const In : set set prop term iIn = In infix iIn 2000 2000 term Subq = \x:set.\y:set.!z:set.z iIn x -> z iIn y const binunion : set set set const Repl : set (set set) set const Sing : set set term SetAdjoin = \x:set.\y:set.binunion x (Sing y) const Empty : set const ordsucc : set set term eps_ = \x:set.binunion (Sing Empty) (Repl x \y:set.SetAdjoin (ordsucc y) (Sing (ordsucc Empty))) term SNoElts_ = \x:set.binunion x (Repl x \y:set.SetAdjoin y (Sing (ordsucc Empty))) term nIn = \x:set.\y:set.~ x iIn y term SNo_ = \x:set.\y:set.Subq y (SNoElts_ x) & !z:set.z iIn x -> ~(SetAdjoin z (Sing (ordsucc Empty)) iIn y <-> z iIn y) term SNoElts_ = \x:set.binunion x (Repl x \y:set.SetAdjoin y (Sing (ordsucc Empty))) term SNo_ = \x:set.\y:set.Subq y (SNoElts_ x) & !z:set.z iIn x -> ~(SetAdjoin z (Sing (ordsucc Empty)) iIn y <-> z iIn y) axiom ordsuccI2: !x:set.x iIn ordsucc x const nat_p : set prop axiom nat_trans: !x:set.nat_p x -> !y:set.y iIn x -> Subq y x axiom ordsuccE: !x:set.!y:set.y iIn ordsucc x -> y iIn x | y = x lemma !x:set.!y:set.!z:set.nat_p x -> nat_p z -> y = ordsucc z -> nat_p y -> ordsucc z iIn ordsucc x -> z iIn x -> ~(SetAdjoin y (Sing (ordsucc Empty)) iIn eps_ x <-> y iIn eps_ x) var x:set var y:set var z:set hyp nat_p x hyp y iIn ordsucc x hyp nat_p z hyp y = ordsucc z hyp nat_p y claim ordsucc z iIn ordsucc x -> ~(SetAdjoin y (Sing (ordsucc Empty)) iIn eps_ x <-> y iIn eps_ x)