const In : set set prop term iIn = In infix iIn 2000 2000 term Subq = \x:set.\y:set.!z:set.z iIn x -> z iIn y term TransSet = \x:set.!y:set.y iIn x -> Subq y x const SNo : set prop const mul_SNo : set set set term * = mul_SNo infix * 2291 2290 axiom SNo_mul_SNo: !x:set.!y:set.SNo x -> SNo y -> SNo (x * y) const add_SNo : set set set term + = add_SNo infix + 2281 2280 axiom SNo_add_SNo: !x:set.!y:set.SNo x -> SNo y -> SNo (x + y) const SNoLt : set set prop term < = SNoLt infix < 2020 2020 const SNoLe : set set prop term <= = SNoLe infix <= 2020 2020 axiom SNoLtLe_or: !x:set.!y:set.SNo x -> SNo y -> x < y | y <= x const SNoL : set set const SNoLev : set set axiom SNoL_E: !x:set.SNo x -> !y:set.y iIn SNoL x -> !P:prop.(SNo y -> SNoLev y iIn SNoLev x -> y < x -> P) -> P axiom dneg: !P:prop.~ ~ P -> P const SNoS_ : set set axiom SNoLev_ind: !p:set prop.(!x:set.SNo x -> (!y:set.y iIn SNoS_ (SNoLev x) -> p y) -> p x) -> !x:set.SNo x -> p x const SNoR : set set lemma !x:set.!y:set.SNo x -> SNo y -> SNo (x * y) -> (!z:set.SNo z -> SNoLev z iIn SNoLev (x * y) -> z < x * y -> (?w:set.w iIn SNoL x & ?u:set.u iIn SNoL y & (z + w * u) <= w * y + x * u) | ?w:set.w iIn SNoR x & ?u:set.u iIn SNoR y & (z + w * u) <= w * y + x * u) -> !z:set.z iIn SNoL (x * y) -> (?w:set.w iIn SNoL x & ?u:set.u iIn SNoL y & (z + w * u) <= w * y + x * u) | ?w:set.w iIn SNoR x & ?u:set.u iIn SNoR y & (z + w * u) <= w * y + x * u lemma !x:set.!y:set.!z:set.SNo x -> SNo y -> SNo (x * y) -> SNo z -> (!w:set.w iIn SNoS_ (SNoLev z) -> SNoLev w iIn SNoLev (x * y) -> w < x * y -> (?u:set.u iIn SNoL x & ?v:set.v iIn SNoL y & (w + u * v) <= u * y + x * v) | ?u:set.u iIn SNoR x & ?v:set.v iIn SNoR y & (w + u * v) <= u * y + x * v) -> SNoLev z iIn SNoLev (x * y) -> z < x * y -> ~ ((?w:set.w iIn SNoL x & ?u:set.u iIn SNoL y & (z + w * u) <= w * y + x * u) | ?w:set.w iIn SNoR x & ?u:set.u iIn SNoR y & (z + w * u) <= w * y + x * u) -> ~ !w:set.w iIn SNoL x -> !u:set.u iIn SNoL y -> (w * y + x * u) < z + w * u var x:set var y:set hyp SNo x hyp SNo y claim SNo (x * y) -> !z:set.z iIn SNoL (x * y) -> (?w:set.w iIn SNoL x & ?u:set.u iIn SNoL y & (z + w * u) <= w * y + x * u) | ?w:set.w iIn SNoR x & ?u:set.u iIn SNoR y & (z + w * u) <= w * y + x * u