const In : set set prop term iIn = In infix iIn 2000 2000 term Subq = \x:set.\y:set.!z:set.z iIn x -> z iIn y const binunion : set set set const Repl : set (set set) set const Sing : set set term SetAdjoin = \x:set.\y:set.binunion x (Sing y) const Empty : set const ordsucc : set set term eps_ = \x:set.binunion (Sing Empty) (Repl x \y:set.SetAdjoin (ordsucc y) (Sing (ordsucc Empty))) term SNoElts_ = \x:set.binunion x (Repl x \y:set.SetAdjoin y (Sing (ordsucc Empty))) term nIn = \x:set.\y:set.~ x iIn y term SNo_ = \x:set.\y:set.Subq y (SNoElts_ x) & !z:set.z iIn x -> ~(SetAdjoin z (Sing (ordsucc Empty)) iIn y <-> z iIn y) term SNoElts_ = \x:set.binunion x (Repl x \y:set.SetAdjoin y (Sing (ordsucc Empty))) term SNo_ = \x:set.\y:set.Subq y (SNoElts_ x) & !z:set.z iIn x -> ~(SetAdjoin z (Sing (ordsucc Empty)) iIn y <-> z iIn y) const nat_p : set prop lemma !x:set.!y:set.!z:set.nat_p x -> y iIn ordsucc x -> nat_p z -> y = ordsucc z -> nat_p y -> ordsucc z iIn ordsucc x -> ~(SetAdjoin y (Sing (ordsucc Empty)) iIn eps_ x <-> y iIn eps_ x) var x:set var y:set var z:set hyp nat_p x hyp y iIn ordsucc x hyp nat_p z hyp y = ordsucc z claim nat_p y -> ~(SetAdjoin y (Sing (ordsucc Empty)) iIn eps_ x <-> y iIn eps_ x)