const In : set set prop term iIn = In infix iIn 2000 2000 term Subq = \x:set.\y:set.!z:set.z iIn x -> z iIn y const binunion : set set set const Repl : set (set set) set const Sing : set set term SetAdjoin = \x:set.\y:set.binunion x (Sing y) const Empty : set const ordsucc : set set term eps_ = \x:set.binunion (Sing Empty) (Repl x \y:set.SetAdjoin (ordsucc y) (Sing (ordsucc Empty))) term SNoElts_ = \x:set.binunion x (Repl x \y:set.SetAdjoin y (Sing (ordsucc Empty))) term nIn = \x:set.\y:set.~ x iIn y term SNo_ = \x:set.\y:set.Subq y (SNoElts_ x) & !z:set.z iIn x -> ~(SetAdjoin z (Sing (ordsucc Empty)) iIn y <-> z iIn y) term SNoElts_ = \x:set.binunion x (Repl x \y:set.SetAdjoin y (Sing (ordsucc Empty))) term SNo_ = \x:set.\y:set.Subq y (SNoElts_ x) & !z:set.z iIn x -> ~(SetAdjoin z (Sing (ordsucc Empty)) iIn y <-> z iIn y) const nat_p : set prop axiom nat_0_in_ordsucc: !x:set.nat_p x -> Empty iIn ordsucc x axiom binunionI1: !x:set.!y:set.!z:set.z iIn x -> z iIn binunion x y axiom SingE: !x:set.!y:set.y iIn Sing x -> y = x axiom nat_ordsucc_in_ordsucc: !x:set.nat_p x -> !y:set.y iIn x -> ordsucc y iIn ordsucc x axiom ReplI: !x:set.!f:set set.!y:set.y iIn x -> f y iIn Repl x f axiom binunionI2: !x:set.!y:set.!z:set.z iIn y -> z iIn binunion x y axiom ReplE_impred: !x:set.!f:set set.!y:set.y iIn Repl x f -> !P:prop.(!z:set.z iIn x -> y = f z -> P) -> P axiom binunionE: !x:set.!y:set.!z:set.z iIn binunion x y -> z iIn x | z iIn y axiom nat_ordsucc: !x:set.nat_p x -> nat_p (ordsucc x) axiom nat_p_trans: !x:set.nat_p x -> !y:set.y iIn x -> nat_p y lemma !x:set.!y:set.nat_p x -> y iIn ordsucc x -> nat_p y -> ~(SetAdjoin y (Sing (ordsucc Empty)) iIn eps_ x <-> y iIn eps_ x) const omega : set var x:set hyp x iIn omega claim nat_p x -> Subq (eps_ x) (SNoElts_ (ordsucc x)) & !y:set.y iIn ordsucc x -> ~(SetAdjoin y (Sing (ordsucc Empty)) iIn eps_ x <-> y iIn eps_ x)