const In : set set prop term iIn = In infix iIn 2000 2000 term Subq = \x:set.\y:set.!z:set.z iIn x -> z iIn y term TransSet = \x:set.!y:set.y iIn x -> Subq y x const SNo : set prop const mul_SNo : set set set term * = mul_SNo infix * 2291 2290 axiom SNo_mul_SNo: !x:set.!y:set.SNo x -> SNo y -> SNo (x * y) const add_SNo : set set set term + = add_SNo infix + 2281 2280 axiom SNo_add_SNo: !x:set.!y:set.SNo x -> SNo y -> SNo (x + y) const SNoLt : set set prop term < = SNoLt infix < 2020 2020 const SNoLe : set set prop term <= = SNoLe infix <= 2020 2020 axiom SNoLtLe_or: !x:set.!y:set.SNo x -> SNo y -> x < y | y <= x const SNoR : set set const SNoLev : set set axiom SNoR_E: !x:set.SNo x -> !y:set.y iIn SNoR x -> !P:prop.(SNo y -> SNoLev y iIn SNoLev x -> x < y -> P) -> P const SNoL : set set axiom SNoL_E: !x:set.SNo x -> !y:set.y iIn SNoL x -> !P:prop.(SNo y -> SNoLev y iIn SNoLev x -> y < x -> P) -> P axiom dneg: !P:prop.~ ~ P -> P const SNoS_ : set set axiom SNoLev_ind: !p:set prop.(!x:set.SNo x -> (!y:set.y iIn SNoS_ (SNoLev x) -> p y) -> p x) -> !x:set.SNo x -> p x lemma !x:set.!y:set.SNo x -> SNo y -> SNo (x * y) -> (!z:set.SNo z -> SNoLev z iIn SNoLev (x * y) -> x * y < z -> (?w:set.w iIn SNoL x & ?u:set.u iIn SNoR y & (w * y + x * u) <= z + w * u) | ?w:set.w iIn SNoR x & ?u:set.u iIn SNoL y & (w * y + x * u) <= z + w * u) -> !z:set.z iIn SNoR (x * y) -> (?w:set.w iIn SNoL x & ?u:set.u iIn SNoR y & (w * y + x * u) <= z + w * u) | ?w:set.w iIn SNoR x & ?u:set.u iIn SNoL y & (w * y + x * u) <= z + w * u lemma !x:set.!y:set.!z:set.SNo x -> SNo y -> SNo (x * y) -> SNo z -> (!w:set.w iIn SNoS_ (SNoLev z) -> SNoLev w iIn SNoLev (x * y) -> x * y < w -> (?u:set.u iIn SNoL x & ?v:set.v iIn SNoR y & (u * y + x * v) <= w + u * v) | ?u:set.u iIn SNoR x & ?v:set.v iIn SNoL y & (u * y + x * v) <= w + u * v) -> SNoLev z iIn SNoLev (x * y) -> x * y < z -> ~ ((?w:set.w iIn SNoL x & ?u:set.u iIn SNoR y & (w * y + x * u) <= z + w * u) | ?w:set.w iIn SNoR x & ?u:set.u iIn SNoL y & (w * y + x * u) <= z + w * u) -> ~ !w:set.w iIn SNoL x -> !u:set.u iIn SNoR y -> (z + w * u) < w * y + x * u var x:set var y:set hyp SNo x hyp SNo y claim SNo (x * y) -> !z:set.z iIn SNoR (x * y) -> (?w:set.w iIn SNoL x & ?u:set.u iIn SNoR y & (w * y + x * u) <= z + w * u) | ?w:set.w iIn SNoR x & ?u:set.u iIn SNoL y & (w * y + x * u) <= z + w * u