y0,x0),dot(x0,y0)) in bb (x0,pls(dot(y0,x0),dot(x0,y0)))-->Stat8 ==> Stat10: zz_thryvar = pls(dot(y0,x0),dot(x0,y0)) (dot(x0,y0),dot(y0,x0))-->Stat8 ==> pls(dot(x0,y0),pls(dot(y0,x0),dot(x0,y0))) = dot(y0,x0) EQUAL(Stat10) ==> pls(dot(x0,y0),zz_thryvar) = dot(y0,x0) (dot(x0,y0))-->TbooleanRing_1 ==> false Discharge ==> QED Theorem booleanRing_4: [Multiplication by null gives null] (X in bb) ¥imp (dot(zz_thryvar,X) = zz_thryvar). Proof: Suppose_not(x0) ==> AUTO x0-->TbooleanRing_1 ==> pls(x0,x0) = zz_thryvar Assump ==> Stat1: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(pls(x,y),z) = pls(dot(z,y),dot(z,x)))) & (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) in bb)) (x0,x0,x0,x0,x0)-->Stat1(*) ==> (dot(pls(x0,x0),x0) = pls(dot(x0,x0),dot(x0,x0))) & (pls(x0,x0) in bb) (pls(x0,x0))-->TbooleanRing_1 ==> pls(pls(x0,x0),pls(x0,x0)) = zz_thryvar EQUAL ==> false Discharge ==> QED Theorem booleanRing_5: [Dychotomy of partial ordering] (({U,V} ¥incin bb) & (dot(U,V) = U) & (dot(V,U) = V)) ¥imp (U = V). Proof: Suppose_not(x0,y0) ==> AUTO (x0,y0)-->TbooleanRing_3 ==> false Discharge ==> QED -- Def booleanRing_1: [Meet closure] meet_thryvar(A) := {c in bb | (FORALL b ¥incin bb | ((A ¥incin b) & ({dot(x,y): x in b, y in b} ¥incin b)) ¥imp (c in b))} -- Theorem booleanRing_6: [Closedness property of $meet_thryvar(A)$] (A ¥incin bb) ¥imp ({dot(x,y): x in meet_thryvar(A), y in meet_thryvar(A)} ¥incin meet_thryvar(A)). Proof: -- Suppose_not(a0) ==> Stat0: ({dot(x,y): x in meet_thryvar(a0), y in meet_thryvar(a0)} ¥nincin meet_thryvar(a0)) & (a0 ¥incin bb) -- xy-->Stat0 ==> Stat1: (xy in {dot(x,y): x in meet_thryvar(a0), y in meet_thryvar(a0)}) & (xy notin meet_thryvar(a0)) -- (x0,y0)-->Stat1 ==> (x0 in meet_thryvar(a0)) & (y0 in meet_thryvar(a0)) & (dot(x0,y0) notin meet_thryvar(a0)) -- Use_def(meet_thryvar) ==> Stat2: (x0 in {c: c in bb | (FORALL b ¥incin bb | ((a0 ¥incin b) & ({dot(x,y): x in b, y in b} ¥incin b)) ¥imp (c in b))}) & (y0 in {c: c in bb | (FORALL b ¥incin bb | ((a0 ¥incin b) & ({dot(x,y): x in b, y in b} ¥incin b)) ¥imp (c in b))}) & (dot(x0,y0) notin {c in bb | (FORALL b ¥incin bb | ((a0 ¥incin b) & ({dot(x,y): x in b, y in b} ¥incin b)) ¥imp (c in b))}) -- (c0,c1,dot(x0,y0))-->Stat2 ==> Stat2a: (x0 = c0) & (y0 = c1) & (x0 in bb) & (y0 in bb) & (FORALL b ¥incin bb | ((a0 ¥incin b) & ({dot(x,y): x in b, y in b} ¥incin b)) ¥imp (c0 in b)) & (FORALL b ¥incin bb | ((a0 ¥incin b) & ({dot(x,y): x in b, y in b} ¥incin b)) ¥imp (c1 in b)) & ((not(FORALL b ¥incin bb | ((a0 ¥incin b) & ({dot(x,y): x in b, y in b} ¥incin b)) ¥imp (dot(x0,y0) in b))) or (dot(x0,y0) notin bb)) -- Assump ==> Stat3: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) in bb)) -- (x0,y0)-->Stat3 ==> (not(FORALL b ¥incin bb | ((a0 ¥incin b) & ({dot(x,y): x in b, y in b} ¥incin b)) ¥imp (dot(x0,y0) in b))) -- EQUAL ==> Stat4: (not(FORALL b ¥incin bb | ((a0 ¥incin b) & ({dot(x,y): x in b, y in b} ¥incin b)) ¥imp (dot(x0,y0) in b))) & (FORALL b ¥incin bb | ((a0 ¥incin b) & ({dot(x,y): x in b, y in b} ¥incin b)) ¥imp (x0 in b)) & (FORALL b ¥incin bb | ((a0 ¥incin b) & ({dot(x,y): x in b, y in b} ¥incin b)) ¥imp (y0 in b)) -- (b0,b0,b0)-->Stat4(Stat2a*) ==> Stat5: (dot(x0,y0) notin {dot(x,y): x in b0, y in b0}) & (x0 in b0) & (y0 in b0) -- (x0,y0)-->Stat5(Stat5*) ==> false -- Discharge ==> QED ENTER_THEORY Set_theory -- DISPLAY booleanRing -- -- THEORY booleanRing(bb,dot,pls) -- bb /= 0 -- (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) in bb)) -- (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) in bb)) -- (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(x,dot(y,z)) = dot(dot(x,y),z))) -- (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (pls(x,pls(y,z)) = pls(pls(x,y),z))) -- (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(pls(x,y),z) = pls(dot(z,y),dot(z,x)))) -- (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,x) = pls(y,y))) -- (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,pls(y,x)) = y)) -- (FORALL x | (x in bb) ¥imp (dot(x,x) = x)) -- ==>(zz_thryvar) -- zz_thryvar = pls(arb(bb),arb(bb)) -- (FORALL x | ((x in bb) ¥imp ((pls(x,x) = zz_thryvar) & (pls(x,zz_thryvar) = x) & (pls(zz_thryvar,x) = x))) & (zz_thryvar in bb)) -- (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) = pls(y,x))) -- (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) = dot(y,x))) -- (FORALL x | (x in bb) ¥imp (dot(zz_thryvar,x) = zz_thryvar)) -- (FORALL u, v | (({u,v} ¥incin bb) & (dot(u,v) = u) & (dot(v,u) = v)) ¥imp (u = v)) -- END booleanRing -- -- -- A questo punto e` stata omologata la nostra caratterizzazione di anello booleano alla nozione -- algebrica standard di anello commutativo. Ovviamente, nel nostro caso sussistono leggi peculiari: -- idempotenza della moltiplicazione e legge per cui ogni elemento del dominio di supporto e` auto-inverso -- additivo. Prima di passare allo studio delle algebre di Boole, una digressione sui campi di insiemi. -- -- -- We will soon see an example of a Boolean ring whose support is a family of sets -- and whose operations are intersection and symmetric difference. In preparation for that, -- let's now introduce formally the latter operation. -- Def symm: [Symmetric difference] sym(U,V) := (U - V) + (V - U) -- -- Theorem 1000: (sym(0,0) = 0) & (sym(X,X) = sym(Y,Y)) & (sym(X,Y) = (X + Y) - (X * Y)) & (sym(X,Y) = sym(Y,X)). Proof: Suppose_not(x0,y0) ==> AUTO Use_def(sym) ==> false; Discharge ==> QED -- Theorem 1001: [truth-table of intersection and symmetric difference] (X * 0 = 0) & (0 * X = 0) & (1 * 1 = 1) & (sym(X,0) = X) & (sym(0,X) = X) & (sym(X,X) = 0). Proof: Suppose_not(x0) ==> AUTO Use_def(sym) ==> false; Discharge ==> QED -- Theorem 1002: [unionset of 2] (2 = {0,1}) & (Un(2) = 1). Proof: Suppose_not ==> AUTO TELEM ==> Stat40: (2 = {0,{0}}) & (1 = {0}) 0-->T31d ==> (Un(0) = 0) ({0},2)-->T2g(Stat40*) ==> Un(2) = {0} + Un(2 - {{0}}) (0,{0})-->T2g(Stat41*) ==> Stat41: (Un({0}) = Un({0} - {0})) (Stat40,Stat40*)ELEM ==> (({0} - {0}) = 0) & (2 - {{0}} = {0}) EQUAL(Stat40) ==> Un(2) = 1 Discharge ==> QED -- -- -- The following is a typical example of a Boolean ring (as a matter of fact, -- as will turn out from the Stone theorem, the standard example to within isomorphism) -- THEORY protoBoolean(dd) 0 /= Un(dd) (FORALL x, y | ({x,y} ¥incin dd) ¥imp ((x * y) in dd)) (FORALL x, y | ({x,y} ¥incin dd) ¥imp (sym(x,y) in dd)) END protoBoolean -- ENTER_THEORY protoBoolean -- Theorem protoBoolean_1: [Non vacuity] dd /= 0. Proof: Suppose_not ==> dd = 0 dd-->T31d ==> Un(dd) = 0 Assump ==> 0 /= Un(dd) EQUAL ==> 0 /= 0 Discharge ==> QED -- -- Algebraic laws: -- Theorem protoBoolean_2: [Associativity of intersection] ({X,Y,Z} ¥incin dd) ¥imp (X * (Y * Z) = (X * Y) * Z). Proof: Suppose_not(x0,y0,z0) ==> AUTO ELEM ==> false; Discharge ==> QED -- Theorem protoBoolean_3: [Associativity of symmetric difference] ({X,Y,Z} ¥incin dd) ¥imp (sym(X,sym(Y,Z)) = sym(sym(X,Y),Z)). Proof: Suppose_not(x0,y0,z0) ==> AUTO Use_def(sym) ==> false; Discharge ==> QED -- Theorem protoBoolean_4: [Distributivity of intersection over symmetric difference] ({X,Y,Z} ¥incin dd) ¥imp (sym(X,Y) * Z = sym(Z * Y, Z * X)). Proof: Suppose_not(x0,y0,z0) ==> AUTO Use_def(sym) ==> false Discharge ==> QED -- Theorem protoBoolean_5: [Nullity of symmetric difference of a set by itself] ({X,Y} ¥incin dd) ¥imp (sym(X,X) = sym(Y,Y)). Proof: Suppose_not(x0,y0) ==> AUTO Use_def(sym) ==> false Discharge ==> QED -- Theorem protoBoolean_6: [Self-annichilation law for symmetric difference] ({X,Y} ¥incin dd) ¥imp (sym(X,sym(Y,X)) = Y). Proof: Suppose_not(x0,y0) ==> AUTO Use_def(sym) ==> false Discharge ==> QED -- Theorem protoBoolean_7: [Idempotency of intersection] (X in dd) ¥imp ((X * X) = X). Proof: Suppose_not(x0) ==> AUTO Discharge ==> QED -- Theorem protoBoolean_8: [Multiplicative unit law] (X in dd) ¥imp ((Un(dd) * X) = X). Proof: Suppose_not(x0) ==> AUTO (x0,dd)-->T2g(*) ==> false; Discharge ==> QED APPLY(zz_thryvar:zz) booleanRing(bb->dd,dot(U,V)->(U * V),pls(U,V)->(sym(U,V))) ==> Theorem protoBoolean_9a: (zz = sym(arb(dd), arb(dd))) & (FORALL x | ((x in dd) ¥imp ((sym(x,x) = zz) & (sym(x,zz) = x) & (sym(zz,x) = x))) & (zz in dd)) & (FORALL x, y | ({x,y} ¥incin dd) ¥imp (sym(x,y) = sym(y,x))) & (FORALL x, y | ({x,y} ¥incin dd) ¥imp ((x * y) = (y * x))) & (FORALL x | (x in dd) ¥imp ((zz * x) = zz)) & (FORALL u, v | (({u,v} ¥incin dd) & ((u * v) = u) & ((v * u) = v)) ¥imp (u = v)) -- Theorem protoBoolean_9b: [Self-annichilation law] (X in dd) ¥imp ((sym(arb(dd),arb(dd)) = 0) & (sym(X, X) = 0)). Proof: Suppose_not(x0) ==> AUTO (x0,0)-->T1000 ==> sym(x0,x0) = 0 (arb(dd),0)-->T1000(*) ==> false Discharge ==> QED -- Theorem protoBoolean_9: [Laws inherited from Boolean rings] (0 = sym(arb(dd), arb(dd))) & (FORALL x | ((x in dd) ¥imp ((sym(x,x) = 0) & (sym(x,0) = x) & (sym(0,x) = x))) & (0 in dd)) & (FORALL x | (x in dd) ¥imp ((0 * x) = 0)). Proof: Suppose_not() ==> AUTO TprotoBoolean_9a ==> (zz = sym(arb(dd),arb(dd))) & (FORALL x | ((x in dd) ¥imp ((sym(x,x) = zz) & (sym(x,zz) = x) & (sym(zz,x) = x))) & (zz in dd)) & (FORALL x | (x in dd) ¥imp ((zz * x) = zz)) TprotoBoolean_1 ==> arb(dd) in dd (arb(dd))-->TprotoBoolean_9b(*) ==> zz = 0 EQUAL ==> false Discharge ==> QED -- ENTER_THEORY Set_theory -- -- DISPLAY protoBoolean -- -- THEORY protoBoolean(dd) -- 0 /= Un(dd) -- (FORALL x, y | ({x,y} ¥incin dd) ¥imp ((x * y) in dd)) -- (FORALL x, y | ({x,y} ¥incin dd) ¥imp (sym(x, y) in dd)) -- ==> -- 0 in dd -- (FORALL x, y , z | ({x,y,z} ¥incin dd) ¥imp ((x * (y * z)) = ((x * y) * z))) -- (FORALL x, y , z | ({x,y,z} ¥incin dd) ¥imp (sym(x, sym(y, z)) = sym(sym(x, y), z))) -- (FORALL x, y , z | ({x,y,z} ¥incin dd) ¥imp ((sym(x, y) * z) = sym(z * y, z * x))) -- (FORALL x, y | ({x,y} ¥incin dd) ¥imp (sym(x, x) = sym(y, y))) -- (FORALL x, y | ({x,y} ¥incin dd) ¥imp (sym(x, sym(y, x)) = y)) -- (FORALL x | (x in dd) ¥imp ((x * x) = x)) -- (FORALL x | (x in dd) ¥imp ((Un(dd) * X) = X)) -- (FORALL x, y | ({x,y} ¥incin dd) ¥imp (sym(x, y) = sym(y, x))) -- (FORALL x, y | ({x,y} ¥incin dd) ¥imp ((x * y) = (y * x))) -- (FORALL u, v | (({u,v} ¥incin dd) & ((u * v) = u) & ((v * u) = v)) ¥imp (u = v)) -- (0 = sym(arb(dd), arb(dd))) -- (FORALL x | ((x in dd) ¥imp ((sym(x, x) = 0) & (sym(x, 0) = x) & (sym(0, x) = x))) -- (FORALL x | (x in dd) ¥imp ((0 * x) = 0)) -- END protoBoolean -- -- It will follow, by application of the following theorems, that the family of all subsets, as well as the family of -- all finite and cofinite subsets, of a nonnull set constitute examples of 'protoBoolean'. -- Theorem 1003: ((W /= 0) & ({X,Y} ¥incin pow(W))) ¥imp (({X * Y, sym(X, Y)} ¥incin pow(W)) & (Un(pow(W)) /= 0)). Proof: Suppose_not(w0,x0,y0) ==> AUTO Use_def(pow) ==> Stat1: (x0 in {x: x ¥incin w0}) & (y0 in {x: x ¥incin w0}) Use_def(sym)(Stat1*) ==> sym(x0, y0) = ((x0 - y0) + (y0 - x0)) (x1,y1)-->Stat1(Stat1*) ==> Stat2: ((x0 * y0) ¥incin w0) & (sym(x0, y0) ¥incin w0) Suppose ==> Stat3: (x0 * y0) notin {x: x ¥incin w0} (x0 * y0)-->Stat3(Stat2*) ==> false Discharge ==> AUTO Suppose ==> Stat4: sym(x0, y0) notin {x: x ¥incin w0} (sym(x0,y0))-->Stat4(Stat2*) ==> false Discharge ==> AUTO Use_def(pow)(Stat1) ==> {x0 * y0, sym(x0,y0)} ¥incin pow(w0) (w0,w0)-->T23(Stat1*) ==> w0 in pow(w0) (w0,pow(w0))-->T2g(*) ==> false Discharge ==> QED -- Theorem 1004: ((W /= 0) & (D = {s ¥incin W | Finite(s) or Finite(W - s)}) & ({X,Y} ¥incin D)) ¥imp (({X * Y, sym(X, Y)} ¥incin D) & (Un(D) /= 0)). Proof: Suppose_not(w0,d0,x0,y0) ==> AUTO -- -- Observe that $w0 in d0$, since $w0 - w0$ is finite. Consequently $w0 ¥incin Un(d0)$ and $Un(d0) /= 0$ follows from $w0 /= 0$. -- Therefore the negation of the claim can be true for $w0,d0,x0,y0$ only because ${x0 * y0, sym(x0,y0)} ¥nincin d0$. -- Suppose ==> Stat1: Un(d0) = 0 ELEM ==> w0 ¥nincin Un(d0) (w0,d0)-->T2g(*) ==> Stat2: w0 notin {s ¥incin w0 | Finite(s) or Finite(w0 - s)} w0-->Stat2(Stat2) ==> false Discharge ==> Stat2a: {x0 * y0, sym(x0, y0)} ¥nincin d0 -- -- Since $x0 * y0$ and $sym(x0,y0)$ are subsets of $d0$, we have found that either -- $x0 * y0$ or $sym(x0,y0)$ must be infinite and have an infinite complement in $w0$. -- ELEM ==> Stat3: (x0 in {s: s ¥incin w0 | Finite(s) or Finite(w0 - s)}) & (y0 in {s: s ¥incin w0 | Finite(s) or Finite(w0 - s)}) (x2,y2)-->Stat3(Stat3*) ==> Stat8: (x0 = x2) & (x2 ¥incin w0) & (Finite(x2) or Finite(w0 - x2)) & (y0 = y2) & (y2 ¥incin w0) & (Finite(y2) or Finite(w0 - y2)) EQUAL(Stat8) ==> Stat8a: (x0 ¥incin w0) & (Finite(x0) or Finite(w0 - x0)) & (y0 ¥incin w0) & (Finite(y0) or Finite(w0 - y0)) Use_def(sym)(Stat3*) ==> Stat3a: sym(x0,y0) = ((x0 - y0) + (y0 - x0)) (x1,y1)-->Stat3(Stat3*) ==> Stat4: ((x0 * y0) ¥incin w0) & (sym(x0,y0) ¥incin w0) Suppose ==> (Finite(x0 * y0) or Finite(w0 - (x0 * y0))) & (Finite(sym(x0,y0)) or Finite(w0 - sym(x0,y0))) Suppose ==> Stat36: (x0 * y0) notin {s ¥incin w0 | Finite(s) or Finite(w0 - s)} (x0 * y0)-->Stat36(Stat4*) ==> false Discharge ==> Stat37: sym(x0,y0) notin {s ¥incin w0 | Finite(s) or Finite(w0 - s)} (sym(x0,y0))-->Stat37(Stat4*) ==> false Discharge ==> AUTO -- -- Consider the four possibilities: (1) $Finite(x0) & Finite(y0)$; (2) one of $x0,y0$ is finite, whereas the other is cofinite; -- (3) both are cofinite. In each case we will find a contradiction, thus being able to conclude that the desired statement holds. -- Suppose ==> Stat9a: (not Finite(x0)) & (not Finite(y0)) -- -- As a matter of fact, in case (3) $x0 * y0$ would be cofinite and $sym(x0,y0)$ would be finite..., -- (Stat8a,Stat9a)ELEM ==> Finite(w0 - (x0 * y0)) (x0 + y0,((x0 - y0) + (y0 - x0)))-->T24(Stat8a,Stat9a,Stat3a) ==> Finite(sym(x0,y0)) (Stat4*)Discharge ==> Stat9: Finite(x0) or Finite(y0) -- -- ... in case (1) both $x0 * y0$ and $sym(x0,y0)$ would be finite..., -- Suppose ==> Stat5: Finite(x0) & Finite(y0) (x0 + y0,((x0 - y0) + (y0 - x0)))-->T24(Stat5,Stat3a) ==> Finite(sym(x0,y0)) (Stat4*)Discharge ==> AUTO -- -- ...and in case (2), $x0 * y0$ would be finite and $sym(x0,y0)$ would be cofinite. -- Suppose ==> Stat11: (not Finite(x0)) (x0 + y0,((x0 - y0) + (y0 - x0)))-->T24(Stat11,Stat8a,Stat3a,Stat9) ==> Finite(w0 - sym(x0,y0)) (Stat4*)Discharge ==> AUTO (Stat9)ELEM ==> Stat14: (not Finite(y0)) & Finite(x0 * y0) (x0 + y0,((x0 - y0) + (y0 - x0)))-->T24(Stat14,Stat8a,Stat3a,Stat9) ==> Finite(w0 - sym(x0,y0)) (Stat4*)Discharge ==> QED -- -- The following is another example of a Boolean ring, slightly more specific than the one -- treated by the THEORY protoBoolean. For example, the ring of all finite and cofinite -- subsets of an infinite set does not fall under the following THEORY archeoBoolean, -- whereas it falls under the preceding THEORY protoBoolean. -- THEORY archeoBoolean(dd) 0 /= Un(dd) (FORALL x, y, z | (({x,y} ¥incin dd) & (z ¥incin (x + y))) ¥imp (z in dd)) END archeoBoolean ENTER_THEORY archeoBoolean -- Derived closure properties: Theorem archeoBoolean_0: 0 in dd. Proof: Suppose_not() ==> AUTO Suppose ==> dd = 0 Assump ==> 0 /= Un(dd) 0-->T31d ==> Un(0) = 0 EQUAL ==> false Discharge ==> AUTO Assump ==> Stat1: (FORALL x, y, z | (({x,y} ¥incin dd) & (z ¥incin (x + y))) ¥imp (z in dd)) (arb(dd),arb(dd),0)-->Stat1 ==> false Discharge ==> QED Theorem archeoBoolean_1: ({X,Y} ¥incin dd) ¥imp ((X * Y) in dd). Proof: Suppose_not(x0,y0) ==> AUTO Assump ==> Stat1: (FORALL x, y, z | (({x,y} ¥incin dd) & (z ¥incin (x + y))) ¥imp (z in dd)) (x0, y0, x0 + y0)-->Stat1 ==> (x0 + y0) in dd (x0 + y0, x0 + y0, x0 * y0)-->Stat1 ==> (x0 * y0) in dd Discharge ==> QED Theorem archeoBoolean_2: ({X,Y} ¥incin dd) ¥imp (sym(X,Y) in dd). Proof: Suppose_not(x0,y0) ==> AUTO Use_def(sym) ==> ((x0 - y0) + (y0 - x0)) notin dd Assump ==> Stat1: (FORALL x, y, z | (({x,y} ¥incin dd) & (z ¥incin (x + y))) ¥imp (z in dd)) (x0,y0,(x0 - y0) + (y0 - x0))-->Stat1(*) ==> false Discharge ==> QED APPLY() protoBoolean(dd->dd) ==> Theorem archeoBoolean_3: (dd /= 0) ENTER_THEORY Set_theory -- -- DISPLAY archeoBoolean -- -- THEORY archeoBoolean(dd) -- 0 /= Un(dd) -- (FORALL x, y, z | (({x,y} ¥incin dd) & (z ¥incin (x + y))) ¥imp (z in dd)) -- ==> -- 0 in dd -- (FORALL x, y | ({x,y} ¥incin dd) ¥imp ((x * y) in dd)) -- (FORALL x, y | ({x,y} ¥incin dd) ¥imp (sym(x,y) in dd)) -- END archeoBoolean -- -- The following theorem shows that there are Boolean algebras of sets which are instances of 'protoBoolean' -- but are not instances of 'archeoBoolean'. Indeed, the collection of all finite and cofinite subsets of an infinite -- set is not closed with respect to inclusion. -- Theorem 1005: ((not Finite(W)) & (D = {s ¥incin W | Finite(s) or Finite(W - s)})) ¥imp ((W in D) & (EXISTS z ¥incin W | z notin D)). Proof: Suppose_not(w0,d0) ==> AUTO -- -- Consider a toggling map $t$ of $w0$, possibly deprived of an element $xp$, into itself and let $wp=w0-{xp}$ be the domain of $t$. -- Then the set ${arb({x,t~[x]}): x in wp}$ will turn out t be an infinite subset of $w0$ whose complement relative to $w0$ is also infinite. -- Hence this set does not belong to $d0$. -- w0-->T888(*) ==> Stat1: (EXISTS t, x | Is_tog(t) & (domain(t) = w0 - {x})) & (not Finite(w0)) (t,xp)-->Stat1(Stat1*) ==> Stat1a: Is_tog(t) & (domain(t) = (w0 - {xp})) EQUAL ==> not((w0 in {s ¥incin w0 | Finite(s) or Finite(w0 - s)}) & (EXISTS z ¥incin w0 | z notin {s ¥incin w0 | Finite(s) or Finite(w0 - s)})) Suppose ==> Stat2: w0 notin {s ¥incin w0 | Finite(s) or Finite(w0 - s)} w0-->Stat2(Stat2) ==> false Discharge ==> Stat3: not(EXISTS z ¥incin w0 | z notin {s ¥incin w0 | Finite(s) or Finite(w0 - s)}) ({arb({x,t~[x]}): x in (w0 - {xp})})-->Stat3(Stat3*) ==> ({arb({x,t~[x]}): x in (w0 - {xp})} ¥nincin w0) or ({arb({x,t~[x]}): x in (w0 - {xp})} in {s ¥incin w0 | Finite(s) or Finite(w0 - s)}) Use_def(Is_tog)(Stat1a) ==> Svm(t) & (inv(t) = t) & (FORALL p in t | car(p) /= cdr(p)) Suppose ==> Stat4: {arb({x,t~[x]}): x in (w0 - {xp})} ¥nincin w0 c-->Stat4(Stat4*) ==> Stat5: (c in {arb({x,t~[x]}): x in (w0 - {xp})}) & (c notin w0) x0-->Stat5(Stat5) ==> Stat5a: (x0 in (w0 - {xp})) & ((t~[x0]) notin w0) (t,x0)-->T884(Stat1a,Stat5a*) ==> false Discharge ==> AUTO -- -- Ot the two sets mentioned above, ${arb({x,t~[x]}): x in wp}$ and $w0-{arb({x,t~[x]}): x in wp}$ (from which we will remove $xp$), one and only one must be finite: -- (Stat3*)ELEM ==> Stat7: ({arb({x,t~[x]}): x in (w0 - {xp})} in {s ¥incin w0 | Finite(s) or Finite(w0 - s)}) & ({arb({x,t~[x]}): x in (w0 - {xp})} + (w0 - {arb({x,t~[x]}): x in (w0-{xp})})= w0) (Stat7)ELEM ==> Finite(w0 - {arb({x,t~[x]}): x in (w0 - {xp})}) ¥imp Finite(w0 - {xp} - {arb({x,t~[x]}): x in (w0 - {xp})}) ()-->Stat7(Stat7*) ==> Finite({arb({x,t~[x]}): x in (w0 - {xp})}) or Finite(w0 - {xp} - {arb({x,t~[x]}): x in (w0 - {xp})}) Suppose ==> Stat8: Finite({arb({x,t~[x]}): x in (w0-{xp})}) & Finite(w0 - {xp} - {arb({x,t~[x]}): x in (w0-{xp})}) xp-->T25b(Stat8) ==> Finite({arb({x,t~[x]}): x in (w0-{xp})} + (w0 - {arb({x,t~[x]}): x in (w0-{xp})})) EQUAL(Stat1) ==> false Discharge ==> AUTO -- -- The reason why neither of ${arb({x,t~[x]}): x in (w0 - {xp})}$, $w0 - {arb({x,t~[x]}): x in (w0 - {xp})}$ can be finite is that these sets are -- 'almost' in one-one correspondence with one another (the latter may have $xp$ as an element untouched by the correspondence) and, moreover -- their union is $w0$. -- Loc_def ==> Stat10: (w1 = {arb({x,t~[x]}): x in (w0-{xp})}) & (w2 = w0 - {xp} - {arb({x,t~[x]}): x in (w0-{xp})}) & (t1 = (t ¥ON w1)) Suppose ==> One_1_map(t1) & (domain(t1) = w1) & (range(t1) = w2) t1-->T191(Stat10*) ==> Finite(domain(t1)) ¥eq Finite(range(t1)) EQUAL(Stat10) ==> Finite({arb({x,t~[x]}): x in (w0-{xp})}) ¥eq Finite(w0 - {xp} - {arb({x,t~[x]}): x in (w0-{xp})}) (Stat7*)Discharge ==> AUTO -- -- However, as we are about to see, that the restriction of $t$ to the former of these sets is a one-one mapping -- between the two. Consequently, the two sets have the same cardinality. -- EQUAL(Stat1) ==> Stat10a: Svm(t) & Svm(inv(t)) & (domain(t) = (w0-{xp})) & (domain(inv(t)) = (w0-{xp})) t-->T121 ==> AUTO (t,w1)-->T58 ==> AUTO (t,w1)-->T94 ==> AUTO Suppose ==> Stat11: {arb({x,t~[x]}): x in (w0-{xp})} ¥nincin (w0-{xp}) x1-->Stat11(Stat11*) ==> Stat12: (x1 in {arb({x,t~[x]}): x in (w0-{xp})}) & (x1 notin (w0-{xp})) x2-->Stat12(Stat12) ==> Stat12a: (x2 in w0-{xp}) & (t~[x2] notin (w0-{xp})) (t,x2)-->T884(Stat1a,Stat12a*) ==> false Discharge ==> AUTO (Stat10*)ELEM ==> (domain(t ¥ON w1) = w1) (t,{arb({x,t~[x]}): x in (w0-{xp})})-->T123(Stat10,Stat10a*) ==> range(t ¥ON {arb({x,t~[x]}): x in (w0-{xp})}) = {t~[x]: x in domain(t) | x in {arb({x,t~[x]}): x in (w0-{xp})}} EQUAL(Stat10) ==> Stat13: {t~[x]: x in (w0-{xp}) | x in {arb({x,t~[x]}): x in (w0-{xp})}} /= w2 d-->Stat13(Stat13*) ==> (d in {t~[x]: x in (w0-{xp}) | x in {arb({x,t~[x]}): x in (w0-{xp})}}) ¥neq (d in w2) Suppose ==> Stat13a: d notin w2 (Stat13*)ELEM ==> Stat14: d in {t~[x]: x in (w0-{xp}) | x in {arb({x,t~[x]}): x in (w0-{xp})}} x3-->Stat14(Stat13a,Stat10*) ==> Stat15: (x3 in {arb({x,t~[x]}): x in (w0-{xp})}) & (t~[x3] notin w0 - {xp} - {arb({x,t~[x]}): x in (w0-{xp})}) & (x3 in (w0-{xp})) (t,x3)-->T884(Stat1a,Stat15*) ==> Stat16a: t~[x3] in (w0-{xp}) (t,w0-{xp},x3)-->T886(Stat1a,Stat15,Stat16a*) ==> false Discharge ==> AUTO (Stat10*)ELEM ==> Stat17: (d notin {arb({x,t~[x]}): x in (w0-{xp})}) & (d notin {t~[x]: x in (w0-{xp}) | x in {arb({x,t~[x]}): x in (w0-{xp})}}) & (d in (w0-{xp})) (t,d)-->T884(Stat1a,Stat17*) ==> (t~[d] in (w0-{xp})) & (t~[t~[d]] = d) (d,t~[d])-->Stat17(Stat17*) ==> Stat18: ((t~[d] notin {arb({x,t~[x]}): x in (w0-{xp})})) & (d /= arb({d,t~[d]})) d-->Stat18(Stat17,Stat18) ==> false Discharge ==> QED -- -- Here we are, at last, at the definition of Boolean algebra, which results from requiring -- that there be a multiplicative unit in a Boolean ring, intended as above. -- THEORY booleanAlgebra(bb,dot(U,V),pls(U,V),ee) -- non-vacuity assumptions ee in bb ee /= pls(ee,ee) -- closure properties (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) in bb)) (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) in bb)) -- associativity laws (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(x,dot(y,z)) = dot(dot(x,y),z))) (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (pls(x,pls(y,z)) = pls(pls(x,y),z))) -- distributivity law (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(pls(x,y),z) = pls(dot(z,y),dot(z,x)))) -- additive zero (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,x) = pls(y,y))) -- self-annichilation law (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,pls(y,x)) = y)) -- idempotency of multiplication (FORALL x | (x in bb) ¥imp (dot(x,x) = x)) -- multiplicative unit (FORALL x | (x in bb) ¥imp (dot(ee,x) = x)) END booleanAlgebra -- ENTER_THEORY booleanAlgebra -- APPLY(zz_thryvar:zz_thryvar) booleanRing(bb->bb,dot(U,V)->dot(U,V),pls(U,V)->pls(U,V)) ==> Theorem booleanAlgebra_0: [Self-annichilation and commutativity laws] (FORALL x | ((x in bb) ¥imp ((pls(x,x) = zz_thryvar) & (pls(x,zz_thryvar) = x) & (pls(zz_thryvar,x) = x))) & (zz_thryvar in bb)) & (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) = pls(y,x))) & (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) = dot(y,x))) & (FORALL x | (x in bb) ¥imp (dot(zz_thryvar,x) = zz_thryvar)) & (FORALL u, v | (({u,v} ¥incin bb) & (dot(u,v) = u) & (dot(v,u) = v)) ¥imp (u = v)) -- -- Theorem booleanAlgebra_0a: [Additive zero law] zz_thryvar in bb. Proof: Suppose_not() ==> AUTO TbooleanAlgebra_0 ==> Stat1: (FORALL x | ((x in bb) ¥imp ((pls(x,x) = zz_thryvar) & (pls(x,zz_thryvar) = x) & (pls(zz_thryvar,x) = x))) & (zz_thryvar in bb)) 0-->Stat1 ==> false; Discharge ==> QED -- -- -- Def booleanAlgebra_1: [Complement operation] cmp_thryvar(X) := pls(ee,X) -- Theorem booleanAlgebra_1: [Double-complementation law] ((X in bb) ¥imp ((cmp_thryvar(X) in bb) & (cmp_thryvar(cmp_thryvar(X)) = X))) & (cmp_thryvar(ee) = zz_thryvar) & (cmp_thryvar(zz_thryvar) = ee). Proof: Suppose_not(x0) ==> AUTO TbooleanAlgebra_0 ==> Stat0: (FORALL x | ((x in bb) ¥imp ((pls(x,x) = zz_thryvar) & (pls(x,zz_thryvar) = x) & (pls(zz_thryvar,x) = x))) & (zz_thryvar in bb)) Use_def(cmp_thryvar(ee)) ==> AUTO Assump ==> Stat9: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) in bb)) & (ee in bb) Use_def(cmp_thryvar(x0)) ==> AUTO (ee,x0)-->Stat9(Stat9*) ==> (x0 in bb) ¥imp (cmp_thryvar(x0) in bb) ee-->Stat0(Stat0*) ==> (cmp_thryvar(ee) = zz_thryvar) & (pls(ee,ee) = zz_thryvar) Use_def(cmp_thryvar(zz_thryvar)) ==> AUTO EQUAL(Stat0) ==> cmp_thryvar(zz_thryvar) = pls(ee,pls(ee,ee)) Assump ==> Stat0a: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,pls(y,x)) = y)) (ee,ee)-->Stat0a(*) ==> Stat1a: (x0 in bb) & (cmp_thryvar(cmp_thryvar(x0)) /= x0) Use_def(cmp_thryvar)(Stat1a) ==> Stat1: pls(ee,pls(ee,x0)) /= x0 TbooleanAlgebra_0 ==> Stat2: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) = pls(y,x))) Assump ==> Stat3: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,pls(y,x)) = y)) & (ee in bb) (ee,x0)-->Stat2(Stat1a*) ==> pls(ee,x0) = pls(x0,ee) EQUAL(Stat1) ==> pls(ee,pls(x0,ee)) /= x0 (ee,x0)-->Stat3(Stat1a*) ==> false Discharge ==> QED -- Theorem booleanAlgebra_1a: [Additive decomposition] ({X,Y} ¥incin bb) ¥imp ((pls(cmp_thryvar(X),X) = ee) & (pls(dot(Y,X),dot(Y,cmp_thryvar(X))) = Y) & (dot(dot(Y,X),dot(Y,cmp_thryvar(X))) = zz_thryvar)). Proof: Suppose_not(x0,y0) ==> Stat0: (x0 in bb) & (y0 in bb) & (not((pls(cmp_thryvar(x0),x0) = ee) & (pls(dot(y0,x0),dot(y0,cmp_thryvar(x0))) = y0) & (dot(dot(y0,x0),dot(y0,cmp_thryvar(x0))) = zz_thryvar))) TbooleanAlgebra_1 ==> cmp_thryvar(zz_thryvar) = ee TbooleanAlgebra_0 ==> Stat1: (FORALL x | ((x in bb) ¥imp ((pls(x,x) = zz_thryvar) & (pls(x,zz_thryvar) = x) & (pls(zz_thryvar,x) = x))) & (zz_thryvar in bb)) & Stat1a: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) = dot(y,x))) & Stat2a: (FORALL x | (x in bb) ¥imp (dot(zz_thryvar,x) = zz_thryvar)) x0-->Stat1(*) ==> pls(x0,x0) = zz_thryvar Use_def(cmp_thryvar(pls(x0,x0))) ==> AUTO EQUAL ==> Stat2: pls(ee,pls(x0,x0)) = ee Assump ==> Stat3: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (pls(x,pls(y,z)) = pls(pls(x,y),z))) & (ee in bb) (ee,x0,x0)-->Stat3(*) ==> pls(ee,pls(x0,x0)) = pls(pls(ee,x0),x0) Use_def(cmp_thryvar)(Stat3) ==> Stat4: pls(ee,pls(x0,x0)) = pls(cmp_thryvar(x0),x0) EQUAL(Stat2,Stat4) ==> (pls(cmp_thryvar(x0),x0) = ee) & (dot(pls(cmp_thryvar(x0),x0),y0) = dot(ee,y0)) Assump ==> Stat5: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(pls(x,y),z) = pls(dot(z,y),dot(z,x)))) & (FORALL x | (x in bb) ¥imp (dot(ee,x) = x)) & Stat5a: (FORALL x | (x in bb) ¥imp (dot(x,x) = x)) x0-->TbooleanAlgebra_1(Stat0*) ==> Stat6: cmp_thryvar(x0) in bb (cmp_thryvar(x0),x0,y0,y0)-->Stat5(Stat0) ==> (dot(pls(cmp_thryvar(x0),x0),y0) = pls(dot(y0,x0),dot(y0,cmp_thryvar(x0)))) & (dot(ee,y0) = y0) EQUAL(Stat4) ==> pls(dot(y0,x0),dot(y0,cmp_thryvar(x0))) = y0 (Stat0*)ELEM ==> dot(dot(y0,x0),dot(y0,cmp_thryvar(x0))) /= zz_thryvar Assump ==> Stat7: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) in bb)) & Stat8: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(x,dot(y,z)) = dot(dot(x,y),z))) x0-->TbooleanAlgebra_1(Stat0,Stat0*) ==> Stat9: cmp_thryvar(x0) in bb (y0,x0,dot(y0,x0),y0,cmp_thryvar(x0))-->Stat7(Stat0,Stat9*) ==> (dot(y0,x0) in bb) & (dot(dot(dot(y0,x0),y0),cmp_thryvar(x0)) = dot(dot(y0,x0),dot(y0,cmp_thryvar(x0)))) (y0,x0)-->Stat1a(Stat0,Stat0*) ==> dot(y0,x0) = dot(x0,y0) (x0,y0,y0)-->Stat8(Stat0,Stat0*) ==> dot(dot(x0,y0),y0) = dot(x0,dot(y0,y0)) y0-->Stat5a(Stat0,Stat0*) ==> dot(y0,y0) = y0 EQUAL(Stat6) ==> Stat10: dot(dot(x0,y0),cmp_thryvar(x0)) /= zz_thryvar (cmp_thryvar(x0),dot(x0,y0))-->Stat1a(Stat9*) ==> dot(cmp_thryvar(x0),dot(x0,y0)) /= zz_thryvar (cmp_thryvar(x0),x0,y0)-->Stat8(Stat9,Stat0*) ==> Stat11: dot(cmp_thryvar(x0),dot(x0,y0)) = dot(dot(cmp_thryvar(x0),x0),y0) Use_def(cmp_thryvar)(Stat11*) ==> dot(cmp_thryvar(x0),dot(x0,y0)) = dot(dot(pls(ee,x0),x0),y0) (ee,x0,x0,x0)-->Stat5(Stat3,Stat0*) ==> (dot(pls(ee,x0),x0) = pls(dot(x0,x0),dot(x0,ee))) & (dot(ee,x0) = x0) x0-->Stat5a(Stat0,Stat0*) ==> dot(x0,x0) = x0 (x0,ee)-->Stat1a(Stat0,Stat3*) ==> dot(x0,ee) = dot(ee,x0) x0-->Stat1(Stat0,Stat0*) ==> pls(x0,x0) = zz_thryvar EQUAL(Stat10) ==> Stat12: dot(zz_thryvar,y0) /= zz_thryvar y0-->Stat2a(Stat0,Stat12*) ==> false Discharge ==> QED -- Theorem booleanAlgebra_1b: [De Morgan law] ({X,Y} ¥incin bb) ¥imp (cmp_thryvar(pls(X,Y)) = pls(dot(X,Y),dot(cmp_thryvar(X),cmp_thryvar(Y)))). Proof: Suppose_not(x0,y0) ==> AUTO Use_def(cmp_thryvar) ==> Stat1: (pls(ee,pls(x0,y0)) /= pls(dot(x0,y0),dot(pls(ee,x0),pls(ee,y0)))) & (x0 in bb) & (y0 in bb) Assump ==> Stat2: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) in bb)) & Stat3: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) in bb)) & Stat4: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(pls(x,y),z) = pls(dot(z,y),dot(z,x)))) & (ee in bb) (x0,y0,ee,y0,ee,x0,pls(ee,y0))-->Stat2(Stat1*) ==> Stat5: (dot(x0,y0) in bb) & (pls(ee,y0) in bb) & (dot(pls(ee,x0),pls(ee,y0)) = pls(dot(pls(ee,y0),x0),dot(pls(ee,y0),ee))) (ee,y0,x0)-->Stat4(Stat1*) ==> dot(pls(ee,y0),x0) = pls(dot(x0,y0),dot(x0,ee)) TbooleanAlgebra_0 ==> Stat7: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) = dot(y,x))) & Stat7a: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) = pls(y,x))) (pls(ee,y0),ee)-->Stat7(Stat5,Stat2*) ==> dot(pls(ee,y0),ee) = dot(ee,pls(ee,y0)) (x0,ee)-->Stat7(Stat1,Stat2*) ==> dot(x0,ee) = dot(ee,x0) Assump ==> Stat8: (FORALL x | (x in bb) ¥imp (dot(ee,x) = x)) (pls(ee,y0))-->Stat8(Stat5*) ==> dot(ee,pls(ee,y0)) = pls(ee,y0) x0-->Stat8(Stat1*) ==> dot(ee,x0) = x0 EQUAL(Stat1) ==> Stat9: pls(ee,pls(x0,y0)) /= pls(dot(x0,y0),pls(pls(dot(x0,y0),x0),pls(ee,y0))) (dot(x0,y0),x0)-->Stat3(Stat5,Stat1*) ==> pls(dot(x0,y0),x0) in bb Assump ==> Stat10: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (pls(x,pls(y,z)) = pls(pls(x,y),z))) (dot(x0,y0),x0,pls(ee,y0))-->Stat10(Stat5,Stat1*) ==> pls(pls(dot(x0,y0),x0),pls(ee,y0)) = pls(dot(x0,y0),pls(x0,pls(ee,y0))) (x0,pls(ee,y0))-->Stat3(Stat1,Stat5*) ==> Stat10a: pls(x0,pls(ee,y0)) in bb (dot(x0,y0),dot(x0,y0),pls(x0,pls(ee,y0)))-->Stat10(Stat5,Stat10a*) ==> pls(dot(x0,y0),pls(dot(x0,y0),pls(x0,pls(ee,y0)))) = pls(pls(dot(x0,y0),dot(x0,y0)),pls(x0,pls(ee,y0))) EQUAL(Stat9) ==> Stat11: pls(ee,pls(x0,y0)) /= pls(pls(dot(x0,y0),dot(x0,y0)),pls(x0,pls(ee,y0))) TbooleanAlgebra_0 ==> Stat12: (FORALL x | ((x in bb) ¥imp ((pls(x,x) = zz_thryvar) & (pls(x,zz_thryvar) = x) & (pls(zz_thryvar,x) = x))) & (zz_thryvar in bb)) (dot(x0,y0))-->Stat12(Stat5*) ==> pls(dot(x0,y0),dot(x0,y0)) = zz_thryvar (x0,pls(ee,y0))-->Stat3(Stat1,Stat5*) ==> pls(x0,pls(ee,y0)) in bb (pls(x0,pls(ee,y0)))-->Stat12(Stat12*) ==> pls(zz_thryvar,pls(x0,pls(ee,y0))) = pls(x0,pls(ee,y0)) EQUAL(Stat11) ==> Stat13: pls(ee,pls(x0,y0)) /= pls(x0,pls(ee,y0)) (ee,y0)-->Stat7a(Stat1,Stat2*) ==> pls(ee,y0) = pls(y0,ee) (x0,y0)-->Stat3(Stat1,Stat1*) ==> Stat14: pls(x0,y0) in bb (ee,pls(x0,y0))-->Stat7a(Stat14,Stat2*) ==> pls(ee,pls(x0,y0)) = pls(pls(x0,y0),ee) Assump ==> Stat15: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (pls(x,pls(y,z)) = pls(pls(x,y),z))) (x0,y0,ee)-->Stat15(Stat1,Stat2*) ==> pls(x0,pls(y0,ee)) = pls(pls(x0,y0),ee) EQUAL(Stat13) ==> false Discharge ==> QED -- Theorem booleanAlgebra_2: [Non-triviality] (X in bb) ¥imp ((cmp_thryvar(X) /= X) & ((X notin {zz_thryvar, ee}) ¥imp (cmp_thryvar(X) in (bb - {zz_thryvar, ee})))). Proof: Suppose_not(x0) ==> AUTO Suppose ==> (x0 notin {zz_thryvar, ee}) & (cmp_thryvar(x0) notin (bb - {zz_thryvar, ee})) x0-->TbooleanAlgebra_1(*) ==> (cmp_thryvar(x0) in {zz_thryvar, ee}) & (x0 = cmp_thryvar(cmp_thryvar(x0))) & (cmp_thryvar(zz_thryvar) = ee) & (cmp_thryvar(ee) = zz_thryvar) Suppose ==> cmp_thryvar(x0) = zz_thryvar EQUAL ==> x0 = ee Discharge ==> cmp_thryvar(x0) = ee EQUAL ==> x0 = zz_thryvar Discharge ==> AUTO Use_def(cmp_thryvar) ==> pls(ee,x0) = x0 EQUAL ==> pls(x0,pls(ee,x0)) = pls(x0,x0) Assump ==> Stat1: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,pls(y,x)) = y)) & (ee in bb) & (ee /= pls(ee,ee)) (x0,ee)-->Stat1(*) ==> ee = pls(x0,x0) TbooleanAlgebra_0 ==> Stat2: (FORALL x | ((x in bb) ¥imp ((pls(x,x) = zz_thryvar) & (pls(x,zz_thryvar) = x) & (pls(zz_thryvar,x) = x))) & (zz_thryvar in bb)) x0-->Stat2(*) ==> ee = zz_thryvar ee-->Stat2(*) ==> false Discharge ==> QED -- Theorem booleanAlgebra_3: [When the greatest lower bound is the top] (({U,V} ¥incin bb) & (dot(U,V) = ee)) ¥imp ((U = ee) & (V = ee)). Proof: Suppose_not(x0,y0) ==> AUTO TbooleanAlgebra_0 ==> Stat1: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) = dot(y,x))) Assump ==> Stat2: (FORALL x | (x in bb) ¥imp (dot(ee,x) = x)) & Stat3: (FORALL x | (x in bb) ¥imp (dot(x,x) = x)) & Stat4: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(x,dot(y,z)) = dot(dot(x,y),z))) & (ee in bb) (x0,ee)-->Stat1(*) ==> dot(x0,ee) = dot(ee,x0) (x0,x0,x0,x0,y0)-->Stat2(*) ==> (dot(ee,x0) = x0) & (dot(x0,x0) = x0) & (dot(x0,dot(x0,y0)) = dot(dot(x0,x0),y0)) (y0,y0,x0,y0,y0)-->Stat2(*) ==> (dot(ee,y0) = y0) & (dot(y0,y0) = y0) & (dot(x0,dot(y0,y0)) = dot(dot(x0,y0),y0)) EQUAL ==> (x0 = y0) & (dot(x0,x0) = ee) x0-->Stat3(Stat2*) ==> x0 = ee Discharge ==> QED -- -- -- Theorem booleanAlgebra_4: [Immaterial multiplication] ({U,V,X,Y} ¥incin bb) ¥imp (pls(dot(U,cmp_thryvar(X)),dot(V,cmp_thryvar(Y))) = dot(pls(dot(U,cmp_thryvar(X)),dot(V,cmp_thryvar(Y))),cmp_thryvar(dot(X,Y)))). Proof: Suppose_not(a,b,x,y) ==> Stat30: (pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y))) /= dot(pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y))),cmp_thryvar(dot(x,y)))) & ({a,b,x,y} ¥incin bb) y-->TbooleanAlgebra_1(Stat30*) ==> cmp_thryvar(y) in bb Assump ==> Stat3: (FORALL x | (x in bb) ¥imp (dot(ee,x) = x)) & Stat9: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) in bb)) & Stat26: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) in bb)) & Stat9a: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(x,dot(y,z)) = dot(dot(x,y),z))) & (ee in bb) (x,y,ee,dot(x,y))-->Stat9(Stat30*) ==> Stat33: (pls(ee,dot(x,y)) in bb) & (dot(x,y) in bb) x-->TbooleanAlgebra_1(Stat30*) ==> Stat27a: (x in bb) & (cmp_thryvar(x) in bb) & (dot(x,y) in bb) (a,cmp_thryvar(x))-->Stat9(Stat30*) ==> Stat25a: dot(a,cmp_thryvar(x)) in bb (b,cmp_thryvar(y))-->Stat9(Stat30*) ==> Stat26a: dot(b,cmp_thryvar(y)) in bb (dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y)))-->Stat26(Stat25a*) ==> Stat28a: pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y))) in bb Suppose ==> Stat1a: not(FORALL u,v,w | ({u,v,w} ¥incin bb) ¥imp (dot(dot(w,cmp_thryvar(u)),dot(v,u)) = zz_thryvar)) (x0,y0,z0)-->Stat1a ==> AUTO Assump ==> Stat1: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) in bb)) & Stat2: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(x,dot(y,z)) = dot(dot(x,y),z))) & (FORALL x | (x in bb) ¥imp (dot(ee,x) = x)) & Stat13a: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(pls(x,y),z) = pls(dot(z,y),dot(z,x)))) & Stat4: (FORALL x | (x in bb) ¥imp (dot(x,x) = x)) & (ee in bb) x0-->TbooleanAlgebra_1(Stat1a*) ==> cmp_thryvar(x0) in bb (y0,x0,z0,cmp_thryvar(x0),dot(y0,x0))-->Stat1(Stat1a*) ==> Stat6: (dot(z0,dot(cmp_thryvar(x0),dot(y0,x0))) /= zz_thryvar) & (dot(y0,x0) in bb) Use_def(cmp_thryvar)(Stat6) ==> Stat7: dot(z0,dot(pls(ee,x0),dot(y0,x0))) /= zz_thryvar (ee,x0,dot(y0,x0),x0)-->Stat13a(Stat1a*) ==> (dot(pls(ee,x0),dot(y0,x0)) = pls(dot(dot(y0,x0),x0),dot(dot(y0,x0),ee))) & (dot(x0,x0) = x0) (y0,x0,x0,dot(y0,x0))-->Stat2(Stat1a*) ==> (dot(dot(y0,x0),x0) = dot(y0,dot(x0,x0))) & (dot(ee,dot(y0,x0)) = dot(y0,x0)) TbooleanAlgebra_0 ==> Stat8: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) = dot(y,x))) & (FORALL x | ((x in bb) ¥imp ((pls(x,x) = zz_thryvar) & (pls(x,zz_thryvar) = x) & (pls(zz_thryvar,x) = x))) & (zz_thryvar in bb)) & (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) = dot(y,x))) & (FORALL x | (x in bb) ¥imp (dot(zz_thryvar,x) = zz_thryvar)) (dot(y0,x0),ee,dot(y0,x0),z0,zz_thryvar,z0)-->Stat8(Stat1a*) ==> (dot(dot(y0,x0),ee) = dot(ee,dot(y0,x0))) & (pls(dot(y0,x0),dot(y0,x0)) = zz_thryvar) & (dot(z0,zz_thryvar) = zz_thryvar) EQUAL(Stat7) ==> false Discharge ==> Stat3a: (FORALL u,v,w | ({u,v,w} ¥incin bb) ¥imp (dot(dot(w,cmp_thryvar(u)),dot(v,u)) = zz_thryvar)) -- -- Following "Linear Operators" by Dunford & Schwartz, vol.1, p.42, ll.8-12, we complete the proof as follows: -- Use_def(cmp_thryvar) ==> cmp_thryvar(dot(x,y)) = pls(ee,dot(x,y)) EQUAL(Stat30) ==> Stat31: pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y))) /= dot(pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y))),pls(ee,dot(x,y))) Assump ==> Stat32: (FORALL u, v, w | ({u,v,w} ¥incin bb) ¥imp (dot(pls(u,v),w) = pls(dot(w,v),dot(w,u)))) & (ee in bb) & Stat32a: (FORALL u, v, w | ({u,v,w} ¥incin bb) ¥imp (pls(u,pls(v,w)) = pls(pls(u,v),w))) (dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y)),pls(ee,dot(x,y)))-->Stat32(Stat25a,Stat26a,Stat33,Stat31*) ==> Stat34: pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y))) /= pls(dot(pls(ee,dot(x,y)),dot(b,cmp_thryvar(y))),dot(pls(ee,dot(x,y)),dot(a,cmp_thryvar(x)))) (ee,dot(x,y),dot(b,cmp_thryvar(y)))-->Stat32(Stat32,Stat27a,Stat26a*) ==> dot(pls(ee,dot(x,y)),dot(b,cmp_thryvar(y))) = pls(dot(dot(b,cmp_thryvar(y)),dot(x,y)),dot(dot(b,cmp_thryvar(y)),ee)) (ee,dot(x,y),dot(a,cmp_thryvar(x)))-->Stat32(Stat32,Stat27a,Stat25a*) ==> dot(pls(ee,dot(x,y)),dot(a,cmp_thryvar(x))) = pls(dot(dot(a,cmp_thryvar(x)),dot(x,y)),dot(dot(a,cmp_thryvar(x)),ee)) TbooleanAlgebra_0 ==> Stat35: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) = dot(y,x))) & Stat35a: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) = pls(y,x))) (dot(b,cmp_thryvar(y)),ee)-->Stat35(Stat26a,Stat3*) ==> dot(dot(b,cmp_thryvar(y)),ee) = dot(ee,dot(b,cmp_thryvar(y))) (dot(a,cmp_thryvar(x)),ee)-->Stat35(Stat25a,Stat3*) ==> dot(dot(a,cmp_thryvar(x)),ee) = dot(ee,dot(a,cmp_thryvar(x))) (dot(b,cmp_thryvar(y)))-->Stat3(Stat26a,Stat26a*) ==> dot(ee,dot(b,cmp_thryvar(y))) = dot(b,cmp_thryvar(y)) (dot(a,cmp_thryvar(x)))-->Stat3(Stat25a,Stat25a*) ==> dot(ee,dot(a,cmp_thryvar(x))) = dot(a,cmp_thryvar(x)) EQUAL(Stat34) ==> Stat36: pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y))) /= pls(pls(dot(dot(b,cmp_thryvar(y)),dot(x,y)),dot(b,cmp_thryvar(y))),pls(dot(dot(a,cmp_thryvar(x)),dot(x,y)),dot(a,cmp_thryvar(x)))) (dot(b,cmp_thryvar(y)),dot(x,y))-->Stat9(Stat26a,Stat27a*) ==> Stat37: dot(dot(b,cmp_thryvar(y)),dot(x,y)) in bb (dot(a,cmp_thryvar(x)),dot(x,y))-->Stat9(Stat25a,Stat27a*) ==> Stat38: dot(dot(a,cmp_thryvar(x)),dot(x,y)) in bb (dot(dot(a,cmp_thryvar(x)),dot(x,y)),dot(a,cmp_thryvar(x)))-->Stat26(Stat25a,Stat38*) ==> Stat39: pls(dot(dot(a,cmp_thryvar(x)),dot(x,y)),dot(a,cmp_thryvar(x))) in bb (dot(dot(b,cmp_thryvar(y)),dot(x,y)), dot(b,cmp_thryvar(y)), pls(dot(dot(a,cmp_thryvar(x)),dot(x,y)),dot(a,cmp_thryvar(x))))-->Stat32a(Stat39,Stat37,Stat26a*) ==> pls(pls(dot(dot(b,cmp_thryvar(y)),dot(x,y)),dot(b,cmp_thryvar(y))),pls(dot(dot(a,cmp_thryvar(x)),dot(x,y)),dot(a,cmp_thryvar(x)))) = pls(dot(dot(b,cmp_thryvar(y)),dot(x,y)),pls(dot(b,cmp_thryvar(y)),pls(dot(dot(a,cmp_thryvar(x)),dot(x,y)),dot(a,cmp_thryvar(x))))) (dot(b,cmp_thryvar(y)),pls(dot(dot(a,cmp_thryvar(x)),dot(x,y)),dot(a,cmp_thryvar(x))))-->Stat35a(Stat39,Stat26a*) ==> pls(dot(b,cmp_thryvar(y)),pls(dot(dot(a,cmp_thryvar(x)),dot(x,y)),dot(a,cmp_thryvar(x)))) = pls(pls(dot(dot(a,cmp_thryvar(x)),dot(x,y)),dot(a,cmp_thryvar(x))),dot(b,cmp_thryvar(y))) (dot(dot(a,cmp_thryvar(x)),dot(x,y)),dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y)))-->Stat32a(Stat38,Stat25a,Stat26a*) ==> pls(dot(dot(a,cmp_thryvar(x)),dot(x,y)),pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y)))) = pls(pls(dot(dot(a,cmp_thryvar(x)),dot(x,y)),dot(a,cmp_thryvar(x))),dot(b,cmp_thryvar(y))) (dot(dot(b,cmp_thryvar(y)),dot(x,y)),dot(dot(a,cmp_thryvar(x)),dot(x,y)),pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y))))-->Stat32a(Stat38,Stat37,Stat28a*) ==> pls(dot(dot(b,cmp_thryvar(y)),dot(x,y)),pls(dot(dot(a,cmp_thryvar(x)),dot(x,y)),pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y))))) = pls(pls(dot(dot(b,cmp_thryvar(y)),dot(x,y)),dot(dot(a,cmp_thryvar(x)),dot(x,y))),pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y)))) EQUAL(Stat36) ==> Stat40: pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y))) /= pls(pls(dot(dot(b,cmp_thryvar(y)),dot(x,y)),dot(dot(a,cmp_thryvar(x)),dot(x,y))),pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y)))) TbooleanAlgebra_0 ==> Stat41: (FORALL x | ((x in bb) ¥imp ((pls(x,x) = zz_thryvar) & (pls(x,zz_thryvar) = x) & (pls(zz_thryvar,x) = x))) & (zz_thryvar in bb)) Suppose ==> zz_thryvar = pls(dot(dot(b,cmp_thryvar(y)),dot(x,y)),dot(dot(a,cmp_thryvar(x)),dot(x,y))) (pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y))))-->Stat41(Stat28a,Stat28a*) ==> pls(zz_thryvar,pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y)))) = pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y))) EQUAL(Stat40) ==> false Discharge ==> Stat42: zz_thryvar /= pls(dot(dot(b,cmp_thryvar(y)),dot(x,y)),dot(dot(a,cmp_thryvar(x)),dot(x,y))) (y,x,b)-->Stat3a(Stat30,Stat30*) ==> dot(dot(b,cmp_thryvar(y)),dot(x,y)) = zz_thryvar (x,y,a)-->Stat3a(Stat30,Stat30*) ==> dot(dot(a,cmp_thryvar(x)),dot(y,x)) = zz_thryvar (x,y)-->Stat35(Stat30,Stat30*) ==> dot(x,y) = dot(y,x) zz_thryvar-->Stat41(Stat41,Stat41*) ==> pls(zz_thryvar,zz_thryvar) = zz_thryvar EQUAL(Stat42) ==> false Discharge ==> QED -- -- The notion of (proper) ideal in a commutative ring with multiplicative unit is adjusted to the case of Boolean algebras as follows: -- Def booleanAlgebra_2: [Proper ideal] Ideal_thryvar(I) := ({pls(x,y): x in I, y in I} ¥incin I) & ({dot(x,y): x in bb, y in I} ¥incin I) & (I ¥incin (bb - {ee})) & (I ¥nincin {zz_thryvar}) -- -- Theorem booleanAlgebra_4b: [Closure properties of an ideal, 1] (Ideal_thryvar(I) & ({X,Y} ¥incin I)) ¥imp (pls(X,Y) in I). Proof: Suppose_not(i0,x0,y0) ==> AUTO Use_def(Ideal_thryvar) ==> Stat1: pls(x0,y0) notin {pls(x,y): x in i0, y in i0} (x0,y0)-->Stat1 ==> false Discharge ==> QED -- -- In consequence of the definition of ideals, it turns out that the bottom $zz_thryvar$ of the Boolean algebra belongs to every ideal. -- Since multiplication in Boolean algebras is commutative, our ideals are bilateral: that is, they are closed not only under -- multiplication on the left (by any element of the domain-of-support), but also with respect to multiplication on the right. -- We are excluding from consideration the 'improper' ideals ${zz_thryvar}, bb$; accordingly, our ideals never contain two complementary -- elements (such complementary elements would bring into the ideal $ee$ and, consequently, all elements of $bb$. -- Theorem booleanAlgebra_4a: [Closure properties of an ideal, 2] Ideal_thryvar(I) ¥imp ((zz_thryvar in I) & (((X in I) & (Y in bb)) ¥imp ((dot(X,Y) in I) & (dot(Y,X) in I) & (cmp_thryvar(X) notin I))) & (ee notin I)). Proof: Suppose_not(i0,x0,y0) ==> Stat1: Ideal_thryvar(i0) & ((zz_thryvar notin i0) or ((x0 in i0) & (y0 in bb) & (not((dot(x0,y0) in i0) & (dot(y0,x0) in i0) & (cmp_thryvar(x0) notin i0)))) or (ee in i0)) Use_def(Ideal_thryvar) ==> Stat2: ({dot(x,y): x in bb, y in i0} ¥incin i0) & (i0 ¥nincin {zz_thryvar}) & (i0 ¥incin (bb - {ee})) TbooleanAlgebra_0 ==> Stat3: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) = dot(y,x))) & Stat3a: (FORALL x | ((x in bb) ¥imp ((pls(x,x) = zz_thryvar) & (pls(x,zz_thryvar) = x) & (pls(zz_thryvar,x) = x))) & (zz_thryvar in bb)) & (FORALL x | (x in bb) ¥imp (dot(zz_thryvar,x) = zz_thryvar)) (0,arb(i0 - {zz_thryvar}))-->Stat3a(Stat2) ==> Stat4: (zz_thryvar in bb) & (arb(i0 - {zz_thryvar}) in (bb * i0)) & (dot(zz_thryvar,arb(i0 - {zz_thryvar})) = zz_thryvar) Suppose ==> Stat6: zz_thryvar notin i0 (Stat6,Stat2*)ELEM ==> Stat7: zz_thryvar notin {dot(x,y): x in bb, y in i0} (zz_thryvar,arb(i0 - {zz_thryvar}))-->Stat7(Stat4*) ==> false Discharge ==> AUTO (x0,y0)-->Stat3(Stat1*) ==> Stat8: (x0 in i0) & (y0 in bb) & (dot(x0,y0) = dot(y0,x0)) Suppose ==> Stat11: cmp_thryvar(x0) in i0 (x0,x0)-->TbooleanAlgebra_1a(Stat8,Stat2*) ==> Stat14: pls(cmp_thryvar(x0),x0) notin i0 (i0,cmp_thryvar(x0),x0)-->TbooleanAlgebra_4b(Stat1,Stat8,Stat11,Stat14*) ==> false Discharge ==> Stat10: ((dot(y0,x0) notin {dot(x,y): x in bb, y in i0}) or (dot(x0,y0) notin {dot(x,y): x in bb, y in i0})) & (dot(x0,y0) = dot(y0,x0)) (y0,x0,y0,x0)-->Stat10(Stat2,Stat4,Stat8,Stat10*) ==> false Discharge ==> QED -- -- As an application of Zorn's lemma, we have the following maximal ideal lemma: -- Theorem booleanAlgebra_5: [Maximal proper ideal] Ideal_thryvar(I) ¥imp (EXISTS m | (I ¥incin m) & (FORALL j | (Ideal_thryvar(j) & (m ¥incin j)) ¥eq (j = m))). Proof: Suppose_not(i0) ==> Stat13: (not (EXISTS m | (i0 ¥incin m) & (FORALL j | (Ideal_thryvar(j) & (m ¥incin j)) ¥eq (j = m)))) & Ideal_thryvar(i0) -- -- Arguing by contradiction, let us assume that $i0$ is a counterexample to our claim. -- We will consider the family $tt$ of all ideals which contain $i0$. -- This is nonnull, because $i0$ belongs to it; moreover, it is closed with respect to unionset formation. -- Use_def(Ideal_thryvar) ==> Stat0: Ideal_thryvar(i0) & ({dot(x,y): x in bb, y in i0} ¥incin i0) & (i0 ¥incin bb) & (i0 ¥nincin {zz_thryvar}) & (ee notin i0) Loc_def ==> Stat2a: tt = {i ¥incin (bb - {ee}) | Ideal_thryvar(i) & (i0 ¥incin i)} Suppose ==> Stat1a: not (FORALL x ¥incin tt | ((FORALL u in x, v in x | (u incs v or v incs u)) ¥imp (EXISTS w in tt | (FORALL y in x | w incs y)))) -- -- To see that the conditions for applicability of Zorn's lemma are met, we argue as follows. -- Suppose $t0 ¥incin tt$ is linearly ordered by inclusion but does not admit an upper bound relative to inclusion. -- t0-->Stat1a(Stat1a*) ==> Stat2: (not (EXISTS w in tt | (FORALL y in t0 | w incs y))) & (t0 ¥incin tt) & Stat20: (FORALL u in t0, v in t0 | (u incs v or v incs u)) Suppose ==> t0 = 0 -- -- $t0$ cannot be null, else $i0$ would be an upper bound for it. -- i0-->Stat2(Stat2a*) ==> Stat0a: (i0 notin {i ¥incin (bb - {ee}) | Ideal_thryvar(i) & (i0 ¥incin i)}) or (not(FORALL y in t0 | i0 incs y)) i0-->Stat0a(Stat0,Stat0a*) ==> Stat3a: not(FORALL y in t0 | i0 incs y) y0-->Stat3a(Stat2*) ==> false Discharge ==> AUTO -- -- Therefore we can draw an ideal $i2$ from $t0$; this, as therefore its subset $i0$, is obviously included in $Un(t0)$. -- Loc_def ==> i2 = arb(t0) (i2,t0)-->T2g ==> AUTO (Stat2a)ELEM ==> Stat4a: (i2 in {i ¥incin (bb - {ee}) | Ideal_thryvar(i) & (i0 ¥incin i)}) & (i2 ¥incin Un(t0)) ()-->Stat4a(Stat4a*) ==> i0 ¥incin Un(t0) -- -- Either $Un(t0)$ does not belong to $tt$ or it does not include some member $y1$ of $t0$, -- because otherwise $Un(t0)$ would be an upper bound for $t0$. We readily exclude the latter possibility. -- (Un(t0))-->Stat2(Stat2*) ==> (Un(t0) notin tt) or (not (FORALL y in t0 | Un(t0) incs y)) Suppose ==> Stat10: not (FORALL y in t0 | Un(t0) incs y) y1-->Stat10(Stat10*) ==> (y1 in t0) & (not(Un(t0) incs y1)) (y1,t0)-->T2g(Stat10*) ==> false Discharge ==> Stat3: Un(t0) notin {i ¥incin (bb - {ee}) | Ideal_thryvar(i) & (i0 ¥incin i)} -- -- We will exclude the other alternative as well, arguing as follows. -- If $Un(t0)$ does not belong to $tt$, since it clearly includes $i0$ it must fail to be an ideal -- and the reason why $Un(t0)$ might fail to be an ideal cannot be that it is not included in $bb - {ee}$. -- (Un(t0))-->Stat3(Stat4a*) ==> (Un(t0) ¥nincin (bb - {ee})) or (not Ideal_thryvar(Un(t0))) Suppose ==> Stat4: Un(t0) ¥nincin (bb - {ee}) (bb - {ee},t0)-->T2(Stat4*) ==> Stat5: not(FORALL x in t0 | x ¥incin (bb - {ee})) x0-->Stat5(Stat2,Stat2a*) ==> Stat5a: (x0 in {i ¥incin (bb - {ee}) | Ideal_thryvar(i) & (i0 ¥incin i)}) & (x0 ¥nincin (bb - {ee})) ()-->Stat5a(Stat5a*) ==> false Discharge ==> AUTO Use_def(Ideal_thryvar(Un(t0))) ==> AUTO -- -- Notice that since $t0$ is an inclusion chain in $tt$, its unionset is closed with respect to addition, because if we take two elements $x3,x4$ -- in $Un(t0)$, then each will belong to a set in $t0$ and therefore both will belong to the larger of these sets, which will be an ideal because -- all sets in $tt$, and hence all sets in $t0$, are ideals; but then the addition of $x3,x4$ will belong to this larger set, which is included in -- $Un(t0)$. -- Suppose ==> Stat21: {pls(x,y): x in Un(t0), y in Un(t0)} ¥nincin Un(t0) p-->Stat21(Stat21*) ==> Stat22: (p in {pls(x,y): x in Un(t0), y in Un(t0)}) & (p notin Un(t0)) Use_def(Un(t0)) ==> AUTO (x3,x4)-->Stat22(Stat22*) ==> Stat23: (x3 in {x: y in t0, x in y}) & (x4 in Un(t0)) & (pls(x3,x4) notin Un(t0)) (y4,t0)-->T2g ==> AUTO (y4,x5)-->Stat23(Stat22*) ==> Stat24: (x4 in {x: y in t0, x in y}) & (y4 in t0) & (x3 in y4) & (pls(x3,x4) notin y4) (y5,t0)-->T2g ==> AUTO (y5,x6)-->Stat24(Stat23*) ==> Stat25: (y5 in t0) & (x4 in y5) & (pls(x3,x4) notin y5) (Stat2,Stat2a,Stat24,Stat25*)ELEM ==> Stat26: (y4 in {i ¥incin (bb - {ee}) | Ideal_thryvar(i) & (i0 ¥incin i)}) & Stat27: (y5 in {i ¥incin (bb - {ee}) | Ideal_thryvar(i) & (i0 ¥incin i)}) (y4,y5)-->Stat20(Stat24,Stat25*) ==> (y4 incs y5) or (y5 incs y4) Suppose ==> Stat25a: y4 incs y5 ()-->Stat26(Stat26,Stat26*) ==> Stat28: Ideal_thryvar(y4) Use_def(Ideal_thryvar)(Stat28,Stat23*) ==> Stat29: pls(x3,x4) notin {pls(x,y): x in y4, y in y4} (x3,x4)-->Stat29(Stat24,Stat25,Stat25a*) ==> false Discharge ==> AUTO (Stat24*)ELEM ==> x3 in y5 ()-->Stat27(Stat26,Stat26*) ==> Stat30: Ideal_thryvar(y5) Use_def(Ideal_thryvar)(Stat30,Stat24*) ==> Stat31: pls(x3,x4) notin {pls(x,y): x in y5, y in y5} (x3,x4)-->Stat31(Stat25*) ==> false Discharge ==> AUTO -- -- Notice also that since $t0$ is an inclusion chain in $tt$, its unionset is closed under multiplication by any element of the Boolean algebra. Actually, -- this fact is even more obvious than the analogous fact about addition just seen, because the assumption that $t0$ is a chain (viz., totally -- ordered by inclusion) is immaterial here. If we take an element $y2$ of $Un(t0)$ and an element $x2$ of the algebra, then y2 will belong to a -- set $i1$ in $t0$, which will be an ideal because all sets in $tt$, and hence all sets in $t0$, are ideals; but then the result of multiplying $y2$ -- by $x2$ will belong to this set $i1$, which is included in $Un(t0)$. -- (Stat0*)ELEM ==> Stat6: {dot(x,y): x in bb, y in Un(t0)} ¥nincin Un(t0) d0-->Stat6(Stat6*) ==> Stat7: (d0 in {dot(x,y): x in bb, y in Un(t0)}) & (d0 notin Un(t0)) (x2,y2)-->Stat7(Stat7*) ==> Stat7a: (x2 in bb) & (y2 in Un(t0)) & (dot(x2,y2) notin Un(t0)) Use_def(Un)(Stat7) ==> Stat8: y2 in {x: y in t0, x in y} (i1,x1)-->Stat8(Stat2,Stat2a*) ==> Stat9: (i1 in {i ¥incin (bb - {ee}) | Ideal_thryvar(i) & (i0 ¥incin i)}) & (i1 in t0) & (y2 in i1) ()-->Stat9(Stat9*) ==> Ideal_thryvar(i1) (i1,t0)-->T2g ==> AUTO (i1,y2,x2)-->TbooleanAlgebra_4a(Stat7a*) ==> false Discharge ==> AUTO -- -- In conclusion, by Zorn's lemma, $tt$ contains a maximal element $m$. -- It is easily shown that this $m$ satisfies the consequent of the claim, thus contradicting the initial assumption -- of this proof. Our argument by contradiction is thereby completed, and the desired claim proved. -- tt-->T20 ==> Stat11: (EXISTS y in tt | (FORALL x in tt | not ((x incs y) & (x /= y)))) m-->Stat11(Stat2a,Stat2a*) ==> Stat12: (FORALL x in tt | not ((x incs m) & (x /= m))) & Stat14: (m in {i ¥incin (bb - {ee}) | Ideal_thryvar(i) & (i0 ¥incin i)}) ()-->Stat14 ==> AUTO m-->Stat13(Stat12*) ==> Stat15: (not (FORALL j | (Ideal_thryvar(j) & (m ¥incin j)) ¥eq (j = m))) j1-->Stat15(Stat15*) ==> (Ideal_thryvar(j1) & (m ¥incin j1)) ¥neq (j1 = m) Suppose ==> j1 = m EQUAL(Stat12) ==> false; Discharge ==> Stat16: (j1 /= m) & Ideal_thryvar(j1) & (m ¥incin j1) & (i0 ¥incin m) Use_def(Ideal_thryvar(j1)) ==> AUTO j1-->Stat12(Stat16,Stat2a*) ==> Stat17: j1 notin {i ¥incin (bb - {ee}) | Ideal_thryvar(i) & (i0 ¥incin i)} j1-->Stat17(Stat16*) ==> false Discharge ==> QED -- -- The following theorem provides "fuel" for applicability of the maximal ideal lemma: -- Theorem booleanAlgebra_6: [Ideal generated by complements] ((B ¥incin (bb - {zz_thryvar})) & ({dot(x,y): x in B, y in B} ¥incin B) & (B ¥nincin {ee})) ¥imp Ideal_thryvar({dot(a,cmp_thryvar(x)): a in bb, x in B}). Proof: Suppose_not(b0) ==> AUTO -- -- Assuming that a counterexample $b0$ exists, ${dot(a,cmp_thryvar(x)): a in bb, x in b0}$ would not be an ideal. -- As a preliminary to a refutation of this, observe that this set has an element which differs from $zz_thryvar$ and from $ee$. -- ELEM ==> Stat1: (b0 ¥nincin {ee}) & ({dot(x,y): x in b0, y in b0} ¥incin b0) & (b0 ¥incin (bb - {zz_thryvar})) Loc_def ==> Stat2: i0 = {dot(a,cmp_thryvar(x)): a in bb, x in b0} Assump ==> Stat3: (FORALL x | (x in bb) ¥imp (dot(ee,x) = x)) & (ee in bb) Use_def(Ideal_thryvar({dot(a,cmp_thryvar(x)): a in bb, x in b0})) ==> AUTO EQUAL ==> not(({pls(x,y): x in i0, y in i0} ¥incin i0) & ({dot(x,y): x in bb, y in i0} ¥incin i0) & (i0 ¥incin (bb - {ee})) & (i0 ¥nincin {zz_thryvar})) Suppose ==> i0 ¥incin {zz_thryvar} a0-->Stat1 ==> (a0 in b0) & (a0 /= ee) a0-->TbooleanAlgebra_1(Stat1*) ==> (cmp_thryvar(a0) in bb) & (cmp_thryvar(cmp_thryvar(a0)) = a0) & (cmp_thryvar(zz_thryvar) = ee) (cmp_thryvar(a0))-->Stat3(Stat3*) ==> dot(ee,cmp_thryvar(a0)) = cmp_thryvar(a0) Suppose ==> Stat4: cmp_thryvar(a0) notin {dot(a,cmp_thryvar(x)): a in bb, x in b0} (ee,a0)-->Stat4(Stat1*) ==> false; Discharge ==> zz_thryvar = cmp_thryvar(a0) EQUAL(Stat2) ==> ee = a0 Discharge ==> AUTO Assump ==> Stat5: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) in bb)) & Stat6: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(x,dot(y,z)) = dot(dot(x,y),z))) Suppose ==> Stat7: i0 ¥nincin (bb - {ee}) c-->Stat7(Stat2*) ==> Stat8: (c in {dot(a,cmp_thryvar(x)): a in bb, x in b0}) & (c notin (bb - {ee})) (a3,cmp_thryvar(x3))-->Stat5(Stat5,Stat5*) ==> Stat9: ((a3 in bb) & (cmp_thryvar(x3) in bb)) ¥imp (dot(a3,cmp_thryvar(x3)) in bb) x3-->TbooleanAlgebra_1(Stat1,Stat1*) ==> Stat10: (x3 in bb) ¥imp (cmp_thryvar(x3) in bb) (a3,x3)-->Stat8(Stat10,Stat9,Stat1*) ==> Stat11: (a3 in bb) & (x3 in b0) & (x3 in bb) & (cmp_thryvar(x3) in bb) & (dot(a3,cmp_thryvar(x3)) = ee) (a3,cmp_thryvar(x3))-->TbooleanAlgebra_3(Stat11*) ==> Stat12: cmp_thryvar(x3) = ee x3-->TbooleanAlgebra_1(Stat11,Stat11*) ==> (cmp_thryvar(ee) = zz_thryvar) & (cmp_thryvar(cmp_thryvar(x3)) = x3) EQUAL(Stat12) ==> Stat13: zz_thryvar = x3 (Stat11,Stat13,Stat1*)Discharge ==> AUTO -- -- Then observe that $i0$ is closed under multiplication on the left by elements of the domain-of-support. -- Suppose ==> Stat14: {dot(x,y): x in bb, y in i0} ¥nincin i0 d-->Stat14(Stat14*) ==> Stat15: (d in {dot(x,y): x in bb, y in i0}) & (d notin i0) (x1,y1)-->Stat15(Stat2*) ==> Stat16: (y1 in {dot(a,cmp_thryvar(x)): a in bb, x in b0}) & (dot(x1,y1) notin {dot(a,cmp_thryvar(x)): a in bb, x in b0}) & (x1 in bb) (x1,a1)-->Stat5(Stat16*) ==> (a1 in bb) ¥imp (dot(x1,a1) in bb) (a1,x2,dot(x1,a1),x2)-->Stat16(Stat16*) ==> Stat17: (a1 in bb) & (x2 in b0) & (y1 = dot(a1,cmp_thryvar(x2))) & (dot(x1,y1) /= dot(dot(x1,a1),cmp_thryvar(x2))) EQUAL(Stat16) ==> dot(x1,dot(a1,cmp_thryvar(x2))) /= dot(dot(x1,a1),cmp_thryvar(x2)) x2-->TbooleanAlgebra_1(Stat1,Stat17*) ==> cmp_thryvar(x2) in bb (x1,a1,cmp_thryvar(x2))-->Stat6(Stat16*) ==> false Discharge ==> AUTO -- -- To see that $i0$ is also closed under addition, and hence is an ideal contrary to our initial assumption, we complete our argument as follows. -- If $dot(a,cmp_thryvar(x))$ and $dot(b,cmp_thryvar(y))$, with $a in bb$, $b in bb$, $x in b0$, and $y in b0$, are elements of $i0$, then -- $pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y)))$ can be rewritten as $dot(pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y))),cmp_thryvar(dot(x,y)))$ -- and hence belongs to $i0$. -- (Stat3*)ELEM ==> Stat18: {pls(x,y): x in i0, y in i0} ¥nincin i0 h-->Stat18(Stat18) ==> Stat19: (h in {pls(x,y): x in i0, y in i0}) & (h notin i0) (x4,y4)-->Stat19(Stat2,Stat2) ==> Stat20: (x4 in {dot(a,cmp_thryvar(x)): a in bb, x in b0}) & (y4 in {dot(a,cmp_thryvar(x)): a in bb, x in b0}) & (pls(x4,y4) notin {dot(u,cmp_thryvar(v)): u in bb, v in b0}) (a,x,b,y,pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y))),dot(x,y))-->Stat20(Stat20*) ==> Stat21: (a in bb) & (x in b0) & (x4 = dot(a,cmp_thryvar(x))) & (b in bb) & (y in b0) & (y4 = dot(b,cmp_thryvar(y))) & (not((pls(x4,y4) = dot(pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y))),cmp_thryvar(dot(x,y)))) & (pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y))) in bb) & (dot(x,y) in b0))) (Stat21,Stat1*)ELEM ==> Stat22: (x in bb) & (y in bb) Suppose ==> Stat23: dot(x,y) notin b0 (Stat23,Stat1*)ELEM ==> Stat24: dot(x,y) notin {dot(u,v): u in b0, v in b0} (x,y)-->Stat24(Stat21*) ==> false; Discharge ==> Stat25: not(dot(x,y) notin b0) x-->TbooleanAlgebra_1(Stat21,Stat1,Stat25*) ==> (x in bb) & (cmp_thryvar(x) in bb) & (dot(x,y) in bb) y-->TbooleanAlgebra_1(Stat21,Stat1*) ==> (x in bb) & (cmp_thryvar(y) in bb) (a,cmp_thryvar(x))-->Stat5(Stat21*) ==> dot(a,cmp_thryvar(x)) in bb (b,cmp_thryvar(y))-->Stat5(Stat21*) ==> dot(b,cmp_thryvar(y)) in bb Assump ==> Stat26: (FORALL u, v | ({u,v} ¥incin bb) ¥imp (pls(u,v) in bb)) (dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y)))-->Stat26(Stat22*) ==> pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y))) in bb (Stat21*)ELEM ==> pls(x4,y4) /= dot(pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y))),cmp_thryvar(dot(x,y))) EQUAL(Stat21) ==> Stat27: pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y))) /= dot(pls(dot(a,cmp_thryvar(x)),dot(b,cmp_thryvar(y))),cmp_thryvar(dot(x,y))) (a,b,x,y)-->TbooleanAlgebra_4(Stat21,Stat22,Stat27*) ==> false Discharge ==> QED -- -- The following is an obvious corollary of the theorem on the ideal generated by complements. -- Theorem booleanAlgebra_6a: [Principal ideal] (X in (bb - {zz_thryvar, ee})) ¥imp (Ideal_thryvar({dot(a,X): a in bb}) & (X in {dot(a,X): a in bb})). Proof: Suppose_not(x0) ==> AUTO -- -- The negation of the claim is that either the set $i0$ of all multiples of $x0$ is not an ideal or -- it does not have $x0$ as an element. The latter possibility is excluded readily. -- Assump ==> Stat1: (FORALL x | (x in bb) ¥imp (dot(x,x) = x)) & Stat2: (FORALL x | (x in bb) ¥imp (dot(ee,x) = x)) & (ee in bb) Suppose ==> Stat3: x0 notin {dot(a,x0): a in bb} x0-->Stat2(*) ==> dot(ee,x0) = x0 ee-->Stat3(Stat1*) ==> false Discharge ==> AUTO -- -- We can apply the preceding Theorem booleanAlgebra_6 to the singleton of $cmp_thryvar(x0)$, -- after checking that this set is closed under multipication. -- Loc_def ==> Stat4: x1 = cmp_thryvar(x0) x0-->TbooleanAlgebra_1(*) ==> Stat5: (x0 in bb) & (x0 /= ee) & (x0 /= zz_thryvar) & (cmp_thryvar(cmp_thryvar(x0)) = x0) & (not(Ideal_thryvar({dot(a,x0): a in bb}))) EQUAL(Stat4) ==> Stat6: (cmp_thryvar(x1) = x0) x0-->TbooleanAlgebra_2(Stat4*) ==> Stat7: (x1 in (bb-{zz_thryvar,ee})) Suppose ==> Stat8: {dot(x,y): x in {x1}, y in {x1}} ¥nincin {x1} c-->Stat8(Stat5*) ==> Stat9: (c in {dot(x,y): x in {x1}, y in {x1}}) & (c notin {x1}) (x2,y2)-->Stat9(Stat9*) ==> Stat10: (x2 = x1) & (y2 = x1) & (dot(x2,y2) /= x1) x1-->Stat1(Stat7,Stat7*) ==> dot(x1,x1) = x1 EQUAL(Stat10) ==> false Discharge ==> AUTO ({x1})-->TbooleanAlgebra_6(Stat6*) ==> Stat11: Ideal_thryvar({dot(a,cmp_thryvar(x)): a in bb, x in {x1}}) -- -- We will now check that the set ${dot(a,cmp_thryvar(x)): a in bb, x in {x1}}$ which we have just seen to be an ideal -- equals ${dot(a,x0): a in bb}$, thus completing the proof. -- Suppose ==> Stat12: {dot(a,cmp_thryvar(x)): a in bb, x in {x1}} = {dot(a,x0): a in bb} EQUAL(Stat5,Stat11,Stat12) ==> false Discharge ==> Stat13: {dot(a,cmp_thryvar(x)): a in bb, x in {x1}} /= {dot(a,x0): a in bb} d-->Stat13(Stat13*) ==> (d in {dot(a,cmp_thryvar(x)): a in bb, x in {x1}}) ¥neq (d in {dot(a,x0): a in bb}) Suppose ==> Stat14: (d in {dot(a,x0): a in bb}) & (d notin {dot(a,cmp_thryvar(x)): a in bb, x in {x1}}) (a,a,x1)-->Stat14(Stat14*) ==> Stat15: dot(a,x0) /= dot(a,cmp_thryvar(x1)) EQUAL(Stat15,Stat6) ==> false Discharge ==> Stat16: (d in {dot(a,cmp_thryvar(x)): a in bb, x in {x1}}) & (d notin {dot(a,x0): a in bb}) (b,x3,b)-->Stat16(Stat16*) ==> Stat17: (dot(b,cmp_thryvar(x3)) /= dot(b,x0)) & (x3 = x1) EQUAL(Stat17,Stat6) ==> false Discharge ==> QED -- --PAUSE HERE -- -- -- An alternative proof of the principal ideal theorem is provided here, to avoid a dependency from Theorem booleanAlgebra_6, -- a proposition which does not really pertain much to the Stone representation theorem. -- Theorem booleanAlgebra_6b: [Principal ideal] (X in (bb - {zz_thryvar, ee})) ¥imp (Ideal_thryvar({dot(a,X): a in bb}) & (X in {dot(a,X): a in bb})). Proof: Suppose_not(x0) ==> Stat0: (not(Ideal_thryvar({dot(a,x0): a in bb}) & (x0 in {dot(a,x0): a in bb}))) & (x0 in (bb - {zz_thryvar,ee})) -- -- The negation of the claim is that either the set $i0$ of all multiples of $x0$ is not an ideal or -- it does not have $x0$ as an element. The latter possibility is excluded readily. -- Use_def(Ideal_thryvar({dot(a,x0): a in bb})) ==> AUTO Loc_def ==> Stat1: i0 = {dot(a,x0): a in bb} EQUAL ==> not(({pls(x,y): x in i0, y in i0} ¥incin i0) & ({dot(x,y): x in bb, y in i0} ¥incin i0) & (i0 ¥incin (bb - {ee})) & (i0 ¥nincin {zz_thryvar}) & (x0 in {dot(a,x0): a in bb})) Assump ==> Stat2: (FORALL x | (x in bb) ¥imp (dot(ee,x) = x)) & (ee in bb) Suppose ==> Stat3: x0 notin {dot(a,x0): a in bb} x0-->Stat2(Stat0*) ==> dot(ee,x0) = x0 ee-->Stat3(Stat2*) ==> false Discharge ==> AUTO -- -- There are 4 conjuncts in the definition of ideals, and we will now examine them one by one, -- to find that $i0$ meets each of them. First notice that $i0$ is neither empty nor the singleton of $zz_thryvar$. -- (Stat0*)ELEM ==> i0 ¥nincin {zz_thryvar} -- -- Next observe that $i0$ is included in the domain-of-support deprived of the top element. -- Assump ==> Stat4: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) in bb)) & Stat5: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(x,dot(y,z)) = dot(dot(x,y),z))) Suppose ==> Stat6: i0 ¥nincin (bb - {ee}) c-->Stat6(Stat1*) ==> Stat7: (c in {dot(a,x0): a in bb}) & (c notin (bb - {ee})) (a0,x0)-->Stat4(Stat0,Stat0*) ==> Stat8: (a0 in bb) ¥imp (dot(a0,x0) in bb) a0-->Stat7(Stat7*) ==> Stat9: (a0 in bb) & (dot(a0,x0) = ee) (a0,x0)-->TbooleanAlgebra_3(Stat0,Stat9*) ==> Stat11: x0 = ee (Stat11,Stat0*)Discharge ==> AUTO -- -- Then observe that $i0$ is closed under multiplication by elements of the domain-of-support. -- Suppose ==> Stat20: {dot(x,y): x in bb, y in i0} ¥nincin i0 d-->Stat20(Stat20*) ==> Stat21: (d in {dot(x,y): x in bb, y in i0}) & (d notin i0) (a1,y1)-->Stat21(Stat1,Stat1*) ==> Stat12: (y1 in {dot(a,x0): a in bb}) & (dot(a1,y1) notin {dot(a,x0): a in bb}) & (a1 in bb) (a1,a2)-->Stat4(Stat12*) ==> (a2 in bb) ¥imp (dot(a1,a2) in bb) (a2,dot(a1,a2))-->Stat12(Stat12*) ==> Stat13: (a2 in bb) & (y1 = dot(a2,x0)) & (dot(a1,y1) /= dot(dot(a1,a2),x0)) EQUAL(Stat13) ==> Stat14: dot(a1,dot(a2,x0)) /= dot(dot(a1,a2),x0) (a1,a2,x0)-->Stat5(Stat12,Stat13,Stat0,Stat14*) ==> false Discharge ==> AUTO -- -- To end, observe that $i0$ is closed under addition. -- (Stat1*)ELEM ==> Stat30: {pls(x,y): x in i0, y in i0} ¥nincin i0 h-->Stat30(Stat30*) ==> Stat31: (h in {pls(x,y): x in i0, y in i0}) & (h notin i0) (x2,y2)-->Stat31(Stat1,Stat1) ==> Stat22: (x2 in {dot(a,x0): a in bb}) & (y2 in {dot(a,x0): a in bb}) & (pls(x2,y2) notin {dot(u,x0): u in bb}) Assump ==> Stat23: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) in bb)) & Stat26: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(pls(x,y),z) = pls(dot(z,y),dot(z,x)))) (a,b)-->Stat23(Stat23*) ==> Stat23a: ((a in bb) & (b in bb)) ¥imp (pls(a,b) in bb) (a,b,pls(a,b))-->Stat22(Stat23a,Stat0*) ==> Stat24: (a in bb) & (b in bb) & (x2 = dot(a,x0)) & (y2 = dot(b,x0)) & (pls(x2,y2) /= dot(pls(a,b),x0)) & (x0 in bb) EQUAL(Stat24*) ==> Stat25: pls(dot(a,x0),dot(b,x0)) /= dot(pls(a,b),x0) (a,b,x0)-->Stat26 ==> AUTO TbooleanAlgebra_0 ==> Stat27: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) = pls(y,x))) & Stat28: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) = dot(y,x))) (b,x0)-->Stat4(Stat24,Stat24*) ==> dot(b,x0) in bb (a,x0)-->Stat4(Stat24,Stat24*) ==> dot(a,x0) in bb (x0,b)-->Stat28(Stat24,Stat24*) ==> dot(x0,b) = dot(b,x0) (dot(b,x0),dot(a,x0),x0,a)-->Stat27(Stat24*) ==> (dot(x0,a) = dot(a,x0)) & (pls(dot(b,x0),dot(a,x0)) = pls(dot(a,x0),dot(b,x0))) EQUAL(Stat24) ==> false Discharge ==> QED -- --BEGIN HERE -- -- A proof of the Stone theorem follows, formulated in such terms as to leave topological notions momentarily out of consideration. -- Def booleanAlgebra_3: [Homomorphisms between this algebra and an algebra of sets] BooHom_thryvar(H) := Svm(H) & (domain(H) = bb) & (H~[ee] = Un(range(H))) & (H~[ee] /= H~[zz_thryvar]) & (FORALL x in bb, y in bb | ((H~[dot(x,y)]) = ((H~[x]) * (H~[y]))) & ((H~[pls(x,y)]) = sym((H~[x]), (H~[y])))) -- Def booleanAlgebra_4: [Family of all homomorphisms between this algebra and 2] hh_thryvar := {h ¥incin (bb ¥PROD 2) | BooHom_thryvar(h)} -- Theorem booleanAlgebra_6c: [Image of top under a homomorphism into 2] (H in hh_thryvar) ¥imp ((H~[zz_thryvar] = 0) & (H~[ee] = 1)). Proof: Suppose_not(h0) ==> AUTO Use_def(hh_thryvar) ==> Stat3: h0 in {h ¥incin (bb ¥PROD 2) | BooHom_thryvar(h)} Use_def(BooHom_thryvar(h0)) ==> AUTO ()-->Stat3(Stat3*) ==> Stat4: (FORALL x in bb, y in bb | ((h0~[dot(x,y)]) = ((h0~[x]) * (h0~[y]))) & ((h0~[pls(x,y)]) = sym((h0~[x]), (h0~[y])))) & ((h0~[ee]) /= (h0~[zz_thryvar])) & (domain(h0) = bb) & (h0 ¥incin (bb ¥PROD 2)) Assump ==> Stat0: ee in bb (ee,ee)-->Stat4(Stat0,Stat0*) ==> (h0~[pls(ee,ee)]) = sym((h0~[ee]), (h0~[ee])) (h0~[ee],0)-->T1000(Stat4*) ==> (h0~[pls(ee,ee)]) = 0 TbooleanAlgebra_0 ==> Stat5: (FORALL x | ((x in bb) ¥imp ((pls(x,x) = zz_thryvar) & (pls(x,zz_thryvar) = x) & (pls(zz_thryvar,x) = x))) & (zz_thryvar in bb)) ee-->Stat5(Stat0,Stat0*) ==> pls(ee,ee) = zz_thryvar EQUAL(Stat4) ==> (h0~[zz_thryvar] = 0) & (h0~[ee] /= 0) (h0,bb,2)-->T141(Stat4,Stat4*) ==> range(h0) ¥incin 2 TELEM ==> 2 = {0,1} (ee,h0)-->T71(*) ==> false Discharge ==> QED -- Theorem booleanAlgebra_6d: [Nonnull image of difference under a homomorphism into 2] ((H in hh_thryvar) & ({X,Y} ¥incin bb) & (H~[pls(X,dot(X,Y))] = 1) & (H~[Y] = 0)) ¥imp (H~[X] = 1). Proof: Suppose_not(h0,x0,x1) ==> AUTO -- -- Arguing by contradiction, assume that $(h0~[x1]) = 0$ and $(h0~[x0]) /= 1$, where $h0$ is a homomorphism -- of our Boolean algebra into 2. We will find that this is impossible, because $1 = (h0~[ee])$, $(h0~[ee]) = (h0~[pls(x0,dot(x0,x1))])$, -- $pls(x0,dot(x0,x1)) = pls(dot(x0,x1),dot(x0,ee))$, $pls(dot(x0,x1),dot(x0,ee)) = dot(pls(ee,x1),x0)$, -- and hence $(h0~[ee]) = ((h0~[pls(ee,x1)]) * (h0~[x0]))$ and $1 = (sym(1, 0) * (h0~[x0]))$, which implies that $(h0~[x0]) = 1$. -- Use_def(hh_thryvar) ==> Stat1: h0 in {h ¥incin (bb ¥PROD 2) | BooHom_thryvar(h)} Use_def(BooHom_thryvar(h0)) ==> AUTO ()-->Stat1(Stat1*) ==> Stat2: (FORALL x in bb, y in bb | ((h0~[dot(x,y)]) = ((h0~[x]) * (h0~[y]))) & ((h0~[pls(x,y)]) = sym((h0~[x]), (h0~[y])))) & (domain(h0) = bb) & (h0 ¥incin (bb ¥PROD 2)) Assump ==> Stat3: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) in bb)) & (FORALL x | (x in bb) ¥imp (dot(ee,x) = x)) & Stat4: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(pls(x,y),z) = pls(dot(z,y),dot(z,x)))) & (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) in bb)) & (ee in bb) TbooleanAlgebra_0(Stat3*) ==> Stat6: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) = pls(y,x))) & (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) = dot(y,x))) (ee,x0)-->Stat3(*) ==> dot(ee,x0) in bb (x0,x1,x0)-->Stat3(*) ==> (dot(x0,x1) in bb) & ((dot(ee,x0) = x0)) (dot(ee,x0),dot(x0,x1),ee,x0)-->Stat6(*) ==> (pls(dot(ee,x0),dot(x0,x1)) = pls(dot(x0,x1),dot(ee,x0))) & (dot(ee,x0) = dot(x0,ee)) (x1,ee,x0,x1,ee)-->Stat4(*) ==> (dot(pls(x1,ee),x0) = pls(dot(x0,ee),dot(x0,x1))) & (pls(x1,ee) in bb) EQUAL ==> h0~[dot(pls(x1,ee),x0)] = 1 (pls(x1,ee),x0)-->Stat2(*) ==> h0~[dot(pls(x1,ee),x0)] = ((h0~[pls(x1,ee)]) * (h0~[x0])) (x1,ee)-->Stat2(*) ==> h0~[pls(x1,ee)] = sym((h0~[x1]), (h0~[ee])) h0-->TbooleanAlgebra_6c(*) ==> h0~[ee] = 1 EQUAL ==> Stat7: 1 = (sym(0, 1) * (h0~[x0])) Use_def(sym)(Stat7) ==> 1 = 1 * (h0~[x0]) (h0,bb,2)-->T141(Stat2,Stat2*) ==> range(h0) ¥incin 2 TELEM ==> (2 = {0,1}) & (0 /= 1) (x0,h0)-->T71(*) ==> false Discharge ==> QED -- -- Let us now show that for any non-bottom element $x0$ of the domain-of-support, -- an ideal to which $x0$ does not belong can be extended into an ideal to which the complement of $x0$ belongs. -- Theorem booleanAlgebra_7: [Enlargement of an ideal] (Ideal_thryvar(I) & (X in bb) & (cmp_thryvar(X) notin I)) ¥imp (EXISTS j | Ideal_thryvar(j) & ((I + {X}) ¥incin j)). Proof: Suppose_not(i0,x0) ==> Stat1: (not(EXISTS j | Ideal_thryvar(j) & ((i0 + {x0}) ¥incin j))) & Ideal_thryvar(i0) & (x0 in bb) & (cmp_thryvar(x0) notin i0) -- -- We will check that the set $i1={pls(dot(b,x0),y): b in bb, y in i0}$ is an ideal having $i0$ as a subset and $x0$ as a member. -- To check that it has $x0$ as a member, it suffices to observe that $pls(dot(ee,x0),zz_thryvar) = x0$, where -- $zz_thryvar in i0$ because $i0$ is an ideal. -- Then, to see that it includes $i0$, it will suffice to observe that $pls(dot(zz_thryvar,x0),y) = y$ for every $y$ in $i0$. -- Assump ==> Stat3: (FORALL x | (x in bb) ¥imp (dot(ee,x) = x)) & (ee in bb) TbooleanAlgebra_0 ==> Stat4: (FORALL x | ((x in bb) ¥imp ((pls(x,x) = zz_thryvar) & (pls(x,zz_thryvar) = x) & (pls(zz_thryvar,x) = x))) & (zz_thryvar in bb)) & Stat5: (FORALL x | (x in bb) ¥imp (dot(zz_thryvar,x) = zz_thryvar)) i0-->TbooleanAlgebra_4a(Stat1,Stat1*) ==> Stat8: zz_thryvar in i0 Loc_def ==> Stat9: i1 = {pls(dot(b,x0),y): b in bb, y in i0} -- -- Let us check that $x0$ indeed belongs to our prospective ideal $i1$, as announced above. -- x0-->Stat3(Stat1,Stat3*) ==> Stat9a: (dot(ee,x0) = x0) & (ee in bb) Suppose ==> Stat10: x0 notin {pls(dot(b,x0),y): b in bb, y in i0} (ee,zz_thryvar)-->Stat10(Stat8*) ==> x0 /= pls(dot(ee,x0),zz_thryvar) x0-->Stat4(Stat1,Stat1*) ==> pls(x0,zz_thryvar) = x0 EQUAL(Stat9a) ==> false Discharge ==> Stat11: x0 in i1 -- -- Let us check next that $i0$ is indeed included in $i1$, as announced above. -- Incidentally this inclusion ensures that $i1$ cannot be null or consist of $zz_thryvar$ alone. -- Use_def(Ideal_thryvar) ==> Stat2: (i0 ¥incin (bb - {ee})) & (i0 ¥nincin {zz_thryvar}) Suppose ==> Stat12: i0 ¥nincin i1 c1-->Stat12(Stat9,Stat9*) ==> Stat13: (c1 notin {pls(dot(b,x0),y): b in bb, y in i0}) & (c1 in i0) c1-->Stat4(Stat13,Stat2*) ==> pls(zz_thryvar,c1) = c1 (0,x0)-->Stat4(Stat4,Stat1*) ==> (zz_thryvar in bb) & (dot(zz_thryvar,x0) = zz_thryvar) (zz_thryvar,c1)-->Stat13(Stat13*) ==> pls(dot(zz_thryvar,x0),c1) /= c1 EQUAL(Stat13) ==> false Discharge ==> AUTO -- -- There are hence three potential reasons why $i1$ could fail to be an ideal. It could fail being closed with respect to addition; -- it could fail being closed under multiplication by an element of the support domain; or it could fail being a subset of $bb - {ee}$. -- One by one, we will exclude each of these three possibilities, beginning with additive closure. -- Use_def(Ideal_thryvar(i1)) ==> AUTO i1-->Stat1(Stat11*) ==> Stat21: not(({pls(x,y): x in i1, y in i1} ¥incin i1) & ({dot(x,y): x in bb, y in i1} ¥incin i1) & (i1 ¥incin (bb - {ee}))) Assump ==> Stat22: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) in bb)) & Stat23: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) in bb)) & Stat84a: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (pls(x,pls(y,z)) = pls(pls(x,y),z))) & Stat33: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(pls(x,y),z) = pls(dot(z,y),dot(z,x)))) TbooleanAlgebra_0 ==> Stat79: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) = pls(y,x))) & Stat79a: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) = dot(y,x))) Suppose ==> Stat24: {pls(x,y): x in i1, y in i1} ¥nincin i1 c2-->Stat24(Stat9,Stat9*) ==> Stat25: (c2 in {pls(x,y): x in i1, y in i1}) & (c2 notin {pls(dot(b,x0),y): b in bb, y in i0}) & (i1 = {pls(dot(b,x0),y): b in bb, y in i0}) (x2,y2)-->Stat25(Stat25*) ==> Stat26: (x2 in {pls(dot(b,x0),y): b in bb, y in i0}) & (y2 in {pls(dot(a,x0),v): a in bb, v in i0}) & (pls(x2,y2) notin {pls(dot(c,x0),w): c in bb, w in i0}) (a2,b2)-->Stat23 ==> AUTO (i0,v2,u2)-->TbooleanAlgebra_4b(Stat1,Stat24*) ==> (((v2 in i0) & (u2 in i0)) ¥imp (pls(v2,u2) in i0)) (b2,u2,a2,v2,pls(a2,b2),pls(v2,u2))-->Stat26(Stat26*) ==> Stat27: (b2 in bb) & (u2 in i0) & (a2 in bb) & (v2 in i0) & (x2 = pls(dot(b2,x0),u2)) & (y2 = pls(dot(a2,x0),v2)) & (pls(x2,y2) /= pls(dot(pls(a2,b2),x0),pls(v2,u2))) EQUAL(Stat27) ==> Stat30: pls(pls(dot(b2,x0),u2),pls(dot(a2,x0),v2)) /= pls(dot(pls(a2,b2),x0),pls(v2,u2)) -- -- Reasoning in purely algebraic terms (to wit, exploiting the laws pertaining to commutative rings), we will now derive -- a contradiction from the inequality just found, so becoming able to discharge our most recent pending temporary assumption. -- (Stat27,Stat2,Stat1*)ELEM ==> (u2 in bb) & (v2 in bb) & (a2 in bb) & (b2 in bb) & (x0 in bb) (a2,x0,dot(a2,x0),v2)-->Stat22(Stat30*) ==> Stat20: (dot(a2,x0) in bb) & (pls(dot(a2,x0),v2) in bb) (b2,x0,u2,v2)-->Stat22(Stat30*) ==> (dot(b2,x0) in bb) & (pls(u2,v2) in bb) (dot(b2,x0),u2,pls(dot(a2,x0),v2))-->Stat84a(Stat30*) ==> Stat31: pls(dot(b2,x0),pls(u2,pls(dot(a2,x0),v2))) /= pls(dot(pls(a2,b2),x0),pls(v2,u2)) (dot(a2,x0),v2)-->Stat79(Stat30*) ==> pls(dot(a2,x0),v2) = pls(v2,dot(a2,x0)) (u2,v2,dot(a2,x0))-->Stat84a(Stat30*) ==> pls(u2,pls(v2,dot(a2,x0))) = pls(pls(u2,v2),dot(a2,x0)) (pls(u2,v2),dot(a2,x0))-->Stat79(Stat30*) ==> pls(pls(u2,v2),dot(a2,x0)) = pls(dot(a2,x0),pls(u2,v2)) EQUAL(Stat31) ==> Stat32: pls(dot(b2,x0),pls(dot(a2,x0),pls(u2,v2))) /= pls(dot(pls(a2,b2),x0),pls(v2,u2)) (a2,b2,x0)-->Stat33(Stat30*) ==> dot(pls(a2,b2),x0) = pls(dot(x0,b2),dot(x0,a2)) (v2,u2,b2,x0)-->Stat79(Stat30*) ==> (pls(v2,u2) = pls(u2,v2)) & (dot(x0,b2) = dot(b2,x0)) (a2,x0)-->Stat79a(Stat30*) ==> dot(x0,a2) = dot(a2,x0) EQUAL(Stat32) ==> pls(dot(b2,x0),pls(dot(a2,x0),pls(u2,v2))) /= pls(pls(dot(b2,x0),dot(a2,x0)),pls(u2,v2)) (dot(b2,x0),dot(a2,x0),pls(u2,v2))-->Stat84a(Stat20*) ==> false Discharge ==> AUTO -- -- Having now ascertained that $i1$ is closed under addition, let us check that it is also closed with respect to multiplication by -- any element in the Boolean algebra. -- Suppose ==> Stat52: {dot(x,y): x in bb, y in i1} ¥nincin i1 c3-->Stat52(Stat9,Stat9*) ==> Stat53: (c3 in {dot(x,y): x in bb, y in i1}) & Stat53a: (c3 notin {pls(dot(b,x0),y): b in bb, y in i0}) & (i1 = {pls(dot(b,x0),y): b in bb, y in i0}) (b3,y3)-->Stat53(Stat53*) ==> Stat54: (y3 in {pls(dot(b,x0),y): b in bb, y in i0}) & (dot(b3,y3) notin {pls(dot(b,x0),y): b in bb, y in i0}) & (b3 in bb) (b3,a3)-->Stat22(Stat54*) ==> (a3 in bb) ¥imp (dot(b3,a3) in bb) (a3,x3,dot(b3,a3),dot(b3,x3))-->Stat54(Stat54*) ==> Stat55: (y3 = pls(dot(a3,x0),x3)) & (a3 in bb) & (x3 in i0) & (dot(b3,a3) in bb) & ((dot(b3,y3) /= pls(dot(dot(b3,a3),x0),dot(b3,x3))) or (dot(b3,x3) notin i0)) (i0,x3,b3)-->TbooleanAlgebra_4a(Stat1,Stat54,Stat55*) ==> dot(b3,y3) /= pls(dot(dot(b3,a3),x0),dot(b3,x3)) EQUAL(Stat55) ==> Stat34: dot(b3,pls(dot(a3,x0),x3)) /= pls(dot(dot(b3,a3),x0),dot(b3,x3)) -- -- Reasoning in purely algebraic terms (to wit, exploiting the laws pertaining to commutative ring), we will now derive -- a contradiction from the inequality just found, so becoming able to discharge our most recent pending temporary assumption. -- (Stat55,Stat54,Stat2,Stat1*)ELEM ==> (a3 in bb) & (b3 in bb) & (x3 in bb) & (x0 in bb) (a3,x0,dot(a3,x0),x3)-->Stat22(Stat34*) ==> (dot(a3,x0) in bb) & (pls(dot(a3,x0),x3) in bb) (b3,pls(dot(a3,x0),x3))-->Stat79a(Stat34*) ==> dot(b3,pls(dot(a3,x0),x3)) = dot(pls(dot(a3,x0),x3),b3) (dot(a3,x0),x3,b3)-->Stat33(Stat34*) ==> pls(dot(b3,x3),dot(b3,dot(a3,x0))) /= pls(dot(dot(b3,a3),x0),dot(b3,x3)) (b3,x3)-->Stat22(Stat34*) ==> dot(b3,x3) in bb (b3,dot(a3,x0))-->Stat22(Stat34*) ==> dot(b3,dot(a3,x0)) in bb (dot(b3,x3),dot(b3,dot(a3,x0)))-->Stat79(Stat34*) ==> pls(dot(b3,dot(a3,x0)),dot(b3,x3)) /= pls(dot(dot(b3,a3),x0),dot(b3,x3)) Assump ==> Stat35: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(x,dot(y,z)) = dot(dot(x,y),z))) (b3,a3,x0)-->Stat35(Stat34*) ==> dot(b3,dot(a3,x0)) = dot(dot(b3,a3),x0) EQUAL(Stat34) ==> false Discharge ==> AUTO -- -- We must still exclude the possibility that $i1$ be not included in $bb - {ee}$. We will first observe that each element of -- $i1$ belongs to $bb$; then we will exclude that $ee$ belongs to $i1$ and will thus be done. -- Suppose ==> Stat81: i1 ¥nincin bb c4-->Stat81(Stat9,Stat9*) ==> Stat82: (c4 in {pls(dot(b,x0),y): b in bb, y in i0}) & (c4 notin bb) (b4,y4)-->Stat82(Stat82,Stat2*) ==> Stat83: (pls(dot(b4,x0),y4) notin bb) & (b4 in bb) & (y4 in i0) & (y4 in bb) (b4,x0,dot(b4,x0),y4)-->Stat22(Stat1,Stat83*) ==> false Discharge ==> AUTO (Stat21*)ELEM ==> Stat82a: ee in i1 -- -- From the only possibility that has survived, namely $ee in i1$, we will derive a contradiction, thus completing the proof. -- For convenience, within these comments let us denote $zz_thryvar,ee,pls,dot,cmp_thryvar,x0$ as $0,1,+,*,-,x$. -- Notice that if $1 in i1$, then $1 = b*x+y$ for suitable $b in bb$ and $y in i0$; hence $y = -(b*x)$, $y = -(x * b)$. -- Consequently, since $-x$ can be decomposed as $-x = -(x*b * x * (-b))$, and consequently, by the De Morgan law, as -- $-x = (x*b * x * (-b)) + -(x * b) * -(x * (-b))$, where the operand $(x*b * x * (-b))$ is $0$ and can be eliminated, -- we have $-x = y * -(x * (-b))$. Therefore $-x = -(x*b) * y$ belongs to $i0$, because it is multiple of a member $y$ of $i0$. -- However, as part of our initial hypothesis, $-x notin i0$, which gives us the desired contradiction. -- (Stat82a,Stat9*)ELEM ==> Stat83a: ee in {pls(dot(b,x0),y): b in bb, y in i0} (b5,y5)-->Stat83a(Stat83a*) ==> Stat84: (pls(dot(b5,x0),y5) = ee) & (b5 in bb) & (y5 in i0) -- -- First we check that $y = -(x * b)$. -- Suppose ==> Stat90: y5 /= cmp_thryvar(dot(x0,b5)) (b5,x0)-->Stat79a(Stat84,Stat1*) ==> dot(b5,x0) = dot(x0,b5) EQUAL(Stat90) ==> Stat85: y5 /= cmp_thryvar(dot(b5,x0)) (b5,x0)-->Stat22(Stat84,Stat1*) ==> Stat85a: dot(b5,x0) in bb EQUAL(Stat84) ==> pls(ee,pls(pls(dot(b5,x0),y5),y5)) = pls(ee,pls(ee,y5)) (dot(b5,x0),y5,y5)-->Stat84a(Stat85a,Stat84,Stat2*) ==> pls(dot(b5,x0),pls(y5,y5)) = pls(pls(dot(b5,x0),y5),y5) y5-->Stat4(Stat84,Stat2*) ==> (pls(y5,y5) = zz_thryvar) & (zz_thryvar in bb) (dot(b5,x0))-->Stat4(Stat84*) ==> pls(dot(b5,x0),zz_thryvar) = dot(b5,x0) EQUAL(Stat85) ==> Stat86: pls(ee,dot(b5,x0)) = pls(ee,pls(ee,y5)) Use_def(cmp_thryvar)(Stat86) ==> Stat86a: cmp_thryvar(dot(b5,x0)) = cmp_thryvar(cmp_thryvar(y5)) y5-->TbooleanAlgebra_1(Stat84,Stat85,Stat86a,Stat2*) ==> false Discharge ==> Stat87: y5 = cmp_thryvar(dot(x0,b5)) -- -- Next we check that $-x = -(x * b) * -(x * (-b))$, implying that $-x = y * -(x * (-b))$ belongs to $i0$. -- (b5,x0)-->TbooleanAlgebra_1a(Stat84,Stat1*) ==> (x0 = pls(dot(x0,b5),dot(x0,cmp_thryvar(b5)))) & (dot(dot(x0,b5),dot(x0,cmp_thryvar(b5))) = zz_thryvar) b5-->TbooleanAlgebra_1(Stat84,Stat84*) ==> Stat88: cmp_thryvar(b5) in bb (x0,cmp_thryvar(b5))-->Stat22(Stat1,Stat88*) ==> Stat88a: dot(x0,cmp_thryvar(b5)) in bb (x0,b5,dot(x0,b5),dot(x0,cmp_thryvar(b5)))-->Stat22(Stat84,Stat1,Stat88a*) ==> (dot(x0,b5) in bb) & (pls(dot(x0,b5),dot(x0,cmp_thryvar(b5))) in bb) (b5,x0)-->TbooleanAlgebra_1a(Stat84,Stat1*) ==> (x0 = pls(dot(x0,b5),dot(x0,cmp_thryvar(b5)))) & (dot(dot(x0,b5),dot(x0,cmp_thryvar(b5))) = zz_thryvar) (dot(x0,b5),dot(x0,cmp_thryvar(b5)))-->TbooleanAlgebra_1b(Stat88a*) ==> cmp_thryvar(pls(dot(x0,b5),dot(x0,cmp_thryvar(b5)))) = pls(dot(dot(x0,b5),dot(x0,cmp_thryvar(b5))),dot(cmp_thryvar(dot(x0,b5)),cmp_thryvar(dot(x0,cmp_thryvar(b5))))) EQUAL(Stat87) ==> cmp_thryvar(x0) = pls(zz_thryvar,dot(cmp_thryvar(dot(x0,b5)),cmp_thryvar(dot(x0,cmp_thryvar(b5))))) (dot(x0,b5))-->TbooleanAlgebra_1(Stat88a*) ==> cmp_thryvar(dot(x0,b5)) in bb (dot(x0,cmp_thryvar(b5)))-->TbooleanAlgebra_1(Stat88a,Stat88a*) ==> Stat89: cmp_thryvar(dot(x0,cmp_thryvar(b5))) in bb (cmp_thryvar(dot(x0,b5)),cmp_thryvar(dot(x0,cmp_thryvar(b5))))-->Stat22(Stat88a*) ==> dot(cmp_thryvar(dot(x0,b5)),cmp_thryvar(dot(x0,cmp_thryvar(b5)))) in bb (dot(cmp_thryvar(dot(x0,b5)),cmp_thryvar(dot(x0,cmp_thryvar(b5)))))-->Stat4(Stat88a*) ==> cmp_thryvar(x0) = dot(cmp_thryvar(dot(x0,b5)),cmp_thryvar(dot(x0,cmp_thryvar(b5)))) (i0,y5,cmp_thryvar(dot(x0,cmp_thryvar(b5))))-->TbooleanAlgebra_4a(Stat84,Stat1,Stat89*) ==> dot(y5,cmp_thryvar(dot(x0,cmp_thryvar(b5)))) in i0 EQUAL(Stat87) ==> cmp_thryvar(x0) in i0 Discharge ==> QED -- -- As a corollary of the theorem on the enlargement of ideals, for any $x0$ of the domain-of-support, -- a maximal ideal to which $x0$ does not belong owns the complement of $x0$ as a member. -- Theorem booleanAlgebra_7a: [Maximal ideals and complementation] ((X notin M) & (X in bb) & (FORALL j | (Ideal_thryvar(j) & (M ¥incin j)) ¥eq (j = M))) ¥imp (cmp_thryvar(X) in M). Proof: Suppose_not(x0,m0) ==> Stat1: (FORALL j | (Ideal_thryvar(j) & (m0 ¥incin j)) ¥eq (j = m0)) & (x0 notin m0) & (x0 in bb) & (cmp_thryvar(x0) notin m0) -- -- If a counterexample to the present claim could be found, namely a maximal ideal $m0$ and an element $x0$ of the Boolean algebra -- such that neither $x0$ nor its complement belongs to $m0$, then we could enlarge $m0$ into an ideal including $x0$, as stated by -- Theorem booleanAlgebra_7; but this would conflict with the maximality of $m0$. Before invoking Theorem booleanAlgebra_7, we must -- exclude the possibility $cmp_thryvar(x0) = ee$, which is easy, because the complement of $ee$, which is $zz_thryvar$ belongs to every ideal. -- m0-->Stat1(*) ==> Ideal_thryvar(m0) Suppose ==> cmp_thryvar(x0) = ee x0-->TbooleanAlgebra_1(*) ==> (cmp_thryvar(cmp_thryvar(x0)) = x0) & (cmp_thryvar(ee) = zz_thryvar) EQUAL ==> x0 = zz_thryvar m0-->TbooleanAlgebra_4a(*) ==> false Discharge ==> AUTO -- (m0,x0)-->TbooleanAlgebra_7 ==> Stat2: (EXISTS j | Ideal_thryvar(j) & ((m0 + {x0}) ¥incin j)) i0-->Stat2(Stat2*) ==> Stat3: Ideal_thryvar(i0) & ((m0 + {x0}) ¥incin i0) i0-->Stat1(Stat3,Stat1*) ==> false Discharge ==> QED -- Theorem booleanAlgebra_8e: [An obvious consequence of Boolean closure properties] (({X,Y} ¥incin bb) & (H = {[x,if x in M then 0 else 1 end if]: x in bb})) ¥imp ((H~[X] = if X in M then 0 else 1 end if) & (H~[Y] = if Y in M then 0 else 1 end if) & (H~[dot(X,Y)] = if dot(X,Y) in M then 0 else 1 end if) & (H~[pls(X,Y)] = if pls(X,Y) in M then 0 else 1 end if)). Proof: Suppose_not(x0,y0,h0,m0) ==> AUTO Assump ==> Stat1: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) in bb)) & (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) in bb)) (x0,y0,x0,y0)-->Stat1(*) ==> Stat2: (pls(x0,y0) in bb) & (dot(x0,y0) in bb) & (x0 in bb) & (y0 in bb) & (h0 = {[x,if x in m0 then 0 else 1 end if]: x in bb}) APPLY() Must_be_svm(b(x)->if x in m0 then 0 else 1 end if,s->bb,u->x0) ==> (x0 in bb) ¥imp ({[x,if x in m0 then 0 else 1 end if]: x in bb}~[x0] = if x0 in m0 then 0 else 1 end if) APPLY() Must_be_svm(b(x)->if x in m0 then 0 else 1 end if,s->bb,u->y0) ==> (y0 in bb) ¥imp ({[x,if x in m0 then 0 else 1 end if]: x in bb}~[y0] = if y0 in m0 then 0 else 1 end if) APPLY() Must_be_svm(b(x)->if x in m0 then 0 else 1 end if,s->bb,u->dot(x0,y0)) ==> (dot(x0,y0) in bb) ¥imp ({[x,if x in m0 then 0 else 1 end if]: x in bb}~[dot(x0,y0)] = if dot(x0,y0) in m0 then 0 else 1 end if) APPLY() Must_be_svm(b(x)->if x in m0 then 0 else 1 end if,s->bb,u->pls(x0,y0)) ==> (pls(x0,y0) in bb) ¥imp ({[x,if x in m0 then 0 else 1 end if]: x in bb}~[pls(x0,y0)] = if pls(x0,y0) in m0 then 0 else 1 end if) EQUAL(Stat2) ==> (h0~[x0] = if x0 in m0 then 0 else 1 end if) & (h0~[y0] = if y0 in m0 then 0 else 1 end if) & (h0~[dot(x0,y0)] = if dot(x0,y0) in m0 then 0 else 1 end if) & (h0~[pls(x0,y0)] = if pls(x0,y0) in m0 then 0 else 1 end if) Discharge ==> QED -- Theorem booleanAlgebra_8d: [Homomorphism naturally associated with a maximal ideal, 0] (Ideal_thryvar(M) & ({X,Y} ¥incin bb) & (H = {[x,if x in M then 0 else 1 end if]: x in bb})) ¥imp ((((H~[X]) = 0) ¥imp (((H~[dot(X,Y)]) = 0) & (((H~[Y]) = 0) ¥imp ((H~[pls(X,Y)]) = 0))))). Proof: Suppose_not(m0,x0,y0,h0) ==> AUTO Assump ==> Stat1: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) in bb)) & (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) in bb)) (x0,y0,x0,y0)-->Stat1(*) ==> Stat2: (pls(x0,y0) in bb) & (dot(x0,y0) in bb) & ({x0,y0} ¥incin bb) & Ideal_thryvar(m0) & ({x0,y0} ¥incin bb) & (h0 = {[x,if x in m0 then 0 else 1 end if]: x in bb}) --?? Why is "bb" needed in the following two theorem citations? (x0,y0,bb,h0,m0)-->TbooleanAlgebra_8e(Stat2*) ==> Stat3: (h0~[x0] = if x0 in m0 then 0 else 1 end if) & (h0~[y0] = if y0 in m0 then 0 else 1 end if) & (h0~[dot(x0,y0)] = if dot(x0,y0) in m0 then 0 else 1 end if) & (h0~[pls(x0,y0)] = if pls(x0,y0) in m0 then 0 else 1 end if) ELEM ==> Stat5: (h0~[x0]) = 0 TELEM ==> Stat4: 0 /= 1 (m0,x0,y0)-->TbooleanAlgebra_4a(Stat2,Stat4,Stat3,Stat5*) ==> h0~[dot(x0,y0)] = 0 (m0,x0,y0)-->TbooleanAlgebra_4b(Stat2,Stat4,Stat3,Stat5*) ==> (h0~[y0] = 0) ¥imp (h0~[pls(x0,y0)] = 0) Discharge ==> QED -- Theorem booleanAlgebra_8: [Homomorphism naturally associated with a maximal ideal] (FORALL j | (Ideal_thryvar(j) & (M ¥incin j)) ¥eq (j = M)) ¥imp ({[x,if x in M then 0 else 1 end if]: x in bb} in hh_thryvar). Proof: Suppose_not(m0) ==> Stat1: (FORALL j | (Ideal_thryvar(j) & (m0 ¥incin j)) ¥eq (j = m0)) & ({[x,if x in m0 then 0 else 1 end if]: x in bb} notin hh_thryvar) Use_def(hh_thryvar) ==> Stat2: {[x,if x in m0 then 0 else 1 end if]: x in bb} notin {h ¥incin (bb ¥PROD 2) | BooHom_thryvar(h)} ({[x,if x in m0 then 0 else 1 end if]: x in bb})-->Stat2(Stat2*) ==> ({[x,if x in m0 then 0 else 1 end if]: x in bb} ¥nincin (bb ¥PROD 2)) or (not BooHom_thryvar({[x,if x in m0 then 0 else 1 end if]: x in bb})) Suppose ==> Stat3: {[x,if x in m0 then 0 else 1 end if]: x in bb} ¥nincin (bb ¥PROD 2) Use_def(¥PROD) ==> (bb ¥PROD 2) = {[x,y]: x in bb, y in 2} c-->Stat3(Stat3*) ==> Stat4: (c in {[x,if x in m0 then 0 else 1 end if]: x in bb}) & (c notin {[x,y]: x in bb, y in 2}) TELEM ==> 2 = {0,1} (x1,x1,if x1 in m0 then 0 else 1 end if)-->Stat4(Stat4*) ==> Stat5: (if x1 in m0 then 0 else 1 end if) notin {0,1} (Stat5*)Discharge ==> Stat6: (not BooHom_thryvar({[x,if x in m0 then 0 else 1 end if]: x in bb})) & ({[x,if x in m0 then 0 else 1 end if]: x in bb} ¥incin (bb ¥PROD 2)) Loc_def ==> Stat7: h0 = {[x,if x in m0 then 0 else 1 end if]: x in bb} EQUAL(Stat6) ==> (not BooHom_thryvar(h0)) Use_def(BooHom_thryvar)(Stat6*) ==> Stat8: not(Svm(h0) & (domain(h0) = bb) & (h0~[ee] = Un(range(h0))) & (h0~[ee] /= h0~[zz_thryvar]) & (FORALL x in bb, y in bb | ((h0~[dot(x,y)]) = ((h0~[x]) * (h0~[y]))) & ((h0~[pls(x,y)]) = sym((h0~[x]), (h0~[y]))))) TELEM ==> Svm({[x,if x in m0 then 0 else 1 end if]: x in bb}) & (domain({[x,if x in m0 then 0 else 1 end if]: x in bb}) = bb) m0-->Stat1(Stat1*) ==> Stat10: Ideal_thryvar(m0) Use_def(Ideal_thryvar(m0)) ==> AUTO Assump ==> Stat12a: ee in bb TbooleanAlgebra_0 ==> Stat12: (FORALL x | ((x in bb) ¥imp ((pls(x,x) = zz_thryvar) & (pls(x,zz_thryvar) = x) & (pls(zz_thryvar,x) = x))) & (zz_thryvar in bb)) & Stat36: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) = dot(y,x))) & Stat36a: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) = pls(y,x))) 0-->Stat12(Stat12*) ==> zz_thryvar in bb -- -- Observe that the images of $ee$ and $zz_thryvar$ under the function ${[x,if x in m0 then 0 else 1 end if]: x in bb}$ are 0 and 1. -- Suppose ==> not(({[x,if x in m0 then 0 else 1 end if]: x in bb}~[ee] = 1) & ({[x,if x in m0 then 0 else 1 end if]: x in bb}~[zz_thryvar] = 0)) APPLY() Must_be_svm(b(x)->if x in m0 then 0 else 1 end if,s->bb,u->ee) ==> (ee in bb) ¥imp ({[x,if x in m0 then 0 else 1 end if]: x in bb}~[ee] = if ee in m0 then 0 else 1 end if) APPLY() Must_be_svm(b(x)->if x in m0 then 0 else 1 end if,s->bb,u->zz_thryvar) ==> (zz_thryvar in bb) ¥imp ({[x,if x in m0 then 0 else 1 end if]: x in bb}~[zz_thryvar] = if zz_thryvar in m0 then 0 else 1 end if) m0-->TbooleanAlgebra_4a(Stat10,Stat10*) ==> zz_thryvar in m0 (Stat10*)Discharge ==> AUTO -- -- Therefore the images of 0 and 1 differ. -- TELEM ==> Stat10a: 0 /= 1 (Stat10*)ELEM ==> ({[x,if x in m0 then 0 else 1 end if]: x in bb}~[ee]) /= ({[x,if x in m0 then 0 else 1 end if]: x in bb}~[zz_thryvar]) Suppose ==> {[x,if x in m0 then 0 else 1 end if]: x in bb}~[ee] /= Un(range({[x,if x in m0 then 0 else 1 end if]: x in bb})) -- -- Recall that $Un(2) = 1$. -- T1002 ==> (2 = {0,1}) & (Un(2) = 1) 0-->T31d ==> Un(0) = 0 -- -- Notice also that since $range({[x,if x in m0 then 0 else 1 end if]: x in bb})$ comprises the images of -- $ee$ and $zz_thryvar$, which are 0 and 1 respectively, and since this set is included in 2, it must be 2. -- ({[x,if x in m0 then 0 else 1 end if]: x in bb},bb ¥PROD 2)-->T65(Stat6,Stat6*) ==> range({[x,if x in m0 then 0 else 1 end if]: x in bb}) ¥incin range(bb ¥PROD 2) (ee,{[x,if x in m0 then 0 else 1 end if]: x in bb})-->T71(Stat8*) ==> ({[x,if x in m0 then 0 else 1 end if]: x in bb}~[ee]) in range({[x,if x in m0 then 0 else 1 end if]: x in bb}) (zz_thryvar,{[x,if x in m0 then 0 else 1 end if]: x in bb})-->T71(Stat8*) ==> ({[x,if x in m0 then 0 else 1 end if]: x in bb}~[zz_thryvar]) in range({[x,if x in m0 then 0 else 1 end if]: x in bb}) (bb ¥PROD 2,bb,2)-->T141(Stat10*) ==> range({[x,if x in m0 then 0 else 1 end if]: x in bb}) = 2 EQUAL(Stat10a) ==> false Discharge ==> AUTO EQUAL(Stat7) ==> Svm(h0) & (domain(h0) = bb) & (h0~[ee] = Un(range(h0))) & (h0~[ee] /= h0~[zz_thryvar]) (Stat8*)ELEM ==> Stat9: (not(FORALL x in bb, y in bb | ((h0~[dot(x,y)]) = ((h0~[x]) * (h0~[y]))) & ((h0~[pls(x,y)]) = sym((h0~[x]), (h0~[y]))))) (x2,y2)-->Stat9(Stat9*) ==> Stat9a: (x2 in bb) & (y2 in bb) & (not ((h0~[dot(x2,y2)]) = ((h0~[x2]) * (h0~[y2]))) & ((h0~[pls(x2,y2)]) = sym((h0~[x2]), (h0~[y2])))) Assump ==> Stat13: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) in bb)) & (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) in bb)) & Stat14a: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,pls(y,x)) = y)) (x2,y2,x2,y2)-->Stat13(Stat9a*) ==> Stat13a: (pls(x2,y2) in bb) & (dot(x2,y2) in bb) -- -- Here we undertake the verification that $h0$ preserves multiplication, in the sense that -- the image of a Boolean product equals the intersection of the images of the operands. -- --?? Why is "bb" needed in the following theorem citation? (x2,y2,bb,h0,m0)-->TbooleanAlgebra_8e(Stat9a,Stat7*) ==> Stat27a: (h0~[x2] = if x2 in m0 then 0 else 1 end if) & (h0~[y2] = if y2 in m0 then 0 else 1 end if) & (h0~[dot(x2,y2)] = if dot(x2,y2) in m0 then 0 else 1 end if) & (h0~[pls(x2,y2)] = if pls(x2,y2) in m0 then 0 else 1 end if) -- (x2,m0)-->TbooleanAlgebra_7a(Stat1,Stat9a*) ==> Stat91a: (x2 notin m0) ¥imp (cmp_thryvar(x2) in m0) (y2,m0)-->TbooleanAlgebra_7a(Stat1,Stat9a*) ==> Stat92a: (y2 notin m0) ¥imp (cmp_thryvar(y2) in m0) -- Suppose ==> Stat20: (h0~[dot(x2,y2)]) /= ((h0~[x2]) * (h0~[y2])) EQUAL(Stat27a) ==> Stat29: if dot(x2,y2) in m0 then 0 else 1 end if /= ((if x2 in m0 then 0 else 1 end if) * (if y2 in m0 then 0 else 1 end if)) (m0,x2,y2)-->TbooleanAlgebra_4a(Stat10,Stat9a,Stat29*) ==> Stat23a: x2 notin m0 (m0,y2,x2)-->TbooleanAlgebra_4a(Stat10,Stat9a,Stat29,Stat92a,Stat23a*) ==> Stat28a: (y2 notin m0) & (cmp_thryvar(y2) in m0) & (dot(x2,y2) in m0) (y2,x2)-->TbooleanAlgebra_1a(Stat9a,Stat23a*) ==> Stat35a: pls(dot(x2,y2),dot(x2,cmp_thryvar(y2))) notin m0 (m0,cmp_thryvar(y2),x2)-->TbooleanAlgebra_4a(Stat10,Stat9a,Stat28a*) ==> Stat39a: dot(x2,cmp_thryvar(y2)) in m0 (m0,dot(x2,y2),dot(x2,cmp_thryvar(y2)))-->TbooleanAlgebra_4b(Stat10,Stat28a,Stat39a,Stat35a*) ==> false Discharge ==> AUTO -- -- Here we undertake the verification that $h0$ preserves addition, in the sense that -- the image of a Boolean sum equals the symmetric difference of the images of the operands. -- This will lead to a contradiction, and hence to the desired conclusion. -- (Stat9a*)ELEM ==> Stat49a: if pls(x2,y2) in m0 then 0 else 1 end if /= sym((if x2 in m0 then 0 else 1 end if), (if y2 in m0 then 0 else 1 end if)) --?? Use_def(sym) ==> Stat49: if pls(x2,y2) in m0 then 0 else 1 end if /= (((if x2 in m0 then 0 else 1 end if) - (if y2 in m0 then 0 else 1 end if)) + ((if x2 in m0 then 0 else 1 end if) - (if y2 in m0 then 0 else 1 end if))) Use_def(sym)(Stat49a) ==> Stat49: if pls(x2,y2) in m0 then 0 else 1 end if /= (((if x2 in m0 then 0 else 1 end if) - (if y2 in m0 then 0 else 1 end if)) + ((if y2 in m0 then 0 else 1 end if) - (if x2 in m0 then 0 else 1 end if))) (m0,x2,y2)-->TbooleanAlgebra_4b(Stat10,Stat49*) ==> not((x2 in m0) & (y2 in m0)) Assump ==> Stat46: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (pls(x,pls(y,z)) = pls(pls(x,y),z))) Suppose ==> Stat43a: (x2 notin m0) & (y2 notin m0) Suppose ==> Stat44a: pls(x2,y2) notin m0 (m0,cmp_thryvar(x2),cmp_thryvar(y2))-->TbooleanAlgebra_4b(Stat10,Stat43a,Stat91a,Stat92a,Stat44a*) ==> pls(x2,y2) /= pls(cmp_thryvar(x2),cmp_thryvar(y2)) Use_def(cmp_thryvar)(Stat45a) ==> Stat47a: pls(x2,y2) /= pls(pls(ee,x2),pls(ee,y2)) (ee,x2)-->Stat13(Stat12a,Stat9a*) ==> Stat46a: pls(ee,x2) in bb (pls(ee,x2),ee,y2)-->Stat46(Stat12a,Stat9a,Stat46a,Stat47a*) ==> Stat47: pls(x2,y2) /= pls(pls(pls(ee,x2),ee),y2) (ee,x2,ee)-->Stat46(Stat12a,Stat9a*) ==> pls(ee,pls(x2,ee)) = pls(pls(ee,x2),ee) (ee,x2)-->Stat14a(Stat9a,Stat12a*) ==> pls(ee,pls(x2,ee)) = x2 EQUAL(Stat47) ==> false Discharge ==> pls(x2,y2) in m0 (Stat49*)ELEM ==> false Discharge ==> AUTO (pls(x2,y2))-->TbooleanAlgebra_1(Stat13a,Stat13a*) ==> cmp_thryvar(cmp_thryvar(pls(x2,y2))) = pls(x2,y2) Use_def(cmp_thryvar(pls(x2,y2))) ==> AUTO Use_def(cmp_thryvar(cmp_thryvar(pls(x2,y2)))) ==> AUTO Suppose ==> Stat63a: (x2 in m0) & (y2 notin m0) (m0,cmp_thryvar(y2),x2)-->TbooleanAlgebra_4b(Stat10,Stat63a,Stat92a*) ==> Stat66: pls(cmp_thryvar(y2),x2) in m0 (m0,pls(cmp_thryvar(y2),x2),ee)-->TbooleanAlgebra_4a(Stat10,Stat66,Stat12a*) ==> Stat67: cmp_thryvar(pls(cmp_thryvar(y2),x2)) notin m0 Use_def(cmp_thryvar)(Stat67) ==> pls(ee,pls(pls(ee,y2),x2)) notin m0 (ee,y2,x2)-->Stat46(Stat12a,Stat9a*) ==> pls(ee,pls(y2,x2)) = pls(pls(ee,y2),x2) (x2,y2)-->Stat36a(Stat9a,Stat9a*) ==> pls(x2,y2) = pls(y2,x2) EQUAL(Stat13a) ==> Stat68: pls(x2,y2) notin m0 (Stat49,Stat63a,Stat68*)ELEM ==> false Discharge ==> AUTO (Stat49*)ELEM ==> Stat73a: (y2 in m0) & (x2 notin m0) (m0,cmp_thryvar(x2),y2)-->TbooleanAlgebra_4b(Stat10,Stat73a,Stat91a*) ==> Stat76: pls(cmp_thryvar(x2),y2) in m0 (m0,pls(cmp_thryvar(x2),y2),ee)-->TbooleanAlgebra_4a(Stat10,Stat76,Stat12a*) ==> Stat77: cmp_thryvar(pls(cmp_thryvar(x2),y2)) notin m0 Use_def(cmp_thryvar)(Stat77) ==> pls(ee,pls(pls(ee,x2),y2)) notin m0 (ee,x2,y2)-->Stat46(Stat12a,Stat9a*) ==> pls(ee,pls(x2,y2)) = pls(pls(ee,x2),y2) Use_def(cmp_thryvar(pls(x2,y2))) ==> AUTO Use_def(cmp_thryvar(cmp_thryvar(pls(x2,y2)))) ==> AUTO EQUAL(Stat13a) ==> Stat78: pls(x2,y2) notin m0 (Stat49,Stat73a,Stat78*)ELEM ==> false Discharge ==> QED -- Theorem booleanAlgebra_8b: [Isomorphism between a doubleton Boolean algebra and 2] (bb ¥incin {zz_thryvar,ee}) ¥imp ({[zz_thryvar,0],[ee,1]} in hh_thryvar). Proof: Suppose_not ==> Stat1a: (bb ¥incin {zz_thryvar,ee}) & ({[zz_thryvar,0],[ee,1]} notin hh_thryvar) Use_def(hh_thryvar) ==> Stat2: {[zz_thryvar,0],[ee,1]} notin {h ¥incin (bb ¥PROD 2) | BooHom_thryvar(h)} ({[zz_thryvar,0],[ee,1]})-->Stat2(Stat2*) ==> not(({[zz_thryvar,0],[ee,1]} ¥incin (bb ¥PROD 2)) & BooHom_thryvar({[zz_thryvar,0],[ee,1]})) Assump ==> ee in bb Suppose ==> bb /= {zz_thryvar,ee} TbooleanAlgebra_0(Stat2*) ==> Stat6: (FORALL x | ((x in bb) ¥imp ((pls(x,x) = zz_thryvar) & (pls(x,zz_thryvar) = x) & (pls(zz_thryvar,x) = x))) & (zz_thryvar in bb)) 0-->Stat6(Stat1a*) ==> false Discharge ==> AUTO Suppose ==> Stat3: {[zz_thryvar,0],[ee,1]} ¥nincin (bb ¥PROD 2) Use_def(¥PROD) ==> (bb ¥PROD 2) = {[x,y]: x in bb, y in 2} c-->Stat3(Stat3*) ==> (c notin {[x,y]: x in bb, y in 2}) & (c in {[zz_thryvar,0],[ee,1]}) TELEM ==> Stat4: 2 = {0,1} Suppose ==> Stat5: [zz_thryvar,0] notin {[x,y]: x in bb, y in 2} (zz_thryvar,0)-->Stat5(Stat2*) ==> false Discharge ==> AUTO (Stat3*)ELEM ==> Stat7: [ee,1] notin {[x,y]: x in bb, y in 2} (ee,1)-->Stat7(Stat2*) ==> false Discharge ==> AUTO Use_def(BooHom_thryvar({[zz_thryvar,0],[ee,1]})) ==> AUTO TELEM ==> Stat8: ({[zz_thryvar,0],[ee,1]} = {[ee,1],[zz_thryvar,0]}) & (0 /= 1) & (range({[zz_thryvar,0],[ee,1]}) = {0,1}) & (2 = {0,1}) 0-->TbooleanAlgebra_1(Stat8*) ==> cmp_thryvar(ee) = zz_thryvar ee-->TbooleanAlgebra_2(Stat2*) ==> zz_thryvar /= ee (zz_thryvar,0,ee,1)-->T92(Stat8*) ==> (domain({[zz_thryvar,0],[ee,1]}) = {zz_thryvar,ee}) & Svm({[zz_thryvar,0],[ee,1]}) (zz_thryvar,ee,0,1)-->T93(Stat8*) ==> {[zz_thryvar,0],[ee,1]}~[zz_thryvar] = 0 (ee,zz_thryvar,1,0)-->T93(Stat8*) ==> {[ee,1],[zz_thryvar,0]}~[ee] = 1 EQUAL(Stat8) ==> {[zz_thryvar,0],[ee,1]}~[zz_thryvar] /= {[zz_thryvar,0],[ee,1]}~[ee] Suppose ==> ({[zz_thryvar,0],[ee,1]}~[ee] /= Un(range({[zz_thryvar,0],[ee,1]}))) EQUAL ==> 1 /= Un(2) T1002(Stat8*) ==> false Discharge ==> AUTO (Stat2*)ELEM ==> Stat9: not((FORALL x in bb, y in bb | (({[zz_thryvar,0],[ee,1]}~[dot(x,y)]) = (({[zz_thryvar,0],[ee,1]}~[x]) * ({[zz_thryvar,0],[ee,1]}~[y]))) & (({[zz_thryvar,0],[ee,1]}~[pls(x,y)]) = sym(({[zz_thryvar,0],[ee,1]}~[x]), ({[zz_thryvar,0],[ee,1]}~[y]))))) (x1,y1)-->Stat9(Stat9*) ==> Stat9a: (x1 in bb) & (y1 in bb) & (not(({[zz_thryvar,0],[ee,1]}~[dot(x1,y1)]) = (({[zz_thryvar,0],[ee,1]}~[x1]) * ({[zz_thryvar,0],[ee,1]}~[y1]))) & (({[zz_thryvar,0],[ee,1]}~[pls(x1,y1)]) = sym(({[zz_thryvar,0],[ee,1]}~[x1]), ({[zz_thryvar,0],[ee,1]}~[y1])))) TbooleanAlgebra_0 ==> Stat44a: (FORALL x | ((x in bb) ¥imp ((pls(x,x) = zz_thryvar) & (pls(x,zz_thryvar) = x) & (pls(zz_thryvar,x) = x))) & (zz_thryvar in bb)) & Stat42a: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) = dot(y,x))) & (FORALL x | (x in bb) ¥imp (dot(zz_thryvar,x) = zz_thryvar)) & (FORALL x | (x in bb) ¥imp (dot(zz_thryvar,x) = zz_thryvar)) Suppose ==> ({[zz_thryvar,0],[ee,1]}~[dot(x1,y1)]) /= (({[zz_thryvar,0],[ee,1]}~[x1]) * ({[zz_thryvar,0],[ee,1]}~[y1])) (x1,y1,x1,y1)-->Stat42a(Stat9a*) ==> (dot(x1,y1) = dot(y1,x1)) & (dot(zz_thryvar,x1) = zz_thryvar) & (dot(zz_thryvar,y1) = zz_thryvar) Suppose ==> x1 = zz_thryvar EQUAL(Stat8) ==> false Discharge ==> AUTO Suppose ==> y1 = zz_thryvar EQUAL(Stat8) ==> false Discharge ==> AUTO (Stat44a*)ELEM ==> Stat41: (x1 /= zz_thryvar) & (y1 /= zz_thryvar) (Stat1a,Stat41,Stat9a*)ELEM ==> (x1 = ee) & (y1 = ee) Assump ==> Stat42: (FORALL x | (x in bb) ¥imp (dot(ee,x) = x)) ee-->Stat42(Stat2*) ==> dot(ee,ee) = ee EQUAL(Stat9) ==> ({[zz_thryvar,0],[ee,1]}~[ee]) /= (({[zz_thryvar,0],[ee,1]}~[ee]) * ({[zz_thryvar,0],[ee,1]}~[ee])) (Stat42*)Discharge ==> AUTO (Stat9*)ELEM ==> Stat50: (x1 in bb) & (y1 in bb) & (({[zz_thryvar,0],[ee,1]}~[pls(x1,y1)]) /= sym(({[zz_thryvar,0],[ee,1]}~[x1]), ({[zz_thryvar,0],[ee,1]}~[y1]))) Suppose ==> x1 = y1 x1-->Stat44a(Stat50*) ==> pls(x1,x1) = zz_thryvar EQUAL(Stat8) ==> 0 /= sym(({[zz_thryvar,0],[ee,1]}~[x1]), ({[zz_thryvar,0],[ee,1]}~[x1])) Use_def(sym)(Stat50) ==> false Discharge ==> Stat46a: x1 /= y1 Suppose ==> (x1 = zz_thryvar) & (y1 = ee) y1-->Stat44a(Stat50*) ==> pls(zz_thryvar,y1) = y1 EQUAL(Stat8) ==> ({[zz_thryvar,0],[ee,1]}~[y1]) /= sym(0, ({[zz_thryvar,0],[ee,1]}~[y1])) Use_def(sym)(Stat46a*) ==> false Discharge ==> Stat55: not((x1 = zz_thryvar) & (y1 = ee)) (Stat46a,Stat1a,Stat9a,Stat55*)ELEM ==> (x1 = ee) & (y1 = zz_thryvar) x1-->Stat44a(Stat50*) ==> pls(x1,zz_thryvar) = x1 EQUAL(Stat8) ==> ({[zz_thryvar,0],[ee,1]}~[x1]) /= sym(({[zz_thryvar,0],[ee,1]}~[x1]), 0) Use_def(sym)(Stat55*) ==> false Discharge ==> QED -- Theorem booleanAlgebra_8a: [Homomorphism distinguishing an element from Boolean zero] (X in bb - {zz_thryvar}) ¥imp ({h in hh_thryvar | h~[X] = 1} /= 0). Proof: Suppose_not(x0) ==> Stat1: ({h in hh_thryvar | h~[x0] = 1} = 0) & (x0 in bb - {zz_thryvar}) -- -- Suppose a counterexample $x0$ could exist. If $bb={zz_thryvar,ee}$, then $x0 = ee$, in which case ${[zz_thryvar,0],[ee,1]}$ would be -- a homomorphism sending $x0$ to $1$. Otherwise, take a $y0 in (bb - {zz_thryvar,ee})$, in particular choosing $y0 = x0$ if -- $x0 /= ee$, consider the principal ideal $i0$ generated by $cmp_thryvar(y0)$, and a maximal ideal $i1$ containing $i0$. -- Then the homomorphism naturally associated with $i1$ will send $y0$ to $1$; therefore it will send $x0$ to $1$, which leads us -- to the desired contradiction. -- Suppose ==> Stat1a: bb ¥incin {zz_thryvar,ee} TbooleanAlgebra_8b(Stat1a*) ==> {[zz_thryvar,0],[ee,1]} in hh_thryvar ({[zz_thryvar,0],[ee,1]})-->Stat1(Stat1a*) ==> {[zz_thryvar,0],[ee,1]}~[x0] /= 1 (Stat1*)ELEM ==> x0 = ee EQUAL ==> {[zz_thryvar,0],[ee,1]}~[ee] /= 1 0-->TbooleanAlgebra_1(Stat1a*) ==> cmp_thryvar(ee) = zz_thryvar Assump ==> ee in bb ee-->TbooleanAlgebra_2(Stat1a*) ==> zz_thryvar /= ee (ee,zz_thryvar,1,0)-->T93(Stat1a*) ==> false Discharge ==> AUTO -- -- The trivial case of a doubleton Boolean algebra having been discarded at this point, we now begin to develop the proof proper. -- Loc_def ==> Stat10: y0 = if x0 /= ee then x0 else arb(bb - {zz_thryvar,ee}) end if (Stat1)ELEM ==> y0 in (bb - {zz_thryvar,ee}) y0-->TbooleanAlgebra_2(Stat10*) ==> cmp_thryvar(y0) in (bb - {zz_thryvar, ee}) (cmp_thryvar(y0))-->TbooleanAlgebra_6a ==> Ideal_thryvar({dot(a,cmp_thryvar(y0)): a in bb}) & (cmp_thryvar(y0) in {dot(a,cmp_thryvar(y0)): a in bb}) ({dot(a,cmp_thryvar(y0)): a in bb})-->TbooleanAlgebra_5 ==> Stat11: (EXISTS m | ({dot(a,cmp_thryvar(y0)): a in bb} ¥incin m) & (FORALL j | (Ideal_thryvar(j) & (m ¥incin j)) ¥eq (j = m))) m0-->Stat11(Stat10*) ==> Stat12: (FORALL j | (Ideal_thryvar(j) & (m0 ¥incin j)) ¥eq (j = m0)) & (cmp_thryvar(y0) in m0) m0-->TbooleanAlgebra_8(Stat12*) ==> Stat13: {[x,if x in m0 then 0 else 1 end if]: x in bb} in hh_thryvar ({[x,if x in m0 then 0 else 1 end if]: x in bb})-->Stat1(Stat13*) ==> Stat13a: ({[x,if x in m0 then 0 else 1 end if]: x in bb}~[x0]) /= 1 APPLY() Must_be_svm(b(x)->if x in m0 then 0 else 1 end if,s->bb,u->y0) ==> (y0 in bb) ¥imp ({[x,if x in m0 then 0 else 1 end if]: x in bb}~[y0] = if y0 in m0 then 0 else 1 end if) y0-->TbooleanAlgebra_1(Stat10*) ==> cmp_thryvar(cmp_thryvar(y0)) = y0 m0-->Stat12(Stat12,Stat12*) ==> Ideal_thryvar(m0) (m0,cmp_thryvar(y0),cmp_thryvar(y0))-->TbooleanAlgebra_4a(Stat10*) ==> (y0 notin m0) & (zz_thryvar in m0) (Stat10*)ELEM ==> {[x,if x in m0 then 0 else 1 end if]: x in bb}~[y0] = 1 Suppose ==> y0 = x0 EQUAL(Stat10) ==> false Discharge ==> Stat20: y0 /= x0 (Stat10,Stat20*)ELEM ==> x0 = ee Use_def(hh_thryvar)(Stat13,Stat13) ==> Stat14: {[x,if x in m0 then 0 else 1 end if]: x in bb} in {h ¥incin (bb ¥PROD 2) | BooHom_thryvar(h)} Use_def(BooHom_thryvar({[x,if x in m0 then 0 else 1 end if]: x in bb})) ==> AUTO ()-->Stat14(Stat14*) ==> {[x,if x in m0 then 0 else 1 end if]: x in bb}~[ee] /= {[x,if x in m0 then 0 else 1 end if]: x in bb}~[zz_thryvar] APPLY() Must_be_svm(b(x)->if x in m0 then 0 else 1 end if,s->bb,u->zz_thryvar) ==> (zz_thryvar in bb) ¥imp ({[x,if x in m0 then 0 else 1 end if]: x in bb}~[zz_thryvar] = if zz_thryvar in m0 then 0 else 1 end if) Use_def(Ideal_thryvar(m0)) ==> AUTO (Stat13*)ELEM ==> {[x,if x in m0 then 0 else 1 end if]: x in bb}~[zz_thryvar] = 0 EQUAL(Stat13) ==> Stat14a: {[x,if x in m0 then 0 else 1 end if]: x in bb}~[x0] /= 0 APPLY() Must_be_svm(b(x)->if x in m0 then 0 else 1 end if,s->bb,u->x0) ==> Stat15: (x0 in bb) ¥imp ({[x,if x in m0 then 0 else 1 end if]: x in bb}~[x0] = if x0 in m0 then 0 else 1 end if) (Stat1,Stat15,Stat13a,Stat14a*)ELEM ==> false Discharge ==> QED -- Theorem booleanAlgebra_8c: [Homomorphism distinguishing an element from Boolean zero] hh_thryvar /= 0. Proof: Suppose_not() ==> AUTO TbooleanAlgebra_8b ==> Stat1: arb(bb - {zz_thryvar,ee}) in (bb - {zz_thryvar,ee}) (arb(bb - {zz_thryvar,ee}))-->TbooleanAlgebra_8a(Stat1*) ==> Stat2: {h in hh_thryvar | h~[arb(bb - {zz_thryvar,ee})] = 1} /= 0 h-->Stat2(*) ==> false Discharge ==> QED -- Def booleanAlgebra_5: [Standard isomorphism between this algebra and a family of subsets of $hh_thryvar$] phi_thryvar := {[b,{h in hh_thryvar | h~[b] = 1}]: b in bb} -- Theorem booleanAlgebra_9: [Images under the standard homomorphism] (X in bb) ¥imp ((phi_thryvar~[X]) = {h in hh_thryvar | h~[X] = 1}). Proof: Suppose_not(x0) ==> AUTO ELEM ==> Stat1: (car([x0,{h in hh_thryvar | h~[x0] = 1}]) = x0) & (cdr([x0,{h in hh_thryvar | h~[x0] = 1}]) = {h in hh_thryvar | h~[x0] = 1}) ({[b,{h in hh_thryvar | h~[b] = 1}]: b in bb},[x0,{h in hh_thryvar | h~[x0] = 1}])-->T74(Stat1*) ==> ([x0,{h in hh_thryvar | h~[x0] = 1}] in {[b,{h in hh_thryvar | h~[b] = 1}]: b in bb}) ¥imp (({[b,{h in hh_thryvar | h~[b] = 1}]: b in bb}~[car([x0,{h in hh_thryvar | h~[x0] = 1}])]) = {h in hh_thryvar | h~[x0] = 1}) Use_def(phi_thryvar) ==> phi_thryvar = {[b,{h in hh_thryvar | h~[b] = 1}]: b in bb} EQUAL(Stat1) ==> ([x0,{h in hh_thryvar | h~[x0] = 1}] in {[b,{h in hh_thryvar | h~[b] = 1}]: b in bb}) ¥imp ((phi_thryvar~[x0]) = {h in hh_thryvar | h~[x0] = 1}) Suppose ==> Stat2: [x0,{h in hh_thryvar | h~[x0] = 1}] notin {[b,{h in hh_thryvar | h~[b] = 1}]: b in bb} x0-->Stat2(*) ==> false; Discharge ==> false Discharge ==> QED -- Theorem booleanAlgebra_10: [Boolean homomorphism property, 1] ({X,Y} ¥incin bb) ¥imp (((phi_thryvar~[dot(X,Y)]) = ((phi_thryvar~[X]) * (phi_thryvar~[Y]))) & ((phi_thryvar~[pls(X,Y)]) = sym((phi_thryvar~[X]), (phi_thryvar~[Y])))). Proof: Suppose_not(x0,y0) ==> AUTO x0-->TbooleanAlgebra_9 ==> (phi_thryvar~[x0]) = {h in hh_thryvar | h~[x0] = 1} y0-->TbooleanAlgebra_9 ==> (phi_thryvar~[y0]) = {h in hh_thryvar | h~[y0] = 1} Suppose ==> (phi_thryvar~[dot(x0,y0)]) /= ((phi_thryvar~[x0]) * (phi_thryvar~[y0])) Assump ==> Stat1: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) in bb)) (x0,y0)-->Stat1 ==> dot(x0,y0) in bb (dot(x0,y0))-->TbooleanAlgebra_9 ==> Stat2: {h in hh_thryvar | h~[dot(x0,y0)] = 1} /= {h in hh_thryvar | h~[x0] = 1} * {h in hh_thryvar | h~[y0] = 1} c-->Stat2 ==> AUTO Suppose ==> Stat13: c notin hh_thryvar Suppose ==> Stat14: c in {h in hh_thryvar | h~[x0] = 1} ()-->Stat14(Stat13*) ==> false; Discharge ==> AUTO Suppose ==> Stat15: c in {h in hh_thryvar | h~[y0] = 1} ()-->Stat15(Stat13*) ==> false; Discharge ==> AUTO (Stat2*)ELEM ==> Stat16: c in {h in hh_thryvar | h~[dot(x0,y0)] = 1} ()-->Stat16(Stat13*) ==> false Discharge ==> AUTO Use_def(hh_thryvar)(Stat2*) ==> Stat9: c in {h ¥incin (bb ¥PROD 2) | BooHom_thryvar(h)} ()-->Stat9 ==> AUTO (c,bb,2)-->T141(Stat9*) ==> range(c) ¥incin 2 Use_def(BooHom_thryvar)(Stat9*) ==> Stat10: (FORALL x in bb, y in bb | ((c~[dot(x,y)]) = ((c~[x]) * (c~[y]))) & ((c~[pls(x,y)]) = sym((c~[x]), (c~[y])))) & (domain(c) = bb) (x0,c)-->T71(*) ==> c~[x0] in 2 (y0,c)-->T71(*) ==> c~[y0] in 2 (x0,y0)-->Stat10(*) ==> (c~[dot(x0,y0)]) = ((c~[x0]) * (c~[y0])) TELEM ==> 2 = {0,1} Suppose ==> Stat7: c notin {h in hh_thryvar | h~[x0] = 1} c-->Stat7(Stat2*) ==> (c~[dot(x0,y0)] = 0) & (0 /= 1) (Stat2*)ELEM ==> Stat8: c in {h in hh_thryvar | h~[dot(x0,y0)] = 1} ()-->Stat8(Stat2*) ==> false Discharge ==> Stat6: c in {h in hh_thryvar | h~[x0] = 1} Suppose ==> Stat3: c notin {h in hh_thryvar | h~[y0] = 1} c-->Stat3(Stat2*) ==> (c~[dot(x0,y0)] = 0) & (0 /= 1) (Stat2*)ELEM ==> Stat4: c in {h in hh_thryvar | h~[dot(x0,y0)] = 1} ()-->Stat4(Stat2*) ==> false Discharge ==> Stat11: c in {h in hh_thryvar | h~[y0] = 1} (Stat2*)ELEM ==> Stat12: c notin {h in hh_thryvar | h~[dot(x0,y0)] = 1} ()-->Stat6 ==> AUTO ()-->Stat11 ==> AUTO c-->Stat12(Stat10*) ==> false Discharge ==> (phi_thryvar~[pls(x0,y0)]) /= sym((phi_thryvar~[x0]), (phi_thryvar~[y0])) Assump ==> Stat21: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) in bb)) (x0,y0)-->Stat21 ==> pls(x0,y0) in bb (pls(x0,y0))-->TbooleanAlgebra_9 ==> (phi_thryvar~[pls(x0,y0)]) = {h in hh_thryvar | h~[pls(x0,y0)] = 1} EQUAL ==> Stat22: {h in hh_thryvar | h~[pls(x0,y0)] = 1} /= sym({h in hh_thryvar | h~[x0] = 1}, {h in hh_thryvar | h~[y0] = 1}) d-->Stat22(Stat22*) ==> AUTO Use_def(sym)(Stat22) ==> Stat32: (d in {h in hh_thryvar | h~[pls(x0,y0)] = 1}) ¥neq (d in ({h in hh_thryvar | h~[x0] = 1} - {h in hh_thryvar | h~[y0] = 1}) + ({h in hh_thryvar | h~[y0] = 1} - {h in hh_thryvar | h~[x0] = 1})) Suppose ==> Stat23: d notin hh_thryvar Suppose ==> Stat24: d in {h in hh_thryvar | h~[x0] = 1} ()-->Stat24(Stat23*) ==> false; Discharge ==> AUTO Suppose ==> Stat25: d in {h in hh_thryvar | h~[y0] = 1} ()-->Stat25(Stat23*) ==> false; Discharge ==> AUTO (Stat32*)ELEM ==> Stat26: d in {h in hh_thryvar | h~[pls(x0,y0)] = 1} ()-->Stat26(Stat23*) ==> false Discharge ==> AUTO Use_def(hh_thryvar)(Stat32) ==> Stat29: d in {h ¥incin (bb ¥PROD 2) | BooHom_thryvar(h)} ()-->Stat29 ==> AUTO (d,bb,2)-->T141(Stat29*) ==> range(d) ¥incin 2 Use_def(BooHom_thryvar)(Stat29*) ==> Stat30: (FORALL x in bb, y in bb | ((d~[dot(x,y)]) = ((d~[x]) * (d~[y]))) & ((d~[pls(x,y)]) = sym((d~[x]), (d~[y])))) & (domain(d) = bb) (x0,y0)-->Stat30(*) ==> (d~[pls(x0,y0)]) = sym((d~[x0]), (d~[y0])) Use_def(sym)(Stat30*) ==> Stat31: (d~[pls(x0,y0)]) = ((d~[x0]) - (d~[y0])) + ((d~[y0]) - (d~[x0])) (x0,d)-->T71(*) ==> d~[x0] in 2 (y0,d)-->T71(*) ==> d~[y0] in 2 TELEM ==> 2 = {0,1} Suppose ==> Stat33: d notin {h in hh_thryvar | h~[pls(x0,y0)] = 1} Suppose ==> Stat34: d in {h in hh_thryvar | h~[x0] = 1} (Stat32*)ELEM ==> Stat35: d notin {h in hh_thryvar | h~[y0] = 1} ()-->Stat34(Stat34*) ==> AUTO d-->Stat35(Stat34*) ==> d~[y0] /= 1 d-->Stat33(Stat31*) ==> d~[pls(x0,y0)] /= 1 (Stat31*)Discharge ==> Stat36: d notin {h in hh_thryvar | h~[x0] = 1} Suppose ==> Stat44: d in {h in hh_thryvar | h~[y0] = 1} ()-->Stat44(Stat44*) ==> AUTO d-->Stat36(Stat44*) ==> d~[x0] /= 1 d-->Stat33(Stat44*) ==> d~[pls(x0,y0)] /= 1 (Stat31*)Discharge ==> Stat45: d notin {h in hh_thryvar | h~[y0] = 1} (Stat32*)ELEM ==> false Discharge ==> Stat46: d in {h in hh_thryvar | h~[pls(x0,y0)] = 1} ()-->Stat46(Stat31*) ==> (((d~[x0]) - (d~[y0])) + ((d~[y0]) - (d~[x0])) = 1) Suppose ==> Stat47: (d notin {h in hh_thryvar | h~[x0] = 1}) & (d notin {h in hh_thryvar | h~[y0] = 1}) (d,d)-->Stat47(Stat32*) ==> false Discharge ==> AUTO (Stat32*)ELEM ==> Stat48: d in {h in hh_thryvar | h~[x0] = 1} (Stat32*)ELEM ==> Stat49: d in {h in hh_thryvar | h~[y0] = 1} TELEM ==> 0 /= 1 ()-->Stat48(Stat48*) ==> d~[x0] = 1 ()-->Stat49(Stat46*) ==> false Discharge ==> QED -- Theorem booleanAlgebra_11: [Boolean homomorphism property, 2] (hh_thryvar = Un(range(phi_thryvar))) & (phi_thryvar~[zz_thryvar] = 0) & (phi_thryvar~[ee] /= phi_thryvar~[zz_thryvar]) & (phi_thryvar~[ee] = hh_thryvar). Proof: Suppose_not() ==> AUTO Assump ==> Stat0: ee in bb Suppose ==> (phi_thryvar~[zz_thryvar]) /= 0 Loc_def ==> h2 = arb(phi_thryvar~[zz_thryvar]) (Stat0)ELEM ==> h2 in (phi_thryvar~[zz_thryvar]) TbooleanAlgebra_0(Stat0*) ==> Stat0a: (FORALL x | ((x in bb) ¥imp ((pls(x,x) = zz_thryvar) & (pls(x,zz_thryvar) = x) & (pls(zz_thryvar,x) = x))) & (zz_thryvar in bb)) ee-->Stat0a(Stat0a*) ==> zz_thryvar in bb (zz_thryvar)-->TbooleanAlgebra_9(Stat0) ==> Stat1a: h2 in {h in hh_thryvar | h~[zz_thryvar] = 1} ()-->Stat1a(Stat1a*) ==> (h2 in hh_thryvar) & (h2~[zz_thryvar] = 1) TELEM ==> 0 /= 1 h2-->TbooleanAlgebra_6c(Stat1a*) ==> false Discharge ==> AUTO TbooleanAlgebra_8c ==> hh_thryvar /= 0 Suppose ==> (phi_thryvar~[ee]) /= hh_thryvar ee-->TbooleanAlgebra_9(*) ==> {h in hh_thryvar | h~[ee] = 1} /= hh_thryvar Set_monot ==> {h: h in hh_thryvar | h~[ee] = 1} ¥incin {h: h in hh_thryvar} ELEM ==> Stat1: hh_thryvar ¥nincin {h in hh_thryvar | h~[ee] = 1} h0-->Stat1(Stat1*) ==> Stat2: (h0 notin {h in hh_thryvar | h~[ee] = 1}) & (h0 in hh_thryvar) h0-->Stat2(Stat2*) ==> h0~[ee] /= 1 h0-->TbooleanAlgebra_6c(Stat2*) ==> false Discharge ==> hh_thryvar /= Un(range(phi_thryvar)) Use_def(phi_thryvar)(Stat6) ==> range(phi_thryvar) = {{h in hh_thryvar | h~[b] = 1}: b in bb} EQUAL ==> Stat6: hh_thryvar /= Un({{h in hh_thryvar | h~[b] = 1}: b in bb}) Use_def(Un({{h in hh_thryvar | h~[b] = 1}: b in bb})) ==> AUTO h1-->Stat6(Stat6*) ==> (h1 in hh_thryvar) ¥neq (h1 in {u: v in {{h in hh_thryvar | h~[b] = 1}: b in bb}, u in v}) Suppose ==> Stat7: (h1 in {u: v in {{h in hh_thryvar | h~[b] = 1}: b in bb}, u in v}) & (h1 notin hh_thryvar) (v1,u1)-->Stat7(Stat7*) ==> Stat8: (v1 in {{h in hh_thryvar | h~[b] = 1}: b in bb}) & (h1 in v1) b1-->Stat8(Stat8*) ==> Stat9: h1 in {h in hh_thryvar | h~[b1] = 1} ()-->Stat9(Stat7*) ==> false Discharge ==> Stat10: (h1 notin {u: v in {{h in hh_thryvar | h~[b] = 1}: b in bb}, u in v}) & (h1 in hh_thryvar) ({h in hh_thryvar | h~[ee] = 1},h1)-->Stat10(Stat10*) ==> ({h in hh_thryvar | h~[ee] = 1} notin {{h in hh_thryvar | h~[b] = 1}: b in bb}) or (h1 notin {h in hh_thryvar | h~[ee] = 1}) Suppose ==> Stat11: {h in hh_thryvar | h~[ee] = 1} notin {{h in hh_thryvar | h~[b] = 1}: b in bb} ee-->Stat11(Stat0,Stat0*) ==> false Discharge ==> Stat12: h1 notin {h in hh_thryvar | h~[ee] = 1} h1-->Stat12(Stat10,Stat10*) ==> (h1~[ee] /= 1) h1-->TbooleanAlgebra_6c(Stat10*) ==> false Discharge ==> QED -- Theorem booleanAlgebra_12: [One more Boolean homomorphism property] (X in bb) ¥imp (phi_thryvar~[cmp_thryvar(X)] = hh_thryvar - (phi_thryvar~[X])). Proof: Suppose_not(x0) ==> AUTO TbooleanAlgebra_11 ==> (phi_thryvar~[ee] = hh_thryvar) & (hh_thryvar = Un(range(phi_thryvar))) Use_def(cmp_thryvar) ==> phi_thryvar~[pls(ee,x0)] /= Un(range(phi_thryvar)) - (phi_thryvar~[x0]) Assump ==> ee in bb (ee,x0)-->TbooleanAlgebra_10 ==> Stat1: sym((phi_thryvar~[ee]), (phi_thryvar~[x0])) /= Un(range(phi_thryvar)) - (phi_thryvar~[x0]) Use_def(phi_thryvar) ==> domain(phi_thryvar) = bb (x0,phi_thryvar)-->T71 ==> phi_thryvar~[x0] in range(phi_thryvar) (phi_thryvar~[x0],range(phi_thryvar))-->T2g ==> AUTO Use_def(sym)(Stat1) ==> false Discharge ==> QED -- Theorem booleanAlgebra_13a: [Injectivity of the standard homomorphism, 0] (({X,Y} ¥incin bb) & (dot(X,Y) /= X)) ¥imp ((phi_thryvar~[X]) /= (phi_thryvar~[Y])). Proof: Suppose_not(x0,x1) ==> AUTO Assump ==> Stat5a: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) in bb)) & Stat6: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) in bb)) & Stat7: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (pls(x,pls(y,z)) = pls(pls(x,y),z))) & Stat8: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,pls(y,x)) = y)) & Stat14: (FORALL x | (x in bb) ¥imp (dot(x,x) = x)) Suppose ==> x0 = x1 x0-->Stat14(*) ==> dot(x0,x0) = x0 EQUAL ==> false Discharge ==> AUTO ELEM ==> Stat5: (x0 /= x1) & ((phi_thryvar~[x0]) = (phi_thryvar~[x1])) & (x0 in bb) & (x1 in bb) TbooleanAlgebra_0 ==> Stat9: (FORALL x | ((x in bb) ¥imp ((pls(x,x) = zz_thryvar) & (pls(x,zz_thryvar) = x) & (pls(zz_thryvar,x) = x))) & (zz_thryvar in bb)) & Stat9a: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) = dot(y,x))) Assump ==> Stat16: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(pls(x,y),z) = pls(dot(z,y),dot(z,x)))) & Stat16a: (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(x,dot(y,z)) = dot(dot(x,y),z))) (x0,x1)-->Stat9a(Stat5,Stat5*) ==> Stat19a: dot(x0,x1) = dot(x1,x0) TELEM ==> Stat55a: (1 = {0}) & (2 = {0,1}) ELEM ==> dot(x0,x1) /= x0 -- -- The contradiction will be obtained by finding a homomorphism $h0$ in $hh_thryvar$ which sends $x0$ and $x1$ to -- different images; this homomorphism will witness that $(phi_thryvar~[x0]) /= (phi_thryvar~[x1])$. -- Loc_def ==> Stat12: e0 = pls(x0,dot(x0,x1)) Suppose ==> e0 = zz_thryvar EQUAL(Stat9) ==> pls(zz_thryvar,x0) = pls(pls(x0,dot(x0,x1)),x0) x0-->Stat9(Stat5*) ==> x0 = pls(pls(x0,dot(x0,x1)),x0) (x0,x1,x0,dot(x0,x1),x0,x0,dot(x0,x1))-->Stat6(Stat5*) ==> false Discharge ==> AUTO (x0,dot(x0,x1),x0,x1)-->Stat5a(Stat5,Stat12*) ==> Stat13: (dot(x0,x1) in bb) & (e0 in bb) e0-->TbooleanAlgebra_2(Stat16*) ==> (e0 notin {zz_thryvar, ee}) ¥imp (cmp_thryvar(e0) in (bb - {zz_thryvar, ee})) e0-->TbooleanAlgebra_8a(Stat12*) ==> Stat20: {h in hh_thryvar | h~[e0] = 1} /= 0 h0-->Stat20(Stat20*) ==> Stat20a: (h0 in hh_thryvar) & (h0~[e0] = 1) Suppose ==> dot(e0,x1) /= zz_thryvar (x0,dot(x0,x1),x1)-->Stat16(Stat5,Stat13*) ==> dot(pls(x0,dot(x0,x1)),x1) = pls(dot(x1,dot(x0,x1)),dot(x1,x0)) (x1,x1,x0)-->Stat16a(Stat5,Stat5*) ==> dot(x1,dot(x1,x0)) = dot(dot(x1,x1),x0) x1-->Stat14(Stat5,Stat5*) ==> dot(x1,x1) = x1 (dot(x1,x0))-->Stat9(Stat13,Stat19a*) ==> pls(dot(x1,x0),dot(x1,x0)) = zz_thryvar EQUAL(Stat19a) ==> false Discharge ==> dot(e0,x1) = zz_thryvar Use_def(hh_thryvar)(Stat20a,Stat20a) ==> Stat51: h0 in {h ¥incin (bb ¥PROD 2) | BooHom_thryvar(h)} Use_def(BooHom_thryvar(h0)) ==> AUTO ()-->Stat51(Stat51*) ==> Stat52: (FORALL x in bb, y in bb | ((h0~[dot(x,y)]) = ((h0~[x]) * (h0~[y]))) & ((h0~[pls(x,y)]) = sym((h0~[x]), (h0~[y])))) & (h0 ¥incin (bb ¥PROD 2)) & (domain(h0) = bb) --?? EQUAL(Stat52) ==> h0~[x1] in 2 -- this attempt to use proof-by-structure failed (h0,bb,2)-->T141(Stat52*) ==> Stat52a: range(h0) ¥incin 2 (x1,h0)-->T71(Stat5,Stat52,Stat52a,Stat55a,Stat20a*) ==> Stat54: ((h0~[e0]) * (h0~[x1])) = (h0~[x1]) zz_thryvar-->Stat9(Stat52*) ==> (pls(zz_thryvar,zz_thryvar) = zz_thryvar) & (zz_thryvar in bb) EQUAL(Stat20a) ==> Stat53: h0~[dot(e0,x1)] = h0~[pls(zz_thryvar,zz_thryvar)] (e0,x1)-->Stat52(Stat13,Stat5,Stat53*) ==> h0~[pls(zz_thryvar,zz_thryvar)] = ((h0~[e0]) * (h0~[x1])) (h0~[zz_thryvar],0)-->T1000(Stat53*) ==> sym((h0~[zz_thryvar]), (h0~[zz_thryvar])) = 0 (zz_thryvar,zz_thryvar)-->Stat52(Stat52*) ==> Stat55: h0~[dot(e0,x1)] = 0 (e0,x1)-->Stat52(Stat13,Stat5,Stat54,Stat55*) ==> (h0~[x1]) = 0 Suppose ==> Stat56: h0 in (phi_thryvar~[x1]) x1-->TbooleanAlgebra_9(Stat5,Stat56*) ==> Stat57: h0 in {h in hh_thryvar | (h~[x1]) = 1} ()-->Stat57(Stat55*) ==> 0 = 1 (Stat55a*)Discharge ==> AUTO EQUAL(Stat5) ==> Stat56a: h0 notin (phi_thryvar~[x0]) x0-->TbooleanAlgebra_9(Stat5,Stat56a*) ==> Stat58: h0 notin {h in hh_thryvar | (h~[x0]) = 1} h0-->Stat58(Stat20a,Stat20a*) ==> Stat59: (h0~[x0]) /= 1 EQUAL(Stat12,Stat20a) ==> Stat59a: h0~[pls(x0,dot(x0,x1))] = 1 (h0,x0,x1)-->TbooleanAlgebra_6d(Stat20a,Stat5,Stat59a,Stat59*) ==> h0~[x1] /= 0 (Stat55*)Discharge ==> QED -- Theorem booleanAlgebra_13: [Injectivity of the standard homomorphism] One_1_map(phi_thryvar) & (domain(phi_thryvar) = bb). Proof: Suppose_not() ==> AUTO -- -- Arguing by contradiction, let us assume that the claim is false. Then, since by its very definition -- $phi_thryvar$ is a single-valued map and has the domain indicated in the claim, there must be -- distinct pairs $p,q$ in $phi_thryvar$ whose second components coincide. -- Use_def(phi_thryvar) ==> Svm(phi_thryvar) & (domain(phi_thryvar) = bb) Use_def(One_1_map) ==> Stat1: (not (FORALL p in phi_thryvar, q in phi_thryvar | (cdr(p) = cdr(q)) ¥imp (p = q)) ) (p,q)-->Stat1(Stat1*) ==> Stat2: (p in phi_thryvar) & (q in phi_thryvar) & (cdr(p) = cdr(q)) & (p /= q) -- -- It follows from the definition of $phi_thryvar$ that if $x0,x1$ are the respective first components of $p,q$, -- then the corresponding images ${h in hh_thryvar | h~[x0] = 1} = (phi_thryvar~[x0])$ and ${h in hh_thryvar | h~[x1] = 1} = phi_thryvar~[x1]$ -- coincide. -- Use_def(phi_thryvar) ==> Stat3: (p in {[b,{h in hh_thryvar | h~[b] = 1}]: b in bb}) & (q in {[b,{h in hh_thryvar | h~[b] = 1}]: b in bb}) (x0,x1)-->Stat3(Stat3*) ==> Stat4: (x0 in bb) & (x1 in bb) & (p = [x0,{h in hh_thryvar | h~[x0] = 1}]) & (q = [x1,{h in hh_thryvar | h~[x1] = 1}]) (Stat4*)ELEM ==> (car([x0,{h in hh_thryvar | h~[x0] = 1}]) = x0) & (cdr([x0,{h in hh_thryvar | h~[x0] = 1}]) = {h in hh_thryvar | h~[x0] = 1}) & (car([x1,{h in hh_thryvar | h~[x1] = 1}]) = x1) & (cdr([x1,{h in hh_thryvar | h~[x1] = 1}]) = {h in hh_thryvar | h~[x1] = 1}) EQUAL(Stat2) ==> {h in hh_thryvar | h~[x0] = 1} = {h in hh_thryvar | h~[x1] = 1} Suppose ==> x0 = x1 EQUAL(Stat2) ==> false Discharge ==> AUTO x0-->TbooleanAlgebra_9 ==> AUTO x1-->TbooleanAlgebra_9 ==> AUTO (Stat4*)ELEM ==> Stat5: (x0 /= x1) & ((phi_thryvar~[x0]) = (phi_thryvar~[x1])) & (x0 in bb) & (x1 in bb) -- -- Since $x0 /= x1$, either $x0 /= dot(x0,x1)$ or $x1 /= dot(x0,x1)$ -- We will first get a contradiction by assuming that the first is the case; then, by proceeding analogously, -- we will get a contradiction in the other case as well. The contradiction is obtained through the preceding theorem. -- TbooleanAlgebra_0 ==> Stat10: (FORALL u, v | (({u,v} ¥incin bb) & (dot(u,v) = u) & (dot(v,u) = v)) ¥imp (u = v)) (x0,x1)-->Stat10 ==> AUTO (x0,x1)-->TbooleanAlgebra_3(Stat5*) ==> Stat11: (dot(x0,x1) /= ee) & ((dot(x0,x1) /= x0) or (dot(x1,x0) /= x1)) Suppose ==> dot(x0,x1) /= x0 (x0,x1)-->TbooleanAlgebra_13a(Stat5*) ==> false Discharge ==> AUTO (Stat11*)ELEM ==> dot(x1,x0) /= x1 (x1,x0)-->TbooleanAlgebra_13a(Stat5*) ==> false Discharge ==> QED -- Theorem booleanAlgebra_14: [Standard Boolean isomorphism] BooHom_thryvar(phi_thryvar). Proof: Suppose_not() ==> AUTO -- -- We already know from earlier theorems that $phi_thryvar$ is a one-one function and that it satisfies -- $phi_thryvar~[ee] = Un(range(phi_thryvar))$ -- Use_def(One_1_map(phi_thryvar)) ==> AUTO TbooleanAlgebra_13 ==> Svm(phi_thryvar) & (domain(phi_thryvar) = bb) TbooleanAlgebra_11 ==> (phi_thryvar~[ee] = Un(range(phi_thryvar))) & (phi_thryvar~[ee] = Un(range(phi_thryvar))) & (phi_thryvar~[ee] /= phi_thryvar~[zz_thryvar]) Use_def(BooHom_thryvar(phi_thryvar)) ==> AUTO -- -- We already know from earlier theorems that $phi_thryvar$ is a one-one function and that it satisfies -- $phi_thryvar~[ee] = Un(range(phi_thryvar))$; hence it may only fail to be a Boolean homomorphism due -- to one of the foollowing reasons: -- ELEM ==> Stat1: not((FORALL x in bb, y in bb | ((phi_thryvar~[dot(x,y)]) = ((phi_thryvar~[x]) * (phi_thryvar~[y]))) & ((phi_thryvar~[pls(x,y)]) = sym((phi_thryvar~[x]), (phi_thryvar~[y]))))) (x0,y0)-->Stat1(Stat1*) ==> (x0 in bb) & (y0 in bb) & (not(((phi_thryvar~[dot(x0,y0)]) = ((phi_thryvar~[x0]) * (phi_thryvar~[y0]))) & ((phi_thryvar~[pls(x0,y0)]) = sym((phi_thryvar~[x0]), (phi_thryvar~[y0]))))) (x0,y0)-->TbooleanAlgebra_10 ==> false Discharge ==> QED -- Theorem booleanAlgebra_15: [Prospective clopens have the appropriate type] (range(phi_thryvar) ¥incin {x: x ¥incin hh_thryvar}) & (0 in range(phi_thryvar)) & (hh_thryvar in range(phi_thryvar)). Proof: Suppose_not() ==> AUTO TbooleanAlgebra_0a ==> zz_thryvar in bb TbooleanAlgebra_11 ==> phi_thryvar~[zz_thryvar] = 0 Use_def(phi_thryvar) ==> Stat1: phi_thryvar = {[b,{h in hh_thryvar | h~[b] = 1}]: b in bb} APPLY() fcn_symbol(f(X)->{h in hh_thryvar | h~[X] = 1},g->phi_thryvar,s->bb) ==> (domain(phi_thryvar) = bb) & (range(phi_thryvar) = {{h in hh_thryvar | h~[b] = 1}: b in bb}) (zz_thryvar,phi_thryvar)-->T71(*) ==> 0 in range(phi_thryvar) Suppose ==> hh_thryvar notin range(phi_thryvar) TbooleanAlgebra_11 ==> phi_thryvar~[ee] = hh_thryvar Use_def(phi_thryvar) ==> phi_thryvar = {[b,{h in hh_thryvar | h~[b] = 1}]: b in bb} Assump ==> ee in bb (ee,phi_thryvar)-->T71 ==> false Discharge ==> AUTO Use_def(phi_thryvar) ==> Stat2: range(phi_thryvar) ¥nincin {x: x ¥incin hh_thryvar} x0-->Stat2(Stat1*) ==> Stat3: (x0 in {{h in hh_thryvar | h~[b] = 1}: b in bb}) & (x0 notin {x: x ¥incin hh_thryvar}) (b0,{h in hh_thryvar | h~[b0] = 1})-->Stat3(Stat3*) ==> Stat4: {h in hh_thryvar | h~[b0] = 1} ¥nincin {h in hh_thryvar | true} Set_monot ==> {h in hh_thryvar | h~[b0] = 1} ¥incin {h in hh_thryvar | true} (Stat4*)Discharge ==> QED -- Theorem booleanAlgebra_16: [Clopenness property] (U in range(phi_thryvar)) ¥imp ((hh_thryvar - U) in range(phi_thryvar)). Proof: Suppose_not(u0) ==> AUTO Use_def(phi_thryvar) ==> phi_thryvar = {[b,{h in hh_thryvar | h~[b] = 1}]: b in bb} APPLY() fcn_symbol(f(X)->{h in hh_thryvar | h~[X] = 1},g->phi_thryvar,s->bb) ==> Stat1: (FORALL x | (x in bb) ¥imp (phi_thryvar~[x] = {h in hh_thryvar | h~[x] = 1})) & (range(phi_thryvar) = {{h in hh_thryvar | h~[x] = 1}: x in bb}) EQUAL ==> Stat2: (u0 in {{h in hh_thryvar | h~[x] = 1}: x in bb}) & ((hh_thryvar - u0) notin {{h in hh_thryvar | h~[x] = 1}: x in bb}) (x0,cmp_thryvar(x0))-->Stat2 ==> (x0 in bb) & (u0 = {h in hh_thryvar | h~[x0] = 1}) & ((cmp_thryvar(x0) notin bb) or ((hh_thryvar - u0) /= {h in hh_thryvar | h~[cmp_thryvar(x0)] = 1})) x0-->TbooleanAlgebra_1 ==> (hh_thryvar - u0) /= {h in hh_thryvar | h~[cmp_thryvar(x0)] = 1} x0-->TbooleanAlgebra_1(Stat2*) ==> cmp_thryvar(x0) in bb (cmp_thryvar(x0))-->Stat1 ==> hh_thryvar - u0 /= phi_thryvar~[cmp_thryvar(x0)] x0-->Stat1(Stat2*) ==> hh_thryvar - (phi_thryvar~[x0]) /= phi_thryvar~[cmp_thryvar(x0)] x0-->TbooleanAlgebra_12(Stat2*) ==> false Discharge ==> QED -- Theorem booleanAlgebra_17: [Hausdorff property] (({F,G} ¥incin hh_thryvar) & (F /= G)) ¥imp (EXISTS u in range(phi_thryvar), v in range(phi_thryvar) | (F in u) & (G in v) & (u * v = 0)). Proof: Suppose_not(f0,f1) ==> Stat0: (not(EXISTS u in range(phi_thryvar), v in range(phi_thryvar) | (f0 in u) & (f1 in v) & (u * v = 0))) & (f0 in hh_thryvar) & (f1 in hh_thryvar) & (f0 /= f1) -- -- Arguing by contradiction, suppose that $f0,f1$ form a counterexample. -- Then, since $f0$ and $f1$ are single-valued maps defined on $hh_thryvar$ with values in ${0,1}$, -- the element which belongs to one but not the other is a pair $[x0,y0]$ such that -- $[x0,0]$ belongs to one and $[x0,1]$ belongs to the other. -- Since $phi_thryvar~[cmp_thryvar~[x0]]=hh_thryvar - phi_thryvar~[x0]$, the one between $f0,f1$ which sends -- $x0$ to $1$ must belong to $phi_thryvar~[x0]$ and the other one must belong to $phi_thryvar~[cmp_thryvar(x0)]$, -- which is disjoint from $phi_thryvar~[x0]$. By observing that $phi_thryvar~[x0]$ and $phi_thryvar~[cmp_thryvar(x0)]$ -- both belong to $range(phi_thryvar)$, we get the desired contradiction. -- Use_def(hh_thryvar) ==> Stat1: (f0 in {h: h ¥incin (bb ¥PROD 2) | BooHom_thryvar(h)}) & (f1 in {h: h ¥incin (bb ¥PROD 2) | BooHom_thryvar(h)}) & (f0 /= f1) (h2,h3,p)-->Stat1 ==> Stat2: (f0 in {h: h ¥incin (bb ¥PROD 2) | BooHom_thryvar(h)}) & (f1 in {h: h ¥incin (bb ¥PROD 2) | BooHom_thryvar(h)}) & ((p in f0) ¥neq (p in f1)) (h0,h1)-->Stat2 ==> (f0 ¥incin (bb ¥PROD 2)) & (f1 ¥incin (bb ¥PROD 2)) & BooHom_thryvar(h0) & BooHom_thryvar(h1) & (f0 = h0) & (f1 = h1) Use_def(BooHom_thryvar) ==> Svm(h0) & (domain(h0) = bb) & Svm(h1) & (domain(h1) = bb) Use_def(¥PROD) ==> bb ¥PROD 2 = {[v,y]: v in bb, y in 2} TELEM ==> 2 = {0,1} EQUAL(Stat2) ==> Stat3: (p in {[v,y]: v in bb, y in {0,1}}) & Svm(f0) & (domain(f0) = bb) & Svm(f1) & (domain(f1) = bb) & (f0 ¥incin {[v,y]: v in bb, y in {0,1}}) & (f1 ¥incin {[v,y]: v in bb, y in {0,1}}) (x,y)-->Stat3(Stat3) ==> Stat4: (x in bb) & (p = [x,y]) & ((cdr(p) = 0) or (cdr(p) = 1)) Use_def(phi_thryvar) ==> phi_thryvar = {[b,{h in hh_thryvar | h~[b] = 1}]: b in bb} APPLY() fcn_symbol(f(X)->{h in hh_thryvar | h~[X] = 1},g->phi_thryvar,s->bb) ==> Stat5: (FORALL z | (z in bb) ¥imp (phi_thryvar~[z] = {h in hh_thryvar | h~[z] = 1})) & (range(phi_thryvar) = {{h in hh_thryvar | h~[z] = 1}: z in bb}) x-->Stat5(Stat4*) ==> phi_thryvar~[x] = {h in hh_thryvar | h~[x] = 1} Suppose ==> Stat6: phi_thryvar~[x] notin {{h in hh_thryvar | h~[z] = 1}: z in bb} x-->Stat6 ==> false Discharge ==> AUTO EQUAL ==> phi_thryvar~[x] in range(phi_thryvar) (phi_thryvar~[x])-->TbooleanAlgebra_16(Stat4*) ==> Stat7: (hh_thryvar - (phi_thryvar~[x])) in range(phi_thryvar) f0-->T72(Stat3,Stat3*) ==> Stat8: f0 = {[z,f0~[z]]: z in domain(f0)} f1-->T72(Stat3,Stat3*) ==> Stat9: f1 = {[z,f1~[z]]: z in domain(f1)} Suppose ==> Stat10: (f0~[x] notin {0,1}) or (f1~[x] notin {0,1}) Suppose ==> Stat11: ([x,f0~[x]] notin {[z,f0~[z]]: z in domain(f0)}) or ([x,f1~[x]] notin {[z,f1~[z]]: z in domain(f1)}) (x,x)-->Stat11(Stat3,Stat4,Stat8,Stat9*) ==> false Discharge ==> AUTO (Stat3*)ELEM ==> Stat12: ([x,f0~[x]] in {[v,y]: v in bb, y in {0,1}}) & ([x,f1~[x]] in {[v,y]: v in bb, y in {0,1}}) (v1,y1,v2,y2)-->Stat12(Stat12) ==> Stat13: (f0~[x] in {0,1}) & (f1~[x] in {0,1}) (Stat10,Stat13*)Discharge ==> AUTO Suppose ==> f1~[x] = f0~[x] Suppose ==> Stat14: (p notin {[z,f1~[z]]: z in domain(f1)}) & (p in {[z,f0~[z]]: z in domain(f0)}) (x,z0)-->Stat14(Stat14,Stat3,Stat4*) ==> Stat15: (p /= [x,f1~[x]]) & (p = [z0,f0~[z0]]) & (p = [x,y]) (Stat15)ELEM ==> (f1~[x] /= f0~[z0]) & (z0 = x) EQUAL(Stat15) ==> f1~[x] /= f0~[x] Discharge ==> Stat16: AUTO (Stat16,Stat2,Stat8,Stat9*)ELEM ==> Stat17: (p notin {[z,f0~[z]]: z in domain(f0)}) & (p in {[z,f1~[z]]: z in domain(f1)}) (x,z1)-->Stat17(Stat17,Stat3,Stat4*) ==> Stat18: (p /= [x,f0~[x]]) & (p = [z1,f1~[z1]]) & (p = [x,y]) (Stat18)ELEM ==> (f0~[x] /= f1~[z1]) & (z1 = x) EQUAL(Stat18) ==> f0~[x] /= f1~[x] Discharge ==> AUTO TELEM ==> 0 /= 1 (Stat9*)ELEM ==> Stat19: ((f0~[x] /= 1) & (f1~[x] = 1)) or ((f1~[x] /= 1) & (f0~[x] = 1)) -- -- At this point, we readily get the desired contradiction, because one between ${h in hh_thryvar | h~[x] = 1}$ -- and its set-complement $hh_thryvar - {h in hh_thryvar | h~[x] = 1}$, both belonging to the base of the topology -- ---say $u0$---has $f0$ as a member, while the other---say $v0$---as $f1$ as a member. -- EQUAL(Stat5) ==> Stat20: {h in hh_thryvar | h~[x] = 1} in range(phi_thryvar) ({h in hh_thryvar | h~[x] = 1})-->TbooleanAlgebra_16(Stat20*) ==> Stat21: (hh_thryvar - {h in hh_thryvar | h~[x] = 1}) in range(phi_thryvar) Loc_def ==> (u0 = if (f0~[x] /= 1) then hh_thryvar - {h in hh_thryvar | h~[x] = 1} else {h in hh_thryvar | h~[x] = 1} end if) & (v0 = if (f0~[x] /= 1) then {h in hh_thryvar | h~[x] = 1} else hh_thryvar - {h in hh_thryvar | h~[x] = 1} end if) EQUAL ==> (f0 in u0) & (f1 in v0) (u0,v0)-->Stat0(Stat20*) ==> false Discharge ==> QED -- -- Our next theorem states that if a subset of the 'clopen base' enjoys the finite intersection property, -- then its intersection is non-null. The intersection operation is locally defined as follows: -- Theorem booleanAlgebra_18: [Topological base property of $range(phi_thryvar)$] ((F /= 0) & (F ¥incin range(phi_thryvar)) & Finite(F)) ¥imp (inters(F) in range(phi_thryvar)). Proof: Suppose_not(f1) ==> AUTO -- -- Supposing that $f1$ is a counterexample, we denote as $f0$ a minimal counter-example to the claim. -- APPLY(fin_thryvar:f0) finiteInduction(s0->f1,P(F)->((F /= 0) & (F ¥incin range(phi_thryvar)) & (not(inters(F) in range(phi_thryvar))))) ==> Stat0: (FORALL F | (F ¥incin f0) ¥imp ( Finite(F) & (((F /= 0) & (F ¥incin range(phi_thryvar)) & (not(inters(F) in range(phi_thryvar)))) ¥eq (F = f0)) )) Loc_def ==> a0 = arb(f0) f0-->Stat0(Stat0) ==> Stat1: (a0 in f0) & (f0 ¥incin range(phi_thryvar)) & ((f0 ¥incin range(phi_thryvar)) & (not(inters(f0) in range(phi_thryvar)))) TbooleanAlgebra_8c ==> hh_thryvar /= 0 APPLY(inters_thryvar:intrs) inters(d0->hh_thryvar) ==> Stat2: (FORALL s | ((s /= 0) & (s ¥incin {x : x ¥incin hh_thryvar})) ¥imp (intrs(s) = inters(s))) & (FORALL z, x | (z in x) ¥imp (intrs(x) = intrs(x-{z}) * z)) & Stat3: (FORALL s, z | (s = {z}) ¥imp (intrs(s) = hh_thryvar * z)) TbooleanAlgebra_15 ==> range(phi_thryvar) ¥incin {x: x ¥incin hh_thryvar} f0-->Stat2(Stat1*) ==> Stat4: (a0 in {x: x ¥incin hh_thryvar}) & (intrs(f0) = inters(f0)) -- -- We must exclude that $f0={a0}$, because $inters({a0})=a0$, which belongs to $range(phi_thryvar)$. -- Suppose ==> f0 = {a0} a1-->Stat4(Stat4*) ==> a0 ¥incin hh_thryvar (f0,a0)-->Stat3(Stat4*) ==> intrs(f0) = a0 (Stat1*)Discharge ==> AUTO -- -- But then, if we remove an element $a0$ from $f0$, then we get a set which is not a counterexample to the claim of this theorem. -- (f0-{a0},a0,f0)-->Stat2(Stat1*) ==> Stat5: (intrs(f0-{a0}) = inters(f0-{a0})) & (inters(f0) = inters(f0-{a0}) * a0) & (a0 in range(phi_thryvar)) (f0-{a0})-->Stat0(Stat1*) ==> (inters(f0-{a0}) in range(phi_thryvar)) Use_def(phi_thryvar) ==> phi_thryvar = {[x,{h in hh_thryvar | h~[x] = 1}]: x in bb} APPLY() Iz_map(a(x)->x,b(x)->{h in hh_thryvar | h~[x] = 1},s->bb) ==> range({[x,{h in hh_thryvar | h~[x] = 1}]: x in bb}) = {{h in hh_thryvar | h~[x] = 1}: x in bb} EQUAL(Stat5) ==> Stat6: (inters(f0-{a0}) in {{h in hh_thryvar | h~[x] = 1}: x in bb}) & (a0 in {{h in hh_thryvar | h~[x] = 1}: x in bb}) (x1,y1)-->Stat6(Stat6*) ==> (inters(f0-{a0}) = {h in hh_thryvar | h~[x1] = 1}) & (a0 = {h in hh_thryvar | h~[y1] = 1}) & (x1 in bb) & (y1 in bb) x1-->TbooleanAlgebra_9(Stat6*) ==> phi_thryvar~[x1] = inters(f0-{a0}) y1-->TbooleanAlgebra_9(Stat6*) ==> phi_thryvar~[y1] = a0 (x1,y1)-->TbooleanAlgebra_10(Stat6*) ==> phi_thryvar~[dot(x1,y1)] = inters(f0-{a0}) * a0 (Stat1*)ELEM ==> phi_thryvar~[dot(x1,y1)] notin range(phi_thryvar) Assump ==> Stat7: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) in bb)) (x1,y1)-->Stat7(Stat6*) ==> dot(x1,y1) in bb EQUAL(Stat5) ==> Stat8: phi_thryvar~[dot(x1,y1)] notin {{h in hh_thryvar | h~[x] = 1}: x in bb} (dot(x1,y1))-->Stat8(Stat7*) ==> phi_thryvar~[dot(x1,y1)] /= {h in hh_thryvar | h~[dot(x1,y1)] = 1} (dot(x1,y1))-->TbooleanAlgebra_9(Stat7*) ==> false Discharge ==> QED -- Theorem booleanAlgebra_19: [Compactness] ((K ¥incin range(phi_thryvar)) & (K /= 0) & (inters(K) = 0)) ¥imp (EXISTS f ¥incin K | Finite(f) & (f /= 0) & (inters(f) = 0)). Proof: Suppose_not(k0) ==> Stat0: (not(EXISTS f ¥incin k0 | Finite(f) & (f /= 0) & (inters(f) = 0))) & (k0 ¥incin range(phi_thryvar)) & (k0 /= 0) & (inters(k0) = 0) -- -- Supposing that $k0$ is a counterexample, we denote as $b0$ the smallest superset of its counter-image which is -- closed relative to the meet operation of our Boolean algebra. -- TbooleanAlgebra_8c ==> hh_thryvar /= 0 APPLY(inters_thryvar:intrs) inters(d0->hh_thryvar) ==> Stat1: (FORALL s | ((s /= 0) & (s ¥incin {x : x ¥incin hh_thryvar})) ¥imp (intrs(s) = inters(s))) & Stat3: (FORALL s, z | (s = {z}) ¥imp (intrs(s) = hh_thryvar * z)) & Stat2: (FORALL s, t | intrs(s+t) = intrs(s) * intrs(t)) & (intrs(0) = hh_thryvar) TbooleanAlgebra_15 ==> range(phi_thryvar) ¥incin {x: x ¥incin hh_thryvar} Loc_def ==> Stat19: b0 = {inv(phi_thryvar)~[intrs(f)]: f ¥incin k0 | Finite(f)} TbooleanAlgebra_13 ==> One_1_map(phi_thryvar) & (domain(phi_thryvar) = bb) phi_thryvar-->T101 ==> One_1_map(inv(phi_thryvar)) & (range(inv(phi_thryvar)) = domain(phi_thryvar)) & (domain(inv(phi_thryvar)) = range(phi_thryvar)) & (phi_thryvar = inv(inv(phi_thryvar))) TbooleanAlgebra_15(Stat1*) ==> intrs(0) in domain(inv(phi_thryvar)) -- -- Every $intrs(f)$ with $f ¥incin range(phi_thryvar)$, $Finite(f)$ belongs to $range(phi_thryvar)$; -- therefore its counter-image via $phi_thryvar$ belongs to $bb$. -- Suppose ==> Stat40: not(FORALL f ¥incin k0 | Finite(f) ¥imp (intrs(f) in range(phi_thryvar))) f0-->Stat40(Stat0*) ==> (f0 ¥incin range(phi_thryvar)) & Finite(f0) & (intrs(f0) notin range(phi_thryvar)) -- -- $f0=0$ would imply $intrs(f0) in range(phi_thryvar))$, hence we discard beforehand this possibility. -- Suppose ==> f0 = 0 EQUAL ==> false; Discharge ==> AUTO f0-->Stat1 ==> intrs(f0) = inters(f0) f0-->TbooleanAlgebra_18(Stat19*) ==> false Discharge ==> Stat41: (FORALL f ¥incin k0 | Finite(f) ¥imp (intrs(f) in range(phi_thryvar))) Suppose ==> Stat4: b0 ¥nincin bb x0-->Stat4(Stat1*) ==> Stat5: (x0 in {inv(phi_thryvar)~[intrs(f)]: f ¥incin k0 | Finite(f)}) & (x0 notin bb) fp-->Stat5(Stat5*) ==> (x0 = inv(phi_thryvar)~[intrs(fp)]) & (fp ¥incin k0) & Finite(fp) fp-->Stat41(Stat19*) ==> intrs(fp) in domain(inv(phi_thryvar)) (intrs(fp),inv(phi_thryvar))-->T71 ==> x0 in domain(phi_thryvar) Use_def(phi_thryvar) ==> domain(phi_thryvar) = bb (Stat5*)Discharge ==> Stat4a: AUTO Suppose ==> Stat6: not(FORALL h in k0 | h ¥incin hh_thryvar) hp-->Stat6(Stat0*) ==> Stat7: (hp in {x: x ¥incin hh_thryvar}) & (hp ¥nincin hh_thryvar) hq-->Stat7(Stat7*) ==> false Discharge ==> Stat9: (FORALL h in k0 | h ¥incin hh_thryvar) -- -- The law $inters(F+G) = inters(F) * inters(G)$, -- along with the fact that $phi_thryvar$ is a morphism, entails the following: -- Suppose ==> Stat12: {dot(x,y): x in b0, y in b0} ¥nincin b0 d0-->Stat12(Stat12*) ==> Stat13: (d0 in {dot(x,y): x in b0, y in b0}) & (d0 notin b0) (y1,y2)-->Stat13(Stat13,Stat19,Stat4a*) ==> Stat14: (y1 in {inv(phi_thryvar)~[intrs(f)]: f ¥incin k0 | Finite(f)}) & (y2 in {inv(phi_thryvar)~[intrs(f)]: f ¥incin k0 | Finite(f)}) & (dot(y1,y2) notin {inv(phi_thryvar)~[intrs(f)]: f ¥incin k0 | Finite(f)}) & (y1 in bb) & (y2 in bb) (f1,f2,f1+f2)-->Stat14(Stat14) ==> (f1 ¥incin k0) & (f2 ¥incin k0) & Finite(f1) & Finite(f2) & Finite(f1+f2) & (y1 = inv(phi_thryvar)~[intrs(f1)]) & (y2 = inv(phi_thryvar)~[intrs(f2)]) & (dot(y1,y2) /= inv(phi_thryvar)~[intrs(f1 + f2)]) (y1,y2)-->TbooleanAlgebra_10(Stat14*) ==> (phi_thryvar~[dot(y1,y2)]) = ((phi_thryvar~[y1]) * (phi_thryvar~[y2])) f1-->Stat41(Stat14*) ==> intrs(f1) in range(phi_thryvar) f2-->Stat41(Stat14*) ==> intrs(f2) in range(phi_thryvar) (f1+f2)-->Stat41(Stat14*) ==> intrs(f1+f2) in range(phi_thryvar) (phi_thryvar,y1,intrs(f1),phi_thryvar~[y1])-->T102a(Stat19*) ==> (phi_thryvar~[y1]) = intrs(f1) (phi_thryvar,y2,intrs(f2),phi_thryvar~[y2])-->T102a(Stat19*) ==> Stat15: (phi_thryvar~[dot(y1,y2)]) = intrs(f1) * intrs(f2) EQUAL(Stat19) ==> (phi_thryvar~[dot(y1,y2)]) = (inv(inv(phi_thryvar))~[dot(y1,y2)]) (f1,f2)-->Stat2(Stat15*) ==> (inv(inv(phi_thryvar))~[dot(y1,y2)]) = intrs(f1+f2) Assump ==> Stat16: (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) in bb)) (y1,y2)-->Stat16(Stat14*) ==> dot(y1,y2) in bb (inv(phi_thryvar),intrs(f1+f2),dot(y1,y2),inv(phi_thryvar)~[intrs(f1+f2)])-->T102a(Stat19*) ==> false Discharge ==> AUTO -- -- The finite intersection property enjoyed by $k0$ entails that $zz_thryvar$ cannot belong to $b0$, as shown here below: -- Suppose ==> Stat30: zz_thryvar in {inv(phi_thryvar)~[intrs(f)]: f ¥incin k0 | Finite(f)} f3-->Stat30(Stat30*) ==> (f3 ¥incin k0) & Finite(f3) & (zz_thryvar = inv(phi_thryvar)~[intrs(f3)]) TbooleanAlgebra_11(Stat30*) ==> phi_thryvar~[zz_thryvar] = 0 TbooleanAlgebra_0(*) ==> zz_thryvar in bb f3-->Stat41(Stat30*) ==> intrs(f3) in range(phi_thryvar) (phi_thryvar,zz_thryvar,intrs(f3),0)-->T102a(Stat19*) ==> intrs(f3) = 0 Suppose ==> f3 = 0 EQUAL ==> false; Discharge ==> AUTO f3-->Stat0(Stat30*) ==> inters(f3) /= intrs(f3) f3-->Stat1(Stat0*) ==> false Discharge ==> AUTO -- -- Moreover, $b0 ¥nincin {ee}$, as we can prove by arguing as follows. -- Since $k0$ enjoys the finite intersection property, if it were finite, then its intersection would not be empty. -- We can hence find an $h0 in k0$ lying outside ${hh_thryvar}$; and since every element of $k0$ -- belongs to $range(phi_thryvar)$ and therefore is a subset of $hh_thryvar$, we have -- $inters({h0}) = h0$ and $inters({h0}) /= hh_thryvar$, so that -- $(inv(phi_thryvar)~[inters({h0})]) /= (inv(phi_thryvar)~[inters(0)])$, i.e., -- $(inv(phi_thryvar)~[h0]) /= (inv(phi_thryvar)~[hh_thryvar])$. Both members of this inequality -- designate elements of $b0$ and at least one of them differs fom $ee$. -- Suppose ==> b0 ¥incin {ee} Suppose ==> Stat20: k0 ¥incin {hh_thryvar} hh_thryvar-->T25b ==> Finite({hh_thryvar}) & Finite(0) Suppose ==> k0 = 0 EQUAL(Stat20) ==> Stat21: Finite(k0) k0-->Stat0(Stat0,Stat21) ==> false Discharge ==> AUTO (Stat20*)ELEM ==> k0 = {hh_thryvar} EQUAL(Stat20) ==> Stat22: Finite(k0) k0-->Stat0(Stat0,Stat22) ==> false Discharge ==> Stat23: k0 ¥nincin {hh_thryvar} h0-->Stat23(Stat23*) ==> ({h0} ¥incin k0) & (h0 /= hh_thryvar) h0-->Stat9(Stat23*) ==> h0 ¥incin hh_thryvar ({h0},h0)-->Stat3(Stat23*) ==> (intrs({h0}) = h0) & (intrs({h0}) /= intrs(0)) Suppose ==> Stat24: ((inv(phi_thryvar)~[intrs({h0})]) notin {inv(phi_thryvar)~[intrs(f)]: f ¥incin k0 | Finite(f)}) or ((inv(phi_thryvar)~[intrs(0)]) notin {inv(phi_thryvar)~[intrs(f)]: f ¥incin k0 | Finite(f)}) h0-->T25b(Stat24*) ==> Finite({h0}) & Finite(0) ({h0},0)-->Stat24(Stat23*) ==> false Discharge ==> AUTO -- -- It hence follows that $inv(phi_thryvar)~[intrs({h0})]) = (inv(phi_thryvar)~[intrs(0)]$, which is untenable because of the one-one-ness of $phi_thryvar$. -- (inv(phi_thryvar),intrs({h0}),intrs(0))-->T102(Stat0*) ==> false Discharge ==> AUTO -- b0-->TbooleanAlgebra_6(Stat19*) ==> Stat50: Ideal_thryvar({dot(a,cmp_thryvar(x)): a in bb, x in b0}) -- -- By enlarging this ideal into a maximal ideal, we will get the kernel of a homomorphism $psi$ -- sending all complements of elements of $b0$ to $0$; accordingly this will send all elements -- of $b0$ to $1$. This $psi$ hence belongs to $inters({phi_thryvar~[x]: x in b0})$, and hence it belongs to $inters(k0)$. -- ({dot(a,cmp_thryvar(x)): a in bb, x in b0})-->TbooleanAlgebra_5(Stat50*) ==> Stat51: (EXISTS m | ({dot(a,cmp_thryvar(x)): a in bb, x in b0} ¥incin m) & (FORALL j | (Ideal_thryvar(j) & (m ¥incin j)) ¥eq (j = m))) m0-->Stat51(Stat51*) ==> Stat52: (FORALL j | (Ideal_thryvar(j) & (m0 ¥incin j)) ¥eq (j = m0)) & ({dot(a,cmp_thryvar(x)): a in bb, x in b0} ¥incin m0) m0-->Stat52(Stat52*) ==> Ideal_thryvar(m0) Loc_def ==> Stat53: psi = {[x,if x in m0 then 0 else 1 end if]: x in bb} m0-->TbooleanAlgebra_8(Stat51*) ==> psi in hh_thryvar Suppose ==> Stat54: not(FORALL x in b0 | psi~[x] = 1) APPLY() fcn_symbol(f(X)->(if x in m0 then 0 else 1 end if),g->psi,s->bb) ==> Stat55: (FORALL xp | (xp in bb) ¥imp (psi~[xp] = (if xp in m0 then 0 else 1 end if))) x1-->Stat54(Stat54,Stat4a*) ==> (x1 in b0) & (x1 in bb) & (psi~[x1] /= 1) x1-->Stat55(Stat55*) ==> x1 in m0 (m0,x1,x1)-->TbooleanAlgebra_4a(Stat52*) ==> Stat56: cmp_thryvar(x1) notin {dot(a,cmp_thryvar(x)): a in bb, x in b0} x1-->TbooleanAlgebra_1(Stat55*) ==> cmp_thryvar(x1) in bb Assump ==> Stat57: (FORALL x | (x in bb) ¥imp (dot(ee,x) = x)) & (ee in bb) (cmp_thryvar(x1))-->Stat57(Stat55*) ==> dot(ee,cmp_thryvar(x1)) = cmp_thryvar(x1) (ee,x1)-->Stat56(Stat55*) ==> false Discharge ==> Stat65: (FORALL x in b0 | psi~[x] = 1) Suppose ==> Stat66: not(FORALL y in k0 | psi in y) c0-->Stat66(Stat66) ==> (c0 in k0) & (psi notin c0) c0-->Stat9(Stat66*) ==> c0 ¥incin hh_thryvar ({c0},c0)-->Stat3(Stat66*) ==> intrs({c0}) = c0 Suppose ==> Stat67: (inv(phi_thryvar)~[intrs({c0})]) notin {inv(phi_thryvar)~[intrs(f)]: f ¥incin k0 | Finite(f)} c0-->T25b(Stat66*) ==> Finite({c0}) {c0}-->Stat67(Stat66*) ==> false Discharge ==> AUTO EQUAL(Stat19) ==> (inv(phi_thryvar)~[c0]) in b0 (inv(phi_thryvar)~[c0])-->Stat65(Stat65*) ==> psi~[(inv(phi_thryvar)~[c0])] = 1 (c0,inv(phi_thryvar))-->T71(Stat0*) ==> ((inv(phi_thryvar)~[c0]) in bb) & (c0 in range(phi_thryvar)) & One_1_map(phi_thryvar) Use_def(phi_thryvar) ==> phi_thryvar = {[b,{h in hh_thryvar | h~[b] = 1}]: b in bb} APPLY() fcn_symbol(f(X)->{h in hh_thryvar | h~[X] = 1},g->phi_thryvar,s->bb) ==> Stat68: (FORALL xp | (xp in bb) ¥imp (phi_thryvar~[xp] = {h in hh_thryvar | h~[xp] = 1})) (inv(phi_thryvar)~[c0])-->Stat68(Stat66*) ==> (phi_thryvar~[(inv(phi_thryvar)~[c0])]) = {h in hh_thryvar | h~[(inv(phi_thryvar)~[c0])] = 1} (phi_thryvar,c0)-->T102b(Stat66*) ==> Stat69: psi notin {h in hh_thryvar | h~[(inv(phi_thryvar)~[c0])] = 1} psi-->Stat69(Stat53*) ==> false Discharge ==> AUTO Loc_def ==> Stat70: a0 = arb(k0) (Stat0,Stat70)ELEM ==> a0 in k0 Use_def(inters(k0) ==> AUTO (Stat0*)ELEM ==> (psi notin { z in arb(k0) | (FORALL y in k0 | z in y) }) & (FORALL y in k0 | psi in y) EQUAL(Stat70) ==> Stat71: (FORALL y in k0 | psi in y) & (psi notin { z in a0 | (FORALL y in k0 | z in y) }) & (a0 in k0) (a0,psi)-->Stat71(Stat71*) ==> false Discharge ==> QED -- ENTER_THEORY Set_theory -- -- DISPLAY booleanAlgebra -- -- THEORY booleanAlgebra(bb,dot,pls,ee) -- ee in bb -- ee /= pls(ee,ee) -- (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) in bb)) -- (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) in bb)) -- (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(x,dot(y,z)) = dot(dot(x,y),z))) -- (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (pls(x,pls(y,z)) = pls(pls(x,y),z))) -- (FORALL x, y, z | ({x,y,z} ¥incin bb) ¥imp (dot(pls(x,y),z) = pls(dot(z,y),dot(z,x)))) -- (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,x) = pls(y,y))) -- (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,pls(y,x)) = y)) -- (FORALL x | (x in bb) ¥imp (dot(x,x) = x)) -- (FORALL x | (x in bb) ¥imp (dot(ee,x) = x)) -- ==>(zz_thryvar,cmp_thryvar,Ideal_thryvar,BooHom_thryvar,hh_thryvar,phi_thryvar) -- zz_thryvar = pls(arb(bb),arb(bb)) -- (FORALL x | ((x in bb) ¥imp ((pls(x,x) = zz_thryvar) & (pls(x,zz_thryvar) = x) & (pls(zz_thryvar,x) = x))) & (zz_thryvar in bb)) -- zz_thryvar in bb -- (FORALL x, y | ({x,y} ¥incin bb) ¥imp (pls(x,y) = pls(y,x))) -- (FORALL x, y | ({x,y} ¥incin bb) ¥imp (dot(x,y) = dot(y,x))) -- (FORALL u, v | (({u,v} ¥incin bb) & (dot(u,v) = u) & (dot(v,u) = v)) ¥imp (u = v)) -- (FORALL x | (x in bb) ¥imp (cmp_thryvar(x) = pls(ee,x))) -- (FORALL x | ((x in bb) ¥imp ((cmp_thryvar(x) in bb) & (cmp_thryvar(cmp_thryvar(x)) = x))) & (cmp_thryvar(ee) = zz_thryvar) & (cmp_thryvar(zz_thryvar) = ee)) -- (FORALL x, y | ({x,y} ¥incin bb) ¥imp ((pls(cmp_thryvar(x),x) = ee) & (pls(dot(y,x),dot(y,cmp_thryvar(x))) = y) & (dot(dot(y,x),dot(y,cmp_thryvar(x))) = zz_thryvar))) -- (FORALL x, y | ({x,y} ¥incin bb) ¥imp (cmp_thryvar(pls(x,y)) = pls(dot(x,y),dot(cmp_thryvar(x),cmp_thryvar(y))))) -- (FORALL x | (x in bb) ¥imp ((cmp_thryvar(x) /= x) & ((x notin {zz_thryvar, ee}) ¥imp (cmp_thryvar(x) in (bb - {zz_thryvar, ee}))))) -- (FORALL u,v | (({u,v} ¥incin bb) & (dot(u,v) = ee)) ¥imp ((u = ee) & (v = ee))) -- (FORALL u,v,x,y | ({u,v,x,y} ¥incin bb) ¥imp (pls(dot(u,cmp_thryvar(x)),dot(v,cmp_thryvar(y))) = dot(pls(dot(u,cmp_thryvar(x)),dot(v,cmp_thryvar(y))),cmp_thryvar(dot(x,y))))) -- (FORALL i | Ideal_thryvar(i) ¥eq ({pls(x,y): x in i, y in i} ¥incin i) & ({dot(x,y): x in bb, y in i} ¥incin i) & (i ¥incin (bb - {ee})) & (i ¥nincin {zz_thryvar})) -- (FORALL i,x,y | (Ideal_thryvar(i) & ({x,y} ¥incin i)) ¥imp (pls(x,y) in i)) -- (FORALL i | Ideal_thryvar(i) ¥imp ((zz_thryvar in i) & (((x in i) & (y in bb)) ¥imp ((dot(x,y) in i) & (dot(y,x) in i) & (cmp_thryvar(x) notin i))) & (ee notin i))) -- (FORALL i | Ideal_thryvar(i) ¥imp (EXISTS m | (i ¥incin m) & (FORALL j | (Ideal_thryvar(j) & (m ¥incin j)) ¥eq (j = m)))) -- (FORALL b | ((b ¥incin (bb - {zz_thryvar})) & ({dot(x,y): x in b, y in b} ¥incin b) & (b ¥nincin {ee})) ¥imp (Ideal_thryvar({dot(a,cmp_thryvar(x)): a in bb, x in b}))) -- (FORALL x | (x in (bb - {zz_thryvar, ee})) ¥imp (Ideal_thryvar({dot(a,x): a in bb}) & (x in {dot(a,x): a in bb}))) -- (FORALL h | BooHom_thryvar(h) ¥eq (Svm(h) & (domain(h) = bb) & (h~[ee] = Un(range(h))) & (h~[ee] /= h~[zz_thryvar]) & (FORALL x in bb, y in bb | ((h~[dot(x,y)]) = ((h~[x]) * (h~[y]))) & ((h~[pls(x,y)]) = sym((h~[x]), (h~[y])))))) -- hh_thryvar = {h ¥incin (bb ¥PROD 2) | BooHom_thryvar(h)} -- (FORALL h | (h in hh_thryvar) ¥imp ((h~[zz_thryvar] = 0) & (h~[ee] = 1))) -- (FORALL h | ((h in hh_thryvar) & ({x,y} ¥incin bb) & (h~[pls(x,dot(x,y))] = 1) & (h~[y] = 0)) ¥imp (h~[x] = 1)) -- (FORALL i, x | (Ideal_thryvar(i) & (x in bb) & (cmp_thryvar(x) notin (i + {ee}))) ¥imp (EXISTS j | Ideal_thryvar(j) & ((i + {x}) ¥incin j))) -- (FORALL x, m | ((x notin m) & (x in bb) & (FORALL j | (Ideal_thryvar(j) & (m ¥incin j)) ¥eq (j = m))) ¥imp (cmp_thryvar(x) in m)) -- (FORALL m | (FORALL j | (Ideal_thryvar(j) & (m ¥incin j)) ¥eq (j = m)) ¥imp ({[x,if x in m then 0 else 1 end if]: x in bb} in hh_thryvar)) -- (bb ¥incin {zz_thryvar,ee}) ¥imp ({[zz_thryvar,0],[ee,1]} in hh_thryvar) -- (FORALL x | (x in bb - {zz_thryvar}) ¥imp ({h in hh_thryvar | h~[x] = 1} /= 0)) -- hh_thryvar /= 0 -- phi_thryvar = {[b,{h in hh_thryvar | h~[b] = 1}]: b in bb} -- (FORALL x | (x in bb) ¥imp ((phi_thryvar~[x]) = {h in hh_thryvar | h~[x] = 1})) -- (FORALL x,y | ((x in bb) & (y in bb)) ¥imp ((phi_thryvar~[dot(x,y)] = (phi_thryvar~[x]) * (phi_thryvar~[y])) & (phi_thryvar~[pls(x,y)] = sym((phi_thryvar~[x]), (phi_thryvar~[y]))))) -- (phi_thryvar~[ee] = Un(range(phi_thryvar))) & (phi_thryvar~[zz_thryvar] = 0) & (phi_thryvar~[ee] /= phi_thryvar~[zz_thryvar]) -- (hh_thryvar = Un(range(phi_thryvar))) & (phi_thryvar~[zz_thryvar] = 0) & (phi_thryvar~[ee] /= phi_thryvar~[zz_thryvar]) & (phi_thryvar~[ee] = hh_thryvar) -- (FORALL x | (x in bb) ¥imp (phi_thryvar~[cmp_thryvar(x)] = hh_thryvar - (phi_thryvar~[x]))) -- One_1_map(phi_thryvar) & (domain(phi_thryvar) = bb) -- BooHom_thryvar(phi_thryvar) -- (range(phi_thryvar) ¥incin {x: x ¥incin hh_thryvar}) & (0 in range(phi_thryvar)) & (hh_thryvar in range(phi_thryvar)) -- (FORALL u | (u in range(phi_thryvar)) ¥imp ((hh_thryvar - u) in range(phi_thryvar))) -- (FORALL f, g | (({f,g} ¥incin hh_thryvar) & (f /= g)) ¥imp (EXISTS u in range(phi_thryvar), v in range(phi_thryvar) | (f in u) & (g in v) & (u * v = 0))) -- (FORALL f | ((f /= 0) & (f ¥incin range(phi_thryvar)) & Finite(f)) ¥imp (inters(f) in range(phi_thryvar))) -- (FORALL k | ((k ¥incin range(phi_thryvar)) & (k /= 0) & (inters(k) = 0)) ¥imp (EXISTS f ¥incin k | Finite(f) & (f /= 0) & (inters(f) = 0))) -- END booleanAlgebra -- --END HERE