(*header{*Header Chapter Title Test*}*) (*section{*The Axiom of Extension*}*) (*--"\<^bold>I\<^bold>S\<^bold>A\<^bold>R \<^bold>(Theory name, imports, and begin.\<^bold>)"*) theory sTs01 imports Complex_Main "i" begin --"\<^bold>[\<^bold>\\<^bold>]" subsection{*Test of inline, equation, multline, eqnarray, label, ref, cite*} --"\<^isub>'I start off with the bibliography citations \\<^isub>`seGol.59\<^isub>`\ and \\<^isub>`seJec, loBil\<^isub>`\. Next is an index \<^isub>\entry\<^isub>\ on the word \entry\, and an index entry where \\<^isub>\markup\!entry\\<^isub>\\ is sub-indexed by using the option \<^isub>*!entry\<^isub>* in the \<^isub>*\index\<^isub>* command. Footnotes? What I really want to say can only be said below. \\<^isub>*Some people could be annoyed by all of this.\<^isub>*\ I now go on to those very important inline equations and equation environments, so please consider the difficulty of the inline equation \<^isub>`x\<^isup>1+\1.2\=1\<^isub>`, and now the equation \<^isub>\\q\<^isub>1.\q\<^isub>2.(\x. x \\<^isub>\ q\<^isub>1 \ x \\<^isub>\ q\<^isub>2) \ (q\<^isub>1 = q\<^isub>2),\<^isub>\ \aaaa60a\ along with the very ugly \<^isub>*multline\<^isub>* environment, .\<^isub>\(\q\<^isub>1.\q\<^isub>2.(\x. x \\<^isub>\ q\<^isub>1 \ x \\<^isub>\ q\<^isub>2) \ (q\<^isub>1 = q\<^isub>2)) \ P x \ ((\x. x \\<^isub>\ q\<^isub>3 \ x \\<^isub>\ q\<^isub>4) \ (q\<^isub>3 = q\<^isub>4)),\<^isub>\. \aaaa60b\ at least when I stick that middle line in there. The \<^isub>*eqnarray\<^isub>* environment with 3 columns specified by \<^isub>*[rcl]\<^isub>* is frequently used: \<^isub>\a \<^isub>\=\<^isub>\ b \<^isub>\=\<^isub>\ c \<^isub>\=\<^isub>\ d.\<^isub>\ Having to tweak LaTeX raises its ugly head, so I replace Equation \aaaa60b\ with a two column \<^isub>*eqnarray\<^isub>*, and change the default column alignment from \<^isub>*[rcl]\<^isub>* to \<^isub>*[rl]\<^isub>*. I do that with my equation array environment prefix \<^isub>*\rl\\<^isub>*. The \<^isub>*\rl\\<^isub>* is a prefix instead of a suffix, because the suffix position is taken up by the optional reference label. \rl\ \<^isub>\(\q\<^isub>1.\q\<^isub>2.(\x. x \\<^isub>\ q\<^isub>1 \ x \\<^isub>\ q\<^isub>2) \ (q\<^isub>1 = q\<^isub>2))\<^isub>\\ P x \<^isub>\\ ((\x. x \\<^isub>\ q\<^isub>3 \ x \\<^isub>\ q\<^isub>4) \ (q\<^isub>3 = q\<^isub>4))\<^isub>\.\<^isub>\ I could have used the three column default, and left one column empty, but this is for demonstration. Here, I ask the question, \Are what I've been calling equations really equations?\ If we consider that the HOL \ operator is merely notation for \<^isub>`=\<^isub>`, then I suppose they are equations, but as a matter of style, I would rather use \Formula\, and I have set it up to where \Formula\ is a synonym for \Equation\ when used with \<^isub>*\label\<^isub>* and \<^isub>*\eqref\<^isub>*. After experimenting, I decided I can get rid of the \<^isub>*multline\<^isub>* environment. The environment \<^isub>*eqnarray\<^isub>*, from the \<^isub>*mathenv\<^isub>* package, replaces the standard \<^isub>*eqnarray\<^isub>* and it is a very versatile equation environment which can be used in place of many other environments. Here's the \<^isub>*multline\<^isub>* environment: .\<^isub>\(\q\<^isub>1.\q\<^isub>2.(\x. x \\<^isub>\ q\<^isub>1 \ x \\<^isub>\ q\<^isub>2) \ (q\<^isub>1 = q\<^isub>2)) \ ((\x. x \\<^isub>\ q\<^isub>3 \ x \\<^isub>\ q\<^isub>4) \ (q\<^isub>3 = q\<^isub>4)).\<^isub>\. \lkr23j\ And here's the same equation using the \<^isub>*eqnarray\<^isub>* environment, set for one right justified column: \r\ \<^isub>\(\q\<^isub>1.\q\<^isub>2.(\x. x \\<^isub>\ q\<^isub>1 \ x \\<^isub>\ q\<^isub>2) \ (q\<^isub>1 = q\<^isub>2)) \ ((\x. x \\<^isub>\ q\<^isub>3 \ x \\<^isub>\ q\<^isub>4) \ (q\<^isub>3 = q\<^isub>4)).\<^isub>\ \lkr23k\ Personally, I think Formula \lkr23k\ is formatted better than Formula \lkr23j\. And there are others ways to format Formula \lkr23j\ with \<^isub>*eqnarray\<^isub>*, like \<^isub>\(\q\<^isub>1.\q\<^isub>2.(\x. x \\<^isub>\ q\<^isub>1 \ x \\<^isub>\ q\<^isub>2)\<^isub>\\\<^isub>\(q\<^isub>1 = q\<^isub>2)) \ ((\x. x \\<^isub>\ q\<^isub>3 \ x \\<^isub>\ q\<^isub>4)\<^isub>\\\<^isub>\(q\<^isub>3 = q\<^isub>4)),\<^isub>\ or \<^isub>\(\q\<^isub>1.\q\<^isub>2.(\x. x \\<^isub>\ q\<^isub>1 \ x \\<^isub>\ q\<^isub>2) \ (q\<^isub>1 = q\<^isub>2))\<^isub>\\\<^isub>\ ((\x. x \\<^isub>\ q\<^isub>3 \ x \\<^isub>\ q\<^isub>4)\<^isub>\\\<^isub>\(q\<^isub>3 = q\<^isub>4)),\<^isub>\ This is why LaTeX can be a bad thing. I can spend way too much time tweaking the formatting of equations." subsection{*The primitive set type and membership predicate*} --"\<^isub>'ZF sets is a first-order language which requires an infinite set of variables, and it generally goes unsaid in the formalization of a first-order language that the variables provided are of a single type. However, in HOL there are a multitude of variable types, and additionally, we are allowed to define a new type of variable so we can have a new variable type that exists in its own domain. For ZF sets, I define the primitive variable type \<^isub>*sT\<^isub>*, where the non-ASCII notation for \<^isub>*sT\<^isub>* is \\<^isub>\. The subscripted character for \\<^isub>\ is the Greek letter iota." --"\<^bold>T\<^bold>Y\<^bold>P\<^bold>E \<^bold>(The primitive set type \<^isub>*sT\<^isub>*: everything is a set.\<^bold>)" typedecl sT ("\\<^isub>\") --"\<^bold>[\<^bold>\\<^bold>]" --"\<^isub>'ZF sets is specified to have one predicate, which is membership. The ASCII and non-ASCII notation for membership are \<^isub>*inS\<^isub>* and \\<^isub>\, along with negation of membership, which is notated by \<^isub>*niS\<^isub>* and \\<^isub>\." --"\<^bold>O\<^bold>P\<^bold>E\<^bold>R\<^bold>A\<^bold>T\<^bold>O\<^bold>R \<^bold>(Membership predicate \<^isub>*inS\<^isub>*: axiomatized by subsequent axioms.\<^bold>)" consts inS :: "\\<^isub>\ \ \\<^isub>\ \ bool" (infixl "inS" 55) notation inS (infixl "\\<^isub>\" 55) abbreviation niS :: "\\<^isub>\ \ \\<^isub>\ \ bool" (infixl "niS" 55) where "x niS y == \(x \\<^isub>\ y)" notation niS (infixl "\\<^isub>\" 55) --"\<^bold>[\<^bold>\\<^bold>]" subsection{*Axiomatizing the two forms of the Axiom of Extension*} --"\<^isub>'The standard Axiom of Extension is the formula \<^isub>\\q\<^isub>1.\q\<^isub>2.(\x. x \\<^isub>\ q\<^isub>1 \ x \\<^isub>\ q\<^isub>2) \ (q\<^isub>1 = q\<^isub>2).\<^isub>\ The question is whether in Isabelle/HOL, this standard formula is equivalent to the free variable form \<^isub>\(\x. x \\<^isub>\ q\<^isub>1 \ x \\<^isub>\ q\<^isub>2) \ (q\<^isub>1 = q\<^isub>2),\<^isub>\ where \<^isub>`q\<^isub>1\<^isub>` and \<^isub>`q\<^isub>2\<^isub>`, because they are not in the scope of any quantifier, are free variables. Naively, the following counterexample seems to indicate that they are not equivalent." --"\<^bold>C\<^bold>O\<^bold>U\<^bold>N\<^bold>T\<^bold>E\<^bold>R\<^bold>X \<^bold>(A counterexample is found for the naive equivalence.\<^bold>)" theorem "(\q\<^isub>1.\q\<^isub>2.(\x. x \\<^isub>\ q\<^isub>1 \ x \\<^isub>\ q\<^isub>2) \ (q\<^isub>1 = q\<^isub>2)) \ ((\x. x \\<^isub>\ q\<^isub>3 \ x \\<^isub>\ q\<^isub>4) \ (q\<^isub>3 = q\<^isub>4))" --"nitpick[sat_solver=SAT4J,timeout=60,verbose,user_axioms]" --"Nitpick found a counterexample for card \\<^isub>\ = 2: Free variables: (q\<^isub>3\\\<^isub>\) = s1 (q\<^isub>4\\\<^isub>\) = s2" oops --"\<^bold>[\<^bold>\\<^bold>]" --"\<^isub>'The problem is that the prover engine implicitly quantifies all free variables in the statement of a theorem, so the formula in the above counterexample is not the equivalence that we need to prove or disprove. This quantification is done at the outermost level with universal quantifiers. For example, the formula \<^isub>\(\q\<^isub>1.\q\<^isub>2.\<^isub>\\<^isub>\(\x. x \\<^isub>\ q\<^isub>1 \ x \\<^isub>\ q\<^isub>2) \ (q\<^isub>1 = q\<^isub>2)) \\<^isub>\\<^isub>\((\x. x \\<^isub>\ q\<^isub>3 \ x \\<^isub>\ q\<^isub>4) \ (q\<^isub>3 = q\<^isub>4))\<^isub>\ can be considered to be equivalent to the quantified formula \<^isub>\\q\<^isub>3.\q\<^isub>4.(\q\<^isub>1.\q\<^isub>2.\<^isub>\\<^isub>\(\x. x \\<^isub>\ q\<^isub>1 \ x \\<^isub>\ q\<^isub>2) \ (q\<^isub>1 = q\<^isub>2)) \\<^isub>\\<^isub>\((\x. x \\<^isub>\ q\<^isub>3 \ x \\<^isub>\ q\<^isub>4) \(q\<^isub>3 = q\<^isub>4)).\<^isub>\ I say \considered\ because the quantification is actually being done at the meta-logic level. To see that free variables are quantified by the meta-logic quantifier \, we can look at the output of \<^isub>*thm\<^isub>* in the following example." --"\<^bold>E\<^bold>X\<^bold>A\<^bold>M\<^bold>P\<^bold>L\<^bold>E \<^bold>(Free variables are quantified at the meta-logic level.\<^bold>)\lkzv08a\" theorem free\<^isub>'variable\<^isub>'conjecture: "(\x\'a. P x) \ (P x)" sorry theorem And\<^isub>'quantified\<^isub>'conjecture: "\x.(\x\'a. P x) \ (P x)" sorry thm free\<^isub>'variable\<^isub>'conjecture And\<^isub>'quantified\<^isub>'conjecture --"thm output for both: (\(x\?'a). ?P\(?'a \ bool) x) = (?P (?x\?'a))." theorem forall\<^isub>'quantified\<^isub>'conjecture: "\x.(\x\'a. P x) \ (P x)" sorry thm forall\<^isub>'quantified\<^isub>'conjecture --"thm output: \(x\?'a). (\(x\?'a). ?P\(?'a \ bool) x) = (?P x)." --"\<^bold>[\<^bold>\\<^bold>]" --"\<^isub>'If we were to prove the first two conjectures in the above example, then the resulting theorems would be the same, as shown by the output of \<^isub>*thm\<^isub>*. (Example \lkzv08a\ also shows how free variables and \ quantified variables are tied together by means of schematic variables.) As shown by Example \lkzv08a\, free variables are quantified by \, and so I use the fact that because free variable Formula \lkzv39a\, shown here, \<^isub>\(\x. x \\<^isub>\ q\<^isub>1 \ x \\<^isub>\ q\<^isub>2) \ (q\<^isub>1 = q\<^isub>2),\<^isub>\ \lkzv39a\ is equivalent to Formula \lkzv39b\, \<^isub>\\q\<^isub>1.\q\<^isub>2.(\x. x \\<^isub>\ q\<^isub>1 \ x \\<^isub>\ q\<^isub>2) \ (q\<^isub>1 = q\<^isub>2),\<^isub>\ \lkzv39b\ then it is equivalent to this fully quantified Formula \lkzv39c\, \<^isub>\\q\<^isub>1.\q\<^isub>2.(\x. x \\<^isub>\ q\<^isub>1 \ x \\<^isub>\ q\<^isub>2) \ (q\<^isub>1 = q\<^isub>2).\<^isub>\