:: MODELC_1 semantic presentation begin Lm1: for m, n, k being Nat st m < n & n <= k + 1 holds m <= k proof let m, n, k be Nat; ::_thesis: ( m < n & n <= k + 1 implies m <= k ) assume that A1: m < n and A2: n <= k + 1 ; ::_thesis: m <= k m + 1 <= n by A1, NAT_1:13; then m + 1 <= k + 1 by A2, XXREAL_0:2; hence m <= k by XREAL_1:6; ::_thesis: verum end; definition let x, S be set ; let a be Element of S; func k_id (x,S,a) -> Element of S equals :Def1: :: MODELC_1:def 1 x if x in S otherwise a; correctness coherence ( ( x in S implies x is Element of S ) & ( not x in S implies a is Element of S ) ); consistency for b1 being Element of S holds verum; ; end; :: deftheorem Def1 defines k_id MODELC_1:def_1_:_ for x, S being set for a being Element of S holds ( ( x in S implies k_id (x,S,a) = x ) & ( not x in S implies k_id (x,S,a) = a ) ); definition let x be set ; func k_nat x -> Element of NAT equals :Def2: :: MODELC_1:def 2 x if x in NAT otherwise 0 ; correctness coherence ( ( x in NAT implies x is Element of NAT ) & ( not x in NAT implies 0 is Element of NAT ) ); consistency for b1 being Element of NAT holds verum; ; end; :: deftheorem Def2 defines k_nat MODELC_1:def_2_:_ for x being set holds ( ( x in NAT implies k_nat x = x ) & ( not x in NAT implies k_nat x = 0 ) ); definition let f be Function; let x, a be set ; func UnivF (x,f,a) -> set equals :Def3: :: MODELC_1:def 3 f . x if x in dom f otherwise a; correctness coherence ( ( x in dom f implies f . x is set ) & ( not x in dom f implies a is set ) ); consistency for b1 being set holds verum; ; end; :: deftheorem Def3 defines UnivF MODELC_1:def_3_:_ for f being Function for x, a being set holds ( ( x in dom f implies UnivF (x,f,a) = f . x ) & ( not x in dom f implies UnivF (x,f,a) = a ) ); definition let a be set ; func Castboolean a -> boolean set equals :Def4: :: MODELC_1:def 4 a if a is boolean set otherwise FALSE ; correctness coherence ( ( a is boolean set implies a is boolean set ) & ( a is not boolean set implies FALSE is boolean set ) ); consistency for b1 being boolean set holds verum; ; end; :: deftheorem Def4 defines Castboolean MODELC_1:def_4_:_ for a being set holds ( ( a is boolean set implies Castboolean a = a ) & ( a is not boolean set implies Castboolean a = FALSE ) ); definition let X, a be set ; func CastBool (a,X) -> Subset of X equals :Def5: :: MODELC_1:def 5 a if a c= X otherwise {} ; correctness coherence ( ( a c= X implies a is Subset of X ) & ( not a c= X implies {} is Subset of X ) ); consistency for b1 being Subset of X holds verum; by XBOOLE_1:2; end; :: deftheorem Def5 defines CastBool MODELC_1:def_5_:_ for X, a being set holds ( ( a c= X implies CastBool (a,X) = a ) & ( not a c= X implies CastBool (a,X) = {} ) ); definition let n be Element of NAT ; func atom. n -> FinSequence of NAT equals :: MODELC_1:def 6 <*(5 + n)*>; coherence <*(5 + n)*> is FinSequence of NAT ; end; :: deftheorem defines atom. MODELC_1:def_6_:_ for n being Element of NAT holds atom. n = <*(5 + n)*>; definition let p be FinSequence of NAT ; func 'not' p -> FinSequence of NAT equals :: MODELC_1:def 7 <*0*> ^ p; coherence <*0*> ^ p is FinSequence of NAT ; let q be FinSequence of NAT ; funcp '&' q -> FinSequence of NAT equals :: MODELC_1:def 8 (<*1*> ^ p) ^ q; coherence (<*1*> ^ p) ^ q is FinSequence of NAT ; end; :: deftheorem defines 'not' MODELC_1:def_7_:_ for p being FinSequence of NAT holds 'not' p = <*0*> ^ p; :: deftheorem defines '&' MODELC_1:def_8_:_ for p, q being FinSequence of NAT holds p '&' q = (<*1*> ^ p) ^ q; definition let p be FinSequence of NAT ; func EX p -> FinSequence of NAT equals :: MODELC_1:def 9 <*2*> ^ p; coherence <*2*> ^ p is FinSequence of NAT ; func EG p -> FinSequence of NAT equals :: MODELC_1:def 10 <*3*> ^ p; coherence <*3*> ^ p is FinSequence of NAT ; let q be FinSequence of NAT ; funcp EU q -> FinSequence of NAT equals :: MODELC_1:def 11 (<*4*> ^ p) ^ q; coherence (<*4*> ^ p) ^ q is FinSequence of NAT ; end; :: deftheorem defines EX MODELC_1:def_9_:_ for p being FinSequence of NAT holds EX p = <*2*> ^ p; :: deftheorem defines EG MODELC_1:def_10_:_ for p being FinSequence of NAT holds EG p = <*3*> ^ p; :: deftheorem defines EU MODELC_1:def_11_:_ for p, q being FinSequence of NAT holds p EU q = (<*4*> ^ p) ^ q; Lm2: for n being Element of NAT for p, q being FinSequence of NAT holds len ((<*n*> ^ p) ^ q) = (1 + (len p)) + (len q) proof let n be Element of NAT ; ::_thesis: for p, q being FinSequence of NAT holds len ((<*n*> ^ p) ^ q) = (1 + (len p)) + (len q) let p, q be FinSequence of NAT ; ::_thesis: len ((<*n*> ^ p) ^ q) = (1 + (len p)) + (len q) len (p ^ q) = (len p) + (len q) by FINSEQ_1:22; then A1: (len <*n*>) + (len (p ^ q)) = ((len <*n*>) + (len p)) + (len q) ; len ((<*n*> ^ p) ^ q) = len (<*n*> ^ (p ^ q)) by FINSEQ_1:32 .= (len <*n*>) + (len (p ^ q)) by FINSEQ_1:22 ; hence len ((<*n*> ^ p) ^ q) = (1 + (len p)) + (len q) by A1, FINSEQ_1:40; ::_thesis: verum end; definition func CTL_WFF -> non empty set means :Def12: :: MODELC_1:def 12 ( ( for a being set st a in it holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in it ) & ( for p being FinSequence of NAT st p in it holds 'not' p in it ) & ( for p, q being FinSequence of NAT st p in it & q in it holds p '&' q in it ) & ( for p being FinSequence of NAT st p in it holds EX p in it ) & ( for p being FinSequence of NAT st p in it holds EG p in it ) & ( for p, q being FinSequence of NAT st p in it & q in it holds p EU q in it ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p being FinSequence of NAT st p in D holds EX p in D ) & ( for p being FinSequence of NAT st p in D holds EG p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p EU q in D ) holds it c= D ) ); existence ex b1 being non empty set st ( ( for a being set st a in b1 holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in b1 ) & ( for p being FinSequence of NAT st p in b1 holds 'not' p in b1 ) & ( for p, q being FinSequence of NAT st p in b1 & q in b1 holds p '&' q in b1 ) & ( for p being FinSequence of NAT st p in b1 holds EX p in b1 ) & ( for p being FinSequence of NAT st p in b1 holds EG p in b1 ) & ( for p, q being FinSequence of NAT st p in b1 & q in b1 holds p EU q in b1 ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p being FinSequence of NAT st p in D holds EX p in D ) & ( for p being FinSequence of NAT st p in D holds EG p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p EU q in D ) holds b1 c= D ) ) proof defpred S1[ set ] means ( ( for a being set st a in $1 holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in $1 ) & ( for p being FinSequence of NAT st p in $1 holds 'not' p in $1 ) & ( for p, q being FinSequence of NAT st p in $1 & q in $1 holds p '&' q in $1 ) & ( for p being FinSequence of NAT st p in $1 holds EX p in $1 ) & ( for p being FinSequence of NAT st p in $1 holds EG p in $1 ) & ( for p, q being FinSequence of NAT st p in $1 & q in $1 holds p EU q in $1 ) ); defpred S2[ set ] means for D being non empty set st S1[D] holds $1 in D; consider Y being set such that A1: for a being set holds ( a in Y iff ( a in NAT * & S2[a] ) ) from XBOOLE_0:sch_1(); now__::_thesis:_ex_b_being_FinSequence_of_NAT_st_b_in_Y set a = atom. 0; A2: for D being non empty set st S1[D] holds atom. 0 in D ; take b = atom. 0; ::_thesis: b in Y atom. 0 in NAT * by FINSEQ_1:def_11; hence b in Y by A1, A2; ::_thesis: verum end; then reconsider Y = Y as non empty set ; take Y ; ::_thesis: ( ( for a being set st a in Y holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in Y ) & ( for p being FinSequence of NAT st p in Y holds 'not' p in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p '&' q in Y ) & ( for p being FinSequence of NAT st p in Y holds EX p in Y ) & ( for p being FinSequence of NAT st p in Y holds EG p in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p EU q in Y ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p being FinSequence of NAT st p in D holds EX p in D ) & ( for p being FinSequence of NAT st p in D holds EG p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p EU q in D ) holds Y c= D ) ) thus for a being set st a in Y holds a is FinSequence of NAT ::_thesis: ( ( for n being Element of NAT holds atom. n in Y ) & ( for p being FinSequence of NAT st p in Y holds 'not' p in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p '&' q in Y ) & ( for p being FinSequence of NAT st p in Y holds EX p in Y ) & ( for p being FinSequence of NAT st p in Y holds EG p in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p EU q in Y ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p being FinSequence of NAT st p in D holds EX p in D ) & ( for p being FinSequence of NAT st p in D holds EG p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p EU q in D ) holds Y c= D ) ) proof let a be set ; ::_thesis: ( a in Y implies a is FinSequence of NAT ) assume a in Y ; ::_thesis: a is FinSequence of NAT then a in NAT * by A1; hence a is FinSequence of NAT by FINSEQ_1:def_11; ::_thesis: verum end; thus for n being Element of NAT holds atom. n in Y ::_thesis: ( ( for p being FinSequence of NAT st p in Y holds 'not' p in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p '&' q in Y ) & ( for p being FinSequence of NAT st p in Y holds EX p in Y ) & ( for p being FinSequence of NAT st p in Y holds EG p in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p EU q in Y ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p being FinSequence of NAT st p in D holds EX p in D ) & ( for p being FinSequence of NAT st p in D holds EG p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p EU q in D ) holds Y c= D ) ) proof let n be Element of NAT ; ::_thesis: atom. n in Y A3: for D being non empty set st S1[D] holds atom. n in D ; atom. n in NAT * by FINSEQ_1:def_11; hence atom. n in Y by A1, A3; ::_thesis: verum end; thus for p being FinSequence of NAT st p in Y holds 'not' p in Y ::_thesis: ( ( for p, q being FinSequence of NAT st p in Y & q in Y holds p '&' q in Y ) & ( for p being FinSequence of NAT st p in Y holds EX p in Y ) & ( for p being FinSequence of NAT st p in Y holds EG p in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p EU q in Y ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p being FinSequence of NAT st p in D holds EX p in D ) & ( for p being FinSequence of NAT st p in D holds EG p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p EU q in D ) holds Y c= D ) ) proof let p be FinSequence of NAT ; ::_thesis: ( p in Y implies 'not' p in Y ) assume A4: p in Y ; ::_thesis: 'not' p in Y A5: for D being non empty set st S1[D] holds 'not' p in D proof let D be non empty set ; ::_thesis: ( S1[D] implies 'not' p in D ) assume A6: S1[D] ; ::_thesis: 'not' p in D then p in D by A1, A4; hence 'not' p in D by A6; ::_thesis: verum end; 'not' p in NAT * by FINSEQ_1:def_11; hence 'not' p in Y by A1, A5; ::_thesis: verum end; thus for q, p being FinSequence of NAT st q in Y & p in Y holds q '&' p in Y ::_thesis: ( ( for p being FinSequence of NAT st p in Y holds EX p in Y ) & ( for p being FinSequence of NAT st p in Y holds EG p in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p EU q in Y ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p being FinSequence of NAT st p in D holds EX p in D ) & ( for p being FinSequence of NAT st p in D holds EG p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p EU q in D ) holds Y c= D ) ) proof let q, p be FinSequence of NAT ; ::_thesis: ( q in Y & p in Y implies q '&' p in Y ) assume that A7: q in Y and A8: p in Y ; ::_thesis: q '&' p in Y A9: for D being non empty set st S1[D] holds q '&' p in D proof let D be non empty set ; ::_thesis: ( S1[D] implies q '&' p in D ) assume A10: S1[D] ; ::_thesis: q '&' p in D then A11: q in D by A1, A7; p in D by A1, A8, A10; hence q '&' p in D by A10, A11; ::_thesis: verum end; q '&' p in NAT * by FINSEQ_1:def_11; hence q '&' p in Y by A1, A9; ::_thesis: verum end; thus for p being FinSequence of NAT st p in Y holds EX p in Y ::_thesis: ( ( for p being FinSequence of NAT st p in Y holds EG p in Y ) & ( for p, q being FinSequence of NAT st p in Y & q in Y holds p EU q in Y ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p being FinSequence of NAT st p in D holds EX p in D ) & ( for p being FinSequence of NAT st p in D holds EG p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p EU q in D ) holds Y c= D ) ) proof let p be FinSequence of NAT ; ::_thesis: ( p in Y implies EX p in Y ) assume A12: p in Y ; ::_thesis: EX p in Y A13: for D being non empty set st S1[D] holds EX p in D proof let D be non empty set ; ::_thesis: ( S1[D] implies EX p in D ) assume A14: S1[D] ; ::_thesis: EX p in D then p in D by A1, A12; hence EX p in D by A14; ::_thesis: verum end; EX p in NAT * by FINSEQ_1:def_11; hence EX p in Y by A1, A13; ::_thesis: verum end; thus for p being FinSequence of NAT st p in Y holds EG p in Y ::_thesis: ( ( for p, q being FinSequence of NAT st p in Y & q in Y holds p EU q in Y ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p being FinSequence of NAT st p in D holds EX p in D ) & ( for p being FinSequence of NAT st p in D holds EG p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p EU q in D ) holds Y c= D ) ) proof let p be FinSequence of NAT ; ::_thesis: ( p in Y implies EG p in Y ) assume A15: p in Y ; ::_thesis: EG p in Y A16: for D being non empty set st S1[D] holds EG p in D proof let D be non empty set ; ::_thesis: ( S1[D] implies EG p in D ) assume A17: S1[D] ; ::_thesis: EG p in D then p in D by A1, A15; hence EG p in D by A17; ::_thesis: verum end; EG p in NAT * by FINSEQ_1:def_11; hence EG p in Y by A1, A16; ::_thesis: verum end; thus for q, p being FinSequence of NAT st q in Y & p in Y holds q EU p in Y ::_thesis: for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p being FinSequence of NAT st p in D holds EX p in D ) & ( for p being FinSequence of NAT st p in D holds EG p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p EU q in D ) holds Y c= D proof let q, p be FinSequence of NAT ; ::_thesis: ( q in Y & p in Y implies q EU p in Y ) assume that A18: q in Y and A19: p in Y ; ::_thesis: q EU p in Y A20: for D being non empty set st S1[D] holds q EU p in D proof let D be non empty set ; ::_thesis: ( S1[D] implies q EU p in D ) assume A21: S1[D] ; ::_thesis: q EU p in D then A22: q in D by A1, A18; p in D by A1, A19, A21; hence q EU p in D by A21, A22; ::_thesis: verum end; q EU p in NAT * by FINSEQ_1:def_11; hence q EU p in Y by A1, A20; ::_thesis: verum end; let D be non empty set ; ::_thesis: ( ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p being FinSequence of NAT st p in D holds EX p in D ) & ( for p being FinSequence of NAT st p in D holds EG p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p EU q in D ) implies Y c= D ) assume A23: S1[D] ; ::_thesis: Y c= D let a be set ; :: according to TARSKI:def_3 ::_thesis: ( not a in Y or a in D ) assume a in Y ; ::_thesis: a in D hence a in D by A1, A23; ::_thesis: verum end; uniqueness for b1, b2 being non empty set st ( for a being set st a in b1 holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in b1 ) & ( for p being FinSequence of NAT st p in b1 holds 'not' p in b1 ) & ( for p, q being FinSequence of NAT st p in b1 & q in b1 holds p '&' q in b1 ) & ( for p being FinSequence of NAT st p in b1 holds EX p in b1 ) & ( for p being FinSequence of NAT st p in b1 holds EG p in b1 ) & ( for p, q being FinSequence of NAT st p in b1 & q in b1 holds p EU q in b1 ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p being FinSequence of NAT st p in D holds EX p in D ) & ( for p being FinSequence of NAT st p in D holds EG p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p EU q in D ) holds b1 c= D ) & ( for a being set st a in b2 holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in b2 ) & ( for p being FinSequence of NAT st p in b2 holds 'not' p in b2 ) & ( for p, q being FinSequence of NAT st p in b2 & q in b2 holds p '&' q in b2 ) & ( for p being FinSequence of NAT st p in b2 holds EX p in b2 ) & ( for p being FinSequence of NAT st p in b2 holds EG p in b2 ) & ( for p, q being FinSequence of NAT st p in b2 & q in b2 holds p EU q in b2 ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p being FinSequence of NAT st p in D holds EX p in D ) & ( for p being FinSequence of NAT st p in D holds EG p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p EU q in D ) holds b2 c= D ) holds b1 = b2 proof let D1, D2 be non empty set ; ::_thesis: ( ( for a being set st a in D1 holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in D1 ) & ( for p being FinSequence of NAT st p in D1 holds 'not' p in D1 ) & ( for p, q being FinSequence of NAT st p in D1 & q in D1 holds p '&' q in D1 ) & ( for p being FinSequence of NAT st p in D1 holds EX p in D1 ) & ( for p being FinSequence of NAT st p in D1 holds EG p in D1 ) & ( for p, q being FinSequence of NAT st p in D1 & q in D1 holds p EU q in D1 ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p being FinSequence of NAT st p in D holds EX p in D ) & ( for p being FinSequence of NAT st p in D holds EG p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p EU q in D ) holds D1 c= D ) & ( for a being set st a in D2 holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in D2 ) & ( for p being FinSequence of NAT st p in D2 holds 'not' p in D2 ) & ( for p, q being FinSequence of NAT st p in D2 & q in D2 holds p '&' q in D2 ) & ( for p being FinSequence of NAT st p in D2 holds EX p in D2 ) & ( for p being FinSequence of NAT st p in D2 holds EG p in D2 ) & ( for p, q being FinSequence of NAT st p in D2 & q in D2 holds p EU q in D2 ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p being FinSequence of NAT st p in D holds EX p in D ) & ( for p being FinSequence of NAT st p in D holds EG p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p EU q in D ) holds D2 c= D ) implies D1 = D2 ) assume that A24: for a being set st a in D1 holds a is FinSequence of NAT and A25: for n being Element of NAT holds atom. n in D1 and A26: for p being FinSequence of NAT st p in D1 holds 'not' p in D1 and A27: for p, q being FinSequence of NAT st p in D1 & q in D1 holds p '&' q in D1 and A28: for p being FinSequence of NAT st p in D1 holds EX p in D1 and A29: for p being FinSequence of NAT st p in D1 holds EG p in D1 and A30: for p, q being FinSequence of NAT st p in D1 & q in D1 holds p EU q in D1 and A31: for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p being FinSequence of NAT st p in D holds EX p in D ) & ( for p being FinSequence of NAT st p in D holds EG p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p EU q in D ) holds D1 c= D and A32: for a being set st a in D2 holds a is FinSequence of NAT and A33: for n being Element of NAT holds atom. n in D2 and A34: for p being FinSequence of NAT st p in D2 holds 'not' p in D2 and A35: for p, q being FinSequence of NAT st p in D2 & q in D2 holds p '&' q in D2 and A36: for p being FinSequence of NAT st p in D2 holds EX p in D2 and A37: for p being FinSequence of NAT st p in D2 holds EG p in D2 and A38: for p, q being FinSequence of NAT st p in D2 & q in D2 holds p EU q in D2 and A39: for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p being FinSequence of NAT st p in D holds EX p in D ) & ( for p being FinSequence of NAT st p in D holds EG p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p EU q in D ) holds D2 c= D ; ::_thesis: D1 = D2 A40: D2 c= D1 by A24, A25, A26, A27, A28, A29, A30, A39; D1 c= D2 by A31, A32, A33, A34, A35, A36, A37, A38; hence D1 = D2 by A40, XBOOLE_0:def_10; ::_thesis: verum end; end; :: deftheorem Def12 defines CTL_WFF MODELC_1:def_12_:_ for b1 being non empty set holds ( b1 = CTL_WFF iff ( ( for a being set st a in b1 holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in b1 ) & ( for p being FinSequence of NAT st p in b1 holds 'not' p in b1 ) & ( for p, q being FinSequence of NAT st p in b1 & q in b1 holds p '&' q in b1 ) & ( for p being FinSequence of NAT st p in b1 holds EX p in b1 ) & ( for p being FinSequence of NAT st p in b1 holds EG p in b1 ) & ( for p, q being FinSequence of NAT st p in b1 & q in b1 holds p EU q in b1 ) & ( for D being non empty set st ( for a being set st a in D holds a is FinSequence of NAT ) & ( for n being Element of NAT holds atom. n in D ) & ( for p being FinSequence of NAT st p in D holds 'not' p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p '&' q in D ) & ( for p being FinSequence of NAT st p in D holds EX p in D ) & ( for p being FinSequence of NAT st p in D holds EG p in D ) & ( for p, q being FinSequence of NAT st p in D & q in D holds p EU q in D ) holds b1 c= D ) ) ); definition let IT be FinSequence of NAT ; attrIT is CTL-formula-like means :Def13: :: MODELC_1:def 13 IT is Element of CTL_WFF ; end; :: deftheorem Def13 defines CTL-formula-like MODELC_1:def_13_:_ for IT being FinSequence of NAT holds ( IT is CTL-formula-like iff IT is Element of CTL_WFF ); registration cluster Relation-like NAT -defined NAT -valued Function-like FinSequence-like CTL-formula-like for FinSequence of NAT ; existence ex b1 being FinSequence of NAT st b1 is CTL-formula-like proof set x = the Element of CTL_WFF ; reconsider x = the Element of CTL_WFF as FinSequence of NAT by Def12; take x ; ::_thesis: x is CTL-formula-like thus x is Element of CTL_WFF ; :: according to MODELC_1:def_13 ::_thesis: verum end; end; definition mode CTL-formula is CTL-formula-like FinSequence of NAT ; end; theorem Th1: :: MODELC_1:1 for a being set holds ( a is CTL-formula iff a in CTL_WFF ) proof let a be set ; ::_thesis: ( a is CTL-formula iff a in CTL_WFF ) thus ( a is CTL-formula implies a in CTL_WFF ) ::_thesis: ( a in CTL_WFF implies a is CTL-formula ) proof assume a is CTL-formula ; ::_thesis: a in CTL_WFF then a is Element of CTL_WFF by Def13; hence a in CTL_WFF ; ::_thesis: verum end; assume a in CTL_WFF ; ::_thesis: a is CTL-formula hence a is CTL-formula by Def12, Def13; ::_thesis: verum end; registration let n be Element of NAT ; cluster atom. n -> CTL-formula-like ; coherence atom. n is CTL-formula-like proof atom. n is Element of CTL_WFF by Def12; hence atom. n is CTL-formula-like by Def13; ::_thesis: verum end; end; registration let H be CTL-formula; cluster 'not' H -> CTL-formula-like ; coherence 'not' H is CTL-formula-like proof H is Element of CTL_WFF by Def13; then 'not' H is Element of CTL_WFF by Def12; hence 'not' H is CTL-formula-like by Def13; ::_thesis: verum end; cluster EX H -> CTL-formula-like ; coherence EX H is CTL-formula-like proof H is Element of CTL_WFF by Def13; then EX H is Element of CTL_WFF by Def12; hence EX H is CTL-formula-like by Def13; ::_thesis: verum end; cluster EG H -> CTL-formula-like ; coherence EG H is CTL-formula-like proof H is Element of CTL_WFF by Def13; then EG H is Element of CTL_WFF by Def12; hence EG H is CTL-formula-like by Def13; ::_thesis: verum end; let G be CTL-formula; clusterH '&' G -> CTL-formula-like ; coherence H '&' G is CTL-formula-like proof A1: G is Element of CTL_WFF by Def13; H is Element of CTL_WFF by Def13; then H '&' G is Element of CTL_WFF by A1, Def12; hence H '&' G is CTL-formula-like by Def13; ::_thesis: verum end; clusterH EU G -> CTL-formula-like ; coherence H EU G is CTL-formula-like proof A2: G is Element of CTL_WFF by Def13; H is Element of CTL_WFF by Def13; then H EU G is Element of CTL_WFF by A2, Def12; hence H EU G is CTL-formula-like by Def13; ::_thesis: verum end; end; definition let H be CTL-formula; attrH is atomic means :Def14: :: MODELC_1:def 14 ex n being Element of NAT st H = atom. n; attrH is negative means :Def15: :: MODELC_1:def 15 ex H1 being CTL-formula st H = 'not' H1; attrH is conjunctive means :Def16: :: MODELC_1:def 16 ex F, G being CTL-formula st H = F '&' G; attrH is ExistNext means :Def17: :: MODELC_1:def 17 ex H1 being CTL-formula st H = EX H1; attrH is ExistGlobal means :Def18: :: MODELC_1:def 18 ex H1 being CTL-formula st H = EG H1; attrH is ExistUntill means :Def19: :: MODELC_1:def 19 ex F, G being CTL-formula st H = F EU G; end; :: deftheorem Def14 defines atomic MODELC_1:def_14_:_ for H being CTL-formula holds ( H is atomic iff ex n being Element of NAT st H = atom. n ); :: deftheorem Def15 defines negative MODELC_1:def_15_:_ for H being CTL-formula holds ( H is negative iff ex H1 being CTL-formula st H = 'not' H1 ); :: deftheorem Def16 defines conjunctive MODELC_1:def_16_:_ for H being CTL-formula holds ( H is conjunctive iff ex F, G being CTL-formula st H = F '&' G ); :: deftheorem Def17 defines ExistNext MODELC_1:def_17_:_ for H being CTL-formula holds ( H is ExistNext iff ex H1 being CTL-formula st H = EX H1 ); :: deftheorem Def18 defines ExistGlobal MODELC_1:def_18_:_ for H being CTL-formula holds ( H is ExistGlobal iff ex H1 being CTL-formula st H = EG H1 ); :: deftheorem Def19 defines ExistUntill MODELC_1:def_19_:_ for H being CTL-formula holds ( H is ExistUntill iff ex F, G being CTL-formula st H = F EU G ); definition let F, G be CTL-formula; funcF 'or' G -> CTL-formula equals :: MODELC_1:def 20 'not' (('not' F) '&' ('not' G)); coherence 'not' (('not' F) '&' ('not' G)) is CTL-formula ; end; :: deftheorem defines 'or' MODELC_1:def_20_:_ for F, G being CTL-formula holds F 'or' G = 'not' (('not' F) '&' ('not' G)); theorem Th2: :: MODELC_1:2 for H being CTL-formula holds ( H is atomic or H is negative or H is conjunctive or H is ExistNext or H is ExistGlobal or H is ExistUntill ) proof let H be CTL-formula; ::_thesis: ( H is atomic or H is negative or H is conjunctive or H is ExistNext or H is ExistGlobal or H is ExistUntill ) A1: H is Element of CTL_WFF by Def13; assume A2: ( not H is atomic & not H is negative & not H is conjunctive & not H is ExistNext & not H is ExistGlobal & not H is ExistUntill ) ; ::_thesis: contradiction then atom. 0 <> H by Def14; then A3: not atom. 0 in {H} by TARSKI:def_1; A4: now__::_thesis:_for_p_being_FinSequence_of_NAT_st_p_in_CTL_WFF_\_{H}_holds_ EG_p_in_CTL_WFF_\_{H} let p be FinSequence of NAT ; ::_thesis: ( p in CTL_WFF \ {H} implies EG p in CTL_WFF \ {H} ) assume A5: p in CTL_WFF \ {H} ; ::_thesis: EG p in CTL_WFF \ {H} then reconsider H1 = p as CTL-formula by Def13; EG H1 <> H by A2, Def18; then A6: not EG p in {H} by TARSKI:def_1; EG p in CTL_WFF by A5, Def12; hence EG p in CTL_WFF \ {H} by A6, XBOOLE_0:def_5; ::_thesis: verum end; A7: now__::_thesis:_for_p_being_FinSequence_of_NAT_st_p_in_CTL_WFF_\_{H}_holds_ EX_p_in_CTL_WFF_\_{H} let p be FinSequence of NAT ; ::_thesis: ( p in CTL_WFF \ {H} implies EX p in CTL_WFF \ {H} ) assume A8: p in CTL_WFF \ {H} ; ::_thesis: EX p in CTL_WFF \ {H} then reconsider H1 = p as CTL-formula by Def13; EX H1 <> H by A2, Def17; then A9: not EX p in {H} by TARSKI:def_1; EX p in CTL_WFF by A8, Def12; hence EX p in CTL_WFF \ {H} by A9, XBOOLE_0:def_5; ::_thesis: verum end; A10: now__::_thesis:_for_p,_q_being_FinSequence_of_NAT_st_p_in_CTL_WFF_\_{H}_&_q_in_CTL_WFF_\_{H}_holds_ p_'&'_q_in_CTL_WFF_\_{H} let p, q be FinSequence of NAT ; ::_thesis: ( p in CTL_WFF \ {H} & q in CTL_WFF \ {H} implies p '&' q in CTL_WFF \ {H} ) assume that A11: p in CTL_WFF \ {H} and A12: q in CTL_WFF \ {H} ; ::_thesis: p '&' q in CTL_WFF \ {H} reconsider F = p, G = q as CTL-formula by A11, A12, Def13; F '&' G <> H by A2, Def16; then A13: not p '&' q in {H} by TARSKI:def_1; p '&' q in CTL_WFF by A11, A12, Def12; hence p '&' q in CTL_WFF \ {H} by A13, XBOOLE_0:def_5; ::_thesis: verum end; A14: now__::_thesis:_for_p_being_FinSequence_of_NAT_st_p_in_CTL_WFF_\_{H}_holds_ 'not'_p_in_CTL_WFF_\_{H} let p be FinSequence of NAT ; ::_thesis: ( p in CTL_WFF \ {H} implies 'not' p in CTL_WFF \ {H} ) assume A15: p in CTL_WFF \ {H} ; ::_thesis: 'not' p in CTL_WFF \ {H} then reconsider H1 = p as CTL-formula by Def13; 'not' H1 <> H by A2, Def15; then A16: not 'not' p in {H} by TARSKI:def_1; 'not' p in CTL_WFF by A15, Def12; hence 'not' p in CTL_WFF \ {H} by A16, XBOOLE_0:def_5; ::_thesis: verum end; A17: now__::_thesis:_for_p,_q_being_FinSequence_of_NAT_st_p_in_CTL_WFF_\_{H}_&_q_in_CTL_WFF_\_{H}_holds_ p_EU_q_in_CTL_WFF_\_{H} let p, q be FinSequence of NAT ; ::_thesis: ( p in CTL_WFF \ {H} & q in CTL_WFF \ {H} implies p EU q in CTL_WFF \ {H} ) assume that A18: p in CTL_WFF \ {H} and A19: q in CTL_WFF \ {H} ; ::_thesis: p EU q in CTL_WFF \ {H} reconsider F = p, G = q as CTL-formula by A18, A19, Def13; F EU G <> H by A2, Def19; then A20: not p EU q in {H} by TARSKI:def_1; p EU q in CTL_WFF by A18, A19, Def12; hence p EU q in CTL_WFF \ {H} by A20, XBOOLE_0:def_5; ::_thesis: verum end; A21: now__::_thesis:_for_n_being_Element_of_NAT_holds_atom._n_in_CTL_WFF_\_{H} let n be Element of NAT ; ::_thesis: atom. n in CTL_WFF \ {H} atom. n <> H by A2, Def14; then A22: not atom. n in {H} by TARSKI:def_1; atom. n in CTL_WFF by Def12; hence atom. n in CTL_WFF \ {H} by A22, XBOOLE_0:def_5; ::_thesis: verum end; atom. 0 in CTL_WFF by Def12; then A23: not CTL_WFF \ {H} is empty by A3, XBOOLE_0:def_5; for a being set st a in CTL_WFF \ {H} holds a is FinSequence of NAT by Def12; then CTL_WFF c= CTL_WFF \ {H} by A23, A21, A14, A10, A7, A4, A17, Def12; then H in CTL_WFF \ {H} by A1, TARSKI:def_3; then not H in {H} by XBOOLE_0:def_5; hence contradiction by TARSKI:def_1; ::_thesis: verum end; Lm3: for H being CTL-formula st H is negative holds H . 1 = 0 proof let H be CTL-formula; ::_thesis: ( H is negative implies H . 1 = 0 ) assume H is negative ; ::_thesis: H . 1 = 0 then ex H1 being CTL-formula st H = 'not' H1 by Def15; hence H . 1 = 0 by FINSEQ_1:41; ::_thesis: verum end; Lm4: for H being CTL-formula st H is conjunctive holds H . 1 = 1 proof let H be CTL-formula; ::_thesis: ( H is conjunctive implies H . 1 = 1 ) assume H is conjunctive ; ::_thesis: H . 1 = 1 then consider F, G being CTL-formula such that A1: H = F '&' G by Def16; (<*1*> ^ F) ^ G = <*1*> ^ (F ^ G) by FINSEQ_1:32; hence H . 1 = 1 by A1, FINSEQ_1:41; ::_thesis: verum end; Lm5: for H being CTL-formula st H is ExistNext holds H . 1 = 2 proof let H be CTL-formula; ::_thesis: ( H is ExistNext implies H . 1 = 2 ) assume H is ExistNext ; ::_thesis: H . 1 = 2 then ex H1 being CTL-formula st H = EX H1 by Def17; hence H . 1 = 2 by FINSEQ_1:41; ::_thesis: verum end; Lm6: for H being CTL-formula st H is ExistGlobal holds H . 1 = 3 proof let H be CTL-formula; ::_thesis: ( H is ExistGlobal implies H . 1 = 3 ) assume H is ExistGlobal ; ::_thesis: H . 1 = 3 then ex H1 being CTL-formula st H = EG H1 by Def18; hence H . 1 = 3 by FINSEQ_1:41; ::_thesis: verum end; Lm7: for H being CTL-formula st H is ExistUntill holds H . 1 = 4 proof let H be CTL-formula; ::_thesis: ( H is ExistUntill implies H . 1 = 4 ) assume H is ExistUntill ; ::_thesis: H . 1 = 4 then consider F, G being CTL-formula such that A1: H = F EU G by Def19; (<*4*> ^ F) ^ G = <*4*> ^ (F ^ G) by FINSEQ_1:32; hence H . 1 = 4 by A1, FINSEQ_1:41; ::_thesis: verum end; Lm8: for H being CTL-formula st H is atomic holds ( not H . 1 = 0 & not H . 1 = 1 & not H . 1 = 2 & not H . 1 = 3 & not H . 1 = 4 ) proof let H be CTL-formula; ::_thesis: ( H is atomic implies ( not H . 1 = 0 & not H . 1 = 1 & not H . 1 = 2 & not H . 1 = 3 & not H . 1 = 4 ) ) assume H is atomic ; ::_thesis: ( not H . 1 = 0 & not H . 1 = 1 & not H . 1 = 2 & not H . 1 = 3 & not H . 1 = 4 ) then consider n being Element of NAT such that A1: H = atom. n by Def14; A2: 2 + 0 < 2 + (3 + n) by XREAL_1:8; A3: 4 + 0 < 4 + (1 + n) by XREAL_1:8; A4: 3 + 0 < 3 + (2 + n) by XREAL_1:8; 1 + 0 < 1 + (4 + n) by XREAL_1:8; hence ( not H . 1 = 0 & not H . 1 = 1 & not H . 1 = 2 & not H . 1 = 3 & not H . 1 = 4 ) by A1, A2, A4, A3, FINSEQ_1:40; ::_thesis: verum end; Lm9: for H being CTL-formula holds ( ( H is atomic & H . 1 <> 0 & H . 1 <> 1 & H . 1 <> 2 & H . 1 <> 3 & H . 1 <> 4 ) or ( H is negative & H . 1 = 0 ) or ( H is conjunctive & H . 1 = 1 ) or ( H is ExistNext & H . 1 = 2 ) or ( H is ExistGlobal & H . 1 = 3 ) or ( H is ExistUntill & H . 1 = 4 ) ) proof let H be CTL-formula; ::_thesis: ( ( H is atomic & H . 1 <> 0 & H . 1 <> 1 & H . 1 <> 2 & H . 1 <> 3 & H . 1 <> 4 ) or ( H is negative & H . 1 = 0 ) or ( H is conjunctive & H . 1 = 1 ) or ( H is ExistNext & H . 1 = 2 ) or ( H is ExistGlobal & H . 1 = 3 ) or ( H is ExistUntill & H . 1 = 4 ) ) percases ( H is atomic or H is negative or H is conjunctive or H is ExistNext or H is ExistGlobal or H is ExistUntill ) by Th2; case H is atomic ; ::_thesis: ( H . 1 <> 0 & H . 1 <> 1 & H . 1 <> 2 & H . 1 <> 3 & H . 1 <> 4 ) hence ( H . 1 <> 0 & H . 1 <> 1 & H . 1 <> 2 & H . 1 <> 3 & H . 1 <> 4 ) by Lm8; ::_thesis: verum end; case H is negative ; ::_thesis: H . 1 = 0 hence H . 1 = 0 by Lm3; ::_thesis: verum end; case H is conjunctive ; ::_thesis: H . 1 = 1 hence H . 1 = 1 by Lm4; ::_thesis: verum end; case H is ExistNext ; ::_thesis: H . 1 = 2 hence H . 1 = 2 by Lm5; ::_thesis: verum end; case H is ExistGlobal ; ::_thesis: H . 1 = 3 hence H . 1 = 3 by Lm6; ::_thesis: verum end; case H is ExistUntill ; ::_thesis: H . 1 = 4 hence H . 1 = 4 by Lm7; ::_thesis: verum end; end; end; Lm10: for H being CTL-formula holds 1 <= len H proof let H be CTL-formula; ::_thesis: 1 <= len H percases ( H is atomic or H is negative or H is conjunctive or H is ExistNext or H is ExistGlobal or H is ExistUntill ) by Th2; suppose H is atomic ; ::_thesis: 1 <= len H then ex n being Element of NAT st H = atom. n by Def14; hence 1 <= len H by FINSEQ_1:40; ::_thesis: verum end; suppose H is negative ; ::_thesis: 1 <= len H then consider H1 being CTL-formula such that A1: H = 'not' H1 by Def15; len H = 1 + (len H1) by A1, FINSEQ_5:8; hence 1 <= len H by NAT_1:11; ::_thesis: verum end; suppose H is conjunctive ; ::_thesis: 1 <= len H then consider F, G being CTL-formula such that A2: H = F '&' G by Def16; A3: 1 <= 1 + (len F) by NAT_1:11; A4: 1 + (len F) <= (1 + (len F)) + (len G) by NAT_1:11; len H = (1 + (len F)) + (len G) by A2, Lm2; hence 1 <= len H by A3, A4, XXREAL_0:2; ::_thesis: verum end; suppose H is ExistNext ; ::_thesis: 1 <= len H then consider H1 being CTL-formula such that A5: H = EX H1 by Def17; len H = 1 + (len H1) by A5, FINSEQ_5:8; hence 1 <= len H by NAT_1:11; ::_thesis: verum end; suppose H is ExistGlobal ; ::_thesis: 1 <= len H then consider H1 being CTL-formula such that A6: H = EG H1 by Def18; len H = 1 + (len H1) by A6, FINSEQ_5:8; hence 1 <= len H by NAT_1:11; ::_thesis: verum end; suppose H is ExistUntill ; ::_thesis: 1 <= len H then consider F, G being CTL-formula such that A7: H = F EU G by Def19; A8: 1 <= 1 + (len F) by NAT_1:11; A9: 1 + (len F) <= (1 + (len F)) + (len G) by NAT_1:11; len H = (1 + (len F)) + (len G) by A7, Lm2; hence 1 <= len H by A8, A9, XXREAL_0:2; ::_thesis: verum end; end; end; Lm11: for H, F being CTL-formula for sq being FinSequence st H = F ^ sq holds H = F proof let H, F be CTL-formula; ::_thesis: for sq being FinSequence st H = F ^ sq holds H = F let sq be FinSequence; ::_thesis: ( H = F ^ sq implies H = F ) defpred S1[ Nat] means for H, F being CTL-formula for sq being FinSequence st len H = $1 & H = F ^ sq holds H = F; for n being Nat st ( for k being Nat st k < n holds for H, F being CTL-formula for sq being FinSequence st len H = k & H = F ^ sq holds H = F ) holds for H, F being CTL-formula for sq being FinSequence st len H = n & H = F ^ sq holds H = F proof let n be Nat; ::_thesis: ( ( for k being Nat st k < n holds for H, F being CTL-formula for sq being FinSequence st len H = k & H = F ^ sq holds H = F ) implies for H, F being CTL-formula for sq being FinSequence st len H = n & H = F ^ sq holds H = F ) assume A1: for k being Nat st k < n holds for H, F being CTL-formula for sq being FinSequence st len H = k & H = F ^ sq holds H = F ; ::_thesis: for H, F being CTL-formula for sq being FinSequence st len H = n & H = F ^ sq holds H = F let H, F be CTL-formula; ::_thesis: for sq being FinSequence st len H = n & H = F ^ sq holds H = F let sq be FinSequence; ::_thesis: ( len H = n & H = F ^ sq implies H = F ) assume that A2: len H = n and A3: H = F ^ sq ; ::_thesis: H = F A4: dom F = Seg (len F) by FINSEQ_1:def_3; 1 <= len F by Lm10; then A5: 1 in dom F by A4, FINSEQ_1:1; A6: now__::_thesis:_(_H_is_negative_implies_H_=_F_) A7: len <*0*> = 1 by FINSEQ_1:40; assume A8: H is negative ; ::_thesis: H = F then consider H1 being CTL-formula such that A9: H = 'not' H1 by Def15; (F ^ sq) . 1 = 0 by A3, A8, Lm3; then F . 1 = 0 by A5, FINSEQ_1:def_7; then F is negative by Lm9; then consider F1 being CTL-formula such that A10: F = 'not' F1 by Def15; (len <*0*>) + (len H1) = len H by A9, FINSEQ_1:22; then A11: len H1 < len H by A7, NAT_1:13; (<*0*> ^ F1) ^ sq = <*0*> ^ (F1 ^ sq) by FINSEQ_1:32; then H1 = F1 ^ sq by A3, A9, A10, FINSEQ_1:33; hence H = F by A1, A2, A9, A10, A11; ::_thesis: verum end; A12: now__::_thesis:_(_H_is_ExistUntill_implies_H_=_F_) A13: len <*4*> = 1 by FINSEQ_1:40; assume A14: H is ExistUntill ; ::_thesis: H = F then consider G1, G being CTL-formula such that A15: H = G1 EU G by Def19; (F ^ sq) . 1 = 4 by A3, A14, Lm7; then F . 1 = 4 by A5, FINSEQ_1:def_7; then F is ExistUntill by Lm9; then consider F1, H1 being CTL-formula such that A16: F = F1 EU H1 by Def19; A17: (len G) + (1 + (len G1)) = ((len G) + 1) + (len G1) ; A18: len (<*4*> ^ G1) = (len <*4*>) + (len G1) by FINSEQ_1:22; (len (<*4*> ^ G1)) + (len G) = len H by A15, FINSEQ_1:22; then (len G) + 1 <= len H by A18, A13, A17, NAT_1:11; then A19: len G < len H by NAT_1:13; A20: (F1 ^ H1) ^ sq = F1 ^ (H1 ^ sq) by FINSEQ_1:32; A21: now__::_thesis:_(_ex_sq9_being_FinSequence_st_G1_=_F1_^_sq9_implies_G1_=_F1_) A22: len <*4*> = 1 by FINSEQ_1:40; given sq9 being FinSequence such that A23: G1 = F1 ^ sq9 ; ::_thesis: G1 = F1 A24: len (<*4*> ^ G1) = (len <*4*>) + (len G1) by FINSEQ_1:22; (len (<*4*> ^ G1)) + (len G) = len H by A15, FINSEQ_1:22; then (len G1) + 1 <= len H by A24, A22, NAT_1:11; then len G1 < len H by NAT_1:13; hence G1 = F1 by A1, A2, A23; ::_thesis: verum end; A25: (<*4*> ^ (F1 ^ H1)) ^ sq = <*4*> ^ ((F1 ^ H1) ^ sq) by FINSEQ_1:32; A26: now__::_thesis:_(_ex_sq9_being_FinSequence_st_F1_=_G1_^_sq9_implies_F1_=_G1_) A27: len <*4*> = 1 by FINSEQ_1:40; A28: len (<*4*> ^ F1) = (len <*4*>) + (len F1) by FINSEQ_1:22; A29: (((len F1) + 1) + (len H1)) + (len sq) = ((len F1) + 1) + ((len H1) + (len sq)) ; given sq9 being FinSequence such that A30: F1 = G1 ^ sq9 ; ::_thesis: F1 = G1 A31: len (F ^ sq) = (len F) + (len sq) by FINSEQ_1:22; len F = (len (<*4*> ^ F1)) + (len H1) by A16, FINSEQ_1:22; then (len F1) + 1 <= len H by A3, A31, A28, A27, A29, NAT_1:11; then len F1 < len H by NAT_1:13; hence F1 = G1 by A1, A2, A30; ::_thesis: verum end; A32: (<*4*> ^ F1) ^ H1 = <*4*> ^ (F1 ^ H1) by FINSEQ_1:32; (<*4*> ^ G1) ^ G = <*4*> ^ (G1 ^ G) by FINSEQ_1:32; then A33: G1 ^ G = F1 ^ (H1 ^ sq) by A3, A15, A16, A32, A25, A20, FINSEQ_1:33; then ( len F1 <= len G1 implies ex sq9 being FinSequence st G1 = F1 ^ sq9 ) by FINSEQ_1:47; then G = H1 ^ sq by A33, A21, A26, FINSEQ_1:33, FINSEQ_1:47; hence H = F by A1, A2, A3, A16, A32, A25, A20, A19; ::_thesis: verum end; A34: now__::_thesis:_(_H_is_conjunctive_implies_H_=_F_) A35: len <*1*> = 1 by FINSEQ_1:40; assume A36: H is conjunctive ; ::_thesis: H = F then consider G1, G being CTL-formula such that A37: H = G1 '&' G by Def16; (F ^ sq) . 1 = 1 by A3, A36, Lm4; then F . 1 = 1 by A5, FINSEQ_1:def_7; then F is conjunctive by Lm9; then consider F1, H1 being CTL-formula such that A38: F = F1 '&' H1 by Def16; A39: (len G) + (1 + (len G1)) = ((len G) + 1) + (len G1) ; A40: len (<*1*> ^ G1) = (len <*1*>) + (len G1) by FINSEQ_1:22; (len (<*1*> ^ G1)) + (len G) = len H by A37, FINSEQ_1:22; then (len G) + 1 <= len H by A40, A35, A39, NAT_1:11; then A41: len G < len H by NAT_1:13; A42: (F1 ^ H1) ^ sq = F1 ^ (H1 ^ sq) by FINSEQ_1:32; A43: now__::_thesis:_(_ex_sq9_being_FinSequence_st_G1_=_F1_^_sq9_implies_G1_=_F1_) A44: len <*1*> = 1 by FINSEQ_1:40; given sq9 being FinSequence such that A45: G1 = F1 ^ sq9 ; ::_thesis: G1 = F1 A46: len (<*1*> ^ G1) = (len <*1*>) + (len G1) by FINSEQ_1:22; (len (<*1*> ^ G1)) + (len G) = len H by A37, FINSEQ_1:22; then (len G1) + 1 <= len H by A46, A44, NAT_1:11; then len G1 < len H by NAT_1:13; hence G1 = F1 by A1, A2, A45; ::_thesis: verum end; A47: (<*1*> ^ (F1 ^ H1)) ^ sq = <*1*> ^ ((F1 ^ H1) ^ sq) by FINSEQ_1:32; A48: now__::_thesis:_(_ex_sq9_being_FinSequence_st_F1_=_G1_^_sq9_implies_F1_=_G1_) A49: len (<*1*> ^ F1) = (len <*1*>) + (len F1) by FINSEQ_1:22; A50: len <*1*> = 1 by FINSEQ_1:40; A51: (((len F1) + 1) + (len H1)) + (len sq) = ((len F1) + 1) + ((len H1) + (len sq)) ; given sq9 being FinSequence such that A52: F1 = G1 ^ sq9 ; ::_thesis: F1 = G1 A53: len (F ^ sq) = (len F) + (len sq) by FINSEQ_1:22; len F = (len (<*1*> ^ F1)) + (len H1) by A38, FINSEQ_1:22; then (len F1) + 1 <= len H by A3, A53, A50, A49, A51, NAT_1:11; then len F1 < len H by NAT_1:13; hence F1 = G1 by A1, A2, A52; ::_thesis: verum end; A54: (<*1*> ^ F1) ^ H1 = <*1*> ^ (F1 ^ H1) by FINSEQ_1:32; (<*1*> ^ G1) ^ G = <*1*> ^ (G1 ^ G) by FINSEQ_1:32; then A55: G1 ^ G = F1 ^ (H1 ^ sq) by A3, A37, A38, A54, A47, A42, FINSEQ_1:33; then ( len F1 <= len G1 implies ex sq9 being FinSequence st G1 = F1 ^ sq9 ) by FINSEQ_1:47; then G = H1 ^ sq by A55, A43, A48, FINSEQ_1:33, FINSEQ_1:47; hence H = F by A1, A2, A3, A38, A54, A47, A42, A41; ::_thesis: verum end; A56: now__::_thesis:_(_H_is_ExistGlobal_implies_H_=_F_) A57: len <*3*> = 1 by FINSEQ_1:40; assume A58: H is ExistGlobal ; ::_thesis: H = F then consider H1 being CTL-formula such that A59: H = EG H1 by Def18; (F ^ sq) . 1 = 3 by A3, A58, Lm6; then F . 1 = 3 by A5, FINSEQ_1:def_7; then F is ExistGlobal by Lm9; then consider F1 being CTL-formula such that A60: F = EG F1 by Def18; (len <*3*>) + (len H1) = len H by A59, FINSEQ_1:22; then A61: len H1 < len H by A57, NAT_1:13; (<*3*> ^ F1) ^ sq = <*3*> ^ (F1 ^ sq) by FINSEQ_1:32; then H1 = F1 ^ sq by A3, A59, A60, FINSEQ_1:33; hence H = F by A1, A2, A59, A60, A61; ::_thesis: verum end; A62: now__::_thesis:_(_H_is_ExistNext_implies_H_=_F_) A63: len <*2*> = 1 by FINSEQ_1:40; assume A64: H is ExistNext ; ::_thesis: H = F then consider H1 being CTL-formula such that A65: H = EX H1 by Def17; (F ^ sq) . 1 = 2 by A3, A64, Lm5; then F . 1 = 2 by A5, FINSEQ_1:def_7; then F is ExistNext by Lm9; then consider F1 being CTL-formula such that A66: F = EX F1 by Def17; (len <*2*>) + (len H1) = len H by A65, FINSEQ_1:22; then A67: len H1 < len H by A63, NAT_1:13; (<*2*> ^ F1) ^ sq = <*2*> ^ (F1 ^ sq) by FINSEQ_1:32; then H1 = F1 ^ sq by A3, A65, A66, FINSEQ_1:33; hence H = F by A1, A2, A65, A66, A67; ::_thesis: verum end; A68: (len F) + (len sq) = len (F ^ sq) by FINSEQ_1:22; now__::_thesis:_(_H_is_atomic_implies_H_=_F_) A69: 1 <= len F by Lm10; assume H is atomic ; ::_thesis: H = F then ex k being Element of NAT st H = atom. k by Def14; then A70: len H = 1 by FINSEQ_1:40; then len F <= 1 by A3, A68, NAT_1:11; then 1 + (len sq) = 1 + 0 by A3, A68, A70, A69, XXREAL_0:1; then sq = {} ; hence H = F by A3, FINSEQ_1:34; ::_thesis: verum end; hence H = F by A6, A34, A62, A56, A12, Th2; ::_thesis: verum end; then A71: for k being Nat st ( for n being Nat st n < k holds S1[n] ) holds S1[k] ; A72: for n being Nat holds S1[n] from NAT_1:sch_4(A71); len H = len H ; hence ( H = F ^ sq implies H = F ) by A72; ::_thesis: verum end; Lm12: for H, G, H1, G1 being CTL-formula st H '&' G = H1 '&' G1 holds ( H = H1 & G = G1 ) proof let H, G, H1, G1 be CTL-formula; ::_thesis: ( H '&' G = H1 '&' G1 implies ( H = H1 & G = G1 ) ) assume A1: H '&' G = H1 '&' G1 ; ::_thesis: ( H = H1 & G = G1 ) A2: (<*1*> ^ H1) ^ G1 = <*1*> ^ (H1 ^ G1) by FINSEQ_1:32; (<*1*> ^ H) ^ G = <*1*> ^ (H ^ G) by FINSEQ_1:32; then A3: H ^ G = H1 ^ G1 by A1, A2, FINSEQ_1:33; then A4: ( len H1 <= len H implies ex sq being FinSequence st H = H1 ^ sq ) by FINSEQ_1:47; A5: ( len H <= len H1 implies ex sq being FinSequence st H1 = H ^ sq ) by A3, FINSEQ_1:47; hence H = H1 by A4, Lm11; ::_thesis: G = G1 ( ex sq being FinSequence st H1 = H ^ sq implies H1 = H ) by Lm11; hence G = G1 by A1, A4, A5, Lm11, FINSEQ_1:33; ::_thesis: verum end; Lm13: for H, G, H1, G1 being CTL-formula st H EU G = H1 EU G1 holds ( H = H1 & G = G1 ) proof let H, G, H1, G1 be CTL-formula; ::_thesis: ( H EU G = H1 EU G1 implies ( H = H1 & G = G1 ) ) assume A1: H EU G = H1 EU G1 ; ::_thesis: ( H = H1 & G = G1 ) A2: (<*4*> ^ H1) ^ G1 = <*4*> ^ (H1 ^ G1) by FINSEQ_1:32; (<*4*> ^ H) ^ G = <*4*> ^ (H ^ G) by FINSEQ_1:32; then A3: H ^ G = H1 ^ G1 by A1, A2, FINSEQ_1:33; then A4: ( len H1 <= len H implies ex sq being FinSequence st H = H1 ^ sq ) by FINSEQ_1:47; A5: ( len H <= len H1 implies ex sq being FinSequence st H1 = H ^ sq ) by A3, FINSEQ_1:47; hence H = H1 by A4, Lm11; ::_thesis: G = G1 ( ex sq being FinSequence st H1 = H ^ sq implies H1 = H ) by Lm11; hence G = G1 by A1, A4, A5, Lm11, FINSEQ_1:33; ::_thesis: verum end; Lm14: for H being CTL-formula st H is atomic holds ( not H is negative & not H is conjunctive & not H is ExistNext & not H is ExistGlobal & not H is ExistUntill ) proof let H be CTL-formula; ::_thesis: ( H is atomic implies ( not H is negative & not H is conjunctive & not H is ExistNext & not H is ExistGlobal & not H is ExistUntill ) ) assume A1: H is atomic ; ::_thesis: ( not H is negative & not H is conjunctive & not H is ExistNext & not H is ExistGlobal & not H is ExistUntill ) then A2: not H . 1 = 1 by Lm8; A3: not H . 1 = 3 by A1, Lm8; A4: not H . 1 = 2 by A1, Lm8; A5: not H . 1 = 4 by A1, Lm8; not H . 1 = 0 by A1, Lm8; hence ( not H is negative & not H is conjunctive & not H is ExistNext & not H is ExistGlobal & not H is ExistUntill ) by A2, A4, A3, A5, Lm3, Lm4, Lm5, Lm6, Lm7; ::_thesis: verum end; Lm15: for H being CTL-formula st H is negative holds ( not H is atomic & not H is conjunctive & not H is ExistNext & not H is ExistGlobal & not H is ExistUntill ) proof let H be CTL-formula; ::_thesis: ( H is negative implies ( not H is atomic & not H is conjunctive & not H is ExistNext & not H is ExistGlobal & not H is ExistUntill ) ) assume H is negative ; ::_thesis: ( not H is atomic & not H is conjunctive & not H is ExistNext & not H is ExistGlobal & not H is ExistUntill ) then H . 1 = 0 by Lm3; hence ( not H is atomic & not H is conjunctive & not H is ExistNext & not H is ExistGlobal & not H is ExistUntill ) by Lm4, Lm5, Lm6, Lm7, Lm8; ::_thesis: verum end; Lm16: for H being CTL-formula st H is conjunctive holds ( not H is atomic & not H is negative & not H is ExistNext & not H is ExistGlobal & not H is ExistUntill ) proof let H be CTL-formula; ::_thesis: ( H is conjunctive implies ( not H is atomic & not H is negative & not H is ExistNext & not H is ExistGlobal & not H is ExistUntill ) ) assume H is conjunctive ; ::_thesis: ( not H is atomic & not H is negative & not H is ExistNext & not H is ExistGlobal & not H is ExistUntill ) then H . 1 = 1 by Lm4; hence ( not H is atomic & not H is negative & not H is ExistNext & not H is ExistGlobal & not H is ExistUntill ) by Lm3, Lm5, Lm6, Lm7, Lm8; ::_thesis: verum end; Lm17: for H being CTL-formula st H is ExistNext holds ( not H is atomic & not H is conjunctive & not H is negative & not H is ExistGlobal & not H is ExistUntill ) proof let H be CTL-formula; ::_thesis: ( H is ExistNext implies ( not H is atomic & not H is conjunctive & not H is negative & not H is ExistGlobal & not H is ExistUntill ) ) assume H is ExistNext ; ::_thesis: ( not H is atomic & not H is conjunctive & not H is negative & not H is ExistGlobal & not H is ExistUntill ) then H . 1 = 2 by Lm5; hence ( not H is atomic & not H is conjunctive & not H is negative & not H is ExistGlobal & not H is ExistUntill ) by Lm3, Lm4, Lm6, Lm7, Lm8; ::_thesis: verum end; Lm18: for H being CTL-formula st H is ExistGlobal holds ( not H is atomic & not H is conjunctive & not H is negative & not H is ExistNext & not H is ExistUntill ) proof let H be CTL-formula; ::_thesis: ( H is ExistGlobal implies ( not H is atomic & not H is conjunctive & not H is negative & not H is ExistNext & not H is ExistUntill ) ) assume H is ExistGlobal ; ::_thesis: ( not H is atomic & not H is conjunctive & not H is negative & not H is ExistNext & not H is ExistUntill ) then H . 1 = 3 by Lm6; hence ( not H is atomic & not H is conjunctive & not H is negative & not H is ExistNext & not H is ExistUntill ) by Lm3, Lm4, Lm5, Lm7, Lm8; ::_thesis: verum end; definition let H be CTL-formula; assume A1: ( H is negative or H is ExistNext or H is ExistGlobal ) ; func the_argument_of H -> CTL-formula means :Def21: :: MODELC_1:def 21 'not' it = H if H is negative EX it = H if H is ExistNext otherwise EG it = H; existence ( ( H is negative implies ex b1 being CTL-formula st 'not' b1 = H ) & ( H is ExistNext implies ex b1 being CTL-formula st EX b1 = H ) & ( not H is negative & not H is ExistNext implies ex b1 being CTL-formula st EG b1 = H ) ) by A1, Def15, Def17, Def18; uniqueness for b1, b2 being CTL-formula holds ( ( H is negative & 'not' b1 = H & 'not' b2 = H implies b1 = b2 ) & ( H is ExistNext & EX b1 = H & EX b2 = H implies b1 = b2 ) & ( not H is negative & not H is ExistNext & EG b1 = H & EG b2 = H implies b1 = b2 ) ) by FINSEQ_1:33; consistency for b1 being CTL-formula st H is negative & H is ExistNext holds ( 'not' b1 = H iff EX b1 = H ) by Lm15; end; :: deftheorem Def21 defines the_argument_of MODELC_1:def_21_:_ for H being CTL-formula st ( H is negative or H is ExistNext or H is ExistGlobal ) holds for b2 being CTL-formula holds ( ( H is negative implies ( b2 = the_argument_of H iff 'not' b2 = H ) ) & ( H is ExistNext implies ( b2 = the_argument_of H iff EX b2 = H ) ) & ( not H is negative & not H is ExistNext implies ( b2 = the_argument_of H iff EG b2 = H ) ) ); definition let H be CTL-formula; assume A1: ( H is conjunctive or H is ExistUntill ) ; func the_left_argument_of H -> CTL-formula means :Def22: :: MODELC_1:def 22 ex H1 being CTL-formula st it '&' H1 = H if H is conjunctive otherwise ex H1 being CTL-formula st it EU H1 = H; existence ( ( H is conjunctive implies ex b1, H1 being CTL-formula st b1 '&' H1 = H ) & ( not H is conjunctive implies ex b1, H1 being CTL-formula st b1 EU H1 = H ) ) by A1, Def16, Def19; uniqueness for b1, b2 being CTL-formula holds ( ( H is conjunctive & ex H1 being CTL-formula st b1 '&' H1 = H & ex H1 being CTL-formula st b2 '&' H1 = H implies b1 = b2 ) & ( not H is conjunctive & ex H1 being CTL-formula st b1 EU H1 = H & ex H1 being CTL-formula st b2 EU H1 = H implies b1 = b2 ) ) by Lm12, Lm13; consistency for b1 being CTL-formula holds verum ; func the_right_argument_of H -> CTL-formula means :Def23: :: MODELC_1:def 23 ex H1 being CTL-formula st H1 '&' it = H if H is conjunctive otherwise ex H1 being CTL-formula st H1 EU it = H; existence ( ( H is conjunctive implies ex b1, H1 being CTL-formula st H1 '&' b1 = H ) & ( not H is conjunctive implies ex b1, H1 being CTL-formula st H1 EU b1 = H ) ) proof thus ( H is conjunctive implies ex G, H1 being CTL-formula st H1 '&' G = H ) ::_thesis: ( not H is conjunctive implies ex b1, H1 being CTL-formula st H1 EU b1 = H ) proof assume H is conjunctive ; ::_thesis: ex G, H1 being CTL-formula st H1 '&' G = H then consider G, F being CTL-formula such that A2: G '&' F = H by Def16; take F ; ::_thesis: ex H1 being CTL-formula st H1 '&' F = H thus ex H1 being CTL-formula st H1 '&' F = H by A2; ::_thesis: verum end; thus ( not H is conjunctive implies ex G, H1 being CTL-formula st H1 EU G = H ) ::_thesis: verum proof assume not H is conjunctive ; ::_thesis: ex G, H1 being CTL-formula st H1 EU G = H then consider G, F being CTL-formula such that A3: G EU F = H by A1, Def19; take F ; ::_thesis: ex H1 being CTL-formula st H1 EU F = H thus ex H1 being CTL-formula st H1 EU F = H by A3; ::_thesis: verum end; end; uniqueness for b1, b2 being CTL-formula holds ( ( H is conjunctive & ex H1 being CTL-formula st H1 '&' b1 = H & ex H1 being CTL-formula st H1 '&' b2 = H implies b1 = b2 ) & ( not H is conjunctive & ex H1 being CTL-formula st H1 EU b1 = H & ex H1 being CTL-formula st H1 EU b2 = H implies b1 = b2 ) ) by Lm12, Lm13; consistency for b1 being CTL-formula holds verum ; end; :: deftheorem Def22 defines the_left_argument_of MODELC_1:def_22_:_ for H being CTL-formula st ( H is conjunctive or H is ExistUntill ) holds for b2 being CTL-formula holds ( ( H is conjunctive implies ( b2 = the_left_argument_of H iff ex H1 being CTL-formula st b2 '&' H1 = H ) ) & ( not H is conjunctive implies ( b2 = the_left_argument_of H iff ex H1 being CTL-formula st b2 EU H1 = H ) ) ); :: deftheorem Def23 defines the_right_argument_of MODELC_1:def_23_:_ for H being CTL-formula st ( H is conjunctive or H is ExistUntill ) holds for b2 being CTL-formula holds ( ( H is conjunctive implies ( b2 = the_right_argument_of H iff ex H1 being CTL-formula st H1 '&' b2 = H ) ) & ( not H is conjunctive implies ( b2 = the_right_argument_of H iff ex H1 being CTL-formula st H1 EU b2 = H ) ) ); Lm19: for H being CTL-formula st H is ExistGlobal holds H = EG (the_argument_of H) proof let H be CTL-formula; ::_thesis: ( H is ExistGlobal implies H = EG (the_argument_of H) ) assume A1: H is ExistGlobal ; ::_thesis: H = EG (the_argument_of H) then A2: not H is ExistNext by Lm18; not H is negative by A1, Lm18; hence H = EG (the_argument_of H) by A1, A2, Def21; ::_thesis: verum end; Lm20: for H being CTL-formula st H is conjunctive holds H = (the_left_argument_of H) '&' (the_right_argument_of H) proof let H be CTL-formula; ::_thesis: ( H is conjunctive implies H = (the_left_argument_of H) '&' (the_right_argument_of H) ) assume A1: H is conjunctive ; ::_thesis: H = (the_left_argument_of H) '&' (the_right_argument_of H) then ex H1 being CTL-formula st H = H1 '&' (the_right_argument_of H) by Def23; hence H = (the_left_argument_of H) '&' (the_right_argument_of H) by A1, Def22; ::_thesis: verum end; Lm21: for H being CTL-formula st H is ExistUntill holds H = (the_left_argument_of H) EU (the_right_argument_of H) proof let H be CTL-formula; ::_thesis: ( H is ExistUntill implies H = (the_left_argument_of H) EU (the_right_argument_of H) ) assume A1: H is ExistUntill ; ::_thesis: H = (the_left_argument_of H) EU (the_right_argument_of H) then H . 1 = 4 by Lm7; then A2: not H is conjunctive by Lm4; then ex H1 being CTL-formula st H = H1 EU (the_right_argument_of H) by A1, Def23; hence H = (the_left_argument_of H) EU (the_right_argument_of H) by A1, A2, Def22; ::_thesis: verum end; Lm22: for H being CTL-formula st ( H is negative or H is ExistNext or H is ExistGlobal ) holds len (the_argument_of H) < len H proof let H be CTL-formula; ::_thesis: ( ( H is negative or H is ExistNext or H is ExistGlobal ) implies len (the_argument_of H) < len H ) assume A1: ( H is negative or H is ExistNext or H is ExistGlobal ) ; ::_thesis: len (the_argument_of H) < len H percases ( H is negative or H is ExistNext or H is ExistGlobal ) by A1; suppose H is negative ; ::_thesis: len (the_argument_of H) < len H then H = 'not' (the_argument_of H) by Def21; then len H = 1 + (len (the_argument_of H)) by FINSEQ_5:8; hence len (the_argument_of H) < len H by NAT_1:19; ::_thesis: verum end; suppose H is ExistNext ; ::_thesis: len (the_argument_of H) < len H then H = EX (the_argument_of H) by Def21; then len H = 1 + (len (the_argument_of H)) by FINSEQ_5:8; hence len (the_argument_of H) < len H by NAT_1:19; ::_thesis: verum end; suppose H is ExistGlobal ; ::_thesis: len (the_argument_of H) < len H then H = EG (the_argument_of H) by Lm19; then len H = 1 + (len (the_argument_of H)) by FINSEQ_5:8; hence len (the_argument_of H) < len H by NAT_1:19; ::_thesis: verum end; end; end; Lm23: for H being CTL-formula st ( H is conjunctive or H is ExistUntill ) holds ( len (the_left_argument_of H) < len H & len (the_right_argument_of H) < len H ) proof let H be CTL-formula; ::_thesis: ( ( H is conjunctive or H is ExistUntill ) implies ( len (the_left_argument_of H) < len H & len (the_right_argument_of H) < len H ) ) set iL = len (the_left_argument_of H); set iR = len (the_right_argument_of H); set iR1 = (len (the_right_argument_of H)) + 1; assume A1: ( H is conjunctive or H is ExistUntill ) ; ::_thesis: ( len (the_left_argument_of H) < len H & len (the_right_argument_of H) < len H ) percases ( H is conjunctive or H is ExistUntill ) by A1; suppose H is conjunctive ; ::_thesis: ( len (the_left_argument_of H) < len H & len (the_right_argument_of H) < len H ) then H = (the_left_argument_of H) '&' (the_right_argument_of H) by Lm20; then A2: len H = (1 + (len (the_left_argument_of H))) + (len (the_right_argument_of H)) by Lm2; 1 <= (len (the_right_argument_of H)) + 1 by NAT_1:11; then A3: len (the_left_argument_of H) < (len (the_left_argument_of H)) + ((len (the_right_argument_of H)) + 1) by NAT_1:19; 1 <= 1 + (len (the_left_argument_of H)) by NAT_1:11; hence ( len (the_left_argument_of H) < len H & len (the_right_argument_of H) < len H ) by A2, A3, NAT_1:19; ::_thesis: verum end; suppose H is ExistUntill ; ::_thesis: ( len (the_left_argument_of H) < len H & len (the_right_argument_of H) < len H ) then H = (the_left_argument_of H) EU (the_right_argument_of H) by Lm21; then A4: len H = (1 + (len (the_left_argument_of H))) + (len (the_right_argument_of H)) by Lm2; 1 <= (len (the_right_argument_of H)) + 1 by NAT_1:11; then A5: len (the_left_argument_of H) < (len (the_left_argument_of H)) + ((len (the_right_argument_of H)) + 1) by NAT_1:19; 1 <= 1 + (len (the_left_argument_of H)) by NAT_1:11; hence ( len (the_left_argument_of H) < len H & len (the_right_argument_of H) < len H ) by A4, A5, NAT_1:19; ::_thesis: verum end; end; end; definition let x be set ; func CastCTLformula x -> CTL-formula equals :Def24: :: MODELC_1:def 24 x if x in CTL_WFF otherwise atom. 0; correctness coherence ( ( x in CTL_WFF implies x is CTL-formula ) & ( not x in CTL_WFF implies atom. 0 is CTL-formula ) ); consistency for b1 being CTL-formula holds verum; by Th1; end; :: deftheorem Def24 defines CastCTLformula MODELC_1:def_24_:_ for x being set holds ( ( x in CTL_WFF implies CastCTLformula x = x ) & ( not x in CTL_WFF implies CastCTLformula x = atom. 0 ) ); definition let Prop be set ; attrc2 is strict ; struct KripkeStr over Prop -> RelStr ; aggrKripkeStr(# carrier, Starts, InternalRel, Label #) -> KripkeStr over Prop; sel Starts c2 -> Subset of the carrier of c2; sel Label c2 -> Function of the carrier of c2,(bool Prop); end; definition attrc1 is strict ; struct CTLModelStr -> ComplULattStr ; aggrCTLModelStr(# carrier, BasicAssign, L_meet, Compl, EneXt, EGlobal, EUntill #) -> CTLModelStr ; sel BasicAssign c1 -> Subset of the carrier of c1; sel EneXt c1 -> UnOp of the carrier of c1; sel EGlobal c1 -> UnOp of the carrier of c1; sel EUntill c1 -> BinOp of the carrier of c1; end; definition let V be CTLModelStr ; mode Assign of V is Element of the carrier of V; end; definition func atomic_WFF -> Subset of CTL_WFF equals :: MODELC_1:def 25 { x where x is CTL-formula : x is atomic } ; correctness coherence { x where x is CTL-formula : x is atomic } is Subset of CTL_WFF; proof set X = { x where x is CTL-formula : x is atomic } ; { x where x is CTL-formula : x is atomic } c= CTL_WFF proof let y be set ; :: according to TARSKI:def_3 ::_thesis: ( not y in { x where x is CTL-formula : x is atomic } or y in CTL_WFF ) assume y in { x where x is CTL-formula : x is atomic } ; ::_thesis: y in CTL_WFF then ex x being CTL-formula st ( y = x & x is atomic ) ; hence y in CTL_WFF by Th1; ::_thesis: verum end; hence { x where x is CTL-formula : x is atomic } is Subset of CTL_WFF ; ::_thesis: verum end; end; :: deftheorem defines atomic_WFF MODELC_1:def_25_:_ atomic_WFF = { x where x is CTL-formula : x is atomic } ; definition let V be CTLModelStr ; let Kai be Function of atomic_WFF, the BasicAssign of V; let f be Function of CTL_WFF, the carrier of V; predf is-Evaluation-for Kai means :Def26: :: MODELC_1:def 26 for H being CTL-formula holds ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ); end; :: deftheorem Def26 defines is-Evaluation-for MODELC_1:def_26_:_ for V being CTLModelStr for Kai being Function of atomic_WFF, the BasicAssign of V for f being Function of CTL_WFF, the carrier of V holds ( f is-Evaluation-for Kai iff for H being CTL-formula holds ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) ); definition let V be CTLModelStr ; let Kai be Function of atomic_WFF, the BasicAssign of V; let f be Function of CTL_WFF, the carrier of V; let n be Element of NAT ; predf is-PreEvaluation-for n,Kai means :Def27: :: MODELC_1:def 27 for H being CTL-formula st len H <= n holds ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ); end; :: deftheorem Def27 defines is-PreEvaluation-for MODELC_1:def_27_:_ for V being CTLModelStr for Kai being Function of atomic_WFF, the BasicAssign of V for f being Function of CTL_WFF, the carrier of V for n being Element of NAT holds ( f is-PreEvaluation-for n,Kai iff for H being CTL-formula st len H <= n holds ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) ); definition let V be CTLModelStr ; let Kai be Function of atomic_WFF, the BasicAssign of V; let f, h be Function of CTL_WFF, the carrier of V; let n be Element of NAT ; let H be CTL-formula; func GraftEval (V,Kai,f,h,n,H) -> set equals :Def28: :: MODELC_1:def 28 f . H if len H > n + 1 Kai . H if ( len H = n + 1 & H is atomic ) the Compl of V . (h . (the_argument_of H)) if ( len H = n + 1 & H is negative ) the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) if ( len H = n + 1 & H is conjunctive ) the EneXt of V . (h . (the_argument_of H)) if ( len H = n + 1 & H is ExistNext ) the EGlobal of V . (h . (the_argument_of H)) if ( len H = n + 1 & H is ExistGlobal ) the EUntill of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) if ( len H = n + 1 & H is ExistUntill ) h . H if len H < n + 1 otherwise {} ; coherence ( ( len H > n + 1 implies f . H is set ) & ( len H = n + 1 & H is atomic implies Kai . H is set ) & ( len H = n + 1 & H is negative implies the Compl of V . (h . (the_argument_of H)) is set ) & ( len H = n + 1 & H is conjunctive implies the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) is set ) & ( len H = n + 1 & H is ExistNext implies the EneXt of V . (h . (the_argument_of H)) is set ) & ( len H = n + 1 & H is ExistGlobal implies the EGlobal of V . (h . (the_argument_of H)) is set ) & ( len H = n + 1 & H is ExistUntill implies the EUntill of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) is set ) & ( len H < n + 1 implies h . H is set ) & ( not len H > n + 1 & ( not len H = n + 1 or not H is atomic ) & ( not len H = n + 1 or not H is negative ) & ( not len H = n + 1 or not H is conjunctive ) & ( not len H = n + 1 or not H is ExistNext ) & ( not len H = n + 1 or not H is ExistGlobal ) & ( not len H = n + 1 or not H is ExistUntill ) & not len H < n + 1 implies {} is set ) ) ; consistency for b1 being set holds ( ( len H > n + 1 & len H = n + 1 & H is atomic implies ( b1 = f . H iff b1 = Kai . H ) ) & ( len H > n + 1 & len H = n + 1 & H is negative implies ( b1 = f . H iff b1 = the Compl of V . (h . (the_argument_of H)) ) ) & ( len H > n + 1 & len H = n + 1 & H is conjunctive implies ( b1 = f . H iff b1 = the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H > n + 1 & len H = n + 1 & H is ExistNext implies ( b1 = f . H iff b1 = the EneXt of V . (h . (the_argument_of H)) ) ) & ( len H > n + 1 & len H = n + 1 & H is ExistGlobal implies ( b1 = f . H iff b1 = the EGlobal of V . (h . (the_argument_of H)) ) ) & ( len H > n + 1 & len H = n + 1 & H is ExistUntill implies ( b1 = f . H iff b1 = the EUntill of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H > n + 1 & len H < n + 1 implies ( b1 = f . H iff b1 = h . H ) ) & ( len H = n + 1 & H is atomic & len H = n + 1 & H is negative implies ( b1 = Kai . H iff b1 = the Compl of V . (h . (the_argument_of H)) ) ) & ( len H = n + 1 & H is atomic & len H = n + 1 & H is conjunctive implies ( b1 = Kai . H iff b1 = the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H = n + 1 & H is atomic & len H = n + 1 & H is ExistNext implies ( b1 = Kai . H iff b1 = the EneXt of V . (h . (the_argument_of H)) ) ) & ( len H = n + 1 & H is atomic & len H = n + 1 & H is ExistGlobal implies ( b1 = Kai . H iff b1 = the EGlobal of V . (h . (the_argument_of H)) ) ) & ( len H = n + 1 & H is atomic & len H = n + 1 & H is ExistUntill implies ( b1 = Kai . H iff b1 = the EUntill of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H = n + 1 & H is atomic & len H < n + 1 implies ( b1 = Kai . H iff b1 = h . H ) ) & ( len H = n + 1 & H is negative & len H = n + 1 & H is conjunctive implies ( b1 = the Compl of V . (h . (the_argument_of H)) iff b1 = the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H = n + 1 & H is negative & len H = n + 1 & H is ExistNext implies ( b1 = the Compl of V . (h . (the_argument_of H)) iff b1 = the EneXt of V . (h . (the_argument_of H)) ) ) & ( len H = n + 1 & H is negative & len H = n + 1 & H is ExistGlobal implies ( b1 = the Compl of V . (h . (the_argument_of H)) iff b1 = the EGlobal of V . (h . (the_argument_of H)) ) ) & ( len H = n + 1 & H is negative & len H = n + 1 & H is ExistUntill implies ( b1 = the Compl of V . (h . (the_argument_of H)) iff b1 = the EUntill of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H = n + 1 & H is negative & len H < n + 1 implies ( b1 = the Compl of V . (h . (the_argument_of H)) iff b1 = h . H ) ) & ( len H = n + 1 & H is conjunctive & len H = n + 1 & H is ExistNext implies ( b1 = the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) iff b1 = the EneXt of V . (h . (the_argument_of H)) ) ) & ( len H = n + 1 & H is conjunctive & len H = n + 1 & H is ExistGlobal implies ( b1 = the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) iff b1 = the EGlobal of V . (h . (the_argument_of H)) ) ) & ( len H = n + 1 & H is conjunctive & len H = n + 1 & H is ExistUntill implies ( b1 = the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) iff b1 = the EUntill of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H = n + 1 & H is conjunctive & len H < n + 1 implies ( b1 = the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) iff b1 = h . H ) ) & ( len H = n + 1 & H is ExistNext & len H = n + 1 & H is ExistGlobal implies ( b1 = the EneXt of V . (h . (the_argument_of H)) iff b1 = the EGlobal of V . (h . (the_argument_of H)) ) ) & ( len H = n + 1 & H is ExistNext & len H = n + 1 & H is ExistUntill implies ( b1 = the EneXt of V . (h . (the_argument_of H)) iff b1 = the EUntill of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H = n + 1 & H is ExistNext & len H < n + 1 implies ( b1 = the EneXt of V . (h . (the_argument_of H)) iff b1 = h . H ) ) & ( len H = n + 1 & H is ExistGlobal & len H = n + 1 & H is ExistUntill implies ( b1 = the EGlobal of V . (h . (the_argument_of H)) iff b1 = the EUntill of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) ) & ( len H = n + 1 & H is ExistGlobal & len H < n + 1 implies ( b1 = the EGlobal of V . (h . (the_argument_of H)) iff b1 = h . H ) ) & ( len H = n + 1 & H is ExistUntill & len H < n + 1 implies ( b1 = the EUntill of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) iff b1 = h . H ) ) ) by Lm14, Lm15, Lm16, Lm17, Lm18; end; :: deftheorem Def28 defines GraftEval MODELC_1:def_28_:_ for V being CTLModelStr for Kai being Function of atomic_WFF, the BasicAssign of V for f, h being Function of CTL_WFF, the carrier of V for n being Element of NAT for H being CTL-formula holds ( ( len H > n + 1 implies GraftEval (V,Kai,f,h,n,H) = f . H ) & ( len H = n + 1 & H is atomic implies GraftEval (V,Kai,f,h,n,H) = Kai . H ) & ( len H = n + 1 & H is negative implies GraftEval (V,Kai,f,h,n,H) = the Compl of V . (h . (the_argument_of H)) ) & ( len H = n + 1 & H is conjunctive implies GraftEval (V,Kai,f,h,n,H) = the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) & ( len H = n + 1 & H is ExistNext implies GraftEval (V,Kai,f,h,n,H) = the EneXt of V . (h . (the_argument_of H)) ) & ( len H = n + 1 & H is ExistGlobal implies GraftEval (V,Kai,f,h,n,H) = the EGlobal of V . (h . (the_argument_of H)) ) & ( len H = n + 1 & H is ExistUntill implies GraftEval (V,Kai,f,h,n,H) = the EUntill of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) ) & ( len H < n + 1 implies GraftEval (V,Kai,f,h,n,H) = h . H ) & ( not len H > n + 1 & ( not len H = n + 1 or not H is atomic ) & ( not len H = n + 1 or not H is negative ) & ( not len H = n + 1 or not H is conjunctive ) & ( not len H = n + 1 or not H is ExistNext ) & ( not len H = n + 1 or not H is ExistGlobal ) & ( not len H = n + 1 or not H is ExistUntill ) & not len H < n + 1 implies GraftEval (V,Kai,f,h,n,H) = {} ) ); definition let C be CTLModelStr ; attrC is with_basic means :Def29: :: MODELC_1:def 29 not the BasicAssign of C is empty ; end; :: deftheorem Def29 defines with_basic MODELC_1:def_29_:_ for C being CTLModelStr holds ( C is with_basic iff not the BasicAssign of C is empty ); definition func TrivialCTLModel -> CTLModelStr equals :: MODELC_1:def 30 CTLModelStr(# 1,([#] 1),op2,op1,op1,op1,op2 #); coherence CTLModelStr(# 1,([#] 1),op2,op1,op1,op1,op2 #) is CTLModelStr ; end; :: deftheorem defines TrivialCTLModel MODELC_1:def_30_:_ TrivialCTLModel = CTLModelStr(# 1,([#] 1),op2,op1,op1,op1,op2 #); registration cluster TrivialCTLModel -> non empty strict with_basic ; coherence ( TrivialCTLModel is with_basic & TrivialCTLModel is strict & not TrivialCTLModel is empty ) proof thus not the BasicAssign of TrivialCTLModel is empty ; :: according to MODELC_1:def_29 ::_thesis: ( TrivialCTLModel is strict & not TrivialCTLModel is empty ) thus ( TrivialCTLModel is strict & not TrivialCTLModel is empty ) ; ::_thesis: verum end; end; registration cluster non empty for CTLModelStr ; existence not for b1 being CTLModelStr holds b1 is empty proof take TrivialCTLModel ; ::_thesis: not TrivialCTLModel is empty thus not TrivialCTLModel is empty ; ::_thesis: verum end; end; registration cluster non empty with_basic for CTLModelStr ; existence ex b1 being non empty CTLModelStr st b1 is with_basic proof take TrivialCTLModel ; ::_thesis: TrivialCTLModel is with_basic thus TrivialCTLModel is with_basic ; ::_thesis: verum end; end; definition mode CTLModel is non empty with_basic CTLModelStr ; end; registration let C be CTLModel; cluster the BasicAssign of C -> non empty ; coherence not the BasicAssign of C is empty by Def29; end; Lm24: for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V for f being Function of CTL_WFF, the carrier of V holds f is-PreEvaluation-for 0 ,Kai proof let V be CTLModel; ::_thesis: for Kai being Function of atomic_WFF, the BasicAssign of V for f being Function of CTL_WFF, the carrier of V holds f is-PreEvaluation-for 0 ,Kai let Kai be Function of atomic_WFF, the BasicAssign of V; ::_thesis: for f being Function of CTL_WFF, the carrier of V holds f is-PreEvaluation-for 0 ,Kai let f be Function of CTL_WFF, the carrier of V; ::_thesis: f is-PreEvaluation-for 0 ,Kai for H being CTL-formula st len H <= 0 holds ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) by Lm10; hence f is-PreEvaluation-for 0 ,Kai by Def27; ::_thesis: verum end; Lm25: for n being Element of NAT for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V for f being Function of CTL_WFF, the carrier of V st f is-PreEvaluation-for n + 1,Kai holds f is-PreEvaluation-for n,Kai proof let n be Element of NAT ; ::_thesis: for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V for f being Function of CTL_WFF, the carrier of V st f is-PreEvaluation-for n + 1,Kai holds f is-PreEvaluation-for n,Kai let V be CTLModel; ::_thesis: for Kai being Function of atomic_WFF, the BasicAssign of V for f being Function of CTL_WFF, the carrier of V st f is-PreEvaluation-for n + 1,Kai holds f is-PreEvaluation-for n,Kai let Kai be Function of atomic_WFF, the BasicAssign of V; ::_thesis: for f being Function of CTL_WFF, the carrier of V st f is-PreEvaluation-for n + 1,Kai holds f is-PreEvaluation-for n,Kai let f be Function of CTL_WFF, the carrier of V; ::_thesis: ( f is-PreEvaluation-for n + 1,Kai implies f is-PreEvaluation-for n,Kai ) assume A1: f is-PreEvaluation-for n + 1,Kai ; ::_thesis: f is-PreEvaluation-for n,Kai for H being CTL-formula st len H <= n holds ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) proof let H be CTL-formula; ::_thesis: ( len H <= n implies ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) ) assume len H <= n ; ::_thesis: ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) then len H < n + 1 by NAT_1:13; hence ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) by A1, Def27; ::_thesis: verum end; hence f is-PreEvaluation-for n,Kai by Def27; ::_thesis: verum end; Lm26: for n being Element of NAT for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V for f being Function of CTL_WFF, the carrier of V st f is-Evaluation-for Kai holds f is-PreEvaluation-for n,Kai proof let n be Element of NAT ; ::_thesis: for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V for f being Function of CTL_WFF, the carrier of V st f is-Evaluation-for Kai holds f is-PreEvaluation-for n,Kai let V be CTLModel; ::_thesis: for Kai being Function of atomic_WFF, the BasicAssign of V for f being Function of CTL_WFF, the carrier of V st f is-Evaluation-for Kai holds f is-PreEvaluation-for n,Kai let Kai be Function of atomic_WFF, the BasicAssign of V; ::_thesis: for f being Function of CTL_WFF, the carrier of V st f is-Evaluation-for Kai holds f is-PreEvaluation-for n,Kai let f be Function of CTL_WFF, the carrier of V; ::_thesis: ( f is-Evaluation-for Kai implies f is-PreEvaluation-for n,Kai ) assume f is-Evaluation-for Kai ; ::_thesis: f is-PreEvaluation-for n,Kai then for H being CTL-formula st len H <= n holds ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) by Def26; hence f is-PreEvaluation-for n,Kai by Def27; ::_thesis: verum end; Lm27: for n being Element of NAT for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V for f1, f2 being Function of CTL_WFF, the carrier of V st f1 is-PreEvaluation-for n,Kai & f2 is-PreEvaluation-for n,Kai holds for H being CTL-formula st len H <= n holds f1 . H = f2 . H proof let n be Element of NAT ; ::_thesis: for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V for f1, f2 being Function of CTL_WFF, the carrier of V st f1 is-PreEvaluation-for n,Kai & f2 is-PreEvaluation-for n,Kai holds for H being CTL-formula st len H <= n holds f1 . H = f2 . H let V be CTLModel; ::_thesis: for Kai being Function of atomic_WFF, the BasicAssign of V for f1, f2 being Function of CTL_WFF, the carrier of V st f1 is-PreEvaluation-for n,Kai & f2 is-PreEvaluation-for n,Kai holds for H being CTL-formula st len H <= n holds f1 . H = f2 . H let Kai be Function of atomic_WFF, the BasicAssign of V; ::_thesis: for f1, f2 being Function of CTL_WFF, the carrier of V st f1 is-PreEvaluation-for n,Kai & f2 is-PreEvaluation-for n,Kai holds for H being CTL-formula st len H <= n holds f1 . H = f2 . H let f1, f2 be Function of CTL_WFF, the carrier of V; ::_thesis: ( f1 is-PreEvaluation-for n,Kai & f2 is-PreEvaluation-for n,Kai implies for H being CTL-formula st len H <= n holds f1 . H = f2 . H ) defpred S1[ Element of NAT ] means ( f1 is-PreEvaluation-for $1,Kai & f2 is-PreEvaluation-for $1,Kai implies for H being CTL-formula st len H <= $1 holds f1 . H = f2 . H ); A1: for k being Element of NAT st S1[k] holds S1[k + 1] proof let k be Element of NAT ; ::_thesis: ( S1[k] implies S1[k + 1] ) assume A2: S1[k] ; ::_thesis: S1[k + 1] assume that A3: f1 is-PreEvaluation-for k + 1,Kai and A4: f2 is-PreEvaluation-for k + 1,Kai ; ::_thesis: for H being CTL-formula st len H <= k + 1 holds f1 . H = f2 . H let H be CTL-formula; ::_thesis: ( len H <= k + 1 implies f1 . H = f2 . H ) assume A5: len H <= k + 1 ; ::_thesis: f1 . H = f2 . H percases ( H is atomic or H is negative or H is ExistNext or H is ExistGlobal or H is conjunctive or H is ExistUntill ) by Th2; supposeA6: H is atomic ; ::_thesis: f1 . H = f2 . H then f1 . H = Kai . H by A3, A5, Def27; hence f1 . H = f2 . H by A4, A5, A6, Def27; ::_thesis: verum end; supposeA7: H is negative ; ::_thesis: f1 . H = f2 . H then len (the_argument_of H) < len H by Lm22; then A8: len (the_argument_of H) <= k by A5, Lm1; f2 . H = the Compl of V . (f2 . (the_argument_of H)) by A4, A5, A7, Def27 .= the Compl of V . (f1 . (the_argument_of H)) by A2, A3, A4, A8, Lm25 ; hence f1 . H = f2 . H by A3, A5, A7, Def27; ::_thesis: verum end; supposeA9: H is ExistNext ; ::_thesis: f1 . H = f2 . H then len (the_argument_of H) < len H by Lm22; then A10: len (the_argument_of H) <= k by A5, Lm1; f2 . H = the EneXt of V . (f2 . (the_argument_of H)) by A4, A5, A9, Def27 .= the EneXt of V . (f1 . (the_argument_of H)) by A2, A3, A4, A10, Lm25 ; hence f1 . H = f2 . H by A3, A5, A9, Def27; ::_thesis: verum end; supposeA11: H is ExistGlobal ; ::_thesis: f1 . H = f2 . H then len (the_argument_of H) < len H by Lm22; then A12: len (the_argument_of H) <= k by A5, Lm1; f2 . H = the EGlobal of V . (f2 . (the_argument_of H)) by A4, A5, A11, Def27 .= the EGlobal of V . (f1 . (the_argument_of H)) by A2, A3, A4, A12, Lm25 ; hence f1 . H = f2 . H by A3, A5, A11, Def27; ::_thesis: verum end; supposeA13: H is conjunctive ; ::_thesis: f1 . H = f2 . H then len (the_left_argument_of H) < len H by Lm23; then len (the_left_argument_of H) <= k by A5, Lm1; then A14: f1 . (the_left_argument_of H) = f2 . (the_left_argument_of H) by A2, A3, A4, Lm25; len (the_right_argument_of H) < len H by A13, Lm23; then A15: len (the_right_argument_of H) <= k by A5, Lm1; f2 . H = the L_meet of V . ((f2 . (the_left_argument_of H)),(f2 . (the_right_argument_of H))) by A4, A5, A13, Def27 .= the L_meet of V . ((f1 . (the_left_argument_of H)),(f1 . (the_right_argument_of H))) by A2, A3, A4, A14, A15, Lm25 ; hence f1 . H = f2 . H by A3, A5, A13, Def27; ::_thesis: verum end; supposeA16: H is ExistUntill ; ::_thesis: f1 . H = f2 . H then len (the_left_argument_of H) < len H by Lm23; then len (the_left_argument_of H) <= k by A5, Lm1; then A17: f1 . (the_left_argument_of H) = f2 . (the_left_argument_of H) by A2, A3, A4, Lm25; len (the_right_argument_of H) < len H by A16, Lm23; then A18: len (the_right_argument_of H) <= k by A5, Lm1; f2 . H = the EUntill of V . ((f2 . (the_left_argument_of H)),(f2 . (the_right_argument_of H))) by A4, A5, A16, Def27 .= the EUntill of V . ((f1 . (the_left_argument_of H)),(f1 . (the_right_argument_of H))) by A2, A3, A4, A17, A18, Lm25 ; hence f1 . H = f2 . H by A3, A5, A16, Def27; ::_thesis: verum end; end; end; A19: S1[ 0 ] by Lm10; for n being Element of NAT holds S1[n] from NAT_1:sch_1(A19, A1); hence ( f1 is-PreEvaluation-for n,Kai & f2 is-PreEvaluation-for n,Kai implies for H being CTL-formula st len H <= n holds f1 . H = f2 . H ) ; ::_thesis: verum end; Lm28: for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V for n being Element of NAT ex f being Function of CTL_WFF, the carrier of V st f is-PreEvaluation-for n,Kai proof let V be CTLModel; ::_thesis: for Kai being Function of atomic_WFF, the BasicAssign of V for n being Element of NAT ex f being Function of CTL_WFF, the carrier of V st f is-PreEvaluation-for n,Kai let Kai be Function of atomic_WFF, the BasicAssign of V; ::_thesis: for n being Element of NAT ex f being Function of CTL_WFF, the carrier of V st f is-PreEvaluation-for n,Kai defpred S1[ Element of NAT ] means ex f being Function of CTL_WFF, the carrier of V st f is-PreEvaluation-for $1,Kai; A1: for k being Element of NAT st S1[k] holds S1[k + 1] proof let k be Element of NAT ; ::_thesis: ( S1[k] implies S1[k + 1] ) assume S1[k] ; ::_thesis: S1[k + 1] then consider h being Function of CTL_WFF, the carrier of V such that A2: h is-PreEvaluation-for k,Kai ; S1[k + 1] proof deffunc H1( set ) -> set = GraftEval (V,Kai,h,h,k,(CastCTLformula $1)); A3: for H being set st H in CTL_WFF holds H1(H) in the carrier of V proof let H be set ; ::_thesis: ( H in CTL_WFF implies H1(H) in the carrier of V ) assume A4: H in CTL_WFF ; ::_thesis: H1(H) in the carrier of V reconsider H = H as CTL-formula by A4, Th1; A5: H1(H) = GraftEval (V,Kai,h,h,k,H) by A4, Def24; percases ( len H > k + 1 or ( len H = k + 1 & H is atomic ) or ( len H = k + 1 & H is negative ) or ( len H = k + 1 & H is conjunctive ) or ( len H = k + 1 & H is ExistNext ) or ( len H = k + 1 & H is ExistGlobal ) or ( len H = k + 1 & H is ExistUntill ) or len H < k + 1 ) by Th2, XXREAL_0:1; suppose len H > k + 1 ; ::_thesis: H1(H) in the carrier of V then GraftEval (V,Kai,h,h,k,H) = h . H by Def28; hence H1(H) in the carrier of V by A4, A5, FUNCT_2:5; ::_thesis: verum end; supposeA6: ( len H = k + 1 & H is atomic ) ; ::_thesis: H1(H) in the carrier of V then H in atomic_WFF ; then Kai . H in the BasicAssign of V by FUNCT_2:5; then Kai . H in the carrier of V ; hence H1(H) in the carrier of V by A5, A6, Def28; ::_thesis: verum end; supposeA7: ( len H = k + 1 & H is negative ) ; ::_thesis: H1(H) in the carrier of V the_argument_of H in CTL_WFF by Th1; then A8: h . (the_argument_of H) in the carrier of V by FUNCT_2:5; GraftEval (V,Kai,h,h,k,H) = the Compl of V . (h . (the_argument_of H)) by A7, Def28; hence H1(H) in the carrier of V by A5, A8, FUNCT_2:5; ::_thesis: verum end; suppose ( len H = k + 1 & H is conjunctive ) ; ::_thesis: H1(H) in the carrier of V then A9: GraftEval (V,Kai,h,h,k,H) = the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) by Def28; the_right_argument_of H in CTL_WFF by Th1; then A10: h . (the_right_argument_of H) in the carrier of V by FUNCT_2:5; the_left_argument_of H in CTL_WFF by Th1; then h . (the_left_argument_of H) in the carrier of V by FUNCT_2:5; then [(h . (the_left_argument_of H)),(h . (the_right_argument_of H))] in [: the carrier of V, the carrier of V:] by A10, ZFMISC_1:def_2; hence H1(H) in the carrier of V by A5, A9, FUNCT_2:5; ::_thesis: verum end; supposeA11: ( len H = k + 1 & H is ExistNext ) ; ::_thesis: H1(H) in the carrier of V the_argument_of H in CTL_WFF by Th1; then A12: h . (the_argument_of H) in the carrier of V by FUNCT_2:5; GraftEval (V,Kai,h,h,k,H) = the EneXt of V . (h . (the_argument_of H)) by A11, Def28; hence H1(H) in the carrier of V by A5, A12, FUNCT_2:5; ::_thesis: verum end; supposeA13: ( len H = k + 1 & H is ExistGlobal ) ; ::_thesis: H1(H) in the carrier of V the_argument_of H in CTL_WFF by Th1; then A14: h . (the_argument_of H) in the carrier of V by FUNCT_2:5; GraftEval (V,Kai,h,h,k,H) = the EGlobal of V . (h . (the_argument_of H)) by A13, Def28; hence H1(H) in the carrier of V by A5, A14, FUNCT_2:5; ::_thesis: verum end; suppose ( len H = k + 1 & H is ExistUntill ) ; ::_thesis: H1(H) in the carrier of V then A15: GraftEval (V,Kai,h,h,k,H) = the EUntill of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) by Def28; the_right_argument_of H in CTL_WFF by Th1; then A16: h . (the_right_argument_of H) in the carrier of V by FUNCT_2:5; the_left_argument_of H in CTL_WFF by Th1; then h . (the_left_argument_of H) in the carrier of V by FUNCT_2:5; then [(h . (the_left_argument_of H)),(h . (the_right_argument_of H))] in [: the carrier of V, the carrier of V:] by A16, ZFMISC_1:def_2; hence H1(H) in the carrier of V by A5, A15, FUNCT_2:5; ::_thesis: verum end; suppose len H < k + 1 ; ::_thesis: H1(H) in the carrier of V then GraftEval (V,Kai,h,h,k,H) = h . H by Def28; hence H1(H) in the carrier of V by A4, A5, FUNCT_2:5; ::_thesis: verum end; end; end; consider f being Function of CTL_WFF, the carrier of V such that A17: for H being set st H in CTL_WFF holds f . H = H1(H) from FUNCT_2:sch_2(A3); take f ; ::_thesis: f is-PreEvaluation-for k + 1,Kai A18: for H being CTL-formula st len H < k + 1 holds f . H = h . H proof let H be CTL-formula; ::_thesis: ( len H < k + 1 implies f . H = h . H ) assume A19: len H < k + 1 ; ::_thesis: f . H = h . H A20: H in CTL_WFF by Th1; then f . H = H1(H) by A17 .= GraftEval (V,Kai,h,h,k,H) by A20, Def24 ; hence f . H = h . H by A19, Def28; ::_thesis: verum end; for H being CTL-formula st len H <= k + 1 holds ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) proof let H be CTL-formula; ::_thesis: ( len H <= k + 1 implies ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) ) assume A21: len H <= k + 1 ; ::_thesis: ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) A22: H in CTL_WFF by Th1; then A23: f . H = H1(H) by A17 .= GraftEval (V,Kai,h,h,k,H) by A22, Def24 ; A24: ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) proof assume A25: H is negative ; ::_thesis: f . H = the Compl of V . (f . (the_argument_of H)) then len (the_argument_of H) < len H by Lm22; then len (the_argument_of H) <= k by A21, Lm1; then A26: len (the_argument_of H) < k + 1 by NAT_1:13; percases ( len H <= k or len H = k + 1 ) by A21, NAT_1:8; supposeA27: len H <= k ; ::_thesis: f . H = the Compl of V . (f . (the_argument_of H)) then len H < k + 1 by NAT_1:13; then f . H = h . H by A18 .= the Compl of V . (h . (the_argument_of H)) by A2, A25, A27, Def27 ; hence f . H = the Compl of V . (f . (the_argument_of H)) by A18, A26; ::_thesis: verum end; suppose len H = k + 1 ; ::_thesis: f . H = the Compl of V . (f . (the_argument_of H)) then GraftEval (V,Kai,h,h,k,H) = the Compl of V . (h . (the_argument_of H)) by A25, Def28 .= the Compl of V . (f . (the_argument_of H)) by A18, A26 ; hence f . H = the Compl of V . (f . (the_argument_of H)) by A23; ::_thesis: verum end; end; end; A28: ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) proof assume A29: H is ExistUntill ; ::_thesis: f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then len (the_right_argument_of H) < len H by Lm23; then len (the_right_argument_of H) <= k by A21, Lm1; then A30: len (the_right_argument_of H) < k + 1 by NAT_1:13; len (the_left_argument_of H) < len H by A29, Lm23; then len (the_left_argument_of H) <= k by A21, Lm1; then len (the_left_argument_of H) < k + 1 by NAT_1:13; then A31: h . (the_left_argument_of H) = f . (the_left_argument_of H) by A18; percases ( len H <= k or len H = k + 1 ) by A21, NAT_1:8; supposeA32: len H <= k ; ::_thesis: f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then len H < k + 1 by NAT_1:13; then f . H = h . H by A18 .= the EUntill of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) by A2, A29, A32, Def27 ; hence f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A18, A31, A30; ::_thesis: verum end; suppose len H = k + 1 ; ::_thesis: f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then GraftEval (V,Kai,h,h,k,H) = the EUntill of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) by A29, Def28 .= the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A18, A31, A30 ; hence f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A23; ::_thesis: verum end; end; end; A33: ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) proof assume A34: H is conjunctive ; ::_thesis: f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then len (the_right_argument_of H) < len H by Lm23; then len (the_right_argument_of H) <= k by A21, Lm1; then A35: len (the_right_argument_of H) < k + 1 by NAT_1:13; len (the_left_argument_of H) < len H by A34, Lm23; then len (the_left_argument_of H) <= k by A21, Lm1; then len (the_left_argument_of H) < k + 1 by NAT_1:13; then A36: h . (the_left_argument_of H) = f . (the_left_argument_of H) by A18; percases ( len H <= k or len H = k + 1 ) by A21, NAT_1:8; supposeA37: len H <= k ; ::_thesis: f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then len H < k + 1 by NAT_1:13; then f . H = h . H by A18 .= the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) by A2, A34, A37, Def27 ; hence f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A18, A36, A35; ::_thesis: verum end; suppose len H = k + 1 ; ::_thesis: f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then GraftEval (V,Kai,h,h,k,H) = the L_meet of V . ((h . (the_left_argument_of H)),(h . (the_right_argument_of H))) by A34, Def28 .= the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A18, A36, A35 ; hence f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A23; ::_thesis: verum end; end; end; A38: ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) proof assume A39: H is ExistGlobal ; ::_thesis: f . H = the EGlobal of V . (f . (the_argument_of H)) then len (the_argument_of H) < len H by Lm22; then len (the_argument_of H) <= k by A21, Lm1; then A40: len (the_argument_of H) < k + 1 by NAT_1:13; percases ( len H <= k or len H = k + 1 ) by A21, NAT_1:8; supposeA41: len H <= k ; ::_thesis: f . H = the EGlobal of V . (f . (the_argument_of H)) then len H < k + 1 by NAT_1:13; then f . H = h . H by A18 .= the EGlobal of V . (h . (the_argument_of H)) by A2, A39, A41, Def27 ; hence f . H = the EGlobal of V . (f . (the_argument_of H)) by A18, A40; ::_thesis: verum end; suppose len H = k + 1 ; ::_thesis: f . H = the EGlobal of V . (f . (the_argument_of H)) then GraftEval (V,Kai,h,h,k,H) = the EGlobal of V . (h . (the_argument_of H)) by A39, Def28 .= the EGlobal of V . (f . (the_argument_of H)) by A18, A40 ; hence f . H = the EGlobal of V . (f . (the_argument_of H)) by A23; ::_thesis: verum end; end; end; A42: ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) proof assume A43: H is ExistNext ; ::_thesis: f . H = the EneXt of V . (f . (the_argument_of H)) then len (the_argument_of H) < len H by Lm22; then len (the_argument_of H) <= k by A21, Lm1; then A44: len (the_argument_of H) < k + 1 by NAT_1:13; percases ( len H <= k or len H = k + 1 ) by A21, NAT_1:8; supposeA45: len H <= k ; ::_thesis: f . H = the EneXt of V . (f . (the_argument_of H)) then len H < k + 1 by NAT_1:13; then f . H = h . H by A18 .= the EneXt of V . (h . (the_argument_of H)) by A2, A43, A45, Def27 ; hence f . H = the EneXt of V . (f . (the_argument_of H)) by A18, A44; ::_thesis: verum end; suppose len H = k + 1 ; ::_thesis: f . H = the EneXt of V . (f . (the_argument_of H)) then GraftEval (V,Kai,h,h,k,H) = the EneXt of V . (h . (the_argument_of H)) by A43, Def28 .= the EneXt of V . (f . (the_argument_of H)) by A18, A44 ; hence f . H = the EneXt of V . (f . (the_argument_of H)) by A23; ::_thesis: verum end; end; end; ( H is atomic implies f . H = Kai . H ) proof assume A46: H is atomic ; ::_thesis: f . H = Kai . H percases ( len H <= k or len H = k + 1 ) by A21, NAT_1:8; supposeA47: len H <= k ; ::_thesis: f . H = Kai . H then len H < k + 1 by NAT_1:13; then f . H = h . H by A18 .= Kai . H by A2, A46, A47, Def27 ; hence f . H = Kai . H ; ::_thesis: verum end; suppose len H = k + 1 ; ::_thesis: f . H = Kai . H hence f . H = Kai . H by A23, A46, Def28; ::_thesis: verum end; end; end; hence ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) by A24, A33, A42, A38, A28; ::_thesis: verum end; hence f is-PreEvaluation-for k + 1,Kai by Def27; ::_thesis: verum end; hence S1[k + 1] ; ::_thesis: verum end; A48: S1[ 0 ] proof consider v0 being set such that A49: v0 in the carrier of V by XBOOLE_0:def_1; set f = CTL_WFF --> v0; A50: dom (CTL_WFF --> v0) = CTL_WFF by FUNCOP_1:13; A51: rng (CTL_WFF --> v0) c= {v0} by FUNCOP_1:13; {v0} c= the carrier of V by A49, ZFMISC_1:31; then reconsider f = CTL_WFF --> v0 as Function of CTL_WFF, the carrier of V by A50, A51, FUNCT_2:2, XBOOLE_1:1; take f ; ::_thesis: f is-PreEvaluation-for 0 ,Kai thus f is-PreEvaluation-for 0 ,Kai by Lm24; ::_thesis: verum end; for n being Element of NAT holds S1[n] from NAT_1:sch_1(A48, A1); hence for n being Element of NAT ex f being Function of CTL_WFF, the carrier of V st f is-PreEvaluation-for n,Kai ; ::_thesis: verum end; Lm29: for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V for f being Function of CTL_WFF, the carrier of V st ( for n being Element of NAT holds f is-PreEvaluation-for n,Kai ) holds f is-Evaluation-for Kai proof let V be CTLModel; ::_thesis: for Kai being Function of atomic_WFF, the BasicAssign of V for f being Function of CTL_WFF, the carrier of V st ( for n being Element of NAT holds f is-PreEvaluation-for n,Kai ) holds f is-Evaluation-for Kai let Kai be Function of atomic_WFF, the BasicAssign of V; ::_thesis: for f being Function of CTL_WFF, the carrier of V st ( for n being Element of NAT holds f is-PreEvaluation-for n,Kai ) holds f is-Evaluation-for Kai let f be Function of CTL_WFF, the carrier of V; ::_thesis: ( ( for n being Element of NAT holds f is-PreEvaluation-for n,Kai ) implies f is-Evaluation-for Kai ) assume A1: for n being Element of NAT holds f is-PreEvaluation-for n,Kai ; ::_thesis: f is-Evaluation-for Kai let H be CTL-formula; :: according to MODELC_1:def_26 ::_thesis: ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) set n = len H; f is-PreEvaluation-for len H,Kai by A1; hence ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) by Def27; ::_thesis: verum end; definition let V be CTLModel; let Kai be Function of atomic_WFF, the BasicAssign of V; let n be Element of NAT ; func EvalSet (V,Kai,n) -> non empty set equals :: MODELC_1:def 31 { h where h is Function of CTL_WFF, the carrier of V : h is-PreEvaluation-for n,Kai } ; correctness coherence { h where h is Function of CTL_WFF, the carrier of V : h is-PreEvaluation-for n,Kai } is non empty set ; proof set X = { h where h is Function of CTL_WFF, the carrier of V : h is-PreEvaluation-for n,Kai } ; consider h being Function of CTL_WFF, the carrier of V such that A1: h is-PreEvaluation-for n,Kai by Lm28; h in { h where h is Function of CTL_WFF, the carrier of V : h is-PreEvaluation-for n,Kai } by A1; hence { h where h is Function of CTL_WFF, the carrier of V : h is-PreEvaluation-for n,Kai } is non empty set ; ::_thesis: verum end; end; :: deftheorem defines EvalSet MODELC_1:def_31_:_ for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V for n being Element of NAT holds EvalSet (V,Kai,n) = { h where h is Function of CTL_WFF, the carrier of V : h is-PreEvaluation-for n,Kai } ; definition let V be CTLModel; let v0 be Element of the carrier of V; let x be set ; func CastEval (V,x,v0) -> Function of CTL_WFF, the carrier of V equals :Def32: :: MODELC_1:def 32 x if x in Funcs (CTL_WFF, the carrier of V) otherwise CTL_WFF --> v0; correctness coherence ( ( x in Funcs (CTL_WFF, the carrier of V) implies x is Function of CTL_WFF, the carrier of V ) & ( not x in Funcs (CTL_WFF, the carrier of V) implies CTL_WFF --> v0 is Function of CTL_WFF, the carrier of V ) ); consistency for b1 being Function of CTL_WFF, the carrier of V holds verum; by FUNCT_2:66; end; :: deftheorem Def32 defines CastEval MODELC_1:def_32_:_ for V being CTLModel for v0 being Element of the carrier of V for x being set holds ( ( x in Funcs (CTL_WFF, the carrier of V) implies CastEval (V,x,v0) = x ) & ( not x in Funcs (CTL_WFF, the carrier of V) implies CastEval (V,x,v0) = CTL_WFF --> v0 ) ); definition let V be CTLModel; let Kai be Function of atomic_WFF, the BasicAssign of V; func EvalFamily (V,Kai) -> non empty set means :Def33: :: MODELC_1:def 33 for p being set holds ( p in it iff ( p in bool (Funcs (CTL_WFF, the carrier of V)) & ex n being Element of NAT st p = EvalSet (V,Kai,n) ) ); existence ex b1 being non empty set st for p being set holds ( p in b1 iff ( p in bool (Funcs (CTL_WFF, the carrier of V)) & ex n being Element of NAT st p = EvalSet (V,Kai,n) ) ) proof defpred S1[ set ] means ex n being Element of NAT st $1 = EvalSet (V,Kai,n); set X = bool (Funcs (CTL_WFF, the carrier of V)); consider IT being set such that A1: for p being set holds ( p in IT iff ( p in bool (Funcs (CTL_WFF, the carrier of V)) & S1[p] ) ) from XBOOLE_0:sch_1(); not IT is empty proof set p = EvalSet (V,Kai,0); EvalSet (V,Kai,0) c= Funcs (CTL_WFF, the carrier of V) proof let x be set ; :: according to TARSKI:def_3 ::_thesis: ( not x in EvalSet (V,Kai,0) or x in Funcs (CTL_WFF, the carrier of V) ) assume x in EvalSet (V,Kai,0) ; ::_thesis: x in Funcs (CTL_WFF, the carrier of V) then ex h being Function of CTL_WFF, the carrier of V st ( x = h & h is-PreEvaluation-for 0 ,Kai ) ; hence x in Funcs (CTL_WFF, the carrier of V) by FUNCT_2:8; ::_thesis: verum end; hence not IT is empty by A1; ::_thesis: verum end; then reconsider IT = IT as non empty set ; take IT ; ::_thesis: for p being set holds ( p in IT iff ( p in bool (Funcs (CTL_WFF, the carrier of V)) & ex n being Element of NAT st p = EvalSet (V,Kai,n) ) ) thus for p being set holds ( p in IT iff ( p in bool (Funcs (CTL_WFF, the carrier of V)) & ex n being Element of NAT st p = EvalSet (V,Kai,n) ) ) by A1; ::_thesis: verum end; uniqueness for b1, b2 being non empty set st ( for p being set holds ( p in b1 iff ( p in bool (Funcs (CTL_WFF, the carrier of V)) & ex n being Element of NAT st p = EvalSet (V,Kai,n) ) ) ) & ( for p being set holds ( p in b2 iff ( p in bool (Funcs (CTL_WFF, the carrier of V)) & ex n being Element of NAT st p = EvalSet (V,Kai,n) ) ) ) holds b1 = b2 proof defpred S1[ set ] means ( $1 in bool (Funcs (CTL_WFF, the carrier of V)) & ex n being Element of NAT st $1 = EvalSet (V,Kai,n) ); for X1, X2 being set st ( for x being set holds ( x in X1 iff S1[x] ) ) & ( for x being set holds ( x in X2 iff S1[x] ) ) holds X1 = X2 from XBOOLE_0:sch_3(); hence for b1, b2 being non empty set st ( for p being set holds ( p in b1 iff ( p in bool (Funcs (CTL_WFF, the carrier of V)) & ex n being Element of NAT st p = EvalSet (V,Kai,n) ) ) ) & ( for p being set holds ( p in b2 iff ( p in bool (Funcs (CTL_WFF, the carrier of V)) & ex n being Element of NAT st p = EvalSet (V,Kai,n) ) ) ) holds b1 = b2 ; ::_thesis: verum end; end; :: deftheorem Def33 defines EvalFamily MODELC_1:def_33_:_ for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V for b3 being non empty set holds ( b3 = EvalFamily (V,Kai) iff for p being set holds ( p in b3 iff ( p in bool (Funcs (CTL_WFF, the carrier of V)) & ex n being Element of NAT st p = EvalSet (V,Kai,n) ) ) ); Lm30: for n being Element of NAT for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V holds EvalSet (V,Kai,n) in EvalFamily (V,Kai) proof let n be Element of NAT ; ::_thesis: for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V holds EvalSet (V,Kai,n) in EvalFamily (V,Kai) let V be CTLModel; ::_thesis: for Kai being Function of atomic_WFF, the BasicAssign of V holds EvalSet (V,Kai,n) in EvalFamily (V,Kai) let Kai be Function of atomic_WFF, the BasicAssign of V; ::_thesis: EvalSet (V,Kai,n) in EvalFamily (V,Kai) set p1 = EvalSet (V,Kai,n); EvalSet (V,Kai,n) c= Funcs (CTL_WFF, the carrier of V) proof let x be set ; :: according to TARSKI:def_3 ::_thesis: ( not x in EvalSet (V,Kai,n) or x in Funcs (CTL_WFF, the carrier of V) ) assume x in EvalSet (V,Kai,n) ; ::_thesis: x in Funcs (CTL_WFF, the carrier of V) then ex h being Function of CTL_WFF, the carrier of V st ( x = h & h is-PreEvaluation-for n,Kai ) ; hence x in Funcs (CTL_WFF, the carrier of V) by FUNCT_2:8; ::_thesis: verum end; hence EvalSet (V,Kai,n) in EvalFamily (V,Kai) by Def33; ::_thesis: verum end; theorem Th3: :: MODELC_1:3 for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V ex f being Function of CTL_WFF, the carrier of V st f is-Evaluation-for Kai proof let V be CTLModel; ::_thesis: for Kai being Function of atomic_WFF, the BasicAssign of V ex f being Function of CTL_WFF, the carrier of V st f is-Evaluation-for Kai let Kai be Function of atomic_WFF, the BasicAssign of V; ::_thesis: ex f being Function of CTL_WFF, the carrier of V st f is-Evaluation-for Kai set M = EvalFamily (V,Kai); set v0 = the Element of the carrier of V; for X being set st X in EvalFamily (V,Kai) holds X <> {} proof let X be set ; ::_thesis: ( X in EvalFamily (V,Kai) implies X <> {} ) assume X in EvalFamily (V,Kai) ; ::_thesis: X <> {} then ex n being Element of NAT st X = EvalSet (V,Kai,n) by Def33; hence X <> {} ; ::_thesis: verum end; then consider Choice being Function such that dom Choice = EvalFamily (V,Kai) and A1: for X being set st X in EvalFamily (V,Kai) holds Choice . X in X by FUNCT_1:111; deffunc H1( set ) -> set = Choice . (EvalSet (V,Kai,(k_nat $1))); A2: for n being set st n in NAT holds H1(n) is Function of CTL_WFF, the carrier of V proof let n be set ; ::_thesis: ( n in NAT implies H1(n) is Function of CTL_WFF, the carrier of V ) assume A3: n in NAT ; ::_thesis: H1(n) is Function of CTL_WFF, the carrier of V A4: k_nat n = n by A3, Def2; set Y = H1(n); reconsider n = n as Element of NAT by A3; H1(n) in EvalSet (V,Kai,n) by A1, A4, Lm30; then ex h being Function of CTL_WFF, the carrier of V st ( H1(n) = h & h is-PreEvaluation-for n,Kai ) ; hence H1(n) is Function of CTL_WFF, the carrier of V ; ::_thesis: verum end; A5: for n being set st n in NAT holds H1(n) in Funcs (CTL_WFF, the carrier of V) proof let n be set ; ::_thesis: ( n in NAT implies H1(n) in Funcs (CTL_WFF, the carrier of V) ) assume n in NAT ; ::_thesis: H1(n) in Funcs (CTL_WFF, the carrier of V) then H1(n) is Function of CTL_WFF, the carrier of V by A2; hence H1(n) in Funcs (CTL_WFF, the carrier of V) by FUNCT_2:8; ::_thesis: verum end; consider f1 being Function of NAT,(Funcs (CTL_WFF, the carrier of V)) such that A6: for n being set st n in NAT holds f1 . n = H1(n) from FUNCT_2:sch_2(A5); deffunc H2( set ) -> set = (CastEval (V,(f1 . (len (CastCTLformula $1))), the Element of the carrier of V)) . $1; A7: for H being set st H in CTL_WFF holds H2(H) in the carrier of V by FUNCT_2:5; consider f being Function of CTL_WFF, the carrier of V such that A8: for H being set st H in CTL_WFF holds f . H = H2(H) from FUNCT_2:sch_2(A7); take f ; ::_thesis: f is-Evaluation-for Kai for n being Element of NAT holds f is-PreEvaluation-for n,Kai proof defpred S1[ Element of NAT ] means f is-PreEvaluation-for $1,Kai; A9: for k being Element of NAT st S1[k] holds S1[k + 1] proof let k be Element of NAT ; ::_thesis: ( S1[k] implies S1[k + 1] ) assume A10: S1[k] ; ::_thesis: S1[k + 1] for H being CTL-formula st len H <= k + 1 holds ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) proof let H be CTL-formula; ::_thesis: ( len H <= k + 1 implies ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) ) assume A11: len H <= k + 1 ; ::_thesis: ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) now__::_thesis:_(_(_len_H_<=_k_&_(_H_is_atomic_implies_f_._H_=_Kai_._H_)_&_(_H_is_negative_implies_f_._H_=_the_Compl_of_V_._(f_._(the_argument_of_H))_)_&_(_H_is_conjunctive_implies_f_._H_=_the_L_meet_of_V_._((f_._(the_left_argument_of_H)),(f_._(the_right_argument_of_H)))_)_&_(_H_is_ExistNext_implies_f_._H_=_the_EneXt_of_V_._(f_._(the_argument_of_H))_)_&_(_H_is_ExistGlobal_implies_f_._H_=_the_EGlobal_of_V_._(f_._(the_argument_of_H))_)_&_(_H_is_ExistUntill_implies_f_._H_=_the_EUntill_of_V_._((f_._(the_left_argument_of_H)),(f_._(the_right_argument_of_H)))_)_)_or_(_len_H_=_k_+_1_&_(_H_is_atomic_implies_f_._H_=_Kai_._H_)_&_(_H_is_negative_implies_f_._H_=_the_Compl_of_V_._(f_._(the_argument_of_H))_)_&_(_H_is_conjunctive_implies_f_._H_=_the_L_meet_of_V_._((f_._(the_left_argument_of_H)),(f_._(the_right_argument_of_H)))_)_&_(_H_is_ExistNext_implies_f_._H_=_the_EneXt_of_V_._(f_._(the_argument_of_H))_)_&_(_H_is_ExistGlobal_implies_f_._H_=_the_EGlobal_of_V_._(f_._(the_argument_of_H))_)_&_(_H_is_ExistUntill_implies_f_._H_=_the_EUntill_of_V_._((f_._(the_left_argument_of_H)),(f_._(the_right_argument_of_H)))_)_)_) percases ( len H <= k or len H = k + 1 ) by A11, NAT_1:8; case len H <= k ; ::_thesis: ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) hence ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) by A10, Def27; ::_thesis: verum end; caseA12: len H = k + 1 ; ::_thesis: ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) set f2 = H1( len H); A13: H in CTL_WFF by Th1; then f1 . (len (CastCTLformula H)) = f1 . (len H) by Def24 .= H1( len H) by A6 ; then A14: CastEval (V,(f1 . (len (CastCTLformula H))), the Element of the carrier of V) = H1( len H) by Def32; then reconsider f2 = H1( len H) as Function of CTL_WFF, the carrier of V ; A15: f2 = Choice . (EvalSet (V,Kai,(len H))) by Def2; Choice . (EvalSet (V,Kai,(len H))) in EvalSet (V,Kai,(len H)) by A1, Lm30; then A16: ex h being Function of CTL_WFF, the carrier of V st ( f2 = h & h is-PreEvaluation-for len H,Kai ) by A15; then A17: f2 is-PreEvaluation-for k,Kai by A12, Lm25; A18: f . H = f2 . H by A8, A13, A14; A19: ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) proof assume A20: H is ExistNext ; ::_thesis: f . H = the EneXt of V . (f . (the_argument_of H)) then len (the_argument_of H) < len H by Lm22; then A21: len (the_argument_of H) <= k by A12, NAT_1:13; f . H = the EneXt of V . (f2 . (the_argument_of H)) by A18, A16, A20, Def27 .= the EneXt of V . (f . (the_argument_of H)) by A10, A17, A21, Lm27 ; hence f . H = the EneXt of V . (f . (the_argument_of H)) ; ::_thesis: verum end; A22: ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) proof assume A23: H is ExistUntill ; ::_thesis: f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then len (the_right_argument_of H) < len H by Lm23; then A24: len (the_right_argument_of H) <= k by A12, NAT_1:13; len (the_left_argument_of H) < len H by A23, Lm23; then len (the_left_argument_of H) <= k by A12, NAT_1:13; then A25: f . (the_left_argument_of H) = f2 . (the_left_argument_of H) by A10, A17, Lm27; f . H = the EUntill of V . ((f2 . (the_left_argument_of H)),(f2 . (the_right_argument_of H))) by A18, A16, A23, Def27 .= the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A10, A17, A25, A24, Lm27 ; hence f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ; ::_thesis: verum end; A26: ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) proof assume A27: H is conjunctive ; ::_thesis: f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) then len (the_right_argument_of H) < len H by Lm23; then A28: len (the_right_argument_of H) <= k by A12, NAT_1:13; len (the_left_argument_of H) < len H by A27, Lm23; then len (the_left_argument_of H) <= k by A12, NAT_1:13; then A29: f . (the_left_argument_of H) = f2 . (the_left_argument_of H) by A10, A17, Lm27; f . H = the L_meet of V . ((f2 . (the_left_argument_of H)),(f2 . (the_right_argument_of H))) by A18, A16, A27, Def27 .= the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) by A10, A17, A29, A28, Lm27 ; hence f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ; ::_thesis: verum end; A30: ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) proof assume A31: H is ExistGlobal ; ::_thesis: f . H = the EGlobal of V . (f . (the_argument_of H)) then len (the_argument_of H) < len H by Lm22; then A32: len (the_argument_of H) <= k by A12, NAT_1:13; f . H = the EGlobal of V . (f2 . (the_argument_of H)) by A18, A16, A31, Def27 .= the EGlobal of V . (f . (the_argument_of H)) by A10, A17, A32, Lm27 ; hence f . H = the EGlobal of V . (f . (the_argument_of H)) ; ::_thesis: verum end; ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) proof assume A33: H is negative ; ::_thesis: f . H = the Compl of V . (f . (the_argument_of H)) then len (the_argument_of H) < len H by Lm22; then A34: len (the_argument_of H) <= k by A12, NAT_1:13; f . H = the Compl of V . (f2 . (the_argument_of H)) by A18, A16, A33, Def27 .= the Compl of V . (f . (the_argument_of H)) by A10, A17, A34, Lm27 ; hence f . H = the Compl of V . (f . (the_argument_of H)) ; ::_thesis: verum end; hence ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) by A18, A16, A19, A30, A26, A22, Def27; ::_thesis: verum end; end; end; hence ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) ; ::_thesis: verum end; hence S1[k + 1] by Def27; ::_thesis: verum end; for H being CTL-formula st len H <= 0 holds ( ( H is atomic implies f . H = Kai . H ) & ( H is negative implies f . H = the Compl of V . (f . (the_argument_of H)) ) & ( H is conjunctive implies f . H = the L_meet of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) & ( H is ExistNext implies f . H = the EneXt of V . (f . (the_argument_of H)) ) & ( H is ExistGlobal implies f . H = the EGlobal of V . (f . (the_argument_of H)) ) & ( H is ExistUntill implies f . H = the EUntill of V . ((f . (the_left_argument_of H)),(f . (the_right_argument_of H))) ) ) by Lm10; then A35: S1[ 0 ] by Def27; for n being Element of NAT holds S1[n] from NAT_1:sch_1(A35, A9); hence for n being Element of NAT holds f is-PreEvaluation-for n,Kai ; ::_thesis: verum end; hence f is-Evaluation-for Kai by Lm29; ::_thesis: verum end; theorem Th4: :: MODELC_1:4 for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V for f1, f2 being Function of CTL_WFF, the carrier of V st f1 is-Evaluation-for Kai & f2 is-Evaluation-for Kai holds f1 = f2 proof let V be CTLModel; ::_thesis: for Kai being Function of atomic_WFF, the BasicAssign of V for f1, f2 being Function of CTL_WFF, the carrier of V st f1 is-Evaluation-for Kai & f2 is-Evaluation-for Kai holds f1 = f2 let Kai be Function of atomic_WFF, the BasicAssign of V; ::_thesis: for f1, f2 being Function of CTL_WFF, the carrier of V st f1 is-Evaluation-for Kai & f2 is-Evaluation-for Kai holds f1 = f2 let f1, f2 be Function of CTL_WFF, the carrier of V; ::_thesis: ( f1 is-Evaluation-for Kai & f2 is-Evaluation-for Kai implies f1 = f2 ) assume that A1: f1 is-Evaluation-for Kai and A2: f2 is-Evaluation-for Kai ; ::_thesis: f1 = f2 for H being set st H in CTL_WFF holds f1 . H = f2 . H proof let H be set ; ::_thesis: ( H in CTL_WFF implies f1 . H = f2 . H ) assume H in CTL_WFF ; ::_thesis: f1 . H = f2 . H then reconsider H = H as CTL-formula by Th1; set n = len H; A3: f2 is-PreEvaluation-for len H,Kai by A2, Lm26; f1 is-PreEvaluation-for len H,Kai by A1, Lm26; hence f1 . H = f2 . H by A3, Lm27; ::_thesis: verum end; hence f1 = f2 by FUNCT_2:12; ::_thesis: verum end; definition let V be CTLModel; let Kai be Function of atomic_WFF, the BasicAssign of V; let H be CTL-formula; func Evaluate (H,Kai) -> Assign of V means :Def34: :: MODELC_1:def 34 ex f being Function of CTL_WFF, the carrier of V st ( f is-Evaluation-for Kai & it = f . H ); existence ex b1 being Assign of V ex f being Function of CTL_WFF, the carrier of V st ( f is-Evaluation-for Kai & b1 = f . H ) proof consider f being Function of CTL_WFF, the carrier of V such that A1: f is-Evaluation-for Kai by Th3; set IT = f . H; H in CTL_WFF by Th1; then reconsider IT = f . H as Assign of V by FUNCT_2:5; take IT ; ::_thesis: ex f being Function of CTL_WFF, the carrier of V st ( f is-Evaluation-for Kai & IT = f . H ) thus ex f being Function of CTL_WFF, the carrier of V st ( f is-Evaluation-for Kai & IT = f . H ) by A1; ::_thesis: verum end; uniqueness for b1, b2 being Assign of V st ex f being Function of CTL_WFF, the carrier of V st ( f is-Evaluation-for Kai & b1 = f . H ) & ex f being Function of CTL_WFF, the carrier of V st ( f is-Evaluation-for Kai & b2 = f . H ) holds b1 = b2 by Th4; end; :: deftheorem Def34 defines Evaluate MODELC_1:def_34_:_ for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V for H being CTL-formula for b4 being Assign of V holds ( b4 = Evaluate (H,Kai) iff ex f being Function of CTL_WFF, the carrier of V st ( f is-Evaluation-for Kai & b4 = f . H ) ); notation let V be CTLModel; let f be Assign of V; synonym 'not' f for f ` ; let g be Assign of V; synonym f '&' g for f "/\" g; end; definition let V be CTLModel; let f be Assign of V; func EX f -> Assign of V equals :: MODELC_1:def 35 the EneXt of V . f; correctness coherence the EneXt of V . f is Assign of V; ; func EG f -> Assign of V equals :: MODELC_1:def 36 the EGlobal of V . f; correctness coherence the EGlobal of V . f is Assign of V; ; end; :: deftheorem defines EX MODELC_1:def_35_:_ for V being CTLModel for f being Assign of V holds EX f = the EneXt of V . f; :: deftheorem defines EG MODELC_1:def_36_:_ for V being CTLModel for f being Assign of V holds EG f = the EGlobal of V . f; definition let V be CTLModel; let f, g be Assign of V; funcf EU g -> Assign of V equals :: MODELC_1:def 37 the EUntill of V . (f,g); correctness coherence the EUntill of V . (f,g) is Assign of V; ; funcf 'or' g -> Assign of V equals :: MODELC_1:def 38 'not' (('not' f) '&' ('not' g)); correctness coherence 'not' (('not' f) '&' ('not' g)) is Assign of V; ; end; :: deftheorem defines EU MODELC_1:def_37_:_ for V being CTLModel for f, g being Assign of V holds f EU g = the EUntill of V . (f,g); :: deftheorem defines 'or' MODELC_1:def_38_:_ for V being CTLModel for f, g being Assign of V holds f 'or' g = 'not' (('not' f) '&' ('not' g)); theorem Th5: :: MODELC_1:5 for H being CTL-formula for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V holds Evaluate (('not' H),Kai) = 'not' (Evaluate (H,Kai)) proof let H be CTL-formula; ::_thesis: for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V holds Evaluate (('not' H),Kai) = 'not' (Evaluate (H,Kai)) let V be CTLModel; ::_thesis: for Kai being Function of atomic_WFF, the BasicAssign of V holds Evaluate (('not' H),Kai) = 'not' (Evaluate (H,Kai)) let Kai be Function of atomic_WFF, the BasicAssign of V; ::_thesis: Evaluate (('not' H),Kai) = 'not' (Evaluate (H,Kai)) consider f1 being Function of CTL_WFF, the carrier of V such that A1: f1 is-Evaluation-for Kai and A2: Evaluate (('not' H),Kai) = f1 . ('not' H) by Def34; A3: ex f2 being Function of CTL_WFF, the carrier of V st ( f2 is-Evaluation-for Kai & Evaluate (H,Kai) = f2 . H ) by Def34; A4: 'not' H is negative by Def15; then Evaluate (('not' H),Kai) = the Compl of V . (f1 . (the_argument_of ('not' H))) by A1, A2, Def26 .= the Compl of V . (f1 . H) by A4, Def21 .= 'not' (Evaluate (H,Kai)) by A1, A3, Th4 ; hence Evaluate (('not' H),Kai) = 'not' (Evaluate (H,Kai)) ; ::_thesis: verum end; theorem Th6: :: MODELC_1:6 for H1, H2 being CTL-formula for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V holds Evaluate ((H1 '&' H2),Kai) = (Evaluate (H1,Kai)) '&' (Evaluate (H2,Kai)) proof let H1, H2 be CTL-formula; ::_thesis: for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V holds Evaluate ((H1 '&' H2),Kai) = (Evaluate (H1,Kai)) '&' (Evaluate (H2,Kai)) let V be CTLModel; ::_thesis: for Kai being Function of atomic_WFF, the BasicAssign of V holds Evaluate ((H1 '&' H2),Kai) = (Evaluate (H1,Kai)) '&' (Evaluate (H2,Kai)) let Kai be Function of atomic_WFF, the BasicAssign of V; ::_thesis: Evaluate ((H1 '&' H2),Kai) = (Evaluate (H1,Kai)) '&' (Evaluate (H2,Kai)) consider f0 being Function of CTL_WFF, the carrier of V such that A1: f0 is-Evaluation-for Kai and A2: Evaluate ((H1 '&' H2),Kai) = f0 . (H1 '&' H2) by Def34; consider f1 being Function of CTL_WFF, the carrier of V such that A3: f1 is-Evaluation-for Kai and A4: Evaluate (H1,Kai) = f1 . H1 by Def34; consider f2 being Function of CTL_WFF, the carrier of V such that A5: f2 is-Evaluation-for Kai and A6: Evaluate (H2,Kai) = f2 . H2 by Def34; A7: f0 = f2 by A1, A5, Th4; A8: H1 '&' H2 is conjunctive by Def16; then A9: the_left_argument_of (H1 '&' H2) = H1 by Def22; A10: the_right_argument_of (H1 '&' H2) = H2 by A8, Def23; f0 = f1 by A1, A3, Th4; hence Evaluate ((H1 '&' H2),Kai) = (Evaluate (H1,Kai)) '&' (Evaluate (H2,Kai)) by A1, A2, A4, A6, A7, A8, A9, A10, Def26; ::_thesis: verum end; theorem Th7: :: MODELC_1:7 for H being CTL-formula for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V holds Evaluate ((EX H),Kai) = EX (Evaluate (H,Kai)) proof let H be CTL-formula; ::_thesis: for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V holds Evaluate ((EX H),Kai) = EX (Evaluate (H,Kai)) let V be CTLModel; ::_thesis: for Kai being Function of atomic_WFF, the BasicAssign of V holds Evaluate ((EX H),Kai) = EX (Evaluate (H,Kai)) let Kai be Function of atomic_WFF, the BasicAssign of V; ::_thesis: Evaluate ((EX H),Kai) = EX (Evaluate (H,Kai)) consider f1 being Function of CTL_WFF, the carrier of V such that A1: f1 is-Evaluation-for Kai and A2: Evaluate ((EX H),Kai) = f1 . (EX H) by Def34; A3: ex f2 being Function of CTL_WFF, the carrier of V st ( f2 is-Evaluation-for Kai & Evaluate (H,Kai) = f2 . H ) by Def34; A4: EX H is ExistNext by Def17; then Evaluate ((EX H),Kai) = the EneXt of V . (f1 . (the_argument_of (EX H))) by A1, A2, Def26 .= the EneXt of V . (f1 . H) by A4, Def21 .= EX (Evaluate (H,Kai)) by A1, A3, Th4 ; hence Evaluate ((EX H),Kai) = EX (Evaluate (H,Kai)) ; ::_thesis: verum end; theorem Th8: :: MODELC_1:8 for H being CTL-formula for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V holds Evaluate ((EG H),Kai) = EG (Evaluate (H,Kai)) proof let H be CTL-formula; ::_thesis: for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V holds Evaluate ((EG H),Kai) = EG (Evaluate (H,Kai)) let V be CTLModel; ::_thesis: for Kai being Function of atomic_WFF, the BasicAssign of V holds Evaluate ((EG H),Kai) = EG (Evaluate (H,Kai)) let Kai be Function of atomic_WFF, the BasicAssign of V; ::_thesis: Evaluate ((EG H),Kai) = EG (Evaluate (H,Kai)) consider f1 being Function of CTL_WFF, the carrier of V such that A1: f1 is-Evaluation-for Kai and A2: Evaluate ((EG H),Kai) = f1 . (EG H) by Def34; A3: ex f2 being Function of CTL_WFF, the carrier of V st ( f2 is-Evaluation-for Kai & Evaluate (H,Kai) = f2 . H ) by Def34; A4: EG H is ExistGlobal by Def18; then A5: not EG H is negative by Lm18; A6: not EG H is ExistNext by A4, Lm18; Evaluate ((EG H),Kai) = the EGlobal of V . (f1 . (the_argument_of (EG H))) by A1, A2, A4, Def26 .= the EGlobal of V . (f1 . H) by A4, A5, A6, Def21 .= EG (Evaluate (H,Kai)) by A1, A3, Th4 ; hence Evaluate ((EG H),Kai) = EG (Evaluate (H,Kai)) ; ::_thesis: verum end; theorem Th9: :: MODELC_1:9 for H1, H2 being CTL-formula for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V holds Evaluate ((H1 EU H2),Kai) = (Evaluate (H1,Kai)) EU (Evaluate (H2,Kai)) proof let H1, H2 be CTL-formula; ::_thesis: for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V holds Evaluate ((H1 EU H2),Kai) = (Evaluate (H1,Kai)) EU (Evaluate (H2,Kai)) let V be CTLModel; ::_thesis: for Kai being Function of atomic_WFF, the BasicAssign of V holds Evaluate ((H1 EU H2),Kai) = (Evaluate (H1,Kai)) EU (Evaluate (H2,Kai)) let Kai be Function of atomic_WFF, the BasicAssign of V; ::_thesis: Evaluate ((H1 EU H2),Kai) = (Evaluate (H1,Kai)) EU (Evaluate (H2,Kai)) consider f0 being Function of CTL_WFF, the carrier of V such that A1: f0 is-Evaluation-for Kai and A2: Evaluate ((H1 EU H2),Kai) = f0 . (H1 EU H2) by Def34; consider f1 being Function of CTL_WFF, the carrier of V such that A3: f1 is-Evaluation-for Kai and A4: Evaluate (H1,Kai) = f1 . H1 by Def34; consider f2 being Function of CTL_WFF, the carrier of V such that A5: f2 is-Evaluation-for Kai and A6: Evaluate (H2,Kai) = f2 . H2 by Def34; A7: f0 = f2 by A1, A5, Th4; A8: H1 EU H2 is ExistUntill by Def19; then (H1 EU H2) . 1 = 4 by Lm7; then A9: not H1 EU H2 is conjunctive by Lm4; then A10: the_left_argument_of (H1 EU H2) = H1 by A8, Def22; A11: the_right_argument_of (H1 EU H2) = H2 by A8, A9, Def23; f0 = f1 by A1, A3, Th4; hence Evaluate ((H1 EU H2),Kai) = (Evaluate (H1,Kai)) EU (Evaluate (H2,Kai)) by A1, A2, A4, A6, A7, A8, A10, A11, Def26; ::_thesis: verum end; theorem Th10: :: MODELC_1:10 for H1, H2 being CTL-formula for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V holds Evaluate ((H1 'or' H2),Kai) = (Evaluate (H1,Kai)) 'or' (Evaluate (H2,Kai)) proof let H1, H2 be CTL-formula; ::_thesis: for V being CTLModel for Kai being Function of atomic_WFF, the BasicAssign of V holds Evaluate ((H1 'or' H2),Kai) = (Evaluate (H1,Kai)) 'or' (Evaluate (H2,Kai)) let V be CTLModel; ::_thesis: for Kai being Function of atomic_WFF, the BasicAssign of V holds Evaluate ((H1 'or' H2),Kai) = (Evaluate (H1,Kai)) 'or' (Evaluate (H2,Kai)) let Kai be Function of atomic_WFF, the BasicAssign of V; ::_thesis: Evaluate ((H1 'or' H2),Kai) = (Evaluate (H1,Kai)) 'or' (Evaluate (H2,Kai)) Evaluate ((H1 'or' H2),Kai) = 'not' (Evaluate ((('not' H1) '&' ('not' H2)),Kai)) by Th5 .= 'not' ((Evaluate (('not' H1),Kai)) '&' (Evaluate (('not' H2),Kai))) by Th6 .= 'not' (('not' (Evaluate (H1,Kai))) '&' (Evaluate (('not' H2),Kai))) by Th5 ; hence Evaluate ((H1 'or' H2),Kai) = (Evaluate (H1,Kai)) 'or' (Evaluate (H2,Kai)) by Th5; ::_thesis: verum end; notation let f be Function; let n be Nat; synonym f |** n for iter (f,n); end; definition let S be set ; let f be Function of S,S; let n be Nat; :: original: |** redefine funcf |** n -> Function of S,S; coherence f |** n is Function of S,S proof reconsider n9 = n as Element of NAT by ORDINAL1:def_12; iter (f,n9) is Function of S,S ; hence f |** n is Function of S,S ; ::_thesis: verum end; end; Lm31: for S being set for R being Relation of S,S st R is total holds for x being set st x in S holds ex y being set st ( y in S & [x,y] in R ) proof let S be set ; ::_thesis: for R being Relation of S,S st R is total holds for x being set st x in S holds ex y being set st ( y in S & [x,y] in R ) let R be Relation of S,S; ::_thesis: ( R is total implies for x being set st x in S holds ex y being set st ( y in S & [x,y] in R ) ) ( R is total implies for x being set st x in S holds ex y being set st ( y in S & [x,y] in R ) ) proof assume A1: R is total ; ::_thesis: for x being set st x in S holds ex y being set st ( y in S & [x,y] in R ) for x being set st x in S holds ex y being set st ( y in S & [x,y] in R ) proof let x be set ; ::_thesis: ( x in S implies ex y being set st ( y in S & [x,y] in R ) ) assume A2: x in S ; ::_thesis: ex y being set st ( y in S & [x,y] in R ) dom R = S by A1, PARTFUN1:def_2; then consider y being Element of S such that A3: [x,y] in R by A2, RELSET_1:24; take y ; ::_thesis: ( y in S & [x,y] in R ) thus ( y in S & [x,y] in R ) by A2, A3; ::_thesis: verum end; hence for x being set st x in S holds ex y being set st ( y in S & [x,y] in R ) ; ::_thesis: verum end; hence ( R is total implies for x being set st x in S holds ex y being set st ( y in S & [x,y] in R ) ) ; ::_thesis: verum end; Lm32: for S being set for R being Relation of S,S st ( for x being set st x in S holds ex y being set st ( y in S & [x,y] in R ) ) holds R is total proof let S be set ; ::_thesis: for R being Relation of S,S st ( for x being set st x in S holds ex y being set st ( y in S & [x,y] in R ) ) holds R is total let R be Relation of S,S; ::_thesis: ( ( for x being set st x in S holds ex y being set st ( y in S & [x,y] in R ) ) implies R is total ) ( ( for x being set st x in S holds ex y being set st ( y in S & [x,y] in R ) ) implies R is total ) proof assume A1: for x being set st x in S holds ex y being set st ( y in S & [x,y] in R ) ; ::_thesis: R is total A2: S c= dom R proof let x be set ; :: according to TARSKI:def_3 ::_thesis: ( not x in S or x in dom R ) assume x in S ; ::_thesis: x in dom R then ex y being set st ( y in S & [x,y] in R ) by A1; hence x in dom R by XTUPLE_0:def_12; ::_thesis: verum end; dom R c= S by RELAT_1:def_18; then dom R = S by A2, XBOOLE_0:def_10; hence R is total by PARTFUN1:def_2; ::_thesis: verum end; hence ( ( for x being set st x in S holds ex y being set st ( y in S & [x,y] in R ) ) implies R is total ) ; ::_thesis: verum end; Lm33: for S being non empty set for R being total Relation of S,S for s being Element of S holds not R .: {s} is empty proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for s being Element of S holds not R .: {s} is empty let R be total Relation of S,S; ::_thesis: for s being Element of S holds not R .: {s} is empty let s be Element of S; ::_thesis: not R .: {s} is empty A1: s in {s} by TARSKI:def_1; ex p being set st ( p in S & [s,p] in R ) by Lm31; hence not R .: {s} is empty by A1, RELAT_1:def_13; ::_thesis: verum end; scheme :: MODELC_1:sch 1 ExistPath{ F1() -> non empty set , F2() -> total Relation of F1(),F1(), F3() -> Element of F1(), F4( Element of F1()) -> set } : ex f being Function of NAT,F1() st ( f . 0 = F3() & ( for n being Element of NAT holds ( [(f . n),(f . (n + 1))] in F2() & f . (n + 1) in F4((f . n)) ) ) ) provided A1: for s being Element of F1() holds (Im (F2(),s)) /\ F4(s) is non empty Subset of F1() proof for p being set st p in BOOL F1() holds p <> {} by ORDERS_1:1; then consider Choice being Function such that dom Choice = BOOL F1() and A2: for p being set st p in BOOL F1() holds Choice . p in p by FUNCT_1:111; A3: F3() in F1() ; ex g being Function of NAT,F1() st ( g . 0 = F3() & ( for n being Element of NAT holds g . (n + 1) = Choice . ((F2() .: {(g . n)}) /\ F4((g . n))) ) ) proof deffunc H1( set ) -> set = Choice . ((F2() .: {(k_id ($1,F1(),F3()))}) /\ F4((k_id ($1,F1(),F3())))); A4: for x being set st x in F1() holds H1(x) in F1() proof let x be set ; ::_thesis: ( x in F1() implies H1(x) in F1() ) assume A5: x in F1() ; ::_thesis: H1(x) in F1() A6: k_id (x,F1(),F3()) = x by A5, Def1; reconsider x = x as Element of F1() by A5; set X = (Im (F2(),x)) /\ F4(x); (Im (F2(),x)) /\ F4(x) is non empty Subset of F1() by A1; then (Im (F2(),x)) /\ F4(x) in BOOL F1() by ORDERS_1:2; then Choice . ((Im (F2(),x)) /\ F4(x)) in (Im (F2(),x)) /\ F4(x) by A2; then A7: H1(x) in F2() .: {x} by A6, XBOOLE_0:def_4; A8: rng F2() c= F1() by RELAT_1:def_19; F2() .: {x} c= rng F2() by RELAT_1:111; then F2() .: {x} c= F1() by A8, XBOOLE_1:1; hence H1(x) in F1() by A7; ::_thesis: verum end; consider f being Function of F1(),F1() such that A9: for x being set st x in F1() holds f . x = H1(x) from FUNCT_2:sch_2(A4); deffunc H2( set ) -> Element of F1() = (f |** (k_nat $1)) . F3(); A10: for m being set st m in NAT holds H2(m) in F1() ; consider g being Function of NAT,F1() such that A11: for m being set st m in NAT holds g . m = H2(m) from FUNCT_2:sch_2(A10); A12: for n being Element of NAT holds g . (n + 1) = Choice . ((F2() .: {(g . n)}) /\ F4((g . n))) proof let n be Element of NAT ; ::_thesis: g . (n + 1) = Choice . ((F2() .: {(g . n)}) /\ F4((g . n))) A13: F3() in dom (f |** n) by A3, FUNCT_2:def_1; A14: k_id ((g . n),F1(),F3()) = g . n by Def1; g . (n + 1) = H2(n + 1) by A11 .= (f |** (n + 1)) . F3() by Def2 .= (f * (f |** n)) . F3() by FUNCT_7:71 .= f . ((f |** n) . F3()) by A13, FUNCT_1:13 .= f . ((f |** (k_nat n)) . F3()) by Def2 .= f . (g . n) by A11 .= Choice . ((F2() .: {(g . n)}) /\ F4((g . n))) by A9, A14 ; hence g . (n + 1) = Choice . ((F2() .: {(g . n)}) /\ F4((g . n))) ; ::_thesis: verum end; take g ; ::_thesis: ( g . 0 = F3() & ( for n being Element of NAT holds g . (n + 1) = Choice . ((F2() .: {(g . n)}) /\ F4((g . n))) ) ) g . 0 = H2( 0 ) by A11 .= (f |** 0) . F3() by Def2 .= (id F1()) . F3() by FUNCT_7:84 .= F3() by FUNCT_1:18 ; hence ( g . 0 = F3() & ( for n being Element of NAT holds g . (n + 1) = Choice . ((F2() .: {(g . n)}) /\ F4((g . n))) ) ) by A12; ::_thesis: verum end; then consider g being Function of NAT,F1() such that A15: g . 0 = F3() and A16: for n being Element of NAT holds g . (n + 1) = Choice . ((F2() .: {(g . n)}) /\ F4((g . n))) ; take g ; ::_thesis: ( g . 0 = F3() & ( for n being Element of NAT holds ( [(g . n),(g . (n + 1))] in F2() & g . (n + 1) in F4((g . n)) ) ) ) A17: for n being Element of NAT holds g . (n + 1) in (F2() .: {(g . n)}) /\ F4((g . n)) proof let n be Element of NAT ; ::_thesis: g . (n + 1) in (F2() .: {(g . n)}) /\ F4((g . n)) set s = g . n; set X = (Im (F2(),(g . n))) /\ F4((g . n)); (Im (F2(),(g . n))) /\ F4((g . n)) is non empty Subset of F1() by A1; then (Im (F2(),(g . n))) /\ F4((g . n)) in BOOL F1() by ORDERS_1:2; then Choice . ((Im (F2(),(g . n))) /\ F4((g . n))) in (Im (F2(),(g . n))) /\ F4((g . n)) by A2; hence g . (n + 1) in (F2() .: {(g . n)}) /\ F4((g . n)) by A16; ::_thesis: verum end; for n being Element of NAT holds ( [(g . n),(g . (n + 1))] in F2() & g . (n + 1) in F4((g . n)) ) proof let n be Element of NAT ; ::_thesis: ( [(g . n),(g . (n + 1))] in F2() & g . (n + 1) in F4((g . n)) ) A18: g . (n + 1) in (Im (F2(),(g . n))) /\ F4((g . n)) by A17; then g . (n + 1) in Im (F2(),(g . n)) by XBOOLE_0:def_4; hence ( [(g . n),(g . (n + 1))] in F2() & g . (n + 1) in F4((g . n)) ) by A18, RELSET_2:9, XBOOLE_0:def_4; ::_thesis: verum end; hence ( g . 0 = F3() & ( for n being Element of NAT holds ( [(g . n),(g . (n + 1))] in F2() & g . (n + 1) in F4((g . n)) ) ) ) by A15; ::_thesis: verum end; Lm34: for S being non empty set for R being total Relation of S,S for s0 being Element of S ex f being Function of NAT,S st ( f . 0 = s0 & ( for n being Element of NAT holds [(f . n),(f . (n + 1))] in R ) ) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for s0 being Element of S ex f being Function of NAT,S st ( f . 0 = s0 & ( for n being Element of NAT holds [(f . n),(f . (n + 1))] in R ) ) let R be total Relation of S,S; ::_thesis: for s0 being Element of S ex f being Function of NAT,S st ( f . 0 = s0 & ( for n being Element of NAT holds [(f . n),(f . (n + 1))] in R ) ) let s0 be Element of S; ::_thesis: ex f being Function of NAT,S st ( f . 0 = s0 & ( for n being Element of NAT holds [(f . n),(f . (n + 1))] in R ) ) deffunc H1( Element of S) -> non empty set = S; A1: for s being Element of S holds (Im (R,s)) /\ H1(s) is non empty Subset of S proof let s be Element of S; ::_thesis: (Im (R,s)) /\ H1(s) is non empty Subset of S set X = R .: {s}; A2: rng R c= S by RELAT_1:def_19; A3: R .: {s} c= rng R by RELAT_1:111; then (R .: {s}) /\ H1(s) = R .: {s} by A2, XBOOLE_1:1, XBOOLE_1:28; hence (Im (R,s)) /\ H1(s) is non empty Subset of S by A3, A2, Lm33, XBOOLE_1:1; ::_thesis: verum end; consider f being Function of NAT,S such that A4: ( f . 0 = s0 & ( for n being Element of NAT holds ( [(f . n),(f . (n + 1))] in R & f . (n + 1) in H1(f . n) ) ) ) from MODELC_1:sch_1(A1); take f ; ::_thesis: ( f . 0 = s0 & ( for n being Element of NAT holds [(f . n),(f . (n + 1))] in R ) ) thus ( f . 0 = s0 & ( for n being Element of NAT holds [(f . n),(f . (n + 1))] in R ) ) by A4; ::_thesis: verum end; definition let S be non empty set ; let R be total Relation of S,S; mode inf_path of R -> Function of NAT,S means :Def39: :: MODELC_1:def 39 for n being Element of NAT holds [(it . n),(it . (n + 1))] in R; existence ex b1 being Function of NAT,S st for n being Element of NAT holds [(b1 . n),(b1 . (n + 1))] in R proof set b = the Element of S; consider IT being Function of NAT,S such that IT . 0 = the Element of S and A1: for n being Element of NAT holds [(IT . n),(IT . (n + 1))] in R by Lm34; take IT ; ::_thesis: for n being Element of NAT holds [(IT . n),(IT . (n + 1))] in R thus for n being Element of NAT holds [(IT . n),(IT . (n + 1))] in R by A1; ::_thesis: verum end; end; :: deftheorem Def39 defines inf_path MODELC_1:def_39_:_ for S being non empty set for R being total Relation of S,S for b3 being Function of NAT,S holds ( b3 is inf_path of R iff for n being Element of NAT holds [(b3 . n),(b3 . (n + 1))] in R ); definition let S be non empty set ; func ModelSP S -> set equals :: MODELC_1:def 40 Funcs (S,BOOLEAN); correctness coherence Funcs (S,BOOLEAN) is set ; ; end; :: deftheorem defines ModelSP MODELC_1:def_40_:_ for S being non empty set holds ModelSP S = Funcs (S,BOOLEAN); registration let S be non empty set ; cluster ModelSP S -> non empty ; coherence not ModelSP S is empty ; end; definition let S be non empty set ; let f be set ; func Fid (f,S) -> Function of S,BOOLEAN equals :Def41: :: MODELC_1:def 41 f if f in ModelSP S otherwise S --> FALSE; correctness coherence ( ( f in ModelSP S implies f is Function of S,BOOLEAN ) & ( not f in ModelSP S implies S --> FALSE is Function of S,BOOLEAN ) ); consistency for b1 being Function of S,BOOLEAN holds verum; by FUNCT_2:66; end; :: deftheorem Def41 defines Fid MODELC_1:def_41_:_ for S being non empty set for f being set holds ( ( f in ModelSP S implies Fid (f,S) = f ) & ( not f in ModelSP S implies Fid (f,S) = S --> FALSE ) ); Lm35: for S being non empty set for s being Element of S for f being set st (Fid (f,S)) . s <> TRUE holds (Fid (f,S)) . s = FALSE by TARSKI:def_2; scheme :: MODELC_1:sch 2 Func1EX{ F1() -> non empty set , F2() -> Function of F1(),BOOLEAN, F3( set , Function of F1(),BOOLEAN) -> boolean set } : ex g being set st ( g in ModelSP F1() & ( for s being set st s in F1() holds ( F3(s,F2()) = TRUE iff (Fid (g,F1())) . s = TRUE ) ) ) proof deffunc H1( set ) -> boolean set = F3($1,F2()); A1: for s being set st s in F1() holds H1(s) in BOOLEAN by MARGREL1:def_12; consider IT being Function of F1(),BOOLEAN such that A2: for s being set st s in F1() holds IT . s = H1(s) from FUNCT_2:sch_2(A1); take IT ; ::_thesis: ( IT in ModelSP F1() & ( for s being set st s in F1() holds ( F3(s,F2()) = TRUE iff (Fid (IT,F1())) . s = TRUE ) ) ) IT in ModelSP F1() by FUNCT_2:8; then Fid (IT,F1()) = IT by Def41; hence ( IT in ModelSP F1() & ( for s being set st s in F1() holds ( F3(s,F2()) = TRUE iff (Fid (IT,F1())) . s = TRUE ) ) ) by A2, FUNCT_2:8; ::_thesis: verum end; scheme :: MODELC_1:sch 3 Func1Unique{ F1() -> non empty set , F2() -> Function of F1(),BOOLEAN, F3( set , Function of F1(),BOOLEAN) -> boolean set } : for g1, g2 being set st g1 in ModelSP F1() & ( for s being set st s in F1() holds ( F3(s,F2()) = TRUE iff (Fid (g1,F1())) . s = TRUE ) ) & g2 in ModelSP F1() & ( for s being set st s in F1() holds ( F3(s,F2()) = TRUE iff (Fid (g2,F1())) . s = TRUE ) ) holds g1 = g2 proof let g1, g2 be set ; ::_thesis: ( g1 in ModelSP F1() & ( for s being set st s in F1() holds ( F3(s,F2()) = TRUE iff (Fid (g1,F1())) . s = TRUE ) ) & g2 in ModelSP F1() & ( for s being set st s in F1() holds ( F3(s,F2()) = TRUE iff (Fid (g2,F1())) . s = TRUE ) ) implies g1 = g2 ) assume that A1: g1 in ModelSP F1() and A2: for s being set st s in F1() holds ( F3(s,F2()) = TRUE iff (Fid (g1,F1())) . s = TRUE ) and A3: g2 in ModelSP F1() and A4: for s being set st s in F1() holds ( F3(s,F2()) = TRUE iff (Fid (g2,F1())) . s = TRUE ) ; ::_thesis: g1 = g2 A5: for s being set st s in F1() holds (Fid (g1,F1())) . s = (Fid (g2,F1())) . s proof let s be set ; ::_thesis: ( s in F1() implies (Fid (g1,F1())) . s = (Fid (g2,F1())) . s ) assume A6: s in F1() ; ::_thesis: (Fid (g1,F1())) . s = (Fid (g2,F1())) . s set F1 = F3(s,F2()); set f1 = (Fid (g1,F1())) . s; A7: ( F3(s,F2()) = TRUE iff (Fid (g1,F1())) . s = TRUE ) by A2, A6; set f2 = (Fid (g2,F1())) . s; A8: ( F3(s,F2()) = TRUE iff (Fid (g2,F1())) . s = TRUE ) by A4, A6; percases ( F3(s,F2()) = TRUE or F3(s,F2()) <> TRUE ) ; suppose F3(s,F2()) = TRUE ; ::_thesis: (Fid (g1,F1())) . s = (Fid (g2,F1())) . s hence (Fid (g1,F1())) . s = (Fid (g2,F1())) . s by A4, A6, A7; ::_thesis: verum end; supposeA9: F3(s,F2()) <> TRUE ; ::_thesis: (Fid (g1,F1())) . s = (Fid (g2,F1())) . s then (Fid (g1,F1())) . s = FALSE by A6, A7, Lm35; hence (Fid (g1,F1())) . s = (Fid (g2,F1())) . s by A6, A8, A9, Lm35; ::_thesis: verum end; end; end; g1 = Fid (g1,F1()) by A1, Def41 .= Fid (g2,F1()) by A5, FUNCT_2:12 .= g2 by A3, Def41 ; hence g1 = g2 ; ::_thesis: verum end; scheme :: MODELC_1:sch 4 UnOpEX{ F1() -> non empty set , F2( set ) -> Element of F1() } : ex o being UnOp of F1() st for f being set st f in F1() holds o . f = F2(f) proof deffunc H1( set ) -> Element of F1() = F2($1); A1: for f being set st f in F1() holds H1(f) in F1() ; ex o being Function of F1(),F1() st for f being set st f in F1() holds o . f = H1(f) from FUNCT_2:sch_2(A1); hence ex o being UnOp of F1() st for f being set st f in F1() holds o . f = F2(f) ; ::_thesis: verum end; scheme :: MODELC_1:sch 5 UnOpUnique{ F1() -> non empty set , F2() -> non empty set , F3( set ) -> Element of F2() } : for o1, o2 being UnOp of F2() st ( for f being set st f in F2() holds o1 . f = F3(f) ) & ( for f being set st f in F2() holds o2 . f = F3(f) ) holds o1 = o2 proof let o1, o2 be UnOp of F2(); ::_thesis: ( ( for f being set st f in F2() holds o1 . f = F3(f) ) & ( for f being set st f in F2() holds o2 . f = F3(f) ) implies o1 = o2 ) assume that A1: for f being set st f in F2() holds o1 . f = F3(f) and A2: for f being set st f in F2() holds o2 . f = F3(f) ; ::_thesis: o1 = o2 for f being Element of F2() holds o1 . f = o2 . f proof let f be Element of F2(); ::_thesis: o1 . f = o2 . f o1 . f = F3(f) by A1 .= o2 . f by A2 ; hence o1 . f = o2 . f ; ::_thesis: verum end; hence o1 = o2 by FUNCT_2:63; ::_thesis: verum end; scheme :: MODELC_1:sch 6 Func2EX{ F1() -> non empty set , F2() -> Function of F1(),BOOLEAN, F3() -> Function of F1(),BOOLEAN, F4( set , Function of F1(),BOOLEAN, Function of F1(),BOOLEAN) -> boolean set } : ex h being set st ( h in ModelSP F1() & ( for s being set st s in F1() holds ( F4(s,F2(),F3()) = TRUE iff (Fid (h,F1())) . s = TRUE ) ) ) proof deffunc H1( set ) -> boolean set = F4($1,F2(),F3()); A1: for s being set st s in F1() holds H1(s) in BOOLEAN by MARGREL1:def_12; consider IT being Function of F1(),BOOLEAN such that A2: for s being set st s in F1() holds IT . s = H1(s) from FUNCT_2:sch_2(A1); take IT ; ::_thesis: ( IT in ModelSP F1() & ( for s being set st s in F1() holds ( F4(s,F2(),F3()) = TRUE iff (Fid (IT,F1())) . s = TRUE ) ) ) IT in ModelSP F1() by FUNCT_2:8; then Fid (IT,F1()) = IT by Def41; hence ( IT in ModelSP F1() & ( for s being set st s in F1() holds ( F4(s,F2(),F3()) = TRUE iff (Fid (IT,F1())) . s = TRUE ) ) ) by A2, FUNCT_2:8; ::_thesis: verum end; scheme :: MODELC_1:sch 7 Func2Unique{ F1() -> non empty set , F2() -> Function of F1(),BOOLEAN, F3() -> Function of F1(),BOOLEAN, F4( set , Function of F1(),BOOLEAN, Function of F1(),BOOLEAN) -> boolean set } : for h1, h2 being set st h1 in ModelSP F1() & ( for s being set st s in F1() holds ( F4(s,F2(),F3()) = TRUE iff (Fid (h1,F1())) . s = TRUE ) ) & h2 in ModelSP F1() & ( for s being set st s in F1() holds ( F4(s,F2(),F3()) = TRUE iff (Fid (h2,F1())) . s = TRUE ) ) holds h1 = h2 proof let h1, h2 be set ; ::_thesis: ( h1 in ModelSP F1() & ( for s being set st s in F1() holds ( F4(s,F2(),F3()) = TRUE iff (Fid (h1,F1())) . s = TRUE ) ) & h2 in ModelSP F1() & ( for s being set st s in F1() holds ( F4(s,F2(),F3()) = TRUE iff (Fid (h2,F1())) . s = TRUE ) ) implies h1 = h2 ) assume that A1: h1 in ModelSP F1() and A2: for s being set st s in F1() holds ( F4(s,F2(),F3()) = TRUE iff (Fid (h1,F1())) . s = TRUE ) and A3: h2 in ModelSP F1() and A4: for s being set st s in F1() holds ( F4(s,F2(),F3()) = TRUE iff (Fid (h2,F1())) . s = TRUE ) ; ::_thesis: h1 = h2 A5: for s being set st s in F1() holds (Fid (h1,F1())) . s = (Fid (h2,F1())) . s proof let s be set ; ::_thesis: ( s in F1() implies (Fid (h1,F1())) . s = (Fid (h2,F1())) . s ) assume A6: s in F1() ; ::_thesis: (Fid (h1,F1())) . s = (Fid (h2,F1())) . s set F1 = F4(s,F2(),F3()); set f1 = (Fid (h1,F1())) . s; A7: ( F4(s,F2(),F3()) = TRUE iff (Fid (h1,F1())) . s = TRUE ) by A2, A6; set f2 = (Fid (h2,F1())) . s; A8: ( F4(s,F2(),F3()) = TRUE iff (Fid (h2,F1())) . s = TRUE ) by A4, A6; percases ( F4(s,F2(),F3()) = TRUE or F4(s,F2(),F3()) <> TRUE ) ; suppose F4(s,F2(),F3()) = TRUE ; ::_thesis: (Fid (h1,F1())) . s = (Fid (h2,F1())) . s hence (Fid (h1,F1())) . s = (Fid (h2,F1())) . s by A4, A6, A7; ::_thesis: verum end; supposeA9: F4(s,F2(),F3()) <> TRUE ; ::_thesis: (Fid (h1,F1())) . s = (Fid (h2,F1())) . s then (Fid (h1,F1())) . s = FALSE by A6, A7, Lm35; hence (Fid (h1,F1())) . s = (Fid (h2,F1())) . s by A6, A8, A9, Lm35; ::_thesis: verum end; end; end; h1 = Fid (h1,F1()) by A1, Def41 .= Fid (h2,F1()) by A5, FUNCT_2:12 .= h2 by A3, Def41 ; hence h1 = h2 ; ::_thesis: verum end; definition let S be non empty set ; let f be set ; func Not_0 (f,S) -> Element of ModelSP S means :Def42: :: MODELC_1:def 42 for s being set st s in S holds ( 'not' (Castboolean ((Fid (f,S)) . s)) = TRUE iff (Fid (it,S)) . s = TRUE ); existence ex b1 being Element of ModelSP S st for s being set st s in S holds ( 'not' (Castboolean ((Fid (f,S)) . s)) = TRUE iff (Fid (b1,S)) . s = TRUE ) proof deffunc H1( set , Function of S,BOOLEAN) -> set = 'not' (Castboolean ($2 . $1)); consider IT being set such that A1: IT in ModelSP S and A2: for s being set st s in S holds ( H1(s, Fid (f,S)) = TRUE iff (Fid (IT,S)) . s = TRUE ) from MODELC_1:sch_2(); take IT ; ::_thesis: ( IT is Element of ModelSP S & ( for s being set st s in S holds ( 'not' (Castboolean ((Fid (f,S)) . s)) = TRUE iff (Fid (IT,S)) . s = TRUE ) ) ) thus ( IT is Element of ModelSP S & ( for s being set st s in S holds ( 'not' (Castboolean ((Fid (f,S)) . s)) = TRUE iff (Fid (IT,S)) . s = TRUE ) ) ) by A1, A2; ::_thesis: verum end; uniqueness for b1, b2 being Element of ModelSP S st ( for s being set st s in S holds ( 'not' (Castboolean ((Fid (f,S)) . s)) = TRUE iff (Fid (b1,S)) . s = TRUE ) ) & ( for s being set st s in S holds ( 'not' (Castboolean ((Fid (f,S)) . s)) = TRUE iff (Fid (b2,S)) . s = TRUE ) ) holds b1 = b2 proof deffunc H1( set , Function of S,BOOLEAN) -> set = 'not' (Castboolean ($2 . $1)); for g1, g2 being set st g1 in ModelSP S & ( for s being set st s in S holds ( H1(s, Fid (f,S)) = TRUE iff (Fid (g1,S)) . s = TRUE ) ) & g2 in ModelSP S & ( for s being set st s in S holds ( H1(s, Fid (f,S)) = TRUE iff (Fid (g2,S)) . s = TRUE ) ) holds g1 = g2 from MODELC_1:sch_3(); hence for b1, b2 being Element of ModelSP S st ( for s being set st s in S holds ( 'not' (Castboolean ((Fid (f,S)) . s)) = TRUE iff (Fid (b1,S)) . s = TRUE ) ) & ( for s being set st s in S holds ( 'not' (Castboolean ((Fid (f,S)) . s)) = TRUE iff (Fid (b2,S)) . s = TRUE ) ) holds b1 = b2 ; ::_thesis: verum end; end; :: deftheorem Def42 defines Not_0 MODELC_1:def_42_:_ for S being non empty set for f being set for b3 being Element of ModelSP S holds ( b3 = Not_0 (f,S) iff for s being set st s in S holds ( 'not' (Castboolean ((Fid (f,S)) . s)) = TRUE iff (Fid (b3,S)) . s = TRUE ) ); Lm36: for S being non empty set for o1, o2 being UnOp of (ModelSP S) st ( for f being set st f in ModelSP S holds o1 . f = Not_0 (f,S) ) & ( for f being set st f in ModelSP S holds o2 . f = Not_0 (f,S) ) holds o1 = o2 proof let S be non empty set ; ::_thesis: for o1, o2 being UnOp of (ModelSP S) st ( for f being set st f in ModelSP S holds o1 . f = Not_0 (f,S) ) & ( for f being set st f in ModelSP S holds o2 . f = Not_0 (f,S) ) holds o1 = o2 set M = ModelSP S; deffunc H1( set ) -> Element of ModelSP S = Not_0 ($1,S); for o1, o2 being UnOp of (ModelSP S) st ( for f being set st f in ModelSP S holds o1 . f = H1(f) ) & ( for f being set st f in ModelSP S holds o2 . f = H1(f) ) holds o1 = o2 from MODELC_1:sch_5(); hence for o1, o2 being UnOp of (ModelSP S) st ( for f being set st f in ModelSP S holds o1 . f = Not_0 (f,S) ) & ( for f being set st f in ModelSP S holds o2 . f = Not_0 (f,S) ) holds o1 = o2 ; ::_thesis: verum end; definition let S be non empty set ; func Not_ S -> UnOp of (ModelSP S) means :Def43: :: MODELC_1:def 43 for f being set st f in ModelSP S holds it . f = Not_0 (f,S); existence ex b1 being UnOp of (ModelSP S) st for f being set st f in ModelSP S holds b1 . f = Not_0 (f,S) proof set M = ModelSP S; deffunc H1( set ) -> Element of ModelSP S = Not_0 ($1,S); ex o being UnOp of (ModelSP S) st for f being set st f in ModelSP S holds o . f = H1(f) from MODELC_1:sch_4(); hence ex b1 being UnOp of (ModelSP S) st for f being set st f in ModelSP S holds b1 . f = Not_0 (f,S) ; ::_thesis: verum end; uniqueness for b1, b2 being UnOp of (ModelSP S) st ( for f being set st f in ModelSP S holds b1 . f = Not_0 (f,S) ) & ( for f being set st f in ModelSP S holds b2 . f = Not_0 (f,S) ) holds b1 = b2 by Lm36; end; :: deftheorem Def43 defines Not_ MODELC_1:def_43_:_ for S being non empty set for b2 being UnOp of (ModelSP S) holds ( b2 = Not_ S iff for f being set st f in ModelSP S holds b2 . f = Not_0 (f,S) ); definition let S be non empty set ; let R be total Relation of S,S; let f be Function of S,BOOLEAN; let x be set ; func EneXt_univ (x,f,R) -> Element of BOOLEAN equals :Def44: :: MODELC_1:def 44 TRUE if ( x in S & ex pai being inf_path of R st ( pai . 0 = x & f . (pai . 1) = TRUE ) ) otherwise FALSE ; correctness coherence ( ( x in S & ex pai being inf_path of R st ( pai . 0 = x & f . (pai . 1) = TRUE ) implies TRUE is Element of BOOLEAN ) & ( ( not x in S or for pai being inf_path of R holds ( not pai . 0 = x or not f . (pai . 1) = TRUE ) ) implies FALSE is Element of BOOLEAN ) ); consistency for b1 being Element of BOOLEAN holds verum; ; end; :: deftheorem Def44 defines EneXt_univ MODELC_1:def_44_:_ for S being non empty set for R being total Relation of S,S for f being Function of S,BOOLEAN for x being set holds ( ( x in S & ex pai being inf_path of R st ( pai . 0 = x & f . (pai . 1) = TRUE ) implies EneXt_univ (x,f,R) = TRUE ) & ( ( not x in S or for pai being inf_path of R holds ( not pai . 0 = x or not f . (pai . 1) = TRUE ) ) implies EneXt_univ (x,f,R) = FALSE ) ); definition let S be non empty set ; let R be total Relation of S,S; let f be set ; func EneXt_0 (f,R) -> Element of ModelSP S means :Def45: :: MODELC_1:def 45 for s being set st s in S holds ( EneXt_univ (s,(Fid (f,S)),R) = TRUE iff (Fid (it,S)) . s = TRUE ); existence ex b1 being Element of ModelSP S st for s being set st s in S holds ( EneXt_univ (s,(Fid (f,S)),R) = TRUE iff (Fid (b1,S)) . s = TRUE ) proof deffunc H1( set , Function of S,BOOLEAN) -> Element of BOOLEAN = EneXt_univ ($1,$2,R); consider IT being set such that A1: IT in ModelSP S and A2: for s being set st s in S holds ( H1(s, Fid (f,S)) = TRUE iff (Fid (IT,S)) . s = TRUE ) from MODELC_1:sch_2(); take IT ; ::_thesis: ( IT is Element of ModelSP S & ( for s being set st s in S holds ( EneXt_univ (s,(Fid (f,S)),R) = TRUE iff (Fid (IT,S)) . s = TRUE ) ) ) thus ( IT is Element of ModelSP S & ( for s being set st s in S holds ( EneXt_univ (s,(Fid (f,S)),R) = TRUE iff (Fid (IT,S)) . s = TRUE ) ) ) by A1, A2; ::_thesis: verum end; uniqueness for b1, b2 being Element of ModelSP S st ( for s being set st s in S holds ( EneXt_univ (s,(Fid (f,S)),R) = TRUE iff (Fid (b1,S)) . s = TRUE ) ) & ( for s being set st s in S holds ( EneXt_univ (s,(Fid (f,S)),R) = TRUE iff (Fid (b2,S)) . s = TRUE ) ) holds b1 = b2 proof deffunc H1( set , Function of S,BOOLEAN) -> Element of BOOLEAN = EneXt_univ ($1,$2,R); for g1, g2 being set st g1 in ModelSP S & ( for s being set st s in S holds ( H1(s, Fid (f,S)) = TRUE iff (Fid (g1,S)) . s = TRUE ) ) & g2 in ModelSP S & ( for s being set st s in S holds ( H1(s, Fid (f,S)) = TRUE iff (Fid (g2,S)) . s = TRUE ) ) holds g1 = g2 from MODELC_1:sch_3(); hence for b1, b2 being Element of ModelSP S st ( for s being set st s in S holds ( EneXt_univ (s,(Fid (f,S)),R) = TRUE iff (Fid (b1,S)) . s = TRUE ) ) & ( for s being set st s in S holds ( EneXt_univ (s,(Fid (f,S)),R) = TRUE iff (Fid (b2,S)) . s = TRUE ) ) holds b1 = b2 ; ::_thesis: verum end; end; :: deftheorem Def45 defines EneXt_0 MODELC_1:def_45_:_ for S being non empty set for R being total Relation of S,S for f being set for b4 being Element of ModelSP S holds ( b4 = EneXt_0 (f,R) iff for s being set st s in S holds ( EneXt_univ (s,(Fid (f,S)),R) = TRUE iff (Fid (b4,S)) . s = TRUE ) ); Lm37: for S being non empty set for R being total Relation of S,S for o1, o2 being UnOp of (ModelSP S) st ( for f being set st f in ModelSP S holds o1 . f = EneXt_0 (f,R) ) & ( for f being set st f in ModelSP S holds o2 . f = EneXt_0 (f,R) ) holds o1 = o2 proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for o1, o2 being UnOp of (ModelSP S) st ( for f being set st f in ModelSP S holds o1 . f = EneXt_0 (f,R) ) & ( for f being set st f in ModelSP S holds o2 . f = EneXt_0 (f,R) ) holds o1 = o2 let R be total Relation of S,S; ::_thesis: for o1, o2 being UnOp of (ModelSP S) st ( for f being set st f in ModelSP S holds o1 . f = EneXt_0 (f,R) ) & ( for f being set st f in ModelSP S holds o2 . f = EneXt_0 (f,R) ) holds o1 = o2 set M = ModelSP S; deffunc H1( set ) -> Element of ModelSP S = EneXt_0 ($1,R); for o1, o2 being UnOp of (ModelSP S) st ( for f being set st f in ModelSP S holds o1 . f = H1(f) ) & ( for f being set st f in ModelSP S holds o2 . f = H1(f) ) holds o1 = o2 from MODELC_1:sch_5(); hence for o1, o2 being UnOp of (ModelSP S) st ( for f being set st f in ModelSP S holds o1 . f = EneXt_0 (f,R) ) & ( for f being set st f in ModelSP S holds o2 . f = EneXt_0 (f,R) ) holds o1 = o2 ; ::_thesis: verum end; definition let S be non empty set ; let R be total Relation of S,S; func EneXt_ R -> UnOp of (ModelSP S) means :Def46: :: MODELC_1:def 46 for f being set st f in ModelSP S holds it . f = EneXt_0 (f,R); existence ex b1 being UnOp of (ModelSP S) st for f being set st f in ModelSP S holds b1 . f = EneXt_0 (f,R) proof set M = ModelSP S; deffunc H1( set ) -> Element of ModelSP S = EneXt_0 ($1,R); ex o being UnOp of (ModelSP S) st for f being set st f in ModelSP S holds o . f = H1(f) from MODELC_1:sch_4(); hence ex b1 being UnOp of (ModelSP S) st for f being set st f in ModelSP S holds b1 . f = EneXt_0 (f,R) ; ::_thesis: verum end; uniqueness for b1, b2 being UnOp of (ModelSP S) st ( for f being set st f in ModelSP S holds b1 . f = EneXt_0 (f,R) ) & ( for f being set st f in ModelSP S holds b2 . f = EneXt_0 (f,R) ) holds b1 = b2 by Lm37; end; :: deftheorem Def46 defines EneXt_ MODELC_1:def_46_:_ for S being non empty set for R being total Relation of S,S for b3 being UnOp of (ModelSP S) holds ( b3 = EneXt_ R iff for f being set st f in ModelSP S holds b3 . f = EneXt_0 (f,R) ); definition let S be non empty set ; let R be total Relation of S,S; let f be Function of S,BOOLEAN; let x be set ; func EGlobal_univ (x,f,R) -> Element of BOOLEAN equals :Def47: :: MODELC_1:def 47 TRUE if ( x in S & ex pai being inf_path of R st ( pai . 0 = x & ( for n being Element of NAT holds f . (pai . n) = TRUE ) ) ) otherwise FALSE ; correctness coherence ( ( x in S & ex pai being inf_path of R st ( pai . 0 = x & ( for n being Element of NAT holds f . (pai . n) = TRUE ) ) implies TRUE is Element of BOOLEAN ) & ( ( not x in S or for pai being inf_path of R holds ( not pai . 0 = x or ex n being Element of NAT st not f . (pai . n) = TRUE ) ) implies FALSE is Element of BOOLEAN ) ); consistency for b1 being Element of BOOLEAN holds verum; ; end; :: deftheorem Def47 defines EGlobal_univ MODELC_1:def_47_:_ for S being non empty set for R being total Relation of S,S for f being Function of S,BOOLEAN for x being set holds ( ( x in S & ex pai being inf_path of R st ( pai . 0 = x & ( for n being Element of NAT holds f . (pai . n) = TRUE ) ) implies EGlobal_univ (x,f,R) = TRUE ) & ( ( not x in S or for pai being inf_path of R holds ( not pai . 0 = x or ex n being Element of NAT st not f . (pai . n) = TRUE ) ) implies EGlobal_univ (x,f,R) = FALSE ) ); definition let S be non empty set ; let R be total Relation of S,S; let f be set ; func EGlobal_0 (f,R) -> Element of ModelSP S means :Def48: :: MODELC_1:def 48 for s being set st s in S holds ( EGlobal_univ (s,(Fid (f,S)),R) = TRUE iff (Fid (it,S)) . s = TRUE ); existence ex b1 being Element of ModelSP S st for s being set st s in S holds ( EGlobal_univ (s,(Fid (f,S)),R) = TRUE iff (Fid (b1,S)) . s = TRUE ) proof deffunc H1( set , Function of S,BOOLEAN) -> Element of BOOLEAN = EGlobal_univ ($1,$2,R); consider IT being set such that A1: IT in ModelSP S and A2: for s being set st s in S holds ( H1(s, Fid (f,S)) = TRUE iff (Fid (IT,S)) . s = TRUE ) from MODELC_1:sch_2(); take IT ; ::_thesis: ( IT is Element of ModelSP S & ( for s being set st s in S holds ( EGlobal_univ (s,(Fid (f,S)),R) = TRUE iff (Fid (IT,S)) . s = TRUE ) ) ) thus ( IT is Element of ModelSP S & ( for s being set st s in S holds ( EGlobal_univ (s,(Fid (f,S)),R) = TRUE iff (Fid (IT,S)) . s = TRUE ) ) ) by A1, A2; ::_thesis: verum end; uniqueness for b1, b2 being Element of ModelSP S st ( for s being set st s in S holds ( EGlobal_univ (s,(Fid (f,S)),R) = TRUE iff (Fid (b1,S)) . s = TRUE ) ) & ( for s being set st s in S holds ( EGlobal_univ (s,(Fid (f,S)),R) = TRUE iff (Fid (b2,S)) . s = TRUE ) ) holds b1 = b2 proof deffunc H1( set , Function of S,BOOLEAN) -> Element of BOOLEAN = EGlobal_univ ($1,$2,R); for g1, g2 being set st g1 in ModelSP S & ( for s being set st s in S holds ( H1(s, Fid (f,S)) = TRUE iff (Fid (g1,S)) . s = TRUE ) ) & g2 in ModelSP S & ( for s being set st s in S holds ( H1(s, Fid (f,S)) = TRUE iff (Fid (g2,S)) . s = TRUE ) ) holds g1 = g2 from MODELC_1:sch_3(); hence for b1, b2 being Element of ModelSP S st ( for s being set st s in S holds ( EGlobal_univ (s,(Fid (f,S)),R) = TRUE iff (Fid (b1,S)) . s = TRUE ) ) & ( for s being set st s in S holds ( EGlobal_univ (s,(Fid (f,S)),R) = TRUE iff (Fid (b2,S)) . s = TRUE ) ) holds b1 = b2 ; ::_thesis: verum end; end; :: deftheorem Def48 defines EGlobal_0 MODELC_1:def_48_:_ for S being non empty set for R being total Relation of S,S for f being set for b4 being Element of ModelSP S holds ( b4 = EGlobal_0 (f,R) iff for s being set st s in S holds ( EGlobal_univ (s,(Fid (f,S)),R) = TRUE iff (Fid (b4,S)) . s = TRUE ) ); Lm38: for S being non empty set for R being total Relation of S,S for o1, o2 being UnOp of (ModelSP S) st ( for f being set st f in ModelSP S holds o1 . f = EGlobal_0 (f,R) ) & ( for f being set st f in ModelSP S holds o2 . f = EGlobal_0 (f,R) ) holds o1 = o2 proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for o1, o2 being UnOp of (ModelSP S) st ( for f being set st f in ModelSP S holds o1 . f = EGlobal_0 (f,R) ) & ( for f being set st f in ModelSP S holds o2 . f = EGlobal_0 (f,R) ) holds o1 = o2 let R be total Relation of S,S; ::_thesis: for o1, o2 being UnOp of (ModelSP S) st ( for f being set st f in ModelSP S holds o1 . f = EGlobal_0 (f,R) ) & ( for f being set st f in ModelSP S holds o2 . f = EGlobal_0 (f,R) ) holds o1 = o2 set M = ModelSP S; deffunc H1( set ) -> Element of ModelSP S = EGlobal_0 ($1,R); for o1, o2 being UnOp of (ModelSP S) st ( for f being set st f in ModelSP S holds o1 . f = H1(f) ) & ( for f being set st f in ModelSP S holds o2 . f = H1(f) ) holds o1 = o2 from MODELC_1:sch_5(); hence for o1, o2 being UnOp of (ModelSP S) st ( for f being set st f in ModelSP S holds o1 . f = EGlobal_0 (f,R) ) & ( for f being set st f in ModelSP S holds o2 . f = EGlobal_0 (f,R) ) holds o1 = o2 ; ::_thesis: verum end; definition let S be non empty set ; let R be total Relation of S,S; func EGlobal_ R -> UnOp of (ModelSP S) means :Def49: :: MODELC_1:def 49 for f being set st f in ModelSP S holds it . f = EGlobal_0 (f,R); existence ex b1 being UnOp of (ModelSP S) st for f being set st f in ModelSP S holds b1 . f = EGlobal_0 (f,R) proof set M = ModelSP S; deffunc H1( set ) -> Element of ModelSP S = EGlobal_0 ($1,R); ex o being UnOp of (ModelSP S) st for f being set st f in ModelSP S holds o . f = H1(f) from MODELC_1:sch_4(); hence ex b1 being UnOp of (ModelSP S) st for f being set st f in ModelSP S holds b1 . f = EGlobal_0 (f,R) ; ::_thesis: verum end; uniqueness for b1, b2 being UnOp of (ModelSP S) st ( for f being set st f in ModelSP S holds b1 . f = EGlobal_0 (f,R) ) & ( for f being set st f in ModelSP S holds b2 . f = EGlobal_0 (f,R) ) holds b1 = b2 by Lm38; end; :: deftheorem Def49 defines EGlobal_ MODELC_1:def_49_:_ for S being non empty set for R being total Relation of S,S for b3 being UnOp of (ModelSP S) holds ( b3 = EGlobal_ R iff for f being set st f in ModelSP S holds b3 . f = EGlobal_0 (f,R) ); definition let S be non empty set ; let f, g be set ; func And_0 (f,g,S) -> Element of ModelSP S means :Def50: :: MODELC_1:def 50 for s being set st s in S holds ( (Castboolean ((Fid (f,S)) . s)) '&' (Castboolean ((Fid (g,S)) . s)) = TRUE iff (Fid (it,S)) . s = TRUE ); existence ex b1 being Element of ModelSP S st for s being set st s in S holds ( (Castboolean ((Fid (f,S)) . s)) '&' (Castboolean ((Fid (g,S)) . s)) = TRUE iff (Fid (b1,S)) . s = TRUE ) proof deffunc H1( set , Function of S,BOOLEAN, Function of S,BOOLEAN) -> set = (Castboolean ($2 . $1)) '&' (Castboolean ($3 . $1)); consider IT being set such that A1: IT in ModelSP S and A2: for s being set st s in S holds ( H1(s, Fid (f,S), Fid (g,S)) = TRUE iff (Fid (IT,S)) . s = TRUE ) from MODELC_1:sch_6(); take IT ; ::_thesis: ( IT is Element of ModelSP S & ( for s being set st s in S holds ( (Castboolean ((Fid (f,S)) . s)) '&' (Castboolean ((Fid (g,S)) . s)) = TRUE iff (Fid (IT,S)) . s = TRUE ) ) ) thus ( IT is Element of ModelSP S & ( for s being set st s in S holds ( (Castboolean ((Fid (f,S)) . s)) '&' (Castboolean ((Fid (g,S)) . s)) = TRUE iff (Fid (IT,S)) . s = TRUE ) ) ) by A1, A2; ::_thesis: verum end; uniqueness for b1, b2 being Element of ModelSP S st ( for s being set st s in S holds ( (Castboolean ((Fid (f,S)) . s)) '&' (Castboolean ((Fid (g,S)) . s)) = TRUE iff (Fid (b1,S)) . s = TRUE ) ) & ( for s being set st s in S holds ( (Castboolean ((Fid (f,S)) . s)) '&' (Castboolean ((Fid (g,S)) . s)) = TRUE iff (Fid (b2,S)) . s = TRUE ) ) holds b1 = b2 proof deffunc H1( set , Function of S,BOOLEAN, Function of S,BOOLEAN) -> set = (Castboolean ($2 . $1)) '&' (Castboolean ($3 . $1)); for h1, h2 being set st h1 in ModelSP S & ( for s being set st s in S holds ( H1(s, Fid (f,S), Fid (g,S)) = TRUE iff (Fid (h1,S)) . s = TRUE ) ) & h2 in ModelSP S & ( for s being set st s in S holds ( H1(s, Fid (f,S), Fid (g,S)) = TRUE iff (Fid (h2,S)) . s = TRUE ) ) holds h1 = h2 from MODELC_1:sch_7(); hence for b1, b2 being Element of ModelSP S st ( for s being set st s in S holds ( (Castboolean ((Fid (f,S)) . s)) '&' (Castboolean ((Fid (g,S)) . s)) = TRUE iff (Fid (b1,S)) . s = TRUE ) ) & ( for s being set st s in S holds ( (Castboolean ((Fid (f,S)) . s)) '&' (Castboolean ((Fid (g,S)) . s)) = TRUE iff (Fid (b2,S)) . s = TRUE ) ) holds b1 = b2 ; ::_thesis: verum end; end; :: deftheorem Def50 defines And_0 MODELC_1:def_50_:_ for S being non empty set for f, g being set for b4 being Element of ModelSP S holds ( b4 = And_0 (f,g,S) iff for s being set st s in S holds ( (Castboolean ((Fid (f,S)) . s)) '&' (Castboolean ((Fid (g,S)) . s)) = TRUE iff (Fid (b4,S)) . s = TRUE ) ); Lm39: for S being non empty set for o1, o2 being BinOp of (ModelSP S) st ( for f, g being set st f in ModelSP S & g in ModelSP S holds o1 . (f,g) = And_0 (f,g,S) ) & ( for f, g being set st f in ModelSP S & g in ModelSP S holds o2 . (f,g) = And_0 (f,g,S) ) holds o1 = o2 proof let S be non empty set ; ::_thesis: for o1, o2 being BinOp of (ModelSP S) st ( for f, g being set st f in ModelSP S & g in ModelSP S holds o1 . (f,g) = And_0 (f,g,S) ) & ( for f, g being set st f in ModelSP S & g in ModelSP S holds o2 . (f,g) = And_0 (f,g,S) ) holds o1 = o2 set M = ModelSP S; deffunc H1( Element of ModelSP S, Element of ModelSP S) -> Element of ModelSP S = And_0 ($1,$2,S); A1: for o1, o2 being BinOp of (ModelSP S) st ( for f, g being Element of ModelSP S holds o1 . (f,g) = H1(f,g) ) & ( for f, g being Element of ModelSP S holds o2 . (f,g) = H1(f,g) ) holds o1 = o2 from BINOP_2:sch_2(); for o1, o2 being BinOp of (ModelSP S) st ( for f, g being set st f in ModelSP S & g in ModelSP S holds o1 . (f,g) = And_0 (f,g,S) ) & ( for f, g being set st f in ModelSP S & g in ModelSP S holds o2 . (f,g) = And_0 (f,g,S) ) holds o1 = o2 proof let o1, o2 be BinOp of (ModelSP S); ::_thesis: ( ( for f, g being set st f in ModelSP S & g in ModelSP S holds o1 . (f,g) = And_0 (f,g,S) ) & ( for f, g being set st f in ModelSP S & g in ModelSP S holds o2 . (f,g) = And_0 (f,g,S) ) implies o1 = o2 ) assume that A2: for f, g being set st f in ModelSP S & g in ModelSP S holds o1 . (f,g) = And_0 (f,g,S) and A3: for f, g being set st f in ModelSP S & g in ModelSP S holds o2 . (f,g) = And_0 (f,g,S) ; ::_thesis: o1 = o2 A4: for f, g being Element of ModelSP S holds o2 . (f,g) = H1(f,g) by A3; for f, g being Element of ModelSP S holds o1 . (f,g) = H1(f,g) by A2; hence o1 = o2 by A1, A4; ::_thesis: verum end; hence for o1, o2 being BinOp of (ModelSP S) st ( for f, g being set st f in ModelSP S & g in ModelSP S holds o1 . (f,g) = And_0 (f,g,S) ) & ( for f, g being set st f in ModelSP S & g in ModelSP S holds o2 . (f,g) = And_0 (f,g,S) ) holds o1 = o2 ; ::_thesis: verum end; definition let S be non empty set ; func And_ S -> BinOp of (ModelSP S) means :Def51: :: MODELC_1:def 51 for f, g being set st f in ModelSP S & g in ModelSP S holds it . (f,g) = And_0 (f,g,S); existence ex b1 being BinOp of (ModelSP S) st for f, g being set st f in ModelSP S & g in ModelSP S holds b1 . (f,g) = And_0 (f,g,S) proof set M = ModelSP S; deffunc H1( Element of ModelSP S, Element of ModelSP S) -> Element of ModelSP S = And_0 ($1,$2,S); consider o being BinOp of (ModelSP S) such that A1: for f, g being Element of ModelSP S holds o . (f,g) = H1(f,g) from BINOP_1:sch_4(); for f, g being set st f in ModelSP S & g in ModelSP S holds o . (f,g) = And_0 (f,g,S) by A1; hence ex b1 being BinOp of (ModelSP S) st for f, g being set st f in ModelSP S & g in ModelSP S holds b1 . (f,g) = And_0 (f,g,S) ; ::_thesis: verum end; uniqueness for b1, b2 being BinOp of (ModelSP S) st ( for f, g being set st f in ModelSP S & g in ModelSP S holds b1 . (f,g) = And_0 (f,g,S) ) & ( for f, g being set st f in ModelSP S & g in ModelSP S holds b2 . (f,g) = And_0 (f,g,S) ) holds b1 = b2 by Lm39; end; :: deftheorem Def51 defines And_ MODELC_1:def_51_:_ for S being non empty set for b2 being BinOp of (ModelSP S) holds ( b2 = And_ S iff for f, g being set st f in ModelSP S & g in ModelSP S holds b2 . (f,g) = And_0 (f,g,S) ); definition let S be non empty set ; let R be total Relation of S,S; let f, g be Function of S,BOOLEAN; let x be set ; func EUntill_univ (x,f,g,R) -> Element of BOOLEAN equals :Def52: :: MODELC_1:def 52 TRUE if ( x in S & ex pai being inf_path of R st ( pai . 0 = x & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds f . (pai . j) = TRUE ) & g . (pai . m) = TRUE ) ) ) otherwise FALSE ; correctness coherence ( ( x in S & ex pai being inf_path of R st ( pai . 0 = x & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds f . (pai . j) = TRUE ) & g . (pai . m) = TRUE ) ) implies TRUE is Element of BOOLEAN ) & ( ( not x in S or for pai being inf_path of R holds ( not pai . 0 = x or for m being Element of NAT holds ( ex j being Element of NAT st ( j < m & not f . (pai . j) = TRUE ) or not g . (pai . m) = TRUE ) ) ) implies FALSE is Element of BOOLEAN ) ); consistency for b1 being Element of BOOLEAN holds verum; ; end; :: deftheorem Def52 defines EUntill_univ MODELC_1:def_52_:_ for S being non empty set for R being total Relation of S,S for f, g being Function of S,BOOLEAN for x being set holds ( ( x in S & ex pai being inf_path of R st ( pai . 0 = x & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds f . (pai . j) = TRUE ) & g . (pai . m) = TRUE ) ) implies EUntill_univ (x,f,g,R) = TRUE ) & ( ( not x in S or for pai being inf_path of R holds ( not pai . 0 = x or for m being Element of NAT holds ( ex j being Element of NAT st ( j < m & not f . (pai . j) = TRUE ) or not g . (pai . m) = TRUE ) ) ) implies EUntill_univ (x,f,g,R) = FALSE ) ); definition let S be non empty set ; let R be total Relation of S,S; let f, g be set ; func EUntill_0 (f,g,R) -> Element of ModelSP S means :Def53: :: MODELC_1:def 53 for s being set st s in S holds ( EUntill_univ (s,(Fid (f,S)),(Fid (g,S)),R) = TRUE iff (Fid (it,S)) . s = TRUE ); existence ex b1 being Element of ModelSP S st for s being set st s in S holds ( EUntill_univ (s,(Fid (f,S)),(Fid (g,S)),R) = TRUE iff (Fid (b1,S)) . s = TRUE ) proof deffunc H1( set , Function of S,BOOLEAN, Function of S,BOOLEAN) -> Element of BOOLEAN = EUntill_univ ($1,$2,$3,R); consider IT being set such that A1: IT in ModelSP S and A2: for s being set st s in S holds ( H1(s, Fid (f,S), Fid (g,S)) = TRUE iff (Fid (IT,S)) . s = TRUE ) from MODELC_1:sch_6(); take IT ; ::_thesis: ( IT is Element of ModelSP S & ( for s being set st s in S holds ( EUntill_univ (s,(Fid (f,S)),(Fid (g,S)),R) = TRUE iff (Fid (IT,S)) . s = TRUE ) ) ) thus ( IT is Element of ModelSP S & ( for s being set st s in S holds ( EUntill_univ (s,(Fid (f,S)),(Fid (g,S)),R) = TRUE iff (Fid (IT,S)) . s = TRUE ) ) ) by A1, A2; ::_thesis: verum end; uniqueness for b1, b2 being Element of ModelSP S st ( for s being set st s in S holds ( EUntill_univ (s,(Fid (f,S)),(Fid (g,S)),R) = TRUE iff (Fid (b1,S)) . s = TRUE ) ) & ( for s being set st s in S holds ( EUntill_univ (s,(Fid (f,S)),(Fid (g,S)),R) = TRUE iff (Fid (b2,S)) . s = TRUE ) ) holds b1 = b2 proof deffunc H1( set , Function of S,BOOLEAN, Function of S,BOOLEAN) -> Element of BOOLEAN = EUntill_univ ($1,$2,$3,R); for h1, h2 being set st h1 in ModelSP S & ( for s being set st s in S holds ( H1(s, Fid (f,S), Fid (g,S)) = TRUE iff (Fid (h1,S)) . s = TRUE ) ) & h2 in ModelSP S & ( for s being set st s in S holds ( H1(s, Fid (f,S), Fid (g,S)) = TRUE iff (Fid (h2,S)) . s = TRUE ) ) holds h1 = h2 from MODELC_1:sch_7(); hence for b1, b2 being Element of ModelSP S st ( for s being set st s in S holds ( EUntill_univ (s,(Fid (f,S)),(Fid (g,S)),R) = TRUE iff (Fid (b1,S)) . s = TRUE ) ) & ( for s being set st s in S holds ( EUntill_univ (s,(Fid (f,S)),(Fid (g,S)),R) = TRUE iff (Fid (b2,S)) . s = TRUE ) ) holds b1 = b2 ; ::_thesis: verum end; end; :: deftheorem Def53 defines EUntill_0 MODELC_1:def_53_:_ for S being non empty set for R being total Relation of S,S for f, g being set for b5 being Element of ModelSP S holds ( b5 = EUntill_0 (f,g,R) iff for s being set st s in S holds ( EUntill_univ (s,(Fid (f,S)),(Fid (g,S)),R) = TRUE iff (Fid (b5,S)) . s = TRUE ) ); Lm40: for S being non empty set for R being total Relation of S,S for o1, o2 being BinOp of (ModelSP S) st ( for f, g being set st f in ModelSP S & g in ModelSP S holds o1 . (f,g) = EUntill_0 (f,g,R) ) & ( for f, g being set st f in ModelSP S & g in ModelSP S holds o2 . (f,g) = EUntill_0 (f,g,R) ) holds o1 = o2 proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for o1, o2 being BinOp of (ModelSP S) st ( for f, g being set st f in ModelSP S & g in ModelSP S holds o1 . (f,g) = EUntill_0 (f,g,R) ) & ( for f, g being set st f in ModelSP S & g in ModelSP S holds o2 . (f,g) = EUntill_0 (f,g,R) ) holds o1 = o2 let R be total Relation of S,S; ::_thesis: for o1, o2 being BinOp of (ModelSP S) st ( for f, g being set st f in ModelSP S & g in ModelSP S holds o1 . (f,g) = EUntill_0 (f,g,R) ) & ( for f, g being set st f in ModelSP S & g in ModelSP S holds o2 . (f,g) = EUntill_0 (f,g,R) ) holds o1 = o2 set M = ModelSP S; deffunc H1( Element of ModelSP S, Element of ModelSP S) -> Element of ModelSP S = EUntill_0 ($1,$2,R); A1: for o1, o2 being BinOp of (ModelSP S) st ( for f, g being Element of ModelSP S holds o1 . (f,g) = H1(f,g) ) & ( for f, g being Element of ModelSP S holds o2 . (f,g) = H1(f,g) ) holds o1 = o2 from BINOP_2:sch_2(); for o1, o2 being BinOp of (ModelSP S) st ( for f, g being set st f in ModelSP S & g in ModelSP S holds o1 . (f,g) = EUntill_0 (f,g,R) ) & ( for f, g being set st f in ModelSP S & g in ModelSP S holds o2 . (f,g) = EUntill_0 (f,g,R) ) holds o1 = o2 proof let o1, o2 be BinOp of (ModelSP S); ::_thesis: ( ( for f, g being set st f in ModelSP S & g in ModelSP S holds o1 . (f,g) = EUntill_0 (f,g,R) ) & ( for f, g being set st f in ModelSP S & g in ModelSP S holds o2 . (f,g) = EUntill_0 (f,g,R) ) implies o1 = o2 ) assume that A2: for f, g being set st f in ModelSP S & g in ModelSP S holds o1 . (f,g) = EUntill_0 (f,g,R) and A3: for f, g being set st f in ModelSP S & g in ModelSP S holds o2 . (f,g) = EUntill_0 (f,g,R) ; ::_thesis: o1 = o2 A4: for f, g being Element of ModelSP S holds o2 . (f,g) = H1(f,g) by A3; for f, g being Element of ModelSP S holds o1 . (f,g) = H1(f,g) by A2; hence o1 = o2 by A1, A4; ::_thesis: verum end; hence for o1, o2 being BinOp of (ModelSP S) st ( for f, g being set st f in ModelSP S & g in ModelSP S holds o1 . (f,g) = EUntill_0 (f,g,R) ) & ( for f, g being set st f in ModelSP S & g in ModelSP S holds o2 . (f,g) = EUntill_0 (f,g,R) ) holds o1 = o2 ; ::_thesis: verum end; definition let S be non empty set ; let R be total Relation of S,S; func EUntill_ R -> BinOp of (ModelSP S) means :Def54: :: MODELC_1:def 54 for f, g being set st f in ModelSP S & g in ModelSP S holds it . (f,g) = EUntill_0 (f,g,R); existence ex b1 being BinOp of (ModelSP S) st for f, g being set st f in ModelSP S & g in ModelSP S holds b1 . (f,g) = EUntill_0 (f,g,R) proof set M = ModelSP S; deffunc H1( Element of ModelSP S, Element of ModelSP S) -> Element of ModelSP S = EUntill_0 ($1,$2,R); consider o being BinOp of (ModelSP S) such that A1: for f, g being Element of ModelSP S holds o . (f,g) = H1(f,g) from BINOP_1:sch_4(); for f, g being set st f in ModelSP S & g in ModelSP S holds o . (f,g) = EUntill_0 (f,g,R) by A1; hence ex b1 being BinOp of (ModelSP S) st for f, g being set st f in ModelSP S & g in ModelSP S holds b1 . (f,g) = EUntill_0 (f,g,R) ; ::_thesis: verum end; uniqueness for b1, b2 being BinOp of (ModelSP S) st ( for f, g being set st f in ModelSP S & g in ModelSP S holds b1 . (f,g) = EUntill_0 (f,g,R) ) & ( for f, g being set st f in ModelSP S & g in ModelSP S holds b2 . (f,g) = EUntill_0 (f,g,R) ) holds b1 = b2 by Lm40; end; :: deftheorem Def54 defines EUntill_ MODELC_1:def_54_:_ for S being non empty set for R being total Relation of S,S for b3 being BinOp of (ModelSP S) holds ( b3 = EUntill_ R iff for f, g being set st f in ModelSP S & g in ModelSP S holds b3 . (f,g) = EUntill_0 (f,g,R) ); definition let S be non empty set ; let X be non empty Subset of (ModelSP S); let s be set ; func F_LABEL (s,X) -> Subset of X means :Def55: :: MODELC_1:def 55 for x being set holds ( x in it iff ( x in X & ex f being Function of S,BOOLEAN st ( f = x & f . s = TRUE ) ) ); existence ex b1 being Subset of X st for x being set holds ( x in b1 iff ( x in X & ex f being Function of S,BOOLEAN st ( f = x & f . s = TRUE ) ) ) proof defpred S1[ set ] means ex f being Function of S,BOOLEAN st ( f = $1 & f . s = TRUE ); consider IT being set such that A1: for x being set holds ( x in IT iff ( x in X & S1[x] ) ) from XBOOLE_0:sch_1(); for x being set st x in IT holds x in X by A1; then reconsider IT = IT as Subset of X by TARSKI:def_3; take IT ; ::_thesis: for x being set holds ( x in IT iff ( x in X & ex f being Function of S,BOOLEAN st ( f = x & f . s = TRUE ) ) ) thus for x being set holds ( x in IT iff ( x in X & ex f being Function of S,BOOLEAN st ( f = x & f . s = TRUE ) ) ) by A1; ::_thesis: verum end; uniqueness for b1, b2 being Subset of X st ( for x being set holds ( x in b1 iff ( x in X & ex f being Function of S,BOOLEAN st ( f = x & f . s = TRUE ) ) ) ) & ( for x being set holds ( x in b2 iff ( x in X & ex f being Function of S,BOOLEAN st ( f = x & f . s = TRUE ) ) ) ) holds b1 = b2 proof defpred S1[ set ] means ( $1 in X & ex f being Function of S,BOOLEAN st ( f = $1 & f . s = TRUE ) ); for X1, X2 being set st ( for x being set holds ( x in X1 iff S1[x] ) ) & ( for x being set holds ( x in X2 iff S1[x] ) ) holds X1 = X2 from XBOOLE_0:sch_3(); hence for b1, b2 being Subset of X st ( for x being set holds ( x in b1 iff ( x in X & ex f being Function of S,BOOLEAN st ( f = x & f . s = TRUE ) ) ) ) & ( for x being set holds ( x in b2 iff ( x in X & ex f being Function of S,BOOLEAN st ( f = x & f . s = TRUE ) ) ) ) holds b1 = b2 ; ::_thesis: verum end; end; :: deftheorem Def55 defines F_LABEL MODELC_1:def_55_:_ for S being non empty set for X being non empty Subset of (ModelSP S) for s being set for b4 being Subset of X holds ( b4 = F_LABEL (s,X) iff for x being set holds ( x in b4 iff ( x in X & ex f being Function of S,BOOLEAN st ( f = x & f . s = TRUE ) ) ) ); definition let S be non empty set ; let X be non empty Subset of (ModelSP S); func Label_ X -> Function of S,(bool X) means :Def56: :: MODELC_1:def 56 for x being set st x in S holds it . x = F_LABEL (x,X); existence ex b1 being Function of S,(bool X) st for x being set st x in S holds b1 . x = F_LABEL (x,X) proof deffunc H1( set ) -> Subset of X = F_LABEL ($1,X); A1: for x being set st x in S holds H1(x) in bool X ; consider IT being Function of S,(bool X) such that A2: for x being set st x in S holds IT . x = H1(x) from FUNCT_2:sch_2(A1); take IT ; ::_thesis: for x being set st x in S holds IT . x = F_LABEL (x,X) thus for x being set st x in S holds IT . x = F_LABEL (x,X) by A2; ::_thesis: verum end; uniqueness for b1, b2 being Function of S,(bool X) st ( for x being set st x in S holds b1 . x = F_LABEL (x,X) ) & ( for x being set st x in S holds b2 . x = F_LABEL (x,X) ) holds b1 = b2 proof for G, H being Function of S,(bool X) st ( for x being set st x in S holds G . x = F_LABEL (x,X) ) & ( for x being set st x in S holds H . x = F_LABEL (x,X) ) holds G = H proof let G, H be Function of S,(bool X); ::_thesis: ( ( for x being set st x in S holds G . x = F_LABEL (x,X) ) & ( for x being set st x in S holds H . x = F_LABEL (x,X) ) implies G = H ) assume that A3: for x being set st x in S holds G . x = F_LABEL (x,X) and A4: for x being set st x in S holds H . x = F_LABEL (x,X) ; ::_thesis: G = H for x being set st x in S holds G . x = H . x proof let x be set ; ::_thesis: ( x in S implies G . x = H . x ) assume A5: x in S ; ::_thesis: G . x = H . x G . x = F_LABEL (x,X) by A3, A5 .= H . x by A4, A5 ; hence G . x = H . x ; ::_thesis: verum end; hence G = H by FUNCT_2:12; ::_thesis: verum end; hence for b1, b2 being Function of S,(bool X) st ( for x being set st x in S holds b1 . x = F_LABEL (x,X) ) & ( for x being set st x in S holds b2 . x = F_LABEL (x,X) ) holds b1 = b2 ; ::_thesis: verum end; end; :: deftheorem Def56 defines Label_ MODELC_1:def_56_:_ for S being non empty set for X being non empty Subset of (ModelSP S) for b3 being Function of S,(bool X) holds ( b3 = Label_ X iff for x being set st x in S holds b3 . x = F_LABEL (x,X) ); definition let S be non empty set ; let S0 be Subset of S; let R be total Relation of S,S; let Prop be non empty Subset of (ModelSP S); func KModel (R,S0,Prop) -> KripkeStr over Prop equals :: MODELC_1:def 57 KripkeStr(# S,S0,R,(Label_ Prop) #); coherence KripkeStr(# S,S0,R,(Label_ Prop) #) is KripkeStr over Prop ; end; :: deftheorem defines KModel MODELC_1:def_57_:_ for S being non empty set for S0 being Subset of S for R being total Relation of S,S for Prop being non empty Subset of (ModelSP S) holds KModel (R,S0,Prop) = KripkeStr(# S,S0,R,(Label_ Prop) #); registration let S be non empty set ; let S0 be Subset of S; let R be total Relation of S,S; let Prop be non empty Subset of (ModelSP S); cluster the carrier of (KModel (R,S0,Prop)) -> non empty ; coherence not the carrier of (KModel (R,S0,Prop)) is empty ; end; registration let S be non empty set ; let S0 be Subset of S; let R be total Relation of S,S; let Prop be non empty Subset of (ModelSP S); cluster ModelSP the carrier of (KModel (R,S0,Prop)) -> non empty for Subset of (Funcs ( the carrier of (KModel (R,S0,Prop)),BOOLEAN)); coherence for b1 being Subset of (Funcs ( the carrier of (KModel (R,S0,Prop)),BOOLEAN)) st b1 = ModelSP the carrier of (KModel (R,S0,Prop)) holds not b1 is empty ; end; definition let S be non empty set ; let R be total Relation of S,S; let BASSIGN be non empty Subset of (ModelSP S); func BASSModel (R,BASSIGN) -> CTLModelStr equals :: MODELC_1:def 58 CTLModelStr(# (ModelSP S),BASSIGN,(And_ S),(Not_ S),(EneXt_ R),(EGlobal_ R),(EUntill_ R) #); coherence CTLModelStr(# (ModelSP S),BASSIGN,(And_ S),(Not_ S),(EneXt_ R),(EGlobal_ R),(EUntill_ R) #) is CTLModelStr ; end; :: deftheorem defines BASSModel MODELC_1:def_58_:_ for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) holds BASSModel (R,BASSIGN) = CTLModelStr(# (ModelSP S),BASSIGN,(And_ S),(Not_ S),(EneXt_ R),(EGlobal_ R),(EUntill_ R) #); registration let S be non empty set ; let R be total Relation of S,S; let BASSIGN be non empty Subset of (ModelSP S); cluster BASSModel (R,BASSIGN) -> non empty with_basic ; coherence ( BASSModel (R,BASSIGN) is with_basic & not BASSModel (R,BASSIGN) is empty ) proof set B = BASSModel (R,BASSIGN); thus not the BasicAssign of (BASSModel (R,BASSIGN)) is empty ; :: according to MODELC_1:def_29 ::_thesis: not BASSModel (R,BASSIGN) is empty thus not BASSModel (R,BASSIGN) is empty ; ::_thesis: verum end; end; definition let S be non empty set ; let R be total Relation of S,S; let BASSIGN be non empty Subset of (ModelSP S); let s be Element of S; let f be Assign of (BASSModel (R,BASSIGN)); preds |= f means :Def59: :: MODELC_1:def 59 (Fid (f,S)) . s = TRUE ; end; :: deftheorem Def59 defines |= MODELC_1:def_59_:_ for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for s being Element of S for f being Assign of (BASSModel (R,BASSIGN)) holds ( s |= f iff (Fid (f,S)) . s = TRUE ); notation let S be non empty set ; let R be total Relation of S,S; let BASSIGN be non empty Subset of (ModelSP S); let s be Element of S; let f be Assign of (BASSModel (R,BASSIGN)); antonym s |/= f for s |= f; end; theorem Th11: :: MODELC_1:11 for S being non empty set for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for a being Assign of (BASSModel (R,BASSIGN)) st a in BASSIGN holds ( s |= a iff a in (Label_ BASSIGN) . s ) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for a being Assign of (BASSModel (R,BASSIGN)) st a in BASSIGN holds ( s |= a iff a in (Label_ BASSIGN) . s ) let R be total Relation of S,S; ::_thesis: for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for a being Assign of (BASSModel (R,BASSIGN)) st a in BASSIGN holds ( s |= a iff a in (Label_ BASSIGN) . s ) let s be Element of S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for a being Assign of (BASSModel (R,BASSIGN)) st a in BASSIGN holds ( s |= a iff a in (Label_ BASSIGN) . s ) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for a being Assign of (BASSModel (R,BASSIGN)) st a in BASSIGN holds ( s |= a iff a in (Label_ BASSIGN) . s ) let a be Assign of (BASSModel (R,BASSIGN)); ::_thesis: ( a in BASSIGN implies ( s |= a iff a in (Label_ BASSIGN) . s ) ) assume A1: a in BASSIGN ; ::_thesis: ( s |= a iff a in (Label_ BASSIGN) . s ) thus ( s |= a implies a in (Label_ BASSIGN) . s ) ::_thesis: ( a in (Label_ BASSIGN) . s implies s |= a ) proof set f = Fid (a,S); assume s |= a ; ::_thesis: a in (Label_ BASSIGN) . s then A2: (Fid (a,S)) . s = TRUE by Def59; a = Fid (a,S) by Def41; then a in F_LABEL (s,BASSIGN) by A1, A2, Def55; hence a in (Label_ BASSIGN) . s by Def56; ::_thesis: verum end; assume a in (Label_ BASSIGN) . s ; ::_thesis: s |= a then a in F_LABEL (s,BASSIGN) by Def56; then consider f being Function of S,BOOLEAN such that A3: f = a and A4: f . s = TRUE by Def55; Fid (a,S) = f by A3, Def41; hence s |= a by A4, Def59; ::_thesis: verum end; theorem Th12: :: MODELC_1:12 for S being non empty set for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds ( s |= 'not' f iff s |/= f ) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds ( s |= 'not' f iff s |/= f ) let R be total Relation of S,S; ::_thesis: for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds ( s |= 'not' f iff s |/= f ) let s be Element of S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds ( s |= 'not' f iff s |/= f ) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f being Assign of (BASSModel (R,BASSIGN)) holds ( s |= 'not' f iff s |/= f ) let f be Assign of (BASSModel (R,BASSIGN)); ::_thesis: ( s |= 'not' f iff s |/= f ) A1: 'not' f = Not_0 (f,S) by Def43; A2: ( s |/= f implies s |= 'not' f ) proof assume s |/= f ; ::_thesis: s |= 'not' f then not (Fid (f,S)) . s = TRUE by Def59; then not Castboolean ((Fid (f,S)) . s) = TRUE by Def4; then Castboolean ((Fid (f,S)) . s) = FALSE by XBOOLEAN:def_3; then 'not' (Castboolean ((Fid (f,S)) . s)) = TRUE ; then (Fid (('not' f),S)) . s = TRUE by A1, Def42; hence s |= 'not' f by Def59; ::_thesis: verum end; ( s |= 'not' f implies s |/= f ) proof assume s |= 'not' f ; ::_thesis: s |/= f then (Fid ((Not_0 (f,S)),S)) . s = TRUE by A1, Def59; then 'not' (Castboolean ((Fid (f,S)) . s)) = TRUE by Def42; then (Fid (f,S)) . s = FALSE by Def4; hence s |/= f by Def59; ::_thesis: verum end; hence ( s |= 'not' f iff s |/= f ) by A2; ::_thesis: verum end; theorem Th13: :: MODELC_1:13 for S being non empty set for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) holds ( s |= f '&' g iff ( s |= f & s |= g ) ) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) holds ( s |= f '&' g iff ( s |= f & s |= g ) ) let R be total Relation of S,S; ::_thesis: for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) holds ( s |= f '&' g iff ( s |= f & s |= g ) ) let s be Element of S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) holds ( s |= f '&' g iff ( s |= f & s |= g ) ) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f, g being Assign of (BASSModel (R,BASSIGN)) holds ( s |= f '&' g iff ( s |= f & s |= g ) ) let f, g be Assign of (BASSModel (R,BASSIGN)); ::_thesis: ( s |= f '&' g iff ( s |= f & s |= g ) ) A1: f '&' g = And_0 (f,g,S) by Def51; A2: ( s |= f '&' g implies ( s |= f & s |= g ) ) proof assume s |= f '&' g ; ::_thesis: ( s |= f & s |= g ) then (Fid ((And_0 (f,g,S)),S)) . s = TRUE by A1, Def59; then A3: (Castboolean ((Fid (f,S)) . s)) '&' (Castboolean ((Fid (g,S)) . s)) = TRUE by Def50; then Castboolean ((Fid (g,S)) . s) = TRUE by XBOOLEAN:101; then A4: (Fid (g,S)) . s = TRUE by Def4; Castboolean ((Fid (f,S)) . s) = TRUE by A3, XBOOLEAN:101; then (Fid (f,S)) . s = TRUE by Def4; hence ( s |= f & s |= g ) by A4, Def59; ::_thesis: verum end; ( s |= f & s |= g implies s |= f '&' g ) proof assume that A5: s |= f and A6: s |= g ; ::_thesis: s |= f '&' g A7: (Fid (g,S)) . s = TRUE by A6, Def59; (Fid (f,S)) . s = TRUE by A5, Def59; then (Castboolean ((Fid (f,S)) . s)) '&' (Castboolean ((Fid (g,S)) . s)) = TRUE by A7, Def4; then (Fid ((f '&' g),S)) . s = TRUE by A1, Def50; hence s |= f '&' g by Def59; ::_thesis: verum end; hence ( s |= f '&' g iff ( s |= f & s |= g ) ) by A2; ::_thesis: verum end; theorem Th14: :: MODELC_1:14 for S being non empty set for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds ( s |= EX f iff ex pai being inf_path of R st ( pai . 0 = s & pai . 1 |= f ) ) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds ( s |= EX f iff ex pai being inf_path of R st ( pai . 0 = s & pai . 1 |= f ) ) let R be total Relation of S,S; ::_thesis: for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds ( s |= EX f iff ex pai being inf_path of R st ( pai . 0 = s & pai . 1 |= f ) ) let s be Element of S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds ( s |= EX f iff ex pai being inf_path of R st ( pai . 0 = s & pai . 1 |= f ) ) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f being Assign of (BASSModel (R,BASSIGN)) holds ( s |= EX f iff ex pai being inf_path of R st ( pai . 0 = s & pai . 1 |= f ) ) let f be Assign of (BASSModel (R,BASSIGN)); ::_thesis: ( s |= EX f iff ex pai being inf_path of R st ( pai . 0 = s & pai . 1 |= f ) ) A1: EX f = EneXt_0 (f,R) by Def46; A2: ( ex pai being inf_path of R st ( pai . 0 = s & pai . 1 |= f ) implies s |= EX f ) proof assume A3: ex pai being inf_path of R st ( pai . 0 = s & pai . 1 |= f ) ; ::_thesis: s |= EX f ex pai being inf_path of R st ( pai . 0 = s & (Fid (f,S)) . (pai . 1) = TRUE ) proof consider pai being inf_path of R such that A4: pai . 0 = s and A5: pai . 1 |= f by A3; take pai ; ::_thesis: ( pai . 0 = s & (Fid (f,S)) . (pai . 1) = TRUE ) thus ( pai . 0 = s & (Fid (f,S)) . (pai . 1) = TRUE ) by A4, A5, Def59; ::_thesis: verum end; then EneXt_univ (s,(Fid (f,S)),R) = TRUE by Def44; then (Fid ((EX f),S)) . s = TRUE by A1, Def45; hence s |= EX f by Def59; ::_thesis: verum end; ( s |= EX f implies ex pai being inf_path of R st ( pai . 0 = s & pai . 1 |= f ) ) proof assume s |= EX f ; ::_thesis: ex pai being inf_path of R st ( pai . 0 = s & pai . 1 |= f ) then (Fid ((EneXt_0 (f,R)),S)) . s = TRUE by A1, Def59; then EneXt_univ (s,(Fid (f,S)),R) = TRUE by Def45; then consider pai being inf_path of R such that A6: pai . 0 = s and A7: (Fid (f,S)) . (pai . 1) = TRUE by Def44; take pai ; ::_thesis: ( pai . 0 = s & pai . 1 |= f ) thus ( pai . 0 = s & pai . 1 |= f ) by A6, A7, Def59; ::_thesis: verum end; hence ( s |= EX f iff ex pai being inf_path of R st ( pai . 0 = s & pai . 1 |= f ) ) by A2; ::_thesis: verum end; theorem Th15: :: MODELC_1:15 for S being non empty set for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds ( s |= EG f iff ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n |= f ) ) ) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds ( s |= EG f iff ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n |= f ) ) ) let R be total Relation of S,S; ::_thesis: for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds ( s |= EG f iff ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n |= f ) ) ) let s be Element of S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds ( s |= EG f iff ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n |= f ) ) ) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f being Assign of (BASSModel (R,BASSIGN)) holds ( s |= EG f iff ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n |= f ) ) ) let f be Assign of (BASSModel (R,BASSIGN)); ::_thesis: ( s |= EG f iff ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n |= f ) ) ) A1: EG f = EGlobal_0 (f,R) by Def49; A2: ( ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n |= f ) ) implies s |= EG f ) proof assume A3: ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n |= f ) ) ; ::_thesis: s |= EG f ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds (Fid (f,S)) . (pai . n) = TRUE ) ) proof consider pai being inf_path of R such that A4: pai . 0 = s and A5: for n being Element of NAT holds pai . n |= f by A3; take pai ; ::_thesis: ( pai . 0 = s & ( for n being Element of NAT holds (Fid (f,S)) . (pai . n) = TRUE ) ) for n being Element of NAT holds (Fid (f,S)) . (pai . n) = TRUE proof let n be Element of NAT ; ::_thesis: (Fid (f,S)) . (pai . n) = TRUE pai . n |= f by A5; hence (Fid (f,S)) . (pai . n) = TRUE by Def59; ::_thesis: verum end; hence ( pai . 0 = s & ( for n being Element of NAT holds (Fid (f,S)) . (pai . n) = TRUE ) ) by A4; ::_thesis: verum end; then EGlobal_univ (s,(Fid (f,S)),R) = TRUE by Def47; then (Fid ((EG f),S)) . s = TRUE by A1, Def48; hence s |= EG f by Def59; ::_thesis: verum end; ( s |= EG f implies ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n |= f ) ) ) proof assume s |= EG f ; ::_thesis: ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n |= f ) ) then (Fid ((EGlobal_0 (f,R)),S)) . s = TRUE by A1, Def59; then EGlobal_univ (s,(Fid (f,S)),R) = TRUE by Def48; then consider pai being inf_path of R such that A6: pai . 0 = s and A7: for n being Element of NAT holds (Fid (f,S)) . (pai . n) = TRUE by Def47; take pai ; ::_thesis: ( pai . 0 = s & ( for n being Element of NAT holds pai . n |= f ) ) for n being Element of NAT holds pai . n |= f proof let n be Element of NAT ; ::_thesis: pai . n |= f (Fid (f,S)) . (pai . n) = TRUE by A7; hence pai . n |= f by Def59; ::_thesis: verum end; hence ( pai . 0 = s & ( for n being Element of NAT holds pai . n |= f ) ) by A6; ::_thesis: verum end; hence ( s |= EG f iff ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n |= f ) ) ) by A2; ::_thesis: verum end; theorem Th16: :: MODELC_1:16 for S being non empty set for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) holds ( s |= f EU g iff ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j |= f ) & pai . m |= g ) ) ) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) holds ( s |= f EU g iff ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j |= f ) & pai . m |= g ) ) ) let R be total Relation of S,S; ::_thesis: for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) holds ( s |= f EU g iff ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j |= f ) & pai . m |= g ) ) ) let s be Element of S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) holds ( s |= f EU g iff ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j |= f ) & pai . m |= g ) ) ) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f, g being Assign of (BASSModel (R,BASSIGN)) holds ( s |= f EU g iff ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j |= f ) & pai . m |= g ) ) ) let f, g be Assign of (BASSModel (R,BASSIGN)); ::_thesis: ( s |= f EU g iff ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j |= f ) & pai . m |= g ) ) ) A1: f EU g = EUntill_0 (f,g,R) by Def54; A2: ( ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j |= f ) & pai . m |= g ) ) implies s |= f EU g ) proof assume A3: ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j |= f ) & pai . m |= g ) ) ; ::_thesis: s |= f EU g ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds (Fid (f,S)) . (pai . j) = TRUE ) & (Fid (g,S)) . (pai . m) = TRUE ) ) proof consider pai being inf_path of R such that A4: pai . 0 = s and A5: ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j |= f ) & pai . m |= g ) by A3; take pai ; ::_thesis: ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds (Fid (f,S)) . (pai . j) = TRUE ) & (Fid (g,S)) . (pai . m) = TRUE ) ) ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds (Fid (f,S)) . (pai . j) = TRUE ) & (Fid (g,S)) . (pai . m) = TRUE ) proof consider m being Element of NAT such that A6: for j being Element of NAT st j < m holds pai . j |= f and A7: pai . m |= g by A5; take m ; ::_thesis: ( ( for j being Element of NAT st j < m holds (Fid (f,S)) . (pai . j) = TRUE ) & (Fid (g,S)) . (pai . m) = TRUE ) for j being Element of NAT st j < m holds (Fid (f,S)) . (pai . j) = TRUE proof let j be Element of NAT ; ::_thesis: ( j < m implies (Fid (f,S)) . (pai . j) = TRUE ) assume j < m ; ::_thesis: (Fid (f,S)) . (pai . j) = TRUE then pai . j |= f by A6; hence (Fid (f,S)) . (pai . j) = TRUE by Def59; ::_thesis: verum end; hence ( ( for j being Element of NAT st j < m holds (Fid (f,S)) . (pai . j) = TRUE ) & (Fid (g,S)) . (pai . m) = TRUE ) by A7, Def59; ::_thesis: verum end; hence ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds (Fid (f,S)) . (pai . j) = TRUE ) & (Fid (g,S)) . (pai . m) = TRUE ) ) by A4; ::_thesis: verum end; then EUntill_univ (s,(Fid (f,S)),(Fid (g,S)),R) = TRUE by Def52; then (Fid ((f EU g),S)) . s = TRUE by A1, Def53; hence s |= f EU g by Def59; ::_thesis: verum end; ( s |= f EU g implies ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j |= f ) & pai . m |= g ) ) ) proof assume s |= f EU g ; ::_thesis: ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j |= f ) & pai . m |= g ) ) then (Fid ((EUntill_0 (f,g,R)),S)) . s = TRUE by A1, Def59; then EUntill_univ (s,(Fid (f,S)),(Fid (g,S)),R) = TRUE by Def53; then consider pai being inf_path of R such that A8: pai . 0 = s and A9: ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds (Fid (f,S)) . (pai . j) = TRUE ) & (Fid (g,S)) . (pai . m) = TRUE ) by Def52; take pai ; ::_thesis: ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j |= f ) & pai . m |= g ) ) ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j |= f ) & pai . m |= g ) proof consider m being Element of NAT such that A10: for j being Element of NAT st j < m holds (Fid (f,S)) . (pai . j) = TRUE and A11: (Fid (g,S)) . (pai . m) = TRUE by A9; take m ; ::_thesis: ( ( for j being Element of NAT st j < m holds pai . j |= f ) & pai . m |= g ) for j being Element of NAT st j < m holds pai . j |= f proof let j be Element of NAT ; ::_thesis: ( j < m implies pai . j |= f ) assume j < m ; ::_thesis: pai . j |= f then (Fid (f,S)) . (pai . j) = TRUE by A10; hence pai . j |= f by Def59; ::_thesis: verum end; hence ( ( for j being Element of NAT st j < m holds pai . j |= f ) & pai . m |= g ) by A11, Def59; ::_thesis: verum end; hence ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j |= f ) & pai . m |= g ) ) by A8; ::_thesis: verum end; hence ( s |= f EU g iff ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j |= f ) & pai . m |= g ) ) ) by A2; ::_thesis: verum end; theorem Th17: :: MODELC_1:17 for S being non empty set for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) holds ( s |= f 'or' g iff ( s |= f or s |= g ) ) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) holds ( s |= f 'or' g iff ( s |= f or s |= g ) ) let R be total Relation of S,S; ::_thesis: for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) holds ( s |= f 'or' g iff ( s |= f or s |= g ) ) let s be Element of S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) holds ( s |= f 'or' g iff ( s |= f or s |= g ) ) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f, g being Assign of (BASSModel (R,BASSIGN)) holds ( s |= f 'or' g iff ( s |= f or s |= g ) ) let f, g be Assign of (BASSModel (R,BASSIGN)); ::_thesis: ( s |= f 'or' g iff ( s |= f or s |= g ) ) ( s |= f 'or' g iff not s |= ('not' f) '&' ('not' g) ) by Th12; then ( s |= f 'or' g iff ( not s |= 'not' f or not s |= 'not' g ) ) by Th13; hence ( s |= f 'or' g iff ( s |= f or s |= g ) ) by Th12; ::_thesis: verum end; definition let S be non empty set ; let R be total Relation of S,S; let BASSIGN be non empty Subset of (ModelSP S); let kai be Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)); let s be Element of S; let H be CTL-formula; preds,kai |= H means :Def60: :: MODELC_1:def 60 s |= Evaluate (H,kai); end; :: deftheorem Def60 defines |= MODELC_1:def_60_:_ for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) for s being Element of S for H being CTL-formula holds ( s,kai |= H iff s |= Evaluate (H,kai) ); notation let S be non empty set ; let R be total Relation of S,S; let BASSIGN be non empty Subset of (ModelSP S); let kai be Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)); let s be Element of S; let H be CTL-formula; antonym s,kai |/= H for s,kai |= H; end; theorem :: MODELC_1:18 for H being CTL-formula for S being non empty set for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) st H is atomic holds ( s,kai |= H iff kai . H in (Label_ BASSIGN) . s ) proof let H be CTL-formula; ::_thesis: for S being non empty set for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) st H is atomic holds ( s,kai |= H iff kai . H in (Label_ BASSIGN) . s ) let S be non empty set ; ::_thesis: for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) st H is atomic holds ( s,kai |= H iff kai . H in (Label_ BASSIGN) . s ) let R be total Relation of S,S; ::_thesis: for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) st H is atomic holds ( s,kai |= H iff kai . H in (Label_ BASSIGN) . s ) let s be Element of S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) st H is atomic holds ( s,kai |= H iff kai . H in (Label_ BASSIGN) . s ) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) st H is atomic holds ( s,kai |= H iff kai . H in (Label_ BASSIGN) . s ) let kai be Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)); ::_thesis: ( H is atomic implies ( s,kai |= H iff kai . H in (Label_ BASSIGN) . s ) ) assume A1: H is atomic ; ::_thesis: ( s,kai |= H iff kai . H in (Label_ BASSIGN) . s ) ex f being Function of CTL_WFF, the carrier of (BASSModel (R,BASSIGN)) st ( f is-Evaluation-for kai & Evaluate (H,kai) = f . H ) by Def34; then A2: Evaluate (H,kai) = kai . H by A1, Def26; A3: ( s,kai |= H iff s |= Evaluate (H,kai) ) by Def60; H in atomic_WFF by A1; then Evaluate (H,kai) in BASSIGN by A2, FUNCT_2:5; hence ( s,kai |= H iff kai . H in (Label_ BASSIGN) . s ) by A2, A3, Th11; ::_thesis: verum end; theorem :: MODELC_1:19 for H being CTL-formula for S being non empty set for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= 'not' H iff s,kai |/= H ) proof let H be CTL-formula; ::_thesis: for S being non empty set for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= 'not' H iff s,kai |/= H ) let S be non empty set ; ::_thesis: for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= 'not' H iff s,kai |/= H ) let R be total Relation of S,S; ::_thesis: for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= 'not' H iff s,kai |/= H ) let s be Element of S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= 'not' H iff s,kai |/= H ) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= 'not' H iff s,kai |/= H ) let kai be Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)); ::_thesis: ( s,kai |= 'not' H iff s,kai |/= H ) ( s,kai |= 'not' H iff s |= Evaluate (('not' H),kai) ) by Def60; then ( s,kai |= 'not' H iff s |= 'not' (Evaluate (H,kai)) ) by Th5; then ( s,kai |= 'not' H iff s |/= Evaluate (H,kai) ) by Th12; hence ( s,kai |= 'not' H iff s,kai |/= H ) by Def60; ::_thesis: verum end; theorem :: MODELC_1:20 for H1, H2 being CTL-formula for S being non empty set for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= H1 '&' H2 iff ( s,kai |= H1 & s,kai |= H2 ) ) proof let H1, H2 be CTL-formula; ::_thesis: for S being non empty set for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= H1 '&' H2 iff ( s,kai |= H1 & s,kai |= H2 ) ) let S be non empty set ; ::_thesis: for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= H1 '&' H2 iff ( s,kai |= H1 & s,kai |= H2 ) ) let R be total Relation of S,S; ::_thesis: for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= H1 '&' H2 iff ( s,kai |= H1 & s,kai |= H2 ) ) let s be Element of S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= H1 '&' H2 iff ( s,kai |= H1 & s,kai |= H2 ) ) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= H1 '&' H2 iff ( s,kai |= H1 & s,kai |= H2 ) ) let kai be Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)); ::_thesis: ( s,kai |= H1 '&' H2 iff ( s,kai |= H1 & s,kai |= H2 ) ) ( s,kai |= H1 '&' H2 iff s |= Evaluate ((H1 '&' H2),kai) ) by Def60; then ( s,kai |= H1 '&' H2 iff s |= (Evaluate (H1,kai)) '&' (Evaluate (H2,kai)) ) by Th6; then ( s,kai |= H1 '&' H2 iff ( s |= Evaluate (H1,kai) & s |= Evaluate (H2,kai) ) ) by Th13; hence ( s,kai |= H1 '&' H2 iff ( s,kai |= H1 & s,kai |= H2 ) ) by Def60; ::_thesis: verum end; theorem :: MODELC_1:21 for H1, H2 being CTL-formula for S being non empty set for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= H1 'or' H2 iff ( s,kai |= H1 or s,kai |= H2 ) ) proof let H1, H2 be CTL-formula; ::_thesis: for S being non empty set for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= H1 'or' H2 iff ( s,kai |= H1 or s,kai |= H2 ) ) let S be non empty set ; ::_thesis: for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= H1 'or' H2 iff ( s,kai |= H1 or s,kai |= H2 ) ) let R be total Relation of S,S; ::_thesis: for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= H1 'or' H2 iff ( s,kai |= H1 or s,kai |= H2 ) ) let s be Element of S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= H1 'or' H2 iff ( s,kai |= H1 or s,kai |= H2 ) ) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= H1 'or' H2 iff ( s,kai |= H1 or s,kai |= H2 ) ) let kai be Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)); ::_thesis: ( s,kai |= H1 'or' H2 iff ( s,kai |= H1 or s,kai |= H2 ) ) ( s,kai |= H1 'or' H2 iff s |= Evaluate ((H1 'or' H2),kai) ) by Def60; then ( s,kai |= H1 'or' H2 iff s |= (Evaluate (H1,kai)) 'or' (Evaluate (H2,kai)) ) by Th10; then ( s,kai |= H1 'or' H2 iff ( s |= Evaluate (H1,kai) or s |= Evaluate (H2,kai) ) ) by Th17; hence ( s,kai |= H1 'or' H2 iff ( s,kai |= H1 or s,kai |= H2 ) ) by Def60; ::_thesis: verum end; theorem :: MODELC_1:22 for H being CTL-formula for S being non empty set for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= EX H iff ex pai being inf_path of R st ( pai . 0 = s & pai . 1,kai |= H ) ) proof let H be CTL-formula; ::_thesis: for S being non empty set for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= EX H iff ex pai being inf_path of R st ( pai . 0 = s & pai . 1,kai |= H ) ) let S be non empty set ; ::_thesis: for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= EX H iff ex pai being inf_path of R st ( pai . 0 = s & pai . 1,kai |= H ) ) let R be total Relation of S,S; ::_thesis: for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= EX H iff ex pai being inf_path of R st ( pai . 0 = s & pai . 1,kai |= H ) ) let s be Element of S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= EX H iff ex pai being inf_path of R st ( pai . 0 = s & pai . 1,kai |= H ) ) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= EX H iff ex pai being inf_path of R st ( pai . 0 = s & pai . 1,kai |= H ) ) let kai be Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)); ::_thesis: ( s,kai |= EX H iff ex pai being inf_path of R st ( pai . 0 = s & pai . 1,kai |= H ) ) A1: ( ex pai being inf_path of R st ( pai . 0 = s & pai . 1 |= Evaluate (H,kai) ) implies ex pai being inf_path of R st ( pai . 0 = s & pai . 1,kai |= H ) ) proof given pai being inf_path of R such that A2: pai . 0 = s and A3: pai . 1 |= Evaluate (H,kai) ; ::_thesis: ex pai being inf_path of R st ( pai . 0 = s & pai . 1,kai |= H ) take pai ; ::_thesis: ( pai . 0 = s & pai . 1,kai |= H ) thus ( pai . 0 = s & pai . 1,kai |= H ) by A2, A3, Def60; ::_thesis: verum end; A4: ( ex pai being inf_path of R st ( pai . 0 = s & pai . 1,kai |= H ) implies ex pai being inf_path of R st ( pai . 0 = s & pai . 1 |= Evaluate (H,kai) ) ) proof given pai being inf_path of R such that A5: pai . 0 = s and A6: pai . 1,kai |= H ; ::_thesis: ex pai being inf_path of R st ( pai . 0 = s & pai . 1 |= Evaluate (H,kai) ) take pai ; ::_thesis: ( pai . 0 = s & pai . 1 |= Evaluate (H,kai) ) thus ( pai . 0 = s & pai . 1 |= Evaluate (H,kai) ) by A5, A6, Def60; ::_thesis: verum end; ( s,kai |= EX H iff s |= Evaluate ((EX H),kai) ) by Def60; then ( s,kai |= EX H iff s |= EX (Evaluate (H,kai)) ) by Th7; hence ( s,kai |= EX H iff ex pai being inf_path of R st ( pai . 0 = s & pai . 1,kai |= H ) ) by A1, A4, Th14; ::_thesis: verum end; theorem :: MODELC_1:23 for H being CTL-formula for S being non empty set for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= EG H iff ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n,kai |= H ) ) ) proof let H be CTL-formula; ::_thesis: for S being non empty set for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= EG H iff ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n,kai |= H ) ) ) let S be non empty set ; ::_thesis: for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= EG H iff ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n,kai |= H ) ) ) let R be total Relation of S,S; ::_thesis: for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= EG H iff ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n,kai |= H ) ) ) let s be Element of S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= EG H iff ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n,kai |= H ) ) ) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= EG H iff ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n,kai |= H ) ) ) let kai be Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)); ::_thesis: ( s,kai |= EG H iff ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n,kai |= H ) ) ) A1: ( ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n |= Evaluate (H,kai) ) ) implies ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n,kai |= H ) ) ) proof given pai being inf_path of R such that A2: pai . 0 = s and A3: for n being Element of NAT holds pai . n |= Evaluate (H,kai) ; ::_thesis: ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n,kai |= H ) ) take pai ; ::_thesis: ( pai . 0 = s & ( for n being Element of NAT holds pai . n,kai |= H ) ) for n being Element of NAT holds pai . n,kai |= H proof let n be Element of NAT ; ::_thesis: pai . n,kai |= H pai . n |= Evaluate (H,kai) by A3; hence pai . n,kai |= H by Def60; ::_thesis: verum end; hence ( pai . 0 = s & ( for n being Element of NAT holds pai . n,kai |= H ) ) by A2; ::_thesis: verum end; A4: ( ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n,kai |= H ) ) implies ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n |= Evaluate (H,kai) ) ) ) proof given pai being inf_path of R such that A5: pai . 0 = s and A6: for n being Element of NAT holds pai . n,kai |= H ; ::_thesis: ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n |= Evaluate (H,kai) ) ) take pai ; ::_thesis: ( pai . 0 = s & ( for n being Element of NAT holds pai . n |= Evaluate (H,kai) ) ) for n being Element of NAT holds pai . n |= Evaluate (H,kai) proof let n be Element of NAT ; ::_thesis: pai . n |= Evaluate (H,kai) pai . n,kai |= H by A6; hence pai . n |= Evaluate (H,kai) by Def60; ::_thesis: verum end; hence ( pai . 0 = s & ( for n being Element of NAT holds pai . n |= Evaluate (H,kai) ) ) by A5; ::_thesis: verum end; ( s,kai |= EG H iff s |= Evaluate ((EG H),kai) ) by Def60; then ( s,kai |= EG H iff s |= EG (Evaluate (H,kai)) ) by Th8; hence ( s,kai |= EG H iff ex pai being inf_path of R st ( pai . 0 = s & ( for n being Element of NAT holds pai . n,kai |= H ) ) ) by A1, A4, Th15; ::_thesis: verum end; theorem :: MODELC_1:24 for H1, H2 being CTL-formula for S being non empty set for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= H1 EU H2 iff ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j,kai |= H1 ) & pai . m,kai |= H2 ) ) ) proof let H1, H2 be CTL-formula; ::_thesis: for S being non empty set for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= H1 EU H2 iff ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j,kai |= H1 ) & pai . m,kai |= H2 ) ) ) let S be non empty set ; ::_thesis: for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= H1 EU H2 iff ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j,kai |= H1 ) & pai . m,kai |= H2 ) ) ) let R be total Relation of S,S; ::_thesis: for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= H1 EU H2 iff ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j,kai |= H1 ) & pai . m,kai |= H2 ) ) ) let s be Element of S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= H1 EU H2 iff ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j,kai |= H1 ) & pai . m,kai |= H2 ) ) ) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for kai being Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)) holds ( s,kai |= H1 EU H2 iff ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j,kai |= H1 ) & pai . m,kai |= H2 ) ) ) let kai be Function of atomic_WFF, the BasicAssign of (BASSModel (R,BASSIGN)); ::_thesis: ( s,kai |= H1 EU H2 iff ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j,kai |= H1 ) & pai . m,kai |= H2 ) ) ) A1: ( ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j |= Evaluate (H1,kai) ) & pai . m |= Evaluate (H2,kai) ) ) implies ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j,kai |= H1 ) & pai . m,kai |= H2 ) ) ) proof given pai being inf_path of R such that A2: pai . 0 = s and A3: ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j |= Evaluate (H1,kai) ) & pai . m |= Evaluate (H2,kai) ) ; ::_thesis: ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j,kai |= H1 ) & pai . m,kai |= H2 ) ) take pai ; ::_thesis: ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j,kai |= H1 ) & pai . m,kai |= H2 ) ) consider m being Element of NAT such that A4: for j being Element of NAT st j < m holds pai . j |= Evaluate (H1,kai) and A5: pai . m |= Evaluate (H2,kai) by A3; A6: for j being Element of NAT st j < m holds pai . j,kai |= H1 proof let j be Element of NAT ; ::_thesis: ( j < m implies pai . j,kai |= H1 ) assume j < m ; ::_thesis: pai . j,kai |= H1 then pai . j |= Evaluate (H1,kai) by A4; hence pai . j,kai |= H1 by Def60; ::_thesis: verum end; ( pai . m |= Evaluate (H2,kai) iff pai . m,kai |= H2 ) by Def60; hence ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j,kai |= H1 ) & pai . m,kai |= H2 ) ) by A2, A5, A6; ::_thesis: verum end; A7: ( ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j,kai |= H1 ) & pai . m,kai |= H2 ) ) implies ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j |= Evaluate (H1,kai) ) & pai . m |= Evaluate (H2,kai) ) ) ) proof given pai being inf_path of R such that A8: pai . 0 = s and A9: ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j,kai |= H1 ) & pai . m,kai |= H2 ) ; ::_thesis: ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j |= Evaluate (H1,kai) ) & pai . m |= Evaluate (H2,kai) ) ) take pai ; ::_thesis: ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j |= Evaluate (H1,kai) ) & pai . m |= Evaluate (H2,kai) ) ) consider m being Element of NAT such that A10: for j being Element of NAT st j < m holds pai . j,kai |= H1 and A11: pai . m,kai |= H2 by A9; A12: for j being Element of NAT st j < m holds pai . j |= Evaluate (H1,kai) proof let j be Element of NAT ; ::_thesis: ( j < m implies pai . j |= Evaluate (H1,kai) ) assume j < m ; ::_thesis: pai . j |= Evaluate (H1,kai) then pai . j,kai |= H1 by A10; hence pai . j |= Evaluate (H1,kai) by Def60; ::_thesis: verum end; ( pai . m |= Evaluate (H2,kai) iff pai . m,kai |= H2 ) by Def60; hence ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j |= Evaluate (H1,kai) ) & pai . m |= Evaluate (H2,kai) ) ) by A8, A11, A12; ::_thesis: verum end; ( s,kai |= H1 EU H2 iff s |= Evaluate ((H1 EU H2),kai) ) by Def60; then ( s,kai |= H1 EU H2 iff s |= (Evaluate (H1,kai)) EU (Evaluate (H2,kai)) ) by Th9; hence ( s,kai |= H1 EU H2 iff ex pai being inf_path of R st ( pai . 0 = s & ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j,kai |= H1 ) & pai . m,kai |= H2 ) ) ) by A1, A7, Th16; ::_thesis: verum end; theorem Th25: :: MODELC_1:25 for S being non empty set for R being total Relation of S,S for s0 being Element of S ex pai being inf_path of R st pai . 0 = s0 proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for s0 being Element of S ex pai being inf_path of R st pai . 0 = s0 let R be total Relation of S,S; ::_thesis: for s0 being Element of S ex pai being inf_path of R st pai . 0 = s0 let s0 be Element of S; ::_thesis: ex pai being inf_path of R st pai . 0 = s0 consider pai being Function of NAT,S such that A1: pai . 0 = s0 and A2: for n being Element of NAT holds [(pai . n),(pai . (n + 1))] in R by Lm34; reconsider pai = pai as inf_path of R by A2, Def39; take pai ; ::_thesis: pai . 0 = s0 thus pai . 0 = s0 by A1; ::_thesis: verum end; theorem :: MODELC_1:26 for S being non empty set for R being Relation of S,S holds ( R is total iff for x being set st x in S holds ex y being set st ( y in S & [x,y] in R ) ) by Lm31, Lm32; definition let S be non empty set ; let R be total Relation of S,S; let s0 be Element of S; let pai be inf_path of R; let n be set ; func PrePath (n,s0,pai) -> Element of S equals :Def61: :: MODELC_1:def 61 s0 if n = 0 otherwise pai . (k_nat ((k_nat n) - 1)); correctness coherence ( ( n = 0 implies s0 is Element of S ) & ( not n = 0 implies pai . (k_nat ((k_nat n) - 1)) is Element of S ) ); consistency for b1 being Element of S holds verum; ; end; :: deftheorem Def61 defines PrePath MODELC_1:def_61_:_ for S being non empty set for R being total Relation of S,S for s0 being Element of S for pai being inf_path of R for n being set holds ( ( n = 0 implies PrePath (n,s0,pai) = s0 ) & ( not n = 0 implies PrePath (n,s0,pai) = pai . (k_nat ((k_nat n) - 1)) ) ); theorem Th27: :: MODELC_1:27 for S being non empty set for R being total Relation of S,S for s0, s1 being Element of S st [s0,s1] in R holds ex pai being inf_path of R st ( pai . 0 = s0 & pai . 1 = s1 ) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for s0, s1 being Element of S st [s0,s1] in R holds ex pai being inf_path of R st ( pai . 0 = s0 & pai . 1 = s1 ) let R be total Relation of S,S; ::_thesis: for s0, s1 being Element of S st [s0,s1] in R holds ex pai being inf_path of R st ( pai . 0 = s0 & pai . 1 = s1 ) let s0, s1 be Element of S; ::_thesis: ( [s0,s1] in R implies ex pai being inf_path of R st ( pai . 0 = s0 & pai . 1 = s1 ) ) consider pai1 being inf_path of R such that A1: pai1 . 0 = s1 by Th25; deffunc H1( set ) -> Element of S = PrePath ($1,s0,pai1); A2: for x being set st x in NAT holds H1(x) in S ; consider pai being Function of NAT,S such that A3: for n being set st n in NAT holds pai . n = H1(n) from FUNCT_2:sch_2(A2); assume A4: [s0,s1] in R ; ::_thesis: ex pai being inf_path of R st ( pai . 0 = s0 & pai . 1 = s1 ) for n being Element of NAT holds [(pai . n),(pai . (n + 1))] in R proof let n be Element of NAT ; ::_thesis: [(pai . n),(pai . (n + 1))] in R set n1 = n + 1; set n0 = n - 1; percases ( n = 0 or n <> 0 ) ; supposeA5: n = 0 ; ::_thesis: [(pai . n),(pai . (n + 1))] in R then A6: k_nat ((k_nat (n + 1)) - 1) = k_nat (1 - 1) by Def2 .= 0 by Def2 ; A7: pai . n = H1(n) by A3 .= s0 by A5, Def61 ; pai . (n + 1) = H1(n + 1) by A3 .= s1 by A1, A6, Def61 ; hence [(pai . n),(pai . (n + 1))] in R by A4, A7; ::_thesis: verum end; supposeA8: n <> 0 ; ::_thesis: [(pai . n),(pai . (n + 1))] in R then reconsider n0 = n - 1 as Element of NAT by NAT_1:20; A9: pai . (n + 1) = H1(n + 1) by A3 .= pai1 . (k_nat ((k_nat (n + 1)) - 1)) by Def61 .= pai1 . (k_nat ((n + 1) - 1)) by Def2 .= pai1 . (n0 + 1) by Def2 ; pai . n = H1(n) by A3 .= pai1 . (k_nat ((k_nat n) - 1)) by A8, Def61 .= pai1 . (k_nat (n - 1)) by Def2 .= pai1 . n0 by Def2 ; hence [(pai . n),(pai . (n + 1))] in R by A9, Def39; ::_thesis: verum end; end; end; then reconsider pai = pai as inf_path of R by Def39; A10: pai . 0 = H1( 0 ) by A3 .= s0 by Def61 ; take pai ; ::_thesis: ( pai . 0 = s0 & pai . 1 = s1 ) pai . 1 = H1(1) by A3 .= pai1 . (k_nat ((k_nat 1) - 1)) by Def61 .= pai1 . (k_nat (1 - 1)) by Def2 .= s1 by A1, Def2 ; hence ( pai . 0 = s0 & pai . 1 = s1 ) by A10; ::_thesis: verum end; theorem Th28: :: MODELC_1:28 for S being non empty set for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds ( s |= EX f iff ex s1 being Element of S st ( [s,s1] in R & s1 |= f ) ) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds ( s |= EX f iff ex s1 being Element of S st ( [s,s1] in R & s1 |= f ) ) let R be total Relation of S,S; ::_thesis: for s being Element of S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds ( s |= EX f iff ex s1 being Element of S st ( [s,s1] in R & s1 |= f ) ) let s be Element of S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds ( s |= EX f iff ex s1 being Element of S st ( [s,s1] in R & s1 |= f ) ) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f being Assign of (BASSModel (R,BASSIGN)) holds ( s |= EX f iff ex s1 being Element of S st ( [s,s1] in R & s1 |= f ) ) let f be Assign of (BASSModel (R,BASSIGN)); ::_thesis: ( s |= EX f iff ex s1 being Element of S st ( [s,s1] in R & s1 |= f ) ) A1: ( s |= EX f implies ex s1 being Element of S st ( [s,s1] in R & s1 |= f ) ) proof assume s |= EX f ; ::_thesis: ex s1 being Element of S st ( [s,s1] in R & s1 |= f ) then consider pai being inf_path of R such that A2: pai . 0 = s and A3: pai . 1 |= f by Th14; [(pai . 0),(pai . (0 + 1))] in R by Def39; hence ex s1 being Element of S st ( [s,s1] in R & s1 |= f ) by A2, A3; ::_thesis: verum end; ( ex s1 being Element of S st ( [s,s1] in R & s1 |= f ) implies s |= EX f ) proof given s1 being Element of S such that A4: [s,s1] in R and A5: s1 |= f ; ::_thesis: s |= EX f ex pai being inf_path of R st ( pai . 0 = s & pai . 1 = s1 ) by A4, Th27; hence s |= EX f by A5, Th14; ::_thesis: verum end; hence ( s |= EX f iff ex s1 being Element of S st ( [s,s1] in R & s1 |= f ) ) by A1; ::_thesis: verum end; definition let S be non empty set ; let R be total Relation of S,S; let H be Subset of S; func Pred (H,R) -> Subset of S equals :: MODELC_1:def 62 { s where s is Element of S : ex t being Element of S st ( t in H & [s,t] in R ) } ; coherence { s where s is Element of S : ex t being Element of S st ( t in H & [s,t] in R ) } is Subset of S proof set P = { s where s is Element of S : ex t being Element of S st ( t in H & [s,t] in R ) } ; { s where s is Element of S : ex t being Element of S st ( t in H & [s,t] in R ) } c= S proof let x be set ; :: according to TARSKI:def_3 ::_thesis: ( not x in { s where s is Element of S : ex t being Element of S st ( t in H & [s,t] in R ) } or x in S ) assume x in { s where s is Element of S : ex t being Element of S st ( t in H & [s,t] in R ) } ; ::_thesis: x in S then ex s being Element of S st ( x = s & ex t being Element of S st ( t in H & [s,t] in R ) ) ; hence x in S ; ::_thesis: verum end; hence { s where s is Element of S : ex t being Element of S st ( t in H & [s,t] in R ) } is Subset of S ; ::_thesis: verum end; end; :: deftheorem defines Pred MODELC_1:def_62_:_ for S being non empty set for R being total Relation of S,S for H being Subset of S holds Pred (H,R) = { s where s is Element of S : ex t being Element of S st ( t in H & [s,t] in R ) } ; definition let S be non empty set ; let R be total Relation of S,S; let BASSIGN be non empty Subset of (ModelSP S); let f be Assign of (BASSModel (R,BASSIGN)); func SIGMA f -> Subset of S equals :: MODELC_1:def 63 { s where s is Element of S : s |= f } ; correctness coherence { s where s is Element of S : s |= f } is Subset of S; proof set P = { s where s is Element of S : s |= f } ; { s where s is Element of S : s |= f } c= S proof let x be set ; :: according to TARSKI:def_3 ::_thesis: ( not x in { s where s is Element of S : s |= f } or x in S ) assume x in { s where s is Element of S : s |= f } ; ::_thesis: x in S then ex s being Element of S st ( x = s & s |= f ) ; hence x in S ; ::_thesis: verum end; hence { s where s is Element of S : s |= f } is Subset of S ; ::_thesis: verum end; end; :: deftheorem defines SIGMA MODELC_1:def_63_:_ for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds SIGMA f = { s where s is Element of S : s |= f } ; Lm41: for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds SIGMA f = { s where s is Element of S : (Fid (f,S)) . s = TRUE } proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds SIGMA f = { s where s is Element of S : (Fid (f,S)) . s = TRUE } let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds SIGMA f = { s where s is Element of S : (Fid (f,S)) . s = TRUE } let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f being Assign of (BASSModel (R,BASSIGN)) holds SIGMA f = { s where s is Element of S : (Fid (f,S)) . s = TRUE } let f be Assign of (BASSModel (R,BASSIGN)); ::_thesis: SIGMA f = { s where s is Element of S : (Fid (f,S)) . s = TRUE } A1: for x being set st x in { s where s is Element of S : (Fid (f,S)) . s = TRUE } holds x in SIGMA f proof let x be set ; ::_thesis: ( x in { s where s is Element of S : (Fid (f,S)) . s = TRUE } implies x in SIGMA f ) assume x in { s where s is Element of S : (Fid (f,S)) . s = TRUE } ; ::_thesis: x in SIGMA f then consider s being Element of S such that A2: x = s and A3: (Fid (f,S)) . s = TRUE ; s |= f by A3, Def59; hence x in SIGMA f by A2; ::_thesis: verum end; for x being set st x in SIGMA f holds x in { s where s is Element of S : (Fid (f,S)) . s = TRUE } proof let x be set ; ::_thesis: ( x in SIGMA f implies x in { s where s is Element of S : (Fid (f,S)) . s = TRUE } ) assume x in SIGMA f ; ::_thesis: x in { s where s is Element of S : (Fid (f,S)) . s = TRUE } then consider s being Element of S such that A4: x = s and A5: s |= f ; (Fid (f,S)) . s = TRUE by A5, Def59; hence x in { s where s is Element of S : (Fid (f,S)) . s = TRUE } by A4; ::_thesis: verum end; hence SIGMA f = { s where s is Element of S : (Fid (f,S)) . s = TRUE } by A1, TARSKI:1; ::_thesis: verum end; Lm42: for X being non empty set for f, g being Function of X,BOOLEAN st { x where x is Element of X : f . x = TRUE } = { x where x is Element of X : g . x = TRUE } holds f = g proof let X be non empty set ; ::_thesis: for f, g being Function of X,BOOLEAN st { x where x is Element of X : f . x = TRUE } = { x where x is Element of X : g . x = TRUE } holds f = g let f, g be Function of X,BOOLEAN; ::_thesis: ( { x where x is Element of X : f . x = TRUE } = { x where x is Element of X : g . x = TRUE } implies f = g ) set F = { x where x is Element of X : f . x = TRUE } ; set G = { x where x is Element of X : g . x = TRUE } ; assume A1: { x where x is Element of X : f . x = TRUE } = { x where x is Element of X : g . x = TRUE } ; ::_thesis: f = g for p being set st p in X holds f . p = g . p proof let p be set ; ::_thesis: ( p in X implies f . p = g . p ) assume A2: p in X ; ::_thesis: f . p = g . p percases ( p in { x where x is Element of X : f . x = TRUE } or not p in { x where x is Element of X : f . x = TRUE } ) ; supposeA3: p in { x where x is Element of X : f . x = TRUE } ; ::_thesis: f . p = g . p then A4: ex x1 being Element of X st ( x1 = p & f . x1 = TRUE ) ; ex x2 being Element of X st ( x2 = p & g . x2 = TRUE ) by A1, A3; hence f . p = g . p by A4; ::_thesis: verum end; supposeA5: not p in { x where x is Element of X : f . x = TRUE } ; ::_thesis: f . p = g . p A6: f . p = FALSE proof assume A7: f . p <> FALSE ; ::_thesis: contradiction f . p in BOOLEAN by A2, FUNCT_2:5; then f . p = TRUE by A7, TARSKI:def_2; hence contradiction by A2, A5; ::_thesis: verum end; g . p = FALSE proof assume A8: g . p <> FALSE ; ::_thesis: contradiction g . p in BOOLEAN by A2, FUNCT_2:5; then g . p = TRUE by A8, TARSKI:def_2; hence contradiction by A1, A2, A5; ::_thesis: verum end; hence f . p = g . p by A6; ::_thesis: verum end; end; end; hence f = g by FUNCT_2:12; ::_thesis: verum end; Lm43: for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) st Fid (f,S) = Fid (g,S) holds f = g proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) st Fid (f,S) = Fid (g,S) holds f = g let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) st Fid (f,S) = Fid (g,S) holds f = g let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f, g being Assign of (BASSModel (R,BASSIGN)) st Fid (f,S) = Fid (g,S) holds f = g let f, g be Assign of (BASSModel (R,BASSIGN)); ::_thesis: ( Fid (f,S) = Fid (g,S) implies f = g ) Fid (f,S) = f by Def41; hence ( Fid (f,S) = Fid (g,S) implies f = g ) by Def41; ::_thesis: verum end; theorem :: MODELC_1:29 for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) st SIGMA f = SIGMA g holds f = g proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) st SIGMA f = SIGMA g holds f = g let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) st SIGMA f = SIGMA g holds f = g let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f, g being Assign of (BASSModel (R,BASSIGN)) st SIGMA f = SIGMA g holds f = g let f, g be Assign of (BASSModel (R,BASSIGN)); ::_thesis: ( SIGMA f = SIGMA g implies f = g ) assume A1: SIGMA f = SIGMA g ; ::_thesis: f = g SIGMA f = { s where s is Element of S : (Fid (f,S)) . s = TRUE } by Lm41; then { s where s is Element of S : (Fid (f,S)) . s = TRUE } = { s where s is Element of S : (Fid (g,S)) . s = TRUE } by A1, Lm41; hence f = g by Lm42, Lm43; ::_thesis: verum end; definition let S be non empty set ; let R be total Relation of S,S; let BASSIGN be non empty Subset of (ModelSP S); let T be Subset of S; func Tau (T,R,BASSIGN) -> Assign of (BASSModel (R,BASSIGN)) means :Def64: :: MODELC_1:def 64 for s being set st s in S holds (Fid (it,S)) . s = (chi (T,S)) . s; existence ex b1 being Assign of (BASSModel (R,BASSIGN)) st for s being set st s in S holds (Fid (b1,S)) . s = (chi (T,S)) . s proof deffunc H1( set ) -> set = (chi (T,S)) . $1; A1: for x being set st x in S holds H1(x) in BOOLEAN proof let x be set ; ::_thesis: ( x in S implies H1(x) in BOOLEAN ) assume A2: x in S ; ::_thesis: H1(x) in BOOLEAN percases ( x in T or not x in T ) ; suppose x in T ; ::_thesis: H1(x) in BOOLEAN then H1(x) = 1 by FUNCT_3:def_3; hence H1(x) in BOOLEAN by TARSKI:def_2; ::_thesis: verum end; suppose not x in T ; ::_thesis: H1(x) in BOOLEAN then H1(x) = 0 by A2, FUNCT_3:def_3; hence H1(x) in BOOLEAN by TARSKI:def_2; ::_thesis: verum end; end; end; consider IT being Function of S,BOOLEAN such that A3: for x being set st x in S holds IT . x = H1(x) from FUNCT_2:sch_2(A1); reconsider IT = IT as Assign of (BASSModel (R,BASSIGN)) by FUNCT_2:8; take IT ; ::_thesis: for s being set st s in S holds (Fid (IT,S)) . s = (chi (T,S)) . s Fid (IT,S) = IT by Def41; hence for s being set st s in S holds (Fid (IT,S)) . s = (chi (T,S)) . s by A3; ::_thesis: verum end; uniqueness for b1, b2 being Assign of (BASSModel (R,BASSIGN)) st ( for s being set st s in S holds (Fid (b1,S)) . s = (chi (T,S)) . s ) & ( for s being set st s in S holds (Fid (b2,S)) . s = (chi (T,S)) . s ) holds b1 = b2 proof let f1, f2 be Assign of (BASSModel (R,BASSIGN)); ::_thesis: ( ( for s being set st s in S holds (Fid (f1,S)) . s = (chi (T,S)) . s ) & ( for s being set st s in S holds (Fid (f2,S)) . s = (chi (T,S)) . s ) implies f1 = f2 ) assume that A4: for s being set st s in S holds (Fid (f1,S)) . s = (chi (T,S)) . s and A5: for s being set st s in S holds (Fid (f2,S)) . s = (chi (T,S)) . s ; ::_thesis: f1 = f2 for s being set st s in S holds (Fid (f1,S)) . s = (Fid (f2,S)) . s proof let s be set ; ::_thesis: ( s in S implies (Fid (f1,S)) . s = (Fid (f2,S)) . s ) assume A6: s in S ; ::_thesis: (Fid (f1,S)) . s = (Fid (f2,S)) . s (Fid (f1,S)) . s = (chi (T,S)) . s by A4, A6 .= (Fid (f2,S)) . s by A5, A6 ; hence (Fid (f1,S)) . s = (Fid (f2,S)) . s ; ::_thesis: verum end; hence f1 = f2 by Lm43, FUNCT_2:12; ::_thesis: verum end; end; :: deftheorem Def64 defines Tau MODELC_1:def_64_:_ for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for T being Subset of S for b5 being Assign of (BASSModel (R,BASSIGN)) holds ( b5 = Tau (T,R,BASSIGN) iff for s being set st s in S holds (Fid (b5,S)) . s = (chi (T,S)) . s ); theorem :: MODELC_1:30 for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for T1, T2 being Subset of S st Tau (T1,R,BASSIGN) = Tau (T2,R,BASSIGN) holds T1 = T2 proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for T1, T2 being Subset of S st Tau (T1,R,BASSIGN) = Tau (T2,R,BASSIGN) holds T1 = T2 let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for T1, T2 being Subset of S st Tau (T1,R,BASSIGN) = Tau (T2,R,BASSIGN) holds T1 = T2 let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for T1, T2 being Subset of S st Tau (T1,R,BASSIGN) = Tau (T2,R,BASSIGN) holds T1 = T2 let T1, T2 be Subset of S; ::_thesis: ( Tau (T1,R,BASSIGN) = Tau (T2,R,BASSIGN) implies T1 = T2 ) set h1 = Tau (T1,R,BASSIGN); set h2 = Tau (T2,R,BASSIGN); assume A1: Tau (T1,R,BASSIGN) = Tau (T2,R,BASSIGN) ; ::_thesis: T1 = T2 A2: for s being set st s in T2 holds s in T1 proof let s be set ; ::_thesis: ( s in T2 implies s in T1 ) assume A3: s in T2 ; ::_thesis: s in T1 then (chi (T2,S)) . s = 1 by FUNCT_3:def_3; then (Fid ((Tau (T2,R,BASSIGN)),S)) . s = TRUE by A3, Def64; then (chi (T1,S)) . s = 1 by A1, A3, Def64; hence s in T1 by FUNCT_3:36; ::_thesis: verum end; for s being set st s in T1 holds s in T2 proof let s be set ; ::_thesis: ( s in T1 implies s in T2 ) assume A4: s in T1 ; ::_thesis: s in T2 then (chi (T1,S)) . s = 1 by FUNCT_3:def_3; then (Fid ((Tau (T1,R,BASSIGN)),S)) . s = TRUE by A4, Def64; then (chi (T2,S)) . s = 1 by A1, A4, Def64; hence s in T2 by FUNCT_3:36; ::_thesis: verum end; hence T1 = T2 by A2, TARSKI:1; ::_thesis: verum end; theorem Th31: :: MODELC_1:31 for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds Tau ((SIGMA f),R,BASSIGN) = f proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds Tau ((SIGMA f),R,BASSIGN) = f let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds Tau ((SIGMA f),R,BASSIGN) = f let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f being Assign of (BASSModel (R,BASSIGN)) holds Tau ((SIGMA f),R,BASSIGN) = f let f be Assign of (BASSModel (R,BASSIGN)); ::_thesis: Tau ((SIGMA f),R,BASSIGN) = f set T = SIGMA f; set g = Tau ((SIGMA f),R,BASSIGN); A1: SIGMA f = { s where s is Element of S : (Fid (f,S)) . s = TRUE } by Lm41; for s being set st s in S holds (Fid (f,S)) . s = (Fid ((Tau ((SIGMA f),R,BASSIGN)),S)) . s proof let s be set ; ::_thesis: ( s in S implies (Fid (f,S)) . s = (Fid ((Tau ((SIGMA f),R,BASSIGN)),S)) . s ) assume s in S ; ::_thesis: (Fid (f,S)) . s = (Fid ((Tau ((SIGMA f),R,BASSIGN)),S)) . s then reconsider s = s as Element of S ; percases ( s in SIGMA f or not s in SIGMA f ) ; supposeA2: s in SIGMA f ; ::_thesis: (Fid (f,S)) . s = (Fid ((Tau ((SIGMA f),R,BASSIGN)),S)) . s A3: (Fid ((Tau ((SIGMA f),R,BASSIGN)),S)) . s = (chi ((SIGMA f),S)) . s by Def64 .= 1 by A2, FUNCT_3:def_3 ; ex x being Element of S st ( x = s & (Fid (f,S)) . x = TRUE ) by A1, A2; hence (Fid (f,S)) . s = (Fid ((Tau ((SIGMA f),R,BASSIGN)),S)) . s by A3; ::_thesis: verum end; supposeA4: not s in SIGMA f ; ::_thesis: (Fid (f,S)) . s = (Fid ((Tau ((SIGMA f),R,BASSIGN)),S)) . s A5: (Fid (f,S)) . s = FALSE proof assume (Fid (f,S)) . s <> FALSE ; ::_thesis: contradiction then (Fid (f,S)) . s = TRUE by TARSKI:def_2; hence contradiction by A1, A4; ::_thesis: verum end; (Fid ((Tau ((SIGMA f),R,BASSIGN)),S)) . s = (chi ((SIGMA f),S)) . s by Def64 .= 0 by A4, FUNCT_3:def_3 ; hence (Fid (f,S)) . s = (Fid ((Tau ((SIGMA f),R,BASSIGN)),S)) . s by A5; ::_thesis: verum end; end; end; hence Tau ((SIGMA f),R,BASSIGN) = f by Lm43, FUNCT_2:12; ::_thesis: verum end; theorem Th32: :: MODELC_1:32 for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for T being Subset of S holds SIGMA (Tau (T,R,BASSIGN)) = T proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for T being Subset of S holds SIGMA (Tau (T,R,BASSIGN)) = T let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for T being Subset of S holds SIGMA (Tau (T,R,BASSIGN)) = T let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for T being Subset of S holds SIGMA (Tau (T,R,BASSIGN)) = T let T be Subset of S; ::_thesis: SIGMA (Tau (T,R,BASSIGN)) = T set f = Tau (T,R,BASSIGN); set U = SIGMA (Tau (T,R,BASSIGN)); A1: SIGMA (Tau (T,R,BASSIGN)) = { s where s is Element of S : (Fid ((Tau (T,R,BASSIGN)),S)) . s = TRUE } by Lm41; for s being set holds ( s in SIGMA (Tau (T,R,BASSIGN)) iff s in T ) proof let s be set ; ::_thesis: ( s in SIGMA (Tau (T,R,BASSIGN)) iff s in T ) thus ( s in SIGMA (Tau (T,R,BASSIGN)) implies s in T ) ::_thesis: ( s in T implies s in SIGMA (Tau (T,R,BASSIGN)) ) proof assume s in SIGMA (Tau (T,R,BASSIGN)) ; ::_thesis: s in T then ex t being Element of S st ( s = t & (Fid ((Tau (T,R,BASSIGN)),S)) . t = TRUE ) by A1; then (chi (T,S)) . s = TRUE by Def64; hence s in T by FUNCT_3:36; ::_thesis: verum end; assume A2: s in T ; ::_thesis: s in SIGMA (Tau (T,R,BASSIGN)) then (Fid ((Tau (T,R,BASSIGN)),S)) . s = (chi (T,S)) . s by Def64 .= 1 by A2, FUNCT_3:def_3 ; hence s in SIGMA (Tau (T,R,BASSIGN)) by A1, A2; ::_thesis: verum end; hence SIGMA (Tau (T,R,BASSIGN)) = T by TARSKI:1; ::_thesis: verum end; theorem Th33: :: MODELC_1:33 for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) holds ( SIGMA ('not' f) = S \ (SIGMA f) & SIGMA (f '&' g) = (SIGMA f) /\ (SIGMA g) & SIGMA (f 'or' g) = (SIGMA f) \/ (SIGMA g) ) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) holds ( SIGMA ('not' f) = S \ (SIGMA f) & SIGMA (f '&' g) = (SIGMA f) /\ (SIGMA g) & SIGMA (f 'or' g) = (SIGMA f) \/ (SIGMA g) ) let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) holds ( SIGMA ('not' f) = S \ (SIGMA f) & SIGMA (f '&' g) = (SIGMA f) /\ (SIGMA g) & SIGMA (f 'or' g) = (SIGMA f) \/ (SIGMA g) ) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f, g being Assign of (BASSModel (R,BASSIGN)) holds ( SIGMA ('not' f) = S \ (SIGMA f) & SIGMA (f '&' g) = (SIGMA f) /\ (SIGMA g) & SIGMA (f 'or' g) = (SIGMA f) \/ (SIGMA g) ) let f, g be Assign of (BASSModel (R,BASSIGN)); ::_thesis: ( SIGMA ('not' f) = S \ (SIGMA f) & SIGMA (f '&' g) = (SIGMA f) /\ (SIGMA g) & SIGMA (f 'or' g) = (SIGMA f) \/ (SIGMA g) ) A1: for s being set holds ( s in SIGMA ('not' f) iff s in S \ (SIGMA f) ) proof let s be set ; ::_thesis: ( s in SIGMA ('not' f) iff s in S \ (SIGMA f) ) A2: ( s in SIGMA ('not' f) implies s in S \ (SIGMA f) ) proof assume A3: s in SIGMA ('not' f) ; ::_thesis: s in S \ (SIGMA f) then A4: ex x being Element of S st ( x = s & x |= 'not' f ) ; reconsider s = s as Element of S by A3; not s in SIGMA f proof assume s in SIGMA f ; ::_thesis: contradiction then ex y being Element of S st ( y = s & y |= f ) ; hence contradiction by A4, Th12; ::_thesis: verum end; hence s in S \ (SIGMA f) by XBOOLE_0:def_5; ::_thesis: verum end; ( s in S \ (SIGMA f) implies s in SIGMA ('not' f) ) proof assume A5: s in S \ (SIGMA f) ; ::_thesis: s in SIGMA ('not' f) then reconsider s = s as Element of S ; not s in SIGMA f by A5, XBOOLE_0:def_5; then s |/= f ; then s |= 'not' f by Th12; hence s in SIGMA ('not' f) ; ::_thesis: verum end; hence ( s in SIGMA ('not' f) iff s in S \ (SIGMA f) ) by A2; ::_thesis: verum end; A6: for s being set holds ( s in SIGMA (f 'or' g) iff s in (SIGMA f) \/ (SIGMA g) ) proof let s be set ; ::_thesis: ( s in SIGMA (f 'or' g) iff s in (SIGMA f) \/ (SIGMA g) ) A7: ( s in (SIGMA f) \/ (SIGMA g) implies s in SIGMA (f 'or' g) ) proof assume A8: s in (SIGMA f) \/ (SIGMA g) ; ::_thesis: s in SIGMA (f 'or' g) percases ( s in SIGMA f or s in SIGMA g ) by A8, XBOOLE_0:def_3; supposeA9: s in SIGMA f ; ::_thesis: s in SIGMA (f 'or' g) then A10: ex x being Element of S st ( x = s & x |= f ) ; reconsider s = s as Element of S by A9; s |= f 'or' g by A10, Th17; hence s in SIGMA (f 'or' g) ; ::_thesis: verum end; supposeA11: s in SIGMA g ; ::_thesis: s in SIGMA (f 'or' g) then A12: ex x being Element of S st ( x = s & x |= g ) ; reconsider s = s as Element of S by A11; s |= f 'or' g by A12, Th17; hence s in SIGMA (f 'or' g) ; ::_thesis: verum end; end; end; ( s in SIGMA (f 'or' g) implies s in (SIGMA f) \/ (SIGMA g) ) proof assume A13: s in SIGMA (f 'or' g) ; ::_thesis: s in (SIGMA f) \/ (SIGMA g) then A14: ex x being Element of S st ( x = s & x |= f 'or' g ) ; reconsider s = s as Element of S by A13; percases ( s |= f or s |= g ) by A14, Th17; suppose s |= f ; ::_thesis: s in (SIGMA f) \/ (SIGMA g) then s in SIGMA f ; hence s in (SIGMA f) \/ (SIGMA g) by XBOOLE_0:def_3; ::_thesis: verum end; suppose s |= g ; ::_thesis: s in (SIGMA f) \/ (SIGMA g) then s in SIGMA g ; hence s in (SIGMA f) \/ (SIGMA g) by XBOOLE_0:def_3; ::_thesis: verum end; end; end; hence ( s in SIGMA (f 'or' g) iff s in (SIGMA f) \/ (SIGMA g) ) by A7; ::_thesis: verum end; for s being set holds ( s in SIGMA (f '&' g) iff s in (SIGMA f) /\ (SIGMA g) ) proof let s be set ; ::_thesis: ( s in SIGMA (f '&' g) iff s in (SIGMA f) /\ (SIGMA g) ) thus ( s in SIGMA (f '&' g) implies s in (SIGMA f) /\ (SIGMA g) ) ::_thesis: ( s in (SIGMA f) /\ (SIGMA g) implies s in SIGMA (f '&' g) ) proof assume A15: s in SIGMA (f '&' g) ; ::_thesis: s in (SIGMA f) /\ (SIGMA g) then A16: ex x being Element of S st ( x = s & x |= f '&' g ) ; reconsider s = s as Element of S by A15; s |= g by A16, Th13; then A17: s in SIGMA g ; s |= f by A16, Th13; then s in SIGMA f ; hence s in (SIGMA f) /\ (SIGMA g) by A17, XBOOLE_0:def_4; ::_thesis: verum end; assume A18: s in (SIGMA f) /\ (SIGMA g) ; ::_thesis: s in SIGMA (f '&' g) then A19: s in SIGMA g by XBOOLE_0:def_4; s in SIGMA f by A18, XBOOLE_0:def_4; then A20: ex x being Element of S st ( x = s & x |= f ) ; reconsider s = s as Element of S by A18; ex y being Element of S st ( y = s & y |= g ) by A19; then s |= f '&' g by A20, Th13; hence s in SIGMA (f '&' g) ; ::_thesis: verum end; hence ( SIGMA ('not' f) = S \ (SIGMA f) & SIGMA (f '&' g) = (SIGMA f) /\ (SIGMA g) & SIGMA (f 'or' g) = (SIGMA f) \/ (SIGMA g) ) by A1, A6, TARSKI:1; ::_thesis: verum end; theorem Th34: :: MODELC_1:34 for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for G1, G2 being Subset of S st G1 c= G2 holds for s being Element of S st s |= Tau (G1,R,BASSIGN) holds s |= Tau (G2,R,BASSIGN) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for G1, G2 being Subset of S st G1 c= G2 holds for s being Element of S st s |= Tau (G1,R,BASSIGN) holds s |= Tau (G2,R,BASSIGN) let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for G1, G2 being Subset of S st G1 c= G2 holds for s being Element of S st s |= Tau (G1,R,BASSIGN) holds s |= Tau (G2,R,BASSIGN) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for G1, G2 being Subset of S st G1 c= G2 holds for s being Element of S st s |= Tau (G1,R,BASSIGN) holds s |= Tau (G2,R,BASSIGN) let G1, G2 be Subset of S; ::_thesis: ( G1 c= G2 implies for s being Element of S st s |= Tau (G1,R,BASSIGN) holds s |= Tau (G2,R,BASSIGN) ) set Tau1 = Tau (G1,R,BASSIGN); set Tau2 = Tau (G2,R,BASSIGN); assume A1: G1 c= G2 ; ::_thesis: for s being Element of S st s |= Tau (G1,R,BASSIGN) holds s |= Tau (G2,R,BASSIGN) let s be Element of S; ::_thesis: ( s |= Tau (G1,R,BASSIGN) implies s |= Tau (G2,R,BASSIGN) ) assume s |= Tau (G1,R,BASSIGN) ; ::_thesis: s |= Tau (G2,R,BASSIGN) then (Fid ((Tau (G1,R,BASSIGN)),S)) . s = TRUE by Def59; then (chi (G1,S)) . s = 1 by Def64; then s in G1 by FUNCT_3:def_3; then (chi (G2,S)) . s = 1 by A1, FUNCT_3:def_3; then (Fid ((Tau (G2,R,BASSIGN)),S)) . s = TRUE by Def64; hence s |= Tau (G2,R,BASSIGN) by Def59; ::_thesis: verum end; theorem Th35: :: MODELC_1:35 for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f1, f2 being Assign of (BASSModel (R,BASSIGN)) st ( for s being Element of S st s |= f1 holds s |= f2 ) holds SIGMA f1 c= SIGMA f2 proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f1, f2 being Assign of (BASSModel (R,BASSIGN)) st ( for s being Element of S st s |= f1 holds s |= f2 ) holds SIGMA f1 c= SIGMA f2 let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f1, f2 being Assign of (BASSModel (R,BASSIGN)) st ( for s being Element of S st s |= f1 holds s |= f2 ) holds SIGMA f1 c= SIGMA f2 let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f1, f2 being Assign of (BASSModel (R,BASSIGN)) st ( for s being Element of S st s |= f1 holds s |= f2 ) holds SIGMA f1 c= SIGMA f2 let f1, f2 be Assign of (BASSModel (R,BASSIGN)); ::_thesis: ( ( for s being Element of S st s |= f1 holds s |= f2 ) implies SIGMA f1 c= SIGMA f2 ) assume A1: for s being Element of S st s |= f1 holds s |= f2 ; ::_thesis: SIGMA f1 c= SIGMA f2 let x be set ; :: according to TARSKI:def_3 ::_thesis: ( not x in SIGMA f1 or x in SIGMA f2 ) assume x in SIGMA f1 ; ::_thesis: x in SIGMA f2 then consider s being Element of S such that A2: x = s and A3: s |= f1 ; s |= f2 by A1, A3; hence x in SIGMA f2 by A2; ::_thesis: verum end; definition let S be non empty set ; let R be total Relation of S,S; let BASSIGN be non empty Subset of (ModelSP S); let f, g be Assign of (BASSModel (R,BASSIGN)); func Fax (f,g) -> Assign of (BASSModel (R,BASSIGN)) equals :: MODELC_1:def 65 f '&' (EX g); correctness coherence f '&' (EX g) is Assign of (BASSModel (R,BASSIGN)); ; end; :: deftheorem defines Fax MODELC_1:def_65_:_ for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) holds Fax (f,g) = f '&' (EX g); theorem Th36: :: MODELC_1:36 for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g1, g2 being Assign of (BASSModel (R,BASSIGN)) st ( for s being Element of S st s |= g1 holds s |= g2 ) holds for s being Element of S st s |= Fax (f,g1) holds s |= Fax (f,g2) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g1, g2 being Assign of (BASSModel (R,BASSIGN)) st ( for s being Element of S st s |= g1 holds s |= g2 ) holds for s being Element of S st s |= Fax (f,g1) holds s |= Fax (f,g2) let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f, g1, g2 being Assign of (BASSModel (R,BASSIGN)) st ( for s being Element of S st s |= g1 holds s |= g2 ) holds for s being Element of S st s |= Fax (f,g1) holds s |= Fax (f,g2) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f, g1, g2 being Assign of (BASSModel (R,BASSIGN)) st ( for s being Element of S st s |= g1 holds s |= g2 ) holds for s being Element of S st s |= Fax (f,g1) holds s |= Fax (f,g2) let f, g1, g2 be Assign of (BASSModel (R,BASSIGN)); ::_thesis: ( ( for s being Element of S st s |= g1 holds s |= g2 ) implies for s being Element of S st s |= Fax (f,g1) holds s |= Fax (f,g2) ) assume A1: for s being Element of S st s |= g1 holds s |= g2 ; ::_thesis: for s being Element of S st s |= Fax (f,g1) holds s |= Fax (f,g2) let s be Element of S; ::_thesis: ( s |= Fax (f,g1) implies s |= Fax (f,g2) ) assume A2: s |= Fax (f,g1) ; ::_thesis: s |= Fax (f,g2) then s |= EX g1 by Th13; then consider pai being inf_path of R such that A3: pai . 0 = s and A4: pai . 1 |= g1 by Th14; pai . 1 |= g2 by A1, A4; then A5: s |= EX g2 by A3, Th14; s |= f by A2, Th13; hence s |= Fax (f,g2) by A5, Th13; ::_thesis: verum end; definition let S be non empty set ; let R be total Relation of S,S; let BASSIGN be non empty Subset of (ModelSP S); let f be Assign of (BASSModel (R,BASSIGN)); let G be Subset of S; func SigFaxTau (f,G,R,BASSIGN) -> Subset of S equals :: MODELC_1:def 66 SIGMA (Fax (f,(Tau (G,R,BASSIGN)))); coherence SIGMA (Fax (f,(Tau (G,R,BASSIGN)))) is Subset of S ; end; :: deftheorem defines SigFaxTau MODELC_1:def_66_:_ for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) for G being Subset of S holds SigFaxTau (f,G,R,BASSIGN) = SIGMA (Fax (f,(Tau (G,R,BASSIGN)))); theorem Th37: :: MODELC_1:37 for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) for G1, G2 being Subset of S st G1 c= G2 holds SigFaxTau (f,G1,R,BASSIGN) c= SigFaxTau (f,G2,R,BASSIGN) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) for G1, G2 being Subset of S st G1 c= G2 holds SigFaxTau (f,G1,R,BASSIGN) c= SigFaxTau (f,G2,R,BASSIGN) let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) for G1, G2 being Subset of S st G1 c= G2 holds SigFaxTau (f,G1,R,BASSIGN) c= SigFaxTau (f,G2,R,BASSIGN) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f being Assign of (BASSModel (R,BASSIGN)) for G1, G2 being Subset of S st G1 c= G2 holds SigFaxTau (f,G1,R,BASSIGN) c= SigFaxTau (f,G2,R,BASSIGN) let f be Assign of (BASSModel (R,BASSIGN)); ::_thesis: for G1, G2 being Subset of S st G1 c= G2 holds SigFaxTau (f,G1,R,BASSIGN) c= SigFaxTau (f,G2,R,BASSIGN) let G1, G2 be Subset of S; ::_thesis: ( G1 c= G2 implies SigFaxTau (f,G1,R,BASSIGN) c= SigFaxTau (f,G2,R,BASSIGN) ) assume G1 c= G2 ; ::_thesis: SigFaxTau (f,G1,R,BASSIGN) c= SigFaxTau (f,G2,R,BASSIGN) then for s being Element of S st s |= Tau (G1,R,BASSIGN) holds s |= Tau (G2,R,BASSIGN) by Th34; then for s being Element of S st s |= Fax (f,(Tau (G1,R,BASSIGN))) holds s |= Fax (f,(Tau (G2,R,BASSIGN))) by Th36; hence SigFaxTau (f,G1,R,BASSIGN) c= SigFaxTau (f,G2,R,BASSIGN) by Th35; ::_thesis: verum end; definition let S be non empty set ; let R be total Relation of S,S; let pai be inf_path of R; let k be Element of NAT ; func PathShift (pai,k) -> inf_path of R means :Def67: :: MODELC_1:def 67 for n being Element of NAT holds it . n = pai . (n + k); existence ex b1 being inf_path of R st for n being Element of NAT holds b1 . n = pai . (n + k) proof deffunc H1( set ) -> Element of S = pai . ((k_nat $1) + k); A1: for x being set st x in NAT holds H1(x) in S ; consider IT being Function of NAT,S such that A2: for n being set st n in NAT holds IT . n = H1(n) from FUNCT_2:sch_2(A1); A3: for n being Element of NAT holds IT . n = pai . (n + k) proof let n be Element of NAT ; ::_thesis: IT . n = pai . (n + k) H1(n) = pai . (n + k) by Def2; hence IT . n = pai . (n + k) by A2; ::_thesis: verum end; for n being Element of NAT holds [(IT . n),(IT . (n + 1))] in R proof let n be Element of NAT ; ::_thesis: [(IT . n),(IT . (n + 1))] in R set n1 = n + 1; set n2 = n + k; A4: IT . (n + 1) = pai . ((n + 1) + k) by A3 .= pai . ((n + k) + 1) ; IT . n = pai . (n + k) by A3; hence [(IT . n),(IT . (n + 1))] in R by A4, Def39; ::_thesis: verum end; then reconsider IT = IT as inf_path of R by Def39; take IT ; ::_thesis: for n being Element of NAT holds IT . n = pai . (n + k) thus for n being Element of NAT holds IT . n = pai . (n + k) by A3; ::_thesis: verum end; uniqueness for b1, b2 being inf_path of R st ( for n being Element of NAT holds b1 . n = pai . (n + k) ) & ( for n being Element of NAT holds b2 . n = pai . (n + k) ) holds b1 = b2 proof for pai1, pai2 being inf_path of R st ( for n being Element of NAT holds pai1 . n = pai . (n + k) ) & ( for n being Element of NAT holds pai2 . n = pai . (n + k) ) holds pai1 = pai2 proof let pai1, pai2 be inf_path of R; ::_thesis: ( ( for n being Element of NAT holds pai1 . n = pai . (n + k) ) & ( for n being Element of NAT holds pai2 . n = pai . (n + k) ) implies pai1 = pai2 ) assume that A5: for n being Element of NAT holds pai1 . n = pai . (n + k) and A6: for n being Element of NAT holds pai2 . n = pai . (n + k) ; ::_thesis: pai1 = pai2 for x being set st x in NAT holds pai1 . x = pai2 . x proof let x be set ; ::_thesis: ( x in NAT implies pai1 . x = pai2 . x ) assume x in NAT ; ::_thesis: pai1 . x = pai2 . x then reconsider x = x as Element of NAT ; pai1 . x = pai . (x + k) by A5 .= pai2 . x by A6 ; hence pai1 . x = pai2 . x ; ::_thesis: verum end; hence pai1 = pai2 by FUNCT_2:12; ::_thesis: verum end; hence for b1, b2 being inf_path of R st ( for n being Element of NAT holds b1 . n = pai . (n + k) ) & ( for n being Element of NAT holds b2 . n = pai . (n + k) ) holds b1 = b2 ; ::_thesis: verum end; end; :: deftheorem Def67 defines PathShift MODELC_1:def_67_:_ for S being non empty set for R being total Relation of S,S for pai being inf_path of R for k being Element of NAT for b5 being inf_path of R holds ( b5 = PathShift (pai,k) iff for n being Element of NAT holds b5 . n = pai . (n + k) ); definition let S be non empty set ; let R be total Relation of S,S; let pai1, pai2 be inf_path of R; let n, k be Element of NAT ; func PathChange (pai1,pai2,k,n) -> set equals :Def68: :: MODELC_1:def 68 pai1 . n if n < k otherwise pai2 . (n - k); correctness coherence ( ( n < k implies pai1 . n is set ) & ( not n < k implies pai2 . (n - k) is set ) ); consistency for b1 being set holds verum; ; end; :: deftheorem Def68 defines PathChange MODELC_1:def_68_:_ for S being non empty set for R being total Relation of S,S for pai1, pai2 being inf_path of R for n, k being Element of NAT holds ( ( n < k implies PathChange (pai1,pai2,k,n) = pai1 . n ) & ( not n < k implies PathChange (pai1,pai2,k,n) = pai2 . (n - k) ) ); definition let S be non empty set ; let R be total Relation of S,S; let pai1, pai2 be inf_path of R; let k be Element of NAT ; func PathConc (pai1,pai2,k) -> Function of NAT,S means :Def69: :: MODELC_1:def 69 for n being Element of NAT holds it . n = PathChange (pai1,pai2,k,n); existence ex b1 being Function of NAT,S st for n being Element of NAT holds b1 . n = PathChange (pai1,pai2,k,n) proof deffunc H1( set ) -> set = PathChange (pai1,pai2,k,(k_nat $1)); A1: for n being set st n in NAT holds H1(n) in S proof let n be set ; ::_thesis: ( n in NAT implies H1(n) in S ) assume n in NAT ; ::_thesis: H1(n) in S then reconsider n = n as Element of NAT ; set x = PathChange (pai1,pai2,k,n); A2: H1(n) = PathChange (pai1,pai2,k,n) by Def2; percases ( n < k or not n < k ) ; suppose n < k ; ::_thesis: H1(n) in S then PathChange (pai1,pai2,k,n) = pai1 . n by Def68; hence H1(n) in S by A2; ::_thesis: verum end; supposeA3: not n < k ; ::_thesis: H1(n) in S set m = n - k; reconsider m = n - k as Element of NAT by A3, NAT_1:21; PathChange (pai1,pai2,k,n) = pai2 . m by A3, Def68; hence H1(n) in S by A2; ::_thesis: verum end; end; end; consider IT being Function of NAT,S such that A4: for n being set st n in NAT holds IT . n = H1(n) from FUNCT_2:sch_2(A1); take IT ; ::_thesis: for n being Element of NAT holds IT . n = PathChange (pai1,pai2,k,n) let n be Element of NAT ; ::_thesis: IT . n = PathChange (pai1,pai2,k,n) k_nat n = n by Def2; hence IT . n = PathChange (pai1,pai2,k,n) by A4; ::_thesis: verum end; uniqueness for b1, b2 being Function of NAT,S st ( for n being Element of NAT holds b1 . n = PathChange (pai1,pai2,k,n) ) & ( for n being Element of NAT holds b2 . n = PathChange (pai1,pai2,k,n) ) holds b1 = b2 proof let f1, f2 be Function of NAT,S; ::_thesis: ( ( for n being Element of NAT holds f1 . n = PathChange (pai1,pai2,k,n) ) & ( for n being Element of NAT holds f2 . n = PathChange (pai1,pai2,k,n) ) implies f1 = f2 ) assume that A5: for n being Element of NAT holds f1 . n = PathChange (pai1,pai2,k,n) and A6: for n being Element of NAT holds f2 . n = PathChange (pai1,pai2,k,n) ; ::_thesis: f1 = f2 for x being set st x in NAT holds f1 . x = f2 . x proof let x be set ; ::_thesis: ( x in NAT implies f1 . x = f2 . x ) assume x in NAT ; ::_thesis: f1 . x = f2 . x then reconsider x = x as Element of NAT ; f1 . x = PathChange (pai1,pai2,k,x) by A5 .= f2 . x by A6 ; hence f1 . x = f2 . x ; ::_thesis: verum end; hence f1 = f2 by FUNCT_2:12; ::_thesis: verum end; end; :: deftheorem Def69 defines PathConc MODELC_1:def_69_:_ for S being non empty set for R being total Relation of S,S for pai1, pai2 being inf_path of R for k being Element of NAT for b6 being Function of NAT,S holds ( b6 = PathConc (pai1,pai2,k) iff for n being Element of NAT holds b6 . n = PathChange (pai1,pai2,k,n) ); theorem Th38: :: MODELC_1:38 for S being non empty set for R being total Relation of S,S for pai1, pai2 being inf_path of R for k being Element of NAT st pai1 . k = pai2 . 0 holds PathConc (pai1,pai2,k) is inf_path of R proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for pai1, pai2 being inf_path of R for k being Element of NAT st pai1 . k = pai2 . 0 holds PathConc (pai1,pai2,k) is inf_path of R let R be total Relation of S,S; ::_thesis: for pai1, pai2 being inf_path of R for k being Element of NAT st pai1 . k = pai2 . 0 holds PathConc (pai1,pai2,k) is inf_path of R let pai1, pai2 be inf_path of R; ::_thesis: for k being Element of NAT st pai1 . k = pai2 . 0 holds PathConc (pai1,pai2,k) is inf_path of R let k be Element of NAT ; ::_thesis: ( pai1 . k = pai2 . 0 implies PathConc (pai1,pai2,k) is inf_path of R ) set pai = PathConc (pai1,pai2,k); assume A1: pai1 . k = pai2 . 0 ; ::_thesis: PathConc (pai1,pai2,k) is inf_path of R for n being Element of NAT holds [((PathConc (pai1,pai2,k)) . n),((PathConc (pai1,pai2,k)) . (n + 1))] in R proof let n be Element of NAT ; ::_thesis: [((PathConc (pai1,pai2,k)) . n),((PathConc (pai1,pai2,k)) . (n + 1))] in R set n1 = n + 1; percases ( n + 1 < k or n + 1 = k or k < n + 1 ) by XXREAL_0:1; supposeA2: n + 1 < k ; ::_thesis: [((PathConc (pai1,pai2,k)) . n),((PathConc (pai1,pai2,k)) . (n + 1))] in R then A3: n < k by NAT_1:13; A4: (PathConc (pai1,pai2,k)) . n = PathChange (pai1,pai2,k,n) by Def69 .= pai1 . n by A3, Def68 ; (PathConc (pai1,pai2,k)) . (n + 1) = PathChange (pai1,pai2,k,(n + 1)) by Def69 .= pai1 . (n + 1) by A2, Def68 ; hence [((PathConc (pai1,pai2,k)) . n),((PathConc (pai1,pai2,k)) . (n + 1))] in R by A4, Def39; ::_thesis: verum end; supposeA5: n + 1 = k ; ::_thesis: [((PathConc (pai1,pai2,k)) . n),((PathConc (pai1,pai2,k)) . (n + 1))] in R then A6: n < k by NAT_1:13; A7: (PathConc (pai1,pai2,k)) . n = PathChange (pai1,pai2,k,n) by Def69 .= pai1 . n by A6, Def68 ; (PathConc (pai1,pai2,k)) . (n + 1) = PathChange (pai1,pai2,k,(n + 1)) by Def69 .= pai2 . ((n + 1) - k) by A5, Def68 .= pai1 . (n + 1) by A1, A5 ; hence [((PathConc (pai1,pai2,k)) . n),((PathConc (pai1,pai2,k)) . (n + 1))] in R by A7, Def39; ::_thesis: verum end; supposeA8: k < n + 1 ; ::_thesis: [((PathConc (pai1,pai2,k)) . n),((PathConc (pai1,pai2,k)) . (n + 1))] in R then A9: k <= n by NAT_1:13; then reconsider m = n - k as Element of NAT by NAT_1:21; A10: (PathConc (pai1,pai2,k)) . (n + 1) = PathChange (pai1,pai2,k,(n + 1)) by Def69 .= pai2 . ((n + 1) - k) by A8, Def68 .= pai2 . (m + 1) ; (PathConc (pai1,pai2,k)) . n = PathChange (pai1,pai2,k,n) by Def69 .= pai2 . m by A9, Def68 ; hence [((PathConc (pai1,pai2,k)) . n),((PathConc (pai1,pai2,k)) . (n + 1))] in R by A10, Def39; ::_thesis: verum end; end; end; hence PathConc (pai1,pai2,k) is inf_path of R by Def39; ::_thesis: verum end; theorem Th39: :: MODELC_1:39 for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) for s being Element of S holds ( s |= EG f iff s |= Fax (f,(EG f)) ) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) for s being Element of S holds ( s |= EG f iff s |= Fax (f,(EG f)) ) let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) for s being Element of S holds ( s |= EG f iff s |= Fax (f,(EG f)) ) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f being Assign of (BASSModel (R,BASSIGN)) for s being Element of S holds ( s |= EG f iff s |= Fax (f,(EG f)) ) let f be Assign of (BASSModel (R,BASSIGN)); ::_thesis: for s being Element of S holds ( s |= EG f iff s |= Fax (f,(EG f)) ) let s be Element of S; ::_thesis: ( s |= EG f iff s |= Fax (f,(EG f)) ) set g = EG f; thus ( s |= EG f implies s |= Fax (f,(EG f)) ) ::_thesis: ( s |= Fax (f,(EG f)) implies s |= EG f ) proof set g = EG f; assume s |= EG f ; ::_thesis: s |= Fax (f,(EG f)) then consider pai being inf_path of R such that A1: pai . 0 = s and A2: for n being Element of NAT holds pai . n |= f by Th15; set pai1 = PathShift (pai,1); A3: for n being Element of NAT holds (PathShift (pai,1)) . n |= f proof let n be Element of NAT ; ::_thesis: (PathShift (pai,1)) . n |= f set n1 = n + 1; (PathShift (pai,1)) . n = pai . (n + 1) by Def67; hence (PathShift (pai,1)) . n |= f by A2; ::_thesis: verum end; pai . (0 + 1) = (PathShift (pai,1)) . 0 by Def67; then pai . 1 |= EG f by A3, Th15; then A4: s |= EX (EG f) by A1, Th14; s |= f by A1, A2; hence s |= Fax (f,(EG f)) by A4, Th13; ::_thesis: verum end; assume A5: s |= Fax (f,(EG f)) ; ::_thesis: s |= EG f then s |= EX (EG f) by Th13; then consider pai1 being inf_path of R such that A6: pai1 . 0 = s and A7: pai1 . 1 |= EG f by Th14; consider pai2 being inf_path of R such that A8: pai2 . 0 = pai1 . 1 and A9: for n being Element of NAT holds pai2 . n |= f by A7, Th15; set pai = PathConc (pai1,pai2,1); reconsider pai = PathConc (pai1,pai2,1) as inf_path of R by A8, Th38; A10: pai . 0 = PathChange (pai1,pai2,1,0) by Def69 .= s by A6, Def68 ; for n being Element of NAT holds pai . n |= f proof let n be Element of NAT ; ::_thesis: pai . n |= f percases ( n < 1 or not n < 1 ) ; supposeA11: n < 1 ; ::_thesis: pai . n |= f n = 0 proof assume A12: n <> 0 ; ::_thesis: contradiction n < 0 + 1 by A11; hence contradiction by A12, NAT_1:22; ::_thesis: verum end; hence pai . n |= f by A5, A10, Th13; ::_thesis: verum end; supposeA13: not n < 1 ; ::_thesis: pai . n |= f then reconsider m = n - 1 as Element of NAT by NAT_1:21; pai . n = PathChange (pai1,pai2,1,n) by Def69 .= pai2 . m by A13, Def68 ; hence pai . n |= f by A9; ::_thesis: verum end; end; end; hence s |= EG f by A10, Th15; ::_thesis: verum end; theorem Th40: :: MODELC_1:40 for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for g being Assign of (BASSModel (R,BASSIGN)) for s0 being Element of S st s0 |= g & ( for s being Element of S st s |= g holds s |= EX g ) holds ex pai being inf_path of R st ( pai . 0 = s0 & ( for n being Element of NAT holds pai . n |= g ) ) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for g being Assign of (BASSModel (R,BASSIGN)) for s0 being Element of S st s0 |= g & ( for s being Element of S st s |= g holds s |= EX g ) holds ex pai being inf_path of R st ( pai . 0 = s0 & ( for n being Element of NAT holds pai . n |= g ) ) let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for g being Assign of (BASSModel (R,BASSIGN)) for s0 being Element of S st s0 |= g & ( for s being Element of S st s |= g holds s |= EX g ) holds ex pai being inf_path of R st ( pai . 0 = s0 & ( for n being Element of NAT holds pai . n |= g ) ) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for g being Assign of (BASSModel (R,BASSIGN)) for s0 being Element of S st s0 |= g & ( for s being Element of S st s |= g holds s |= EX g ) holds ex pai being inf_path of R st ( pai . 0 = s0 & ( for n being Element of NAT holds pai . n |= g ) ) let g be Assign of (BASSModel (R,BASSIGN)); ::_thesis: for s0 being Element of S st s0 |= g & ( for s being Element of S st s |= g holds s |= EX g ) holds ex pai being inf_path of R st ( pai . 0 = s0 & ( for n being Element of NAT holds pai . n |= g ) ) let s0 be Element of S; ::_thesis: ( s0 |= g & ( for s being Element of S st s |= g holds s |= EX g ) implies ex pai being inf_path of R st ( pai . 0 = s0 & ( for n being Element of NAT holds pai . n |= g ) ) ) assume A1: s0 |= g ; ::_thesis: ( ex s being Element of S st ( s |= g & not s |= EX g ) or ex pai being inf_path of R st ( pai . 0 = s0 & ( for n being Element of NAT holds pai . n |= g ) ) ) deffunc H1( set ) -> set = { x where x is Element of S : [$1,x] in R } ; assume A2: for s being Element of S st s |= g holds s |= EX g ; ::_thesis: ex pai being inf_path of R st ( pai . 0 = s0 & ( for n being Element of NAT holds pai . n |= g ) ) for p being set st p in BOOL S holds p <> {} by ORDERS_1:1; then consider Choice being Function such that A3: dom Choice = BOOL S and A4: for p being set st p in BOOL S holds Choice . p in p by FUNCT_1:111; deffunc H2( set ) -> set = UnivF ((H1($1) /\ (SIGMA g)),Choice,s0); A5: for x being set st x in S holds H2(x) in S proof let x be set ; ::_thesis: ( x in S implies H2(x) in S ) assume x in S ; ::_thesis: H2(x) in S set Y = H1(x) /\ (SIGMA g); percases ( H1(x) /\ (SIGMA g) in dom Choice or not H1(x) /\ (SIGMA g) in dom Choice ) ; supposeA6: H1(x) /\ (SIGMA g) in dom Choice ; ::_thesis: H2(x) in S then H2(x) = Choice . (H1(x) /\ (SIGMA g)) by Def3; then H2(x) in H1(x) /\ (SIGMA g) by A3, A4, A6; then H2(x) in H1(x) by XBOOLE_0:def_4; then ex z being Element of S st ( z = H2(x) & [x,z] in R ) ; hence H2(x) in S ; ::_thesis: verum end; suppose not H1(x) /\ (SIGMA g) in dom Choice ; ::_thesis: H2(x) in S then H2(x) = s0 by Def3; hence H2(x) in S ; ::_thesis: verum end; end; end; consider h being Function of S,S such that A7: for x being set st x in S holds h . x = H2(x) from FUNCT_2:sch_2(A5); deffunc H3( set ) -> Element of S = (h |** (k_nat $1)) . s0; A8: for n being set st n in NAT holds H3(n) in S ; consider pai being Function of NAT,S such that A9: for n being set st n in NAT holds pai . n = H3(n) from FUNCT_2:sch_2(A8); A10: pai . 0 = H3( 0 ) by A9 .= (h |** 0) . s0 by Def2 .= (id S) . s0 by FUNCT_7:84 .= s0 by FUNCT_1:18 ; A11: s0 in S ; A12: for n being Element of NAT holds ( [(pai . n),(pai . (n + 1))] in R & pai . n |= g ) proof defpred S1[ Element of NAT ] means ( [(pai . $1),(pai . ($1 + 1))] in R & pai . $1 |= g ); A13: for k being Element of NAT st S1[k] holds S1[k + 1] proof let k be Element of NAT ; ::_thesis: ( S1[k] implies S1[k + 1] ) set k1 = k + 1; set k2 = (k + 1) + 1; set p0 = pai . k; set p1 = pai . (k + 1); set p2 = pai . ((k + 1) + 1); set Y1 = H1(pai . k) /\ (SIGMA g); set Y2 = H1(pai . (k + 1)) /\ (SIGMA g); A14: s0 in dom (h |** k) by A11, FUNCT_2:def_1; assume S1[k] ; ::_thesis: S1[k + 1] then pai . k |= EX g by A2; then consider pai01 being inf_path of R such that A15: pai01 . 0 = pai . k and A16: pai01 . 1 |= g by Th14; set x1 = pai01 . 1; [(pai01 . 0),(pai01 . (0 + 1))] in R by Def39; then A17: pai01 . 1 in H1(pai . k) by A15; pai01 . 1 in SIGMA g by A16; then H1(pai . k) /\ (SIGMA g) <> {} by A17, XBOOLE_0:def_4; then not H1(pai . k) /\ (SIGMA g) in {{}} by TARSKI:def_1; then A18: H1(pai . k) /\ (SIGMA g) in (bool S) \ {{}} by XBOOLE_0:def_5; then A19: H1(pai . k) /\ (SIGMA g) in BOOL S by ORDERS_1:def_2; A20: H1(pai . k) /\ (SIGMA g) in dom Choice by A3, A18, ORDERS_1:def_2; pai . (k + 1) = H3(k + 1) by A9 .= (h |** (k + 1)) . s0 by Def2 .= (h * (h |** k)) . s0 by FUNCT_7:71 .= h . ((h |** k) . s0) by A14, FUNCT_1:13 .= h . H3(k) by Def2 .= h . (pai . k) by A9 .= H2(pai . k) by A7 .= Choice . (H1(pai . k) /\ (SIGMA g)) by A20, Def3 ; then pai . (k + 1) in H1(pai . k) /\ (SIGMA g) by A4, A19; then pai . (k + 1) in SIGMA g by XBOOLE_0:def_4; then A21: ex q1 being Element of S st ( q1 = pai . (k + 1) & q1 |= g ) ; then pai . (k + 1) |= EX g by A2; then consider pai02 being inf_path of R such that A22: pai02 . 0 = pai . (k + 1) and A23: pai02 . 1 |= g by Th14; set x2 = pai02 . 1; [(pai02 . 0),(pai02 . (0 + 1))] in R by Def39; then A24: pai02 . 1 in H1(pai . (k + 1)) by A22; pai02 . 1 in SIGMA g by A23; then pai02 . 1 in H1(pai . (k + 1)) /\ (SIGMA g) by A24, XBOOLE_0:def_4; then not H1(pai . (k + 1)) /\ (SIGMA g) in {{}} by TARSKI:def_1; then A25: H1(pai . (k + 1)) /\ (SIGMA g) in (bool S) \ {{}} by XBOOLE_0:def_5; then A26: H1(pai . (k + 1)) /\ (SIGMA g) in BOOL S by ORDERS_1:def_2; A27: s0 in dom (h |** (k + 1)) by A11, FUNCT_2:def_1; A28: H1(pai . (k + 1)) /\ (SIGMA g) in dom Choice by A3, A25, ORDERS_1:def_2; pai . ((k + 1) + 1) = H3((k + 1) + 1) by A9 .= (h |** ((k + 1) + 1)) . s0 by Def2 .= (h * (h |** (k + 1))) . s0 by FUNCT_7:71 .= h . ((h |** (k + 1)) . s0) by A27, FUNCT_1:13 .= h . H3(k + 1) by Def2 .= h . (pai . (k + 1)) by A9 .= H2(pai . (k + 1)) by A7 .= Choice . (H1(pai . (k + 1)) /\ (SIGMA g)) by A28, Def3 ; then pai . ((k + 1) + 1) in H1(pai . (k + 1)) /\ (SIGMA g) by A4, A26; then pai . ((k + 1) + 1) in H1(pai . (k + 1)) by XBOOLE_0:def_4; then ex q2 being Element of S st ( q2 = pai . ((k + 1) + 1) & [(pai . (k + 1)),q2] in R ) ; hence S1[k + 1] by A21; ::_thesis: verum end; A29: S1[ 0 ] proof set Y = H1(s0) /\ (SIGMA g); set y = Choice . (H1(s0) /\ (SIGMA g)); s0 |= EX g by A1, A2; then consider pai01 being inf_path of R such that A30: pai01 . 0 = s0 and A31: pai01 . 1 |= g by Th14; set x = pai01 . 1; [(pai01 . 0),(pai01 . (0 + 1))] in R by Def39; then A32: pai01 . 1 in H1(s0) by A30; pai01 . 1 in SIGMA g by A31; then H1(s0) /\ (SIGMA g) <> {} by A32, XBOOLE_0:def_4; then not H1(s0) /\ (SIGMA g) in {{}} by TARSKI:def_1; then A33: H1(s0) /\ (SIGMA g) in (bool S) \ {{}} by XBOOLE_0:def_5; then A34: H1(s0) /\ (SIGMA g) in dom Choice by A3, ORDERS_1:def_2; H1(s0) /\ (SIGMA g) in BOOL S by A33, ORDERS_1:def_2; then A35: Choice . (H1(s0) /\ (SIGMA g)) in H1(s0) /\ (SIGMA g) by A4; then Choice . (H1(s0) /\ (SIGMA g)) in H1(s0) by XBOOLE_0:def_4; then consider t being Element of S such that A36: Choice . (H1(s0) /\ (SIGMA g)) = t and A37: [s0,t] in R ; t in SIGMA g by A35, A36, XBOOLE_0:def_4; then consider s1 being Element of S such that A38: t = s1 and s1 |= g ; pai . 1 = H3(1) by A9 .= (h |** 1) . s0 by Def2 .= h . s0 by FUNCT_7:70 .= H2(s0) by A7 .= s1 by A34, A36, A38, Def3 ; hence S1[ 0 ] by A1, A10, A37, A38; ::_thesis: verum end; for k being Element of NAT holds S1[k] from NAT_1:sch_1(A29, A13); hence for n being Element of NAT holds ( [(pai . n),(pai . (n + 1))] in R & pai . n |= g ) ; ::_thesis: verum end; then reconsider pai = pai as inf_path of R by Def39; take pai ; ::_thesis: ( pai . 0 = s0 & ( for n being Element of NAT holds pai . n |= g ) ) thus ( pai . 0 = s0 & ( for n being Element of NAT holds pai . n |= g ) ) by A10, A12; ::_thesis: verum end; theorem Th41: :: MODELC_1:41 for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) st ( for s being Element of S holds ( s |= g iff s |= Fax (f,g) ) ) holds for s being Element of S st s |= g holds s |= EG f proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) st ( for s being Element of S holds ( s |= g iff s |= Fax (f,g) ) ) holds for s being Element of S st s |= g holds s |= EG f let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) st ( for s being Element of S holds ( s |= g iff s |= Fax (f,g) ) ) holds for s being Element of S st s |= g holds s |= EG f let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f, g being Assign of (BASSModel (R,BASSIGN)) st ( for s being Element of S holds ( s |= g iff s |= Fax (f,g) ) ) holds for s being Element of S st s |= g holds s |= EG f let f, g be Assign of (BASSModel (R,BASSIGN)); ::_thesis: ( ( for s being Element of S holds ( s |= g iff s |= Fax (f,g) ) ) implies for s being Element of S st s |= g holds s |= EG f ) assume A1: for s being Element of S holds ( s |= g iff s |= Fax (f,g) ) ; ::_thesis: for s being Element of S st s |= g holds s |= EG f A2: for s being Element of S st s |= g holds s |= EX g proof let s be Element of S; ::_thesis: ( s |= g implies s |= EX g ) assume s |= g ; ::_thesis: s |= EX g then s |= f '&' (EX g) by A1; hence s |= EX g by Th13; ::_thesis: verum end; for s0 being Element of S st s0 |= g holds s0 |= EG f proof let s0 be Element of S; ::_thesis: ( s0 |= g implies s0 |= EG f ) assume s0 |= g ; ::_thesis: s0 |= EG f then consider pai being inf_path of R such that A3: pai . 0 = s0 and A4: for n being Element of NAT holds pai . n |= g by A2, Th40; for n being Element of NAT holds pai . n |= f proof let n be Element of NAT ; ::_thesis: pai . n |= f pai . n |= g by A4; then pai . n |= f '&' (EX g) by A1; hence pai . n |= f by Th13; ::_thesis: verum end; hence s0 |= EG f by A3, Th15; ::_thesis: verum end; hence for s being Element of S st s |= g holds s |= EG f ; ::_thesis: verum end; definition let S be non empty set ; let R be total Relation of S,S; let BASSIGN be non empty Subset of (ModelSP S); let f be Assign of (BASSModel (R,BASSIGN)); func TransEG f -> V226() Function of (bool S),(bool S) means :Def70: :: MODELC_1:def 70 for G being Subset of S holds it . G = SigFaxTau (f,G,R,BASSIGN); existence ex b1 being V226() Function of (bool S),(bool S) st for G being Subset of S holds b1 . G = SigFaxTau (f,G,R,BASSIGN) proof deffunc H1( set ) -> Subset of S = SigFaxTau (f,(CastBool ($1,S)),R,BASSIGN); A1: for G being set st G in bool S holds H1(G) in bool S ; consider IT being Function of (bool S),(bool S) such that A2: for G being set st G in bool S holds IT . G = H1(G) from FUNCT_2:sch_2(A1); A3: for G being Subset of S holds IT . G = SigFaxTau (f,G,R,BASSIGN) proof let G be Subset of S; ::_thesis: IT . G = SigFaxTau (f,G,R,BASSIGN) H1(G) = SigFaxTau (f,G,R,BASSIGN) by Def5; hence IT . G = SigFaxTau (f,G,R,BASSIGN) by A2; ::_thesis: verum end; for G1, G2 being Subset of S st G1 c= G2 holds IT . G1 c= IT . G2 proof let G1, G2 be Subset of S; ::_thesis: ( G1 c= G2 implies IT . G1 c= IT . G2 ) assume A4: G1 c= G2 ; ::_thesis: IT . G1 c= IT . G2 A5: IT . G2 = SigFaxTau (f,G2,R,BASSIGN) by A3; IT . G1 = SigFaxTau (f,G1,R,BASSIGN) by A3; hence IT . G1 c= IT . G2 by A4, A5, Th37; ::_thesis: verum end; then reconsider IT = IT as V226() Function of (bool S),(bool S) by KNASTER:def_1; take IT ; ::_thesis: for G being Subset of S holds IT . G = SigFaxTau (f,G,R,BASSIGN) thus for G being Subset of S holds IT . G = SigFaxTau (f,G,R,BASSIGN) by A3; ::_thesis: verum end; uniqueness for b1, b2 being V226() Function of (bool S),(bool S) st ( for G being Subset of S holds b1 . G = SigFaxTau (f,G,R,BASSIGN) ) & ( for G being Subset of S holds b2 . G = SigFaxTau (f,G,R,BASSIGN) ) holds b1 = b2 proof let F1, F2 be V226() Function of (bool S),(bool S); ::_thesis: ( ( for G being Subset of S holds F1 . G = SigFaxTau (f,G,R,BASSIGN) ) & ( for G being Subset of S holds F2 . G = SigFaxTau (f,G,R,BASSIGN) ) implies F1 = F2 ) assume that A6: for G being Subset of S holds F1 . G = SigFaxTau (f,G,R,BASSIGN) and A7: for G being Subset of S holds F2 . G = SigFaxTau (f,G,R,BASSIGN) ; ::_thesis: F1 = F2 for G being set st G in bool S holds F1 . G = F2 . G proof let G be set ; ::_thesis: ( G in bool S implies F1 . G = F2 . G ) assume G in bool S ; ::_thesis: F1 . G = F2 . G then reconsider G = G as Subset of S ; F1 . G = SigFaxTau (f,G,R,BASSIGN) by A6 .= F2 . G by A7 ; hence F1 . G = F2 . G ; ::_thesis: verum end; hence F1 = F2 by FUNCT_2:12; ::_thesis: verum end; end; :: deftheorem Def70 defines TransEG MODELC_1:def_70_:_ for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) for b5 being V226() Function of (bool S),(bool S) holds ( b5 = TransEG f iff for G being Subset of S holds b5 . G = SigFaxTau (f,G,R,BASSIGN) ); theorem Th42: :: MODELC_1:42 for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) holds ( ( for s being Element of S holds ( s |= g iff s |= Fax (f,g) ) ) iff SIGMA g is_a_fixpoint_of TransEG f ) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) holds ( ( for s being Element of S holds ( s |= g iff s |= Fax (f,g) ) ) iff SIGMA g is_a_fixpoint_of TransEG f ) let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) holds ( ( for s being Element of S holds ( s |= g iff s |= Fax (f,g) ) ) iff SIGMA g is_a_fixpoint_of TransEG f ) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f, g being Assign of (BASSModel (R,BASSIGN)) holds ( ( for s being Element of S holds ( s |= g iff s |= Fax (f,g) ) ) iff SIGMA g is_a_fixpoint_of TransEG f ) let f, g be Assign of (BASSModel (R,BASSIGN)); ::_thesis: ( ( for s being Element of S holds ( s |= g iff s |= Fax (f,g) ) ) iff SIGMA g is_a_fixpoint_of TransEG f ) set G = SIGMA g; set Q = SIGMA (Fax (f,g)); A1: (TransEG f) . (SIGMA g) = SigFaxTau (f,(SIGMA g),R,BASSIGN) by Def70 .= SIGMA (Fax (f,g)) by Th31 ; A2: ( SIGMA g is_a_fixpoint_of TransEG f implies for s being Element of S holds ( s |= g iff s |= Fax (f,g) ) ) proof assume SIGMA g is_a_fixpoint_of TransEG f ; ::_thesis: for s being Element of S holds ( s |= g iff s |= Fax (f,g) ) then A3: SIGMA g = SIGMA (Fax (f,g)) by A1, ABIAN:def_4; for s being Element of S holds ( s |= g iff s |= Fax (f,g) ) proof let s be Element of S; ::_thesis: ( s |= g iff s |= Fax (f,g) ) thus ( s |= g implies s |= Fax (f,g) ) ::_thesis: ( s |= Fax (f,g) implies s |= g ) proof assume s |= g ; ::_thesis: s |= Fax (f,g) then s in SIGMA (Fax (f,g)) by A3; then ex t being Element of S st ( s = t & t |= Fax (f,g) ) ; hence s |= Fax (f,g) ; ::_thesis: verum end; assume s |= Fax (f,g) ; ::_thesis: s |= g then s in SIGMA g by A3; then ex t being Element of S st ( s = t & t |= g ) ; hence s |= g ; ::_thesis: verum end; hence for s being Element of S holds ( s |= g iff s |= Fax (f,g) ) ; ::_thesis: verum end; ( ( for s being Element of S holds ( s |= g iff s |= Fax (f,g) ) ) implies SIGMA g is_a_fixpoint_of TransEG f ) proof assume A4: for s being Element of S holds ( s |= g iff s |= Fax (f,g) ) ; ::_thesis: SIGMA g is_a_fixpoint_of TransEG f A5: for s being set st s in SIGMA (Fax (f,g)) holds s in SIGMA g proof let x be set ; ::_thesis: ( x in SIGMA (Fax (f,g)) implies x in SIGMA g ) assume x in SIGMA (Fax (f,g)) ; ::_thesis: x in SIGMA g then consider s being Element of S such that A6: x = s and A7: s |= Fax (f,g) ; s |= g by A4, A7; hence x in SIGMA g by A6; ::_thesis: verum end; for x being set st x in SIGMA g holds x in SIGMA (Fax (f,g)) proof let x be set ; ::_thesis: ( x in SIGMA g implies x in SIGMA (Fax (f,g)) ) assume x in SIGMA g ; ::_thesis: x in SIGMA (Fax (f,g)) then consider s being Element of S such that A8: x = s and A9: s |= g ; s |= Fax (f,g) by A4, A9; hence x in SIGMA (Fax (f,g)) by A8; ::_thesis: verum end; then SIGMA g = (TransEG f) . (SIGMA g) by A1, A5, TARSKI:1; hence SIGMA g is_a_fixpoint_of TransEG f by ABIAN:def_4; ::_thesis: verum end; hence ( ( for s being Element of S holds ( s |= g iff s |= Fax (f,g) ) ) iff SIGMA g is_a_fixpoint_of TransEG f ) by A2; ::_thesis: verum end; theorem :: MODELC_1:43 for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds SIGMA (EG f) = gfp (S,(TransEG f)) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds SIGMA (EG f) = gfp (S,(TransEG f)) let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds SIGMA (EG f) = gfp (S,(TransEG f)) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f being Assign of (BASSModel (R,BASSIGN)) holds SIGMA (EG f) = gfp (S,(TransEG f)) let f be Assign of (BASSModel (R,BASSIGN)); ::_thesis: SIGMA (EG f) = gfp (S,(TransEG f)) set g = EG f; set h = Tau ((gfp (S,(TransEG f))),R,BASSIGN); A1: SIGMA (Tau ((gfp (S,(TransEG f))),R,BASSIGN)) = gfp (S,(TransEG f)) by Th32; then SIGMA (Tau ((gfp (S,(TransEG f))),R,BASSIGN)) is_a_fixpoint_of TransEG f by KNASTER:5; then A2: for s being Element of S holds ( s |= Tau ((gfp (S,(TransEG f))),R,BASSIGN) iff s |= Fax (f,(Tau ((gfp (S,(TransEG f))),R,BASSIGN))) ) by Th42; A3: SIGMA (Tau ((gfp (S,(TransEG f))),R,BASSIGN)) c= SIGMA (EG f) proof let x be set ; :: according to TARSKI:def_3 ::_thesis: ( not x in SIGMA (Tau ((gfp (S,(TransEG f))),R,BASSIGN)) or x in SIGMA (EG f) ) assume x in SIGMA (Tau ((gfp (S,(TransEG f))),R,BASSIGN)) ; ::_thesis: x in SIGMA (EG f) then consider s being Element of S such that A4: x = s and A5: s |= Tau ((gfp (S,(TransEG f))),R,BASSIGN) ; s |= EG f by A2, A5, Th41; hence x in SIGMA (EG f) by A4; ::_thesis: verum end; for s being Element of S holds ( s |= EG f iff s |= Fax (f,(EG f)) ) by Th39; then SIGMA (EG f) is_a_fixpoint_of TransEG f by Th42; then SIGMA (EG f) c= gfp (S,(TransEG f)) by KNASTER:8; hence SIGMA (EG f) = gfp (S,(TransEG f)) by A1, A3, XBOOLE_0:def_10; ::_thesis: verum end; definition let S be non empty set ; let R be total Relation of S,S; let BASSIGN be non empty Subset of (ModelSP S); let f, g, h be Assign of (BASSModel (R,BASSIGN)); func Foax (g,f,h) -> Assign of (BASSModel (R,BASSIGN)) equals :: MODELC_1:def 71 g 'or' (Fax (f,h)); coherence g 'or' (Fax (f,h)) is Assign of (BASSModel (R,BASSIGN)) ; end; :: deftheorem defines Foax MODELC_1:def_71_:_ for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g, h being Assign of (BASSModel (R,BASSIGN)) holds Foax (g,f,h) = g 'or' (Fax (f,h)); theorem Th44: :: MODELC_1:44 for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g, h1, h2 being Assign of (BASSModel (R,BASSIGN)) st ( for s being Element of S st s |= h1 holds s |= h2 ) holds for s being Element of S st s |= Foax (g,f,h1) holds s |= Foax (g,f,h2) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g, h1, h2 being Assign of (BASSModel (R,BASSIGN)) st ( for s being Element of S st s |= h1 holds s |= h2 ) holds for s being Element of S st s |= Foax (g,f,h1) holds s |= Foax (g,f,h2) let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f, g, h1, h2 being Assign of (BASSModel (R,BASSIGN)) st ( for s being Element of S st s |= h1 holds s |= h2 ) holds for s being Element of S st s |= Foax (g,f,h1) holds s |= Foax (g,f,h2) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f, g, h1, h2 being Assign of (BASSModel (R,BASSIGN)) st ( for s being Element of S st s |= h1 holds s |= h2 ) holds for s being Element of S st s |= Foax (g,f,h1) holds s |= Foax (g,f,h2) let f, g, h1, h2 be Assign of (BASSModel (R,BASSIGN)); ::_thesis: ( ( for s being Element of S st s |= h1 holds s |= h2 ) implies for s being Element of S st s |= Foax (g,f,h1) holds s |= Foax (g,f,h2) ) assume A1: for s being Element of S st s |= h1 holds s |= h2 ; ::_thesis: for s being Element of S st s |= Foax (g,f,h1) holds s |= Foax (g,f,h2) let s be Element of S; ::_thesis: ( s |= Foax (g,f,h1) implies s |= Foax (g,f,h2) ) assume A2: s |= Foax (g,f,h1) ; ::_thesis: s |= Foax (g,f,h2) percases ( s |= g or s |= Fax (f,h1) ) by A2, Th17; suppose s |= g ; ::_thesis: s |= Foax (g,f,h2) hence s |= Foax (g,f,h2) by Th17; ::_thesis: verum end; supposeA3: s |= Fax (f,h1) ; ::_thesis: s |= Foax (g,f,h2) then s |= EX h1 by Th13; then consider pai being inf_path of R such that A4: pai . 0 = s and A5: pai . 1 |= h1 by Th14; pai . 1 |= h2 by A1, A5; then A6: s |= EX h2 by A4, Th14; s |= f by A3, Th13; then s |= f '&' (EX h2) by A6, Th13; hence s |= Foax (g,f,h2) by Th17; ::_thesis: verum end; end; end; definition let S be non empty set ; let R be total Relation of S,S; let BASSIGN be non empty Subset of (ModelSP S); let f, g be Assign of (BASSModel (R,BASSIGN)); let H be Subset of S; func SigFoaxTau (g,f,H,R,BASSIGN) -> Subset of S equals :: MODELC_1:def 72 SIGMA (Foax (g,f,(Tau (H,R,BASSIGN)))); coherence SIGMA (Foax (g,f,(Tau (H,R,BASSIGN)))) is Subset of S ; end; :: deftheorem defines SigFoaxTau MODELC_1:def_72_:_ for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) for H being Subset of S holds SigFoaxTau (g,f,H,R,BASSIGN) = SIGMA (Foax (g,f,(Tau (H,R,BASSIGN)))); theorem Th45: :: MODELC_1:45 for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) for H1, H2 being Subset of S st H1 c= H2 holds SigFoaxTau (g,f,H1,R,BASSIGN) c= SigFoaxTau (g,f,H2,R,BASSIGN) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) for H1, H2 being Subset of S st H1 c= H2 holds SigFoaxTau (g,f,H1,R,BASSIGN) c= SigFoaxTau (g,f,H2,R,BASSIGN) let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) for H1, H2 being Subset of S st H1 c= H2 holds SigFoaxTau (g,f,H1,R,BASSIGN) c= SigFoaxTau (g,f,H2,R,BASSIGN) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f, g being Assign of (BASSModel (R,BASSIGN)) for H1, H2 being Subset of S st H1 c= H2 holds SigFoaxTau (g,f,H1,R,BASSIGN) c= SigFoaxTau (g,f,H2,R,BASSIGN) let f, g be Assign of (BASSModel (R,BASSIGN)); ::_thesis: for H1, H2 being Subset of S st H1 c= H2 holds SigFoaxTau (g,f,H1,R,BASSIGN) c= SigFoaxTau (g,f,H2,R,BASSIGN) let H1, H2 be Subset of S; ::_thesis: ( H1 c= H2 implies SigFoaxTau (g,f,H1,R,BASSIGN) c= SigFoaxTau (g,f,H2,R,BASSIGN) ) assume H1 c= H2 ; ::_thesis: SigFoaxTau (g,f,H1,R,BASSIGN) c= SigFoaxTau (g,f,H2,R,BASSIGN) then for s being Element of S st s |= Tau (H1,R,BASSIGN) holds s |= Tau (H2,R,BASSIGN) by Th34; then for s being Element of S st s |= Foax (g,f,(Tau (H1,R,BASSIGN))) holds s |= Foax (g,f,(Tau (H2,R,BASSIGN))) by Th44; hence SigFoaxTau (g,f,H1,R,BASSIGN) c= SigFoaxTau (g,f,H2,R,BASSIGN) by Th35; ::_thesis: verum end; theorem Th46: :: MODELC_1:46 for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) for s being Element of S holds ( s |= f EU g iff s |= Foax (g,f,(f EU g)) ) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) for s being Element of S holds ( s |= f EU g iff s |= Foax (g,f,(f EU g)) ) let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) for s being Element of S holds ( s |= f EU g iff s |= Foax (g,f,(f EU g)) ) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f, g being Assign of (BASSModel (R,BASSIGN)) for s being Element of S holds ( s |= f EU g iff s |= Foax (g,f,(f EU g)) ) let f, g be Assign of (BASSModel (R,BASSIGN)); ::_thesis: for s being Element of S holds ( s |= f EU g iff s |= Foax (g,f,(f EU g)) ) let s be Element of S; ::_thesis: ( s |= f EU g iff s |= Foax (g,f,(f EU g)) ) A1: ( s |= Foax (g,f,(f EU g)) implies s |= f EU g ) proof assume A2: s |= Foax (g,f,(f EU g)) ; ::_thesis: s |= f EU g percases ( s |= g or s |= Fax (f,(f EU g)) ) by A2, Th17; supposeA3: s |= g ; ::_thesis: s |= f EU g set m = 0 ; consider pai being inf_path of R such that A4: pai . 0 = s by Th25; for j being Element of NAT st j < 0 holds pai . j |= f ; hence s |= f EU g by A3, A4, Th16; ::_thesis: verum end; supposeA5: s |= Fax (f,(f EU g)) ; ::_thesis: s |= f EU g set h = f EU g; s |= EX (f EU g) by A5, Th13; then consider pai being inf_path of R such that A6: pai . 0 = s and A7: pai . 1 |= f EU g by Th14; consider pai1 being inf_path of R such that A8: pai1 . 0 = pai . 1 and A9: ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai1 . j |= f ) & pai1 . m |= g ) by A7, Th16; set PAI = PathConc (pai,pai1,1); reconsider PAI = PathConc (pai,pai1,1) as inf_path of R by A8, Th38; A10: PAI . 0 = PathChange (pai,pai1,1,0) by Def69 .= s by A6, Def68 ; consider m being Element of NAT such that A11: for j being Element of NAT st j < m holds pai1 . j |= f and A12: pai1 . m |= g by A9; set m1 = m + 1; A13: not m + 1 < 1 by NAT_1:11; A14: s |= f by A5, Th13; A15: for k being Element of NAT st k < m + 1 holds PAI . k |= f proof let k be Element of NAT ; ::_thesis: ( k < m + 1 implies PAI . k |= f ) assume A16: k < m + 1 ; ::_thesis: PAI . k |= f percases ( k < 1 or not k < 1 ) ; suppose k < 1 ; ::_thesis: PAI . k |= f hence PAI . k |= f by A14, A10, NAT_1:14; ::_thesis: verum end; supposeA17: not k < 1 ; ::_thesis: PAI . k |= f set k0 = k - 1; reconsider k0 = k - 1 as Element of NAT by A17, NAT_1:21; (k - 1) + 1 <= m by A16, INT_1:7; then A18: k0 < m by NAT_1:13; PAI . k = PathChange (pai,pai1,1,k) by Def69 .= pai1 . k0 by A17, Def68 ; hence PAI . k |= f by A11, A18; ::_thesis: verum end; end; end; PAI . (m + 1) = PathChange (pai,pai1,1,(m + 1)) by Def69 .= pai1 . ((m + 1) - 1) by A13, Def68 .= pai1 . m ; hence s |= f EU g by A12, A10, A15, Th16; ::_thesis: verum end; end; end; ( s |= f EU g implies s |= Foax (g,f,(f EU g)) ) proof assume s |= f EU g ; ::_thesis: s |= Foax (g,f,(f EU g)) then consider pai being inf_path of R such that A19: pai . 0 = s and A20: ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j |= f ) & pai . m |= g ) by Th16; consider m being Element of NAT such that A21: for j being Element of NAT st j < m holds pai . j |= f and A22: pai . m |= g by A20; percases ( m = 0 or m > 0 ) ; suppose m = 0 ; ::_thesis: s |= Foax (g,f,(f EU g)) hence s |= Foax (g,f,(f EU g)) by A19, A22, Th17; ::_thesis: verum end; supposeA23: m > 0 ; ::_thesis: s |= Foax (g,f,(f EU g)) set k = m - 1; reconsider k = m - 1 as Element of NAT by A23, NAT_1:20; set h = f EU g; set pai1 = PathShift (pai,1); A24: (PathShift (pai,1)) . k = pai . (k + 1) by Def67 .= pai . m ; A25: for j being Element of NAT st j < k holds (PathShift (pai,1)) . j |= f proof let j be Element of NAT ; ::_thesis: ( j < k implies (PathShift (pai,1)) . j |= f ) assume j < k ; ::_thesis: (PathShift (pai,1)) . j |= f then j + 1 <= k by INT_1:7; then j + 1 < k + 1 by NAT_1:13; then pai . (j + 1) |= f by A21; hence (PathShift (pai,1)) . j |= f by Def67; ::_thesis: verum end; (PathShift (pai,1)) . 0 = pai . (0 + 1) by Def67 .= pai . 1 ; then pai . 1 |= f EU g by A22, A24, A25, Th16; then A26: s |= EX (f EU g) by A19, Th14; s |= f by A19, A21, A23; then s |= Fax (f,(f EU g)) by A26, Th13; hence s |= Foax (g,f,(f EU g)) by Th17; ::_thesis: verum end; end; end; hence ( s |= f EU g iff s |= Foax (g,f,(f EU g)) ) by A1; ::_thesis: verum end; theorem Th47: :: MODELC_1:47 for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g, h being Assign of (BASSModel (R,BASSIGN)) st ( for s being Element of S holds ( s |= h iff s |= Foax (g,f,h) ) ) holds for s being Element of S st s |= f EU g holds s |= h proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g, h being Assign of (BASSModel (R,BASSIGN)) st ( for s being Element of S holds ( s |= h iff s |= Foax (g,f,h) ) ) holds for s being Element of S st s |= f EU g holds s |= h let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f, g, h being Assign of (BASSModel (R,BASSIGN)) st ( for s being Element of S holds ( s |= h iff s |= Foax (g,f,h) ) ) holds for s being Element of S st s |= f EU g holds s |= h let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f, g, h being Assign of (BASSModel (R,BASSIGN)) st ( for s being Element of S holds ( s |= h iff s |= Foax (g,f,h) ) ) holds for s being Element of S st s |= f EU g holds s |= h let f, g, h be Assign of (BASSModel (R,BASSIGN)); ::_thesis: ( ( for s being Element of S holds ( s |= h iff s |= Foax (g,f,h) ) ) implies for s being Element of S st s |= f EU g holds s |= h ) assume A1: for s being Element of S holds ( s |= h iff s |= Foax (g,f,h) ) ; ::_thesis: for s being Element of S st s |= f EU g holds s |= h let s0 be Element of S; ::_thesis: ( s0 |= f EU g implies s0 |= h ) assume s0 |= f EU g ; ::_thesis: s0 |= h then consider pai being inf_path of R such that A2: pai . 0 = s0 and A3: ex m being Element of NAT st ( ( for j being Element of NAT st j < m holds pai . j |= f ) & pai . m |= g ) by Th16; consider m being Element of NAT such that A4: for j being Element of NAT st j < m holds pai . j |= f and A5: pai . m |= g by A3; for j being Element of NAT st j <= m holds pai . (k_nat (m - j)) |= h proof defpred S1[ Element of NAT ] means ( $1 <= m implies pai . (k_nat (m - $1)) |= h ); A6: for j being Element of NAT st S1[j] holds S1[j + 1] proof let j be Element of NAT ; ::_thesis: ( S1[j] implies S1[j + 1] ) assume A7: S1[j] ; ::_thesis: S1[j + 1] set j1 = j + 1; ( j + 1 <= m implies pai . (k_nat (m - (j + 1))) |= h ) proof set k = m - (j + 1); assume A8: j + 1 <= m ; ::_thesis: pai . (k_nat (m - (j + 1))) |= h then reconsider k = m - (j + 1) as Element of NAT by NAT_1:21; set pai1 = PathShift (pai,k); A9: (PathShift (pai,k)) . 0 = pai . (k + 0) by Def67 .= pai . k ; k <= k + j by NAT_1:12; then k < (k + j) + 1 by NAT_1:13; then A10: pai . k |= f by A4; A11: (PathShift (pai,k)) . 1 = pai . (k + 1) by Def67; pai . (k + 1) |= h by A7, A8, Def2, NAT_1:13; then pai . k |= EX h by A9, A11, Th14; then pai . k |= Fax (f,h) by A10, Th13; then A12: pai . k |= Foax (g,f,h) by Th17; k_nat k = k by Def2; hence pai . (k_nat (m - (j + 1))) |= h by A1, A12; ::_thesis: verum end; hence S1[j + 1] ; ::_thesis: verum end; A13: S1[ 0 ] proof assume 0 <= m ; ::_thesis: pai . (k_nat (m - 0)) |= h A14: k_nat (m - 0) = m by Def2; pai . m |= Foax (g,f,h) by A5, Th17; hence pai . (k_nat (m - 0)) |= h by A1, A14; ::_thesis: verum end; for j being Element of NAT holds S1[j] from NAT_1:sch_1(A13, A6); hence for j being Element of NAT st j <= m holds pai . (k_nat (m - j)) |= h ; ::_thesis: verum end; then pai . (k_nat (m - m)) |= h ; hence s0 |= h by A2, Def2; ::_thesis: verum end; definition let S be non empty set ; let R be total Relation of S,S; let BASSIGN be non empty Subset of (ModelSP S); let f, g be Assign of (BASSModel (R,BASSIGN)); func TransEU (f,g) -> V226() Function of (bool S),(bool S) means :Def73: :: MODELC_1:def 73 for H being Subset of S holds it . H = SigFoaxTau (g,f,H,R,BASSIGN); existence ex b1 being V226() Function of (bool S),(bool S) st for H being Subset of S holds b1 . H = SigFoaxTau (g,f,H,R,BASSIGN) proof deffunc H1( set ) -> Subset of S = SigFoaxTau (g,f,(CastBool ($1,S)),R,BASSIGN); A1: for H being set st H in bool S holds H1(H) in bool S ; consider IT being Function of (bool S),(bool S) such that A2: for H being set st H in bool S holds IT . H = H1(H) from FUNCT_2:sch_2(A1); A3: for H being Subset of S holds IT . H = SigFoaxTau (g,f,H,R,BASSIGN) proof let H be Subset of S; ::_thesis: IT . H = SigFoaxTau (g,f,H,R,BASSIGN) CastBool (H,S) = H by Def5; hence IT . H = SigFoaxTau (g,f,H,R,BASSIGN) by A2; ::_thesis: verum end; for H1, H2 being Subset of S st H1 c= H2 holds IT . H1 c= IT . H2 proof let H1, H2 be Subset of S; ::_thesis: ( H1 c= H2 implies IT . H1 c= IT . H2 ) assume A4: H1 c= H2 ; ::_thesis: IT . H1 c= IT . H2 A5: IT . H2 = SigFoaxTau (g,f,H2,R,BASSIGN) by A3; IT . H1 = SigFoaxTau (g,f,H1,R,BASSIGN) by A3; hence IT . H1 c= IT . H2 by A4, A5, Th45; ::_thesis: verum end; then reconsider IT = IT as V226() Function of (bool S),(bool S) by KNASTER:def_1; take IT ; ::_thesis: for H being Subset of S holds IT . H = SigFoaxTau (g,f,H,R,BASSIGN) thus for H being Subset of S holds IT . H = SigFoaxTau (g,f,H,R,BASSIGN) by A3; ::_thesis: verum end; uniqueness for b1, b2 being V226() Function of (bool S),(bool S) st ( for H being Subset of S holds b1 . H = SigFoaxTau (g,f,H,R,BASSIGN) ) & ( for H being Subset of S holds b2 . H = SigFoaxTau (g,f,H,R,BASSIGN) ) holds b1 = b2 proof let F1, F2 be V226() Function of (bool S),(bool S); ::_thesis: ( ( for H being Subset of S holds F1 . H = SigFoaxTau (g,f,H,R,BASSIGN) ) & ( for H being Subset of S holds F2 . H = SigFoaxTau (g,f,H,R,BASSIGN) ) implies F1 = F2 ) assume that A6: for H being Subset of S holds F1 . H = SigFoaxTau (g,f,H,R,BASSIGN) and A7: for H being Subset of S holds F2 . H = SigFoaxTau (g,f,H,R,BASSIGN) ; ::_thesis: F1 = F2 for H being set st H in bool S holds F1 . H = F2 . H proof let H be set ; ::_thesis: ( H in bool S implies F1 . H = F2 . H ) assume H in bool S ; ::_thesis: F1 . H = F2 . H then reconsider H = H as Subset of S ; F1 . H = SigFoaxTau (g,f,H,R,BASSIGN) by A6 .= F2 . H by A7 ; hence F1 . H = F2 . H ; ::_thesis: verum end; hence F1 = F2 by FUNCT_2:12; ::_thesis: verum end; end; :: deftheorem Def73 defines TransEU MODELC_1:def_73_:_ for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) for b6 being V226() Function of (bool S),(bool S) holds ( b6 = TransEU (f,g) iff for H being Subset of S holds b6 . H = SigFoaxTau (g,f,H,R,BASSIGN) ); theorem Th48: :: MODELC_1:48 for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g, h being Assign of (BASSModel (R,BASSIGN)) holds ( ( for s being Element of S holds ( s |= h iff s |= Foax (g,f,h) ) ) iff SIGMA h is_a_fixpoint_of TransEU (f,g) ) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g, h being Assign of (BASSModel (R,BASSIGN)) holds ( ( for s being Element of S holds ( s |= h iff s |= Foax (g,f,h) ) ) iff SIGMA h is_a_fixpoint_of TransEU (f,g) ) let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f, g, h being Assign of (BASSModel (R,BASSIGN)) holds ( ( for s being Element of S holds ( s |= h iff s |= Foax (g,f,h) ) ) iff SIGMA h is_a_fixpoint_of TransEU (f,g) ) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f, g, h being Assign of (BASSModel (R,BASSIGN)) holds ( ( for s being Element of S holds ( s |= h iff s |= Foax (g,f,h) ) ) iff SIGMA h is_a_fixpoint_of TransEU (f,g) ) let f, g, h be Assign of (BASSModel (R,BASSIGN)); ::_thesis: ( ( for s being Element of S holds ( s |= h iff s |= Foax (g,f,h) ) ) iff SIGMA h is_a_fixpoint_of TransEU (f,g) ) set H = SIGMA h; set Q = SIGMA (Foax (g,f,h)); A1: (TransEU (f,g)) . (SIGMA h) = SigFoaxTau (g,f,(SIGMA h),R,BASSIGN) by Def73 .= SIGMA (Foax (g,f,h)) by Th31 ; A2: ( SIGMA h is_a_fixpoint_of TransEU (f,g) implies for s being Element of S holds ( s |= h iff s |= Foax (g,f,h) ) ) proof assume SIGMA h is_a_fixpoint_of TransEU (f,g) ; ::_thesis: for s being Element of S holds ( s |= h iff s |= Foax (g,f,h) ) then A3: SIGMA h = SIGMA (Foax (g,f,h)) by A1, ABIAN:def_4; for s being Element of S holds ( s |= h iff s |= Foax (g,f,h) ) proof let s be Element of S; ::_thesis: ( s |= h iff s |= Foax (g,f,h) ) thus ( s |= h implies s |= Foax (g,f,h) ) ::_thesis: ( s |= Foax (g,f,h) implies s |= h ) proof assume s |= h ; ::_thesis: s |= Foax (g,f,h) then s in SIGMA h ; then ex t being Element of S st ( s = t & t |= Foax (g,f,h) ) by A3; hence s |= Foax (g,f,h) ; ::_thesis: verum end; assume s |= Foax (g,f,h) ; ::_thesis: s |= h then s in SIGMA (Foax (g,f,h)) ; then ex t being Element of S st ( s = t & t |= h ) by A3; hence s |= h ; ::_thesis: verum end; hence for s being Element of S holds ( s |= h iff s |= Foax (g,f,h) ) ; ::_thesis: verum end; ( ( for s being Element of S holds ( s |= h iff s |= Foax (g,f,h) ) ) implies SIGMA h is_a_fixpoint_of TransEU (f,g) ) proof assume A4: for s being Element of S holds ( s |= h iff s |= Foax (g,f,h) ) ; ::_thesis: SIGMA h is_a_fixpoint_of TransEU (f,g) A5: for s being set st s in SIGMA (Foax (g,f,h)) holds s in SIGMA h proof let x be set ; ::_thesis: ( x in SIGMA (Foax (g,f,h)) implies x in SIGMA h ) assume x in SIGMA (Foax (g,f,h)) ; ::_thesis: x in SIGMA h then consider s being Element of S such that A6: x = s and A7: s |= Foax (g,f,h) ; s |= h by A4, A7; hence x in SIGMA h by A6; ::_thesis: verum end; for x being set st x in SIGMA h holds x in SIGMA (Foax (g,f,h)) proof let x be set ; ::_thesis: ( x in SIGMA h implies x in SIGMA (Foax (g,f,h)) ) assume x in SIGMA h ; ::_thesis: x in SIGMA (Foax (g,f,h)) then consider s being Element of S such that A8: x = s and A9: s |= h ; s |= Foax (g,f,h) by A4, A9; hence x in SIGMA (Foax (g,f,h)) by A8; ::_thesis: verum end; then SIGMA h = SIGMA (Foax (g,f,h)) by A5, TARSKI:1; hence SIGMA h is_a_fixpoint_of TransEU (f,g) by A1, ABIAN:def_4; ::_thesis: verum end; hence ( ( for s being Element of S holds ( s |= h iff s |= Foax (g,f,h) ) ) iff SIGMA h is_a_fixpoint_of TransEU (f,g) ) by A2; ::_thesis: verum end; theorem :: MODELC_1:49 for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) holds SIGMA (f EU g) = lfp (S,(TransEU (f,g))) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) holds SIGMA (f EU g) = lfp (S,(TransEU (f,g))) let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) holds SIGMA (f EU g) = lfp (S,(TransEU (f,g))) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f, g being Assign of (BASSModel (R,BASSIGN)) holds SIGMA (f EU g) = lfp (S,(TransEU (f,g))) let f, g be Assign of (BASSModel (R,BASSIGN)); ::_thesis: SIGMA (f EU g) = lfp (S,(TransEU (f,g))) set h = f EU g; set p = Tau ((lfp (S,(TransEU (f,g)))),R,BASSIGN); A1: SIGMA (Tau ((lfp (S,(TransEU (f,g)))),R,BASSIGN)) = lfp (S,(TransEU (f,g))) by Th32; lfp (S,(TransEU (f,g))) is_a_fixpoint_of TransEU (f,g) by KNASTER:4; then A2: for s being Element of S holds ( s |= Tau ((lfp (S,(TransEU (f,g)))),R,BASSIGN) iff s |= Foax (g,f,(Tau ((lfp (S,(TransEU (f,g)))),R,BASSIGN))) ) by A1, Th48; A3: SIGMA (f EU g) c= SIGMA (Tau ((lfp (S,(TransEU (f,g)))),R,BASSIGN)) proof let x be set ; :: according to TARSKI:def_3 ::_thesis: ( not x in SIGMA (f EU g) or x in SIGMA (Tau ((lfp (S,(TransEU (f,g)))),R,BASSIGN)) ) assume x in SIGMA (f EU g) ; ::_thesis: x in SIGMA (Tau ((lfp (S,(TransEU (f,g)))),R,BASSIGN)) then consider s being Element of S such that A4: x = s and A5: s |= f EU g ; s |= Tau ((lfp (S,(TransEU (f,g)))),R,BASSIGN) by A2, A5, Th47; hence x in SIGMA (Tau ((lfp (S,(TransEU (f,g)))),R,BASSIGN)) by A4; ::_thesis: verum end; for s being Element of S holds ( s |= f EU g iff s |= Foax (g,f,(f EU g)) ) by Th46; then SIGMA (f EU g) is_a_fixpoint_of TransEU (f,g) by Th48; then lfp (S,(TransEU (f,g))) c= SIGMA (f EU g) by KNASTER:8; hence SIGMA (f EU g) = lfp (S,(TransEU (f,g))) by A1, A3, XBOOLE_0:def_10; ::_thesis: verum end; theorem Th50: :: MODELC_1:50 for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds SIGMA (EX f) = Pred ((SIGMA f),R) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds SIGMA (EX f) = Pred ((SIGMA f),R) let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) holds SIGMA (EX f) = Pred ((SIGMA f),R) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f being Assign of (BASSModel (R,BASSIGN)) holds SIGMA (EX f) = Pred ((SIGMA f),R) let f be Assign of (BASSModel (R,BASSIGN)); ::_thesis: SIGMA (EX f) = Pred ((SIGMA f),R) set g = EX f; set H = SIGMA f; A1: for x being set st x in Pred ((SIGMA f),R) holds x in SIGMA (EX f) proof let x be set ; ::_thesis: ( x in Pred ((SIGMA f),R) implies x in SIGMA (EX f) ) assume x in Pred ((SIGMA f),R) ; ::_thesis: x in SIGMA (EX f) then consider s being Element of S such that A2: x = s and A3: ex s1 being Element of S st ( s1 in SIGMA f & [s,s1] in R ) ; consider s1 being Element of S such that A4: s1 in SIGMA f and A5: [s,s1] in R by A3; ex s2 being Element of S st ( s1 = s2 & s2 |= f ) by A4; then s |= EX f by A5, Th28; hence x in SIGMA (EX f) by A2; ::_thesis: verum end; for x being set st x in SIGMA (EX f) holds x in Pred ((SIGMA f),R) proof let x be set ; ::_thesis: ( x in SIGMA (EX f) implies x in Pred ((SIGMA f),R) ) assume x in SIGMA (EX f) ; ::_thesis: x in Pred ((SIGMA f),R) then consider s being Element of S such that A6: x = s and A7: s |= EX f ; consider s1 being Element of S such that A8: [s,s1] in R and A9: s1 |= f by A7, Th28; s1 in SIGMA f by A9; hence x in Pred ((SIGMA f),R) by A6, A8; ::_thesis: verum end; hence SIGMA (EX f) = Pred ((SIGMA f),R) by A1, TARSKI:1; ::_thesis: verum end; theorem :: MODELC_1:51 for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) for X being Subset of S holds (TransEG f) . X = (SIGMA f) /\ (Pred (X,R)) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) for X being Subset of S holds (TransEG f) . X = (SIGMA f) /\ (Pred (X,R)) let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f being Assign of (BASSModel (R,BASSIGN)) for X being Subset of S holds (TransEG f) . X = (SIGMA f) /\ (Pred (X,R)) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f being Assign of (BASSModel (R,BASSIGN)) for X being Subset of S holds (TransEG f) . X = (SIGMA f) /\ (Pred (X,R)) let f be Assign of (BASSModel (R,BASSIGN)); ::_thesis: for X being Subset of S holds (TransEG f) . X = (SIGMA f) /\ (Pred (X,R)) let X be Subset of S; ::_thesis: (TransEG f) . X = (SIGMA f) /\ (Pred (X,R)) set g = Tau (X,R,BASSIGN); (TransEG f) . X = SigFaxTau (f,X,R,BASSIGN) by Def70 .= (SIGMA f) /\ (SIGMA (EX (Tau (X,R,BASSIGN)))) by Th33 .= (SIGMA f) /\ (Pred ((SIGMA (Tau (X,R,BASSIGN))),R)) by Th50 ; hence (TransEG f) . X = (SIGMA f) /\ (Pred (X,R)) by Th32; ::_thesis: verum end; theorem :: MODELC_1:52 for S being non empty set for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) for X being Subset of S holds (TransEU (f,g)) . X = (SIGMA g) \/ ((SIGMA f) /\ (Pred (X,R))) proof let S be non empty set ; ::_thesis: for R being total Relation of S,S for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) for X being Subset of S holds (TransEU (f,g)) . X = (SIGMA g) \/ ((SIGMA f) /\ (Pred (X,R))) let R be total Relation of S,S; ::_thesis: for BASSIGN being non empty Subset of (ModelSP S) for f, g being Assign of (BASSModel (R,BASSIGN)) for X being Subset of S holds (TransEU (f,g)) . X = (SIGMA g) \/ ((SIGMA f) /\ (Pred (X,R))) let BASSIGN be non empty Subset of (ModelSP S); ::_thesis: for f, g being Assign of (BASSModel (R,BASSIGN)) for X being Subset of S holds (TransEU (f,g)) . X = (SIGMA g) \/ ((SIGMA f) /\ (Pred (X,R))) let f, g be Assign of (BASSModel (R,BASSIGN)); ::_thesis: for X being Subset of S holds (TransEU (f,g)) . X = (SIGMA g) \/ ((SIGMA f) /\ (Pred (X,R))) let X be Subset of S; ::_thesis: (TransEU (f,g)) . X = (SIGMA g) \/ ((SIGMA f) /\ (Pred (X,R))) set h = Tau (X,R,BASSIGN); (TransEU (f,g)) . X = SigFoaxTau (g,f,X,R,BASSIGN) by Def73 .= (SIGMA g) \/ (SIGMA (Fax (f,(Tau (X,R,BASSIGN))))) by Th33 .= (SIGMA g) \/ ((SIGMA f) /\ (SIGMA (EX (Tau (X,R,BASSIGN))))) by Th33 .= (SIGMA g) \/ ((SIGMA f) /\ (Pred ((SIGMA (Tau (X,R,BASSIGN))),R))) by Th50 ; hence (TransEU (f,g)) . X = (SIGMA g) \/ ((SIGMA f) /\ (Pred (X,R))) by Th32; ::_thesis: verum end;