Basic arithmetic

We import the theorems of propositional logic and predicate logic, and the Peano axioms and define some variables:  import (PROPOSITIONAL Interface:Classical_propositional_calculus ) import (FIRSTORDER Interface:First-order_logic_with_quantifiability (PROPOSITIONAL) ) import (PEANO Interface:Peano_axioms (PROPOSITIONAL FIRSTORDER) )

var (formula φ) var (variable k n) var (nat a b c d a0 a1 b0 b1) 

Many of the proofs in this file are based on versions from Raph Levien.

Builders
We provide rules and variants for the builder axioms.  thm (AdditionBuilderLL  ((b0 = b1) → ((a + b0) = (a + b1))) ( a EqualityReflexivity (a = a) (b0 = b1) ConjunctionRightIntroduction applyModusPonens

a a b0 b1 AdditionBuilder applySyllogism ))

thm (AdditionBuilderRR  ((a0 = a1) → ((a0 + b) = (a1 + b))) ( b EqualityReflexivity (b = b) (a0 = a1) ConjunctionLeftIntroduction applyModusPonens

a0 a1 b b AdditionBuilder applySyllogism ))

thm (buildAddition ((HN (a0 = a1)) (HM (b0 = b1))) ((a0 + b0) = (a1 + b1)) ( HN       HM        introduceConjunction a0 a1 b0 b1 AdditionBuilder applyModusPonens ))

thm (buildAdditionLL ((HM (b0 = b1))) ((a + b0) = (a + b1)) ( HM       b0 b1 a AdditionBuilderLL applyModusPonens ))

thm (buildAdditionRR ((HN (a0 = a1))) ((a0 + b) = (a1 + b)) ( HN       a0 a1 b AdditionBuilderRR applyModusPonens ))

thm (addSuccessor ((H (a = b))) ((succ a) = (succ b)) ( H       a b Successor eliminateBiconditionalForward applyModusPonens ))

thm (removeSuccessor ((H ((succ a) = (succ b)))) (a = b) ( H       a b Successor eliminateBiconditionalReverse applyModusPonens ))

thm (MultiplicationBuilderLL  ((b0 = b1) → ((a · b0) = (a · b1))) ( a EqualityReflexivity (a = a) (b0 = b1) ConjunctionRightIntroduction applyModusPonens

a a b0 b1 MultiplicationBuilder applySyllogism ))

thm (MultiplicationBuilderRR  ((a0 = a1) → ((a0 · b) = (a1 · b))) ( b EqualityReflexivity (b = b) (a0 = a1) ConjunctionLeftIntroduction applyModusPonens

a0 a1 b b MultiplicationBuilder applySyllogism ))

thm (buildMultiplication ((HN (a0 = a1)) (HM (b0 = b1))) ((a0 · b0) = (a1 · b1)) ( HN       HM        introduceConjunction a0 a1 b0 b1 MultiplicationBuilder applyModusPonens ))

thm (buildMultiplicationLL ((HM (b0 = b1))) ((a · b0) = (a · b1)) ( HM       b0 b1 a MultiplicationBuilderLL applyModusPonens ))

thm (buildMultiplicationRR ((HN (a0 = a1))) ((a0 · b) = (a1 · b)) ( HN       a0 a1 b MultiplicationBuilderRR applyModusPonens )) 

Proofs using induction, when they build up their substitutions, make heavy use of builders in consequents:  thm (buildAdditionInConsequent  ((HN (φ → (a0 = a1))) (HM (φ → (b0 = b1)))) (φ → ((a0 + b0) = (a1 + b1))) ( HN HM composeConjunction a0 a1 b0 b1 AdditionBuilder applySyllogism )) 

Induction
Here we present some induction theorems.

Induction5
This version has five hypotheses, which despite the large number turns out to be easier to handle than expressing base cases and induction steps via. The first three hypotheses handle the substitution machinery. The last two express the base case and induction step, and because the substitution has already been taken care of, tend to contain more mathematically interesting content and less substitution machinery.

 var (formula φ0 φk φSk)

thm (Induction5 ((φ0 n) (φk n) (φSk n) (φ k) (n k)) ((HSUB0 (((value n) = (0)) → (φ ↔ φ0))) (HSUBK (((value n) = (value k)) → (φ ↔ φk))) (HSUBSK (((value n) = (succ (value k))) → (φ ↔ φSk))) (HBASE φ0) (HIND (φk → φSk)) ) φ (  The main difference between this and  is that the latter uses   and we use implicit substitutions. The theorem linking the two is. We first show the base case,.  HBASE HSUB0 makeSubstExplicit eliminateBiconditionalForward applyModusPonens  The induction step is similar.  HSUBK makeSubstExplicit eliminateBiconditionalReverse HIND applySyllogism HSUBSK makeSubstExplicit eliminateBiconditionalForward applySyllogism k generalize  Now we combine the two and apply.  introduceConjunction n φ k Induction applyModusPonens

specialize )) 

Induction6S
Having presented, there's an admission to make: it isn't quite enough. There are two reasons. The first is that the discrete variable constraints on n (for example, ) are a bit too onerous. For example, suppose we are trying to prove  by induction on. Then  would be. This only passes the constraint  if   is distinct from , which is not a condition we want to impose.

The second reason is that  in   is a , rather than an. Because the quantifiers and substitution are only needed during the proof, not at the end, this is an unnecessary restriction.

The solution is, which adds one more substitution, to separate the result from the variables used in the proof. The naming conventions in the following are:  is the variable which will appear in the final result,   is the variable which appears in the induction step, and   is a variable which is used only in substitutions (the limitation of   happens because it combines this one with what corresponds to   here).

 var (formula φa)

thm (Induction6S ((n a) (φ0 n) (φk n) (φSk n) (φa n) (φ k) (n k)) ((HSUB0 (((value n) = (0)) → (φ ↔ φ0))) (HSUBK (((value n) = (value k)) → (φ ↔ φk))) (HSUBSK (((value n) = (succ (value k))) → (φ ↔ φSk))) (HSUBA (((value n) = a) → (φ ↔ φa))) (HBASE φ0) (HIND (φk → φSk)) ) φa ( HSUB0 HSUBK HSUBSK HBASE HIND Induction5 a n introduceSubst

HSUBA makeSubstExplicit eliminateBiconditionalReverse

applyModusPonens )) 

Addition is commutative
The proof that  will be by induction, but we first prove two results which will underpin the base case and induction step.

Commuted version of the AdditiveIdentity axiom
The first step towards proving that addition is commutative will be a commuted version of the AdditiveIdentity axiom. We proceed by induction.

 thm (AdditiveIdentityLeft ((a k) (n k) (n a)) (((0) + a) = a) ( </jh> The substitution for the base case is.  (value n) (0) (0) AdditionBuilderLL ((value n) = (0)) ImplicationReflexivity buildEqualityInConsequent </jh> The substitution for the induction step antecedent is.  (value n) (value k) (0) AdditionBuilderLL ((value n) = (value k)) ImplicationReflexivity buildEqualityInConsequent </jh> The substitution for the induction step consequent is similar.  (value n) (succ (value k)) (0) AdditionBuilderLL ((value n) = (succ (value k))) ImplicationReflexivity buildEqualityInConsequent </jh> The substitution for the result is similar.  (value n) a (0) AdditionBuilderLL ((value n) = a) ImplicationReflexivity buildEqualityInConsequent </jh> The base case,, follows from the AdditiveIdentity axiom.  (0) AdditiveIdentity </jh> The induction step,, follows from the Addition axiom.  ((0) + (value k)) (value k) Successor eliminateBiconditionalForward

(0) (value k) Addition swapEquality (succ (value k)) buildEqualityRR eliminateBiconditionalReverse

applySyllogism

Induction6S )) </jh>

Now that we have a, we'll also add   as a new name for the   axiom:  thm (AdditiveIdentityRight  ((a + (0)) = a) ( a AdditiveIdentity )) </jh>

Commuted version of the Addition axiom
The proof is by induction on.

 thm (AdditionCommuted ((n a) (n b) (n k) (k a))   (((succ a) + b) = (succ (a + b))) ( </jh> The substitution for the base case is.  (value n) (0) (succ a) AdditionBuilderLL

(value n) (0) a AdditionBuilderLL (a + (value n)) (a + (0)) Successor eliminateBiconditionalForward applySyllogism

buildEqualityInConsequent </jh> Substitution for the induction step antecedent:  (value n) (value k) (succ a) AdditionBuilderLL

(value n) (value k) a AdditionBuilderLL (a + (value n)) (a + (value k)) Successor eliminateBiconditionalForward applySyllogism

buildEqualityInConsequent </jh> Substitution for the induction step consequent:  (value n) (succ (value k)) (succ a) AdditionBuilderLL

(value n) (succ (value k)) a AdditionBuilderLL (a + (value n)) (a + (succ (value k))) Successor eliminateBiconditionalForward applySyllogism

buildEqualityInConsequent </jh> Substitution for the result:  (value n) b (succ a) AdditionBuilderLL

(value n) b a AdditionBuilderLL (a + (value n)) (a + b) Successor eliminateBiconditionalForward applySyllogism

buildEqualityInConsequent </jh> The base case is. The  axiom implies that each side is equal to.  (succ a) AdditiveIdentity

a AdditiveIdentity addSuccessor swapEquality

applyEqualityTransitivity </jh> The induction step is. We prove this by starting with the antecedent and taking the successor of both sides, to get. Applying the  axiom to each of the two additions gets us , which is what we need.  ((succ a) + (value k)) (succ (a + (value k))) Successor eliminateBiconditionalForward

(succ a) (value k) Addition swapEquality a (value k) Addition addSuccessor swapEquality buildEquality eliminateBiconditionalReverse

applySyllogism

Induction6S )) </jh>

Proof that addition is commutative
We prove  by induction on.  thm (AdditionCommutativity ((n a) (n b) (n k) (k b)) ((a + b) = (b + a)) ( </jh> The substitution for the base case is. <jh> (value n) (0) b AdditionBuilderRR (value n) (0) b AdditionBuilderLL buildEqualityInConsequent </jh> Substitution for the induction step antecedent: <jh> (value n) (value k) b AdditionBuilderRR (value n) (value k) b AdditionBuilderLL buildEqualityInConsequent </jh> Substitution for the induction step consequent: <jh> (value n) (succ (value k)) b AdditionBuilderRR (value n) (succ (value k)) b AdditionBuilderLL buildEqualityInConsequent </jh> Substitution for the result: <jh> (value n) a b AdditionBuilderRR (value n) a b AdditionBuilderLL buildEqualityInConsequent </jh> The base case,, follows from right and left identity. <jh> b AdditiveIdentityLeft b AdditiveIdentityRight swapEquality applyEqualityTransitivity </jh> The induction step,  follows from the regular and commuted versions of the   axiom. <jh> ((value k) + b) (b + (value k)) Successor eliminateBiconditionalForward

(value k) b AdditionCommuted swapEquality b (value k) Addition swapEquality buildEquality eliminateBiconditionalReverse

applySyllogism

Induction6S )) </jh>

Addition is associative
<jh> thm (AdditionAssociativity ((n a) (n b) (n c) (n k) (k b) (k c))  (((a + b) + c) = (a + (b + c))) ( </jh> The proof proceeds by induction on. The substitution for the base case is : <jh> (value n) (0) b AdditionBuilderRR ((value n) + b) ((0) + b) c AdditionBuilderRR applySyllogism

(value n) (0) (b + c) AdditionBuilderRR

buildEqualityInConsequent </jh> Substitution for the induction step antecedent: <jh> (value n) (value k) b AdditionBuilderRR ((value n) + b) ((value k) + b) c AdditionBuilderRR applySyllogism

(value n) (value k) (b + c) AdditionBuilderRR

buildEqualityInConsequent </jh> Substitution for the induction step consequent: <jh> (value n) (succ (value k)) b AdditionBuilderRR ((value n) + b) ((succ (value k)) + b) c AdditionBuilderRR applySyllogism

(value n) (succ (value k)) (b + c) AdditionBuilderRR

buildEqualityInConsequent </jh> Substitution for the result: <jh> (value n) a b AdditionBuilderRR ((value n) + b) (a + b) c AdditionBuilderRR applySyllogism

(value n) a (b + c) AdditionBuilderRR

buildEqualityInConsequent </jh> Each side of the base case,, is equal to   by. <jh> b AdditiveIdentityLeft c buildAdditionRR

(b + c) AdditiveIdentityLeft swapEquality

applyEqualityTransitivity </jh> To prove  from , take the successor of both sides and apply  , twice to the left side and once to the right side. <jh> (((value k) + b) + c) ((value k) + (b + c)) Successor eliminateBiconditionalForward

(value k) b AdditionCommuted c buildAdditionRR ((value k) + b) c AdditionCommuted applyEqualityTransitivity

(value k) (b + c) AdditionCommuted

buildEquality eliminateBiconditionalForward

applySyllogism

Induction6S )) </jh>

Addition cancellation
The converse of,  , also holds.

The substitution for our addition cancellation induction is worth breaking out into a lemma: <jh> var (object sub) thm (AdditionCancellationRight-substitution  ( ((value n) = sub) → (   (((a + (value n)) = (b + (value n))) → (a = b)) ↔     (((a + sub) = (b + sub)) → (a = b))  )) ( (value n) sub a AdditionBuilderLL (value n) sub b AdditionBuilderLL buildEqualityInConsequent

((a + (value n)) = (b + (value n))) ((a + sub) = (b + sub)) (a = b) ImplicationBuilderRR

applySyllogism )) </jh>

Now we can prove our addition cancellation theorem: <jh> thm (AdditionCancellationRightForward ((n a) (n b) (n c) (n k) (k a) (k b)) (((a + c) = (b + c)) → (a = b)) ( </jh> We proceed by induction on.

Here are the substitutions: <jh> n (0) a b AdditionCancellationRight-substitution n (value k) a b AdditionCancellationRight-substitution n (succ (value k)) a b AdditionCancellationRight-substitution n c a b AdditionCancellationRight-substitution </jh> The base case is. <jh> a AdditiveIdentityRight b AdditiveIdentityRight buildEquality eliminateBiconditionalReverse </jh> The induction step is that  implies. Starting with  we first move the successor operation to the start of each side:. <jh> a (value k) Addition b (value k) Addition buildEquality eliminateBiconditionalReverse </jh> Next we drop the successor operation from both sides: <jh> (a + (value k)) (b + (value k)) Successor eliminateBiconditionalReverse applySyllogism </jh> So far we have. We just need to add  as a common consequent, and we have our induction step. <jh> (a = b) addCommonConsequent

Induction6S )) </jh>

As we tend to do with theorems which hold in both directions, we provide the biconditionalized version. <jh> thm (AdditionCancellationRight  (((a + c) = (b + c)) ↔ (a = b)) ( a c b AdditionCancellationRightForward a b c AdditionBuilderRR introduceBiconditionalFromImplications ))

thm (cancelAdditionRight ((H ((a + c) = (b + c)))) (a = b) ( H       a c b AdditionCancellationRight eliminateBiconditionalReverse applyModusPonens )) </jh>

A commuted version is an easy consequence, but will be convenient to have:

<jh> thm (AdditionCancellationLeft    (((c + a) = (c + b)) ↔ (a = b)) ( c a AdditionCommutativity c b AdditionCommutativity buildEquality

a c b AdditionCancellationRight applyBiconditionalTransitivity ))

thm (cancelAdditionLeft   ((H ((c + a) = (c + b))))  (a = b) ( H       c a b AdditionCancellationLeft eliminateBiconditionalReverse applyModusPonens )) </jh>

Multiplication is commutative
The proof that multiplication is commutative is analogous to the proof that addition is commutative. It starts with proving commuted versions of the two multiplication axioms by induction, and then using those results to prove  by induction.

Commuted version of the MultiplicativeZero axiom
<jh> thm (MultiplicativeZeroLeft ((n a) (n k) (k a)) (((0) · a) = (0)) ( </jh> The proof proceeds by induction on. The substitution for the base case is : <jh> (value n) (0) (0) MultiplicationBuilderLL (0) EqualityReflexivity ((value n) = (0)) introduceAntecedent buildEqualityInConsequent </jh> Substitution for the induction step antecedent: <jh> (value n) (value k) (0) MultiplicationBuilderLL (0) EqualityReflexivity ((value n) = (value k)) introduceAntecedent buildEqualityInConsequent </jh> Substitution for the induction step consequent: <jh> (value n) (succ (value k)) (0) MultiplicationBuilderLL (0) EqualityReflexivity ((value n) = (succ (value k))) introduceAntecedent buildEqualityInConsequent </jh> Substitution for the result: <jh> (value n) a (0) MultiplicationBuilderLL (0) EqualityReflexivity ((value n) = a) introduceAntecedent buildEqualityInConsequent </jh> The base case is, which follows from the   axiom. <jh> (0) MultiplicativeZero </jh> The induction step is proved as follows: 0 · k = 0 → 0 + 0 · k = 0 + 0 (adding 0 to both sides) 0 + 0 · k = 0 · Sk (by Multiplication axiom) 0 + 0 = 0 (by AdditiveIdentity axiom) 0 · k = 0 → 0 · Sk = 0 (combining the above steps) <jh> ((0) · (value k)) (0) (0) AdditionBuilderLL

(0) (value k) Multiplication swapEquality (0) AdditiveIdentity buildEquality eliminateBiconditionalReverse

applySyllogism

Induction6S )) </jh>

For parallelism, we also give an additional name to the  axiom:

<jh> thm (MultiplicativeZeroRight  ((a · (0)) = (0)) ( a MultiplicativeZero )) </jh>

Commuted version of the Multiplication axiom
Here we prove. We break apart some parts of the proof into separate lemmas.

<jh> var (object kk) thm (MultiplicationCommuted-left  ((((succ a) · kk) + (succ a)) = ((succ a) · (succ kk))) ( ((succ a) · kk) (succ a) AdditionCommutativity (succ a) kk Multiplication swapEquality applyEqualityTransitivity ))
 * 1) kk corresponds to (value k)

thm (MultiplicationCommuted-right    ((((a · kk) + kk) + (succ a)) = ((a · (succ kk)) + (succ kk))) ( </jh> First we transform  to S(n · k + k + n): <jh> ((a · kk) + kk) a Addition </jh> Now we swap the last  and   to get. This is basically just, but there's quite a bit of rearranging and building: <jh> (a · kk) kk a AdditionAssociativity kk a AdditionCommutativity (a · kk) buildAdditionLL applyEqualityTransitivity

(a · kk) a kk AdditionAssociativity swapEquality applyEqualityTransitivity addSuccessor

applyEqualityTransitivity </jh> We now apply  to turn that into <jh> ((a · kk) + a) kk Addition swapEquality applyEqualityTransitivity </jh> And  to get <jh> (a · kk) a AdditionCommutativity a kk Multiplication swapEquality applyEqualityTransitivity

(succ kk) buildAdditionRR

applyEqualityTransitivity ))

thm (MultiplicationCommuted-step    ((((succ a) · kk) = ((a · kk) + kk)) → (((succ a) · (succ kk)) = ((a · (succ kk)) + (succ kk)))) ( </jh> Induction step: We get started by adding  to the right side of our induction step antecedant:. <jh> ((succ a) · kk) ((a · kk) + kk) (succ a) AdditionBuilderRR </jh> We transform  into  : <jh> a kk MultiplicationCommuted-left </jh> Now we turn  into  : <jh> a kk MultiplicationCommuted-right </jh> Now we just need to reassemble the entire induction step implication: <jh> buildEquality eliminateBiconditionalReverse applySyllogism ))

thm (MultiplicationCommuted ((n a) (n b) (n k) (k a))   (((succ a) · b) = ((a · b) + b)) ( </jh> The proof is by induction on. The substitution for the base case is. <jh> (value n) (0) (succ a) MultiplicationBuilderLL

(value n) (0) a MultiplicationBuilderLL ((value n) = (0)) ImplicationReflexivity buildAdditionInConsequent

buildEqualityInConsequent </jh> Substitution for the induction step antecedent: <jh> (value n) (value k) (succ a) MultiplicationBuilderLL

(value n) (value k) a MultiplicationBuilderLL ((value n) = (value k)) ImplicationReflexivity buildAdditionInConsequent

buildEqualityInConsequent </jh> Substitution for the induction step consequent: <jh> (value n) (succ (value k)) (succ a) MultiplicationBuilderLL

(value n) (succ (value k)) a MultiplicationBuilderLL ((value n) = (succ (value k))) ImplicationReflexivity buildAdditionInConsequent

buildEqualityInConsequent </jh> Substitution for the result: <jh> (value n) b (succ a) MultiplicationBuilderLL

(value n) b a MultiplicationBuilderLL ((value n) = b) ImplicationReflexivity buildAdditionInConsequent

buildEqualityInConsequent </jh> The base case is. <jh> (succ a) MultiplicativeZero a MultiplicativeZero swapEquality applyEqualityTransitivity

(a · (0)) AdditiveIdentityRight swapEquality applyEqualityTransitivity </jh> Induction step: <jh> a (value k) MultiplicationCommuted-step

Induction6S )) </jh>

Proof that multiplication is commutative
The proof is by induction on. <jh> thm (MultiplicationCommutativity ((n a) (n b) (n k) (k b))   ((a · b) = (b · a)) ( </jh> The substitution for the base case is : <jh> (value n) (0) b MultiplicationBuilderRR (value n) (0) b MultiplicationBuilderLL buildEqualityInConsequent </jh> Substitution for the induction step antecedent: <jh> (value n) (value k) b MultiplicationBuilderRR (value n) (value k) b MultiplicationBuilderLL buildEqualityInConsequent </jh> Substitution for the induction step consequent: <jh> (value n) (succ (value k)) b MultiplicationBuilderRR (value n) (succ (value k)) b MultiplicationBuilderLL buildEqualityInConsequent </jh> Substitution for the result: <jh> (value n) a b MultiplicationBuilderRR (value n) a b MultiplicationBuilderLL buildEqualityInConsequent </jh> The base case is, and follows from left and right zeros, which we have already proved: <jh> b MultiplicativeZeroLeft b MultiplicativeZeroRight swapEquality applyEqualityTransitivity </jh> Induction step. Starting with  we add b to both sides: <jh> ((value k) · b) (b · (value k)) b AdditionBuilderLL

</jh> Then we note that : <jh> b ((value k) · b) AdditionCommutativity (value k) b MultiplicationCommuted swapEquality applyEqualityTransitivity </jh> And : <jh> b (value k) Multiplication swapEquality </jh> Now we combine these, to get. <jh> buildEquality eliminateBiconditionalReverse applySyllogism

Induction6S )) </jh>

Rearrangement
Although there are a wide varieties of ways that a term could be rearranged by commutativity and associativity, the following rearrangements turn out to be common: <jh> thm (Addition4  (((a + b) + (c + d)) = ((a + c) + (b + d))) ( a b (c + d) AdditionAssociativity

b c d AdditionAssociativity swapEquality a buildAdditionLL applyEqualityTransitivity

b c AdditionCommutativity d buildAdditionRR a buildAdditionLL applyEqualityTransitivity

c b d AdditionAssociativity a buildAdditionLL applyEqualityTransitivity

a c (b + d) AdditionAssociativity swapEquality applyEqualityTransitivity ))

thm (Addition3  (((a + b) + c) = ((a + c) + b)) ( a b c AdditionAssociativity

b c AdditionCommutativity a buildAdditionLL applyEqualityTransitivity

a c b AdditionAssociativity swapEquality applyEqualityTransitivity )) </jh>

Multiplication distributes over addition
<jh> thm (LeftDistribution ((n a) (n b) (n c) (n k) (k b) (k c))  ((a · (b + c)) = ((a · b) + (a · c))) ( </jh> The proof is by induction on. The substitution for the base case is. <jh> (value n) (0) (b + c) MultiplicationBuilderRR

(value n) (0) b MultiplicationBuilderRR (value n) (0) c MultiplicationBuilderRR composeConjunction ((value n) · b) ((0) · b) ((value n) · c) ((0) · c) AdditionBuilder applySyllogism

buildEqualityInConsequent </jh> Substitution for the induction case antecedent: <jh> (value n) (value k) (b + c) MultiplicationBuilderRR

(value n) (value k) b MultiplicationBuilderRR (value n) (value k) c MultiplicationBuilderRR composeConjunction ((value n) · b) ((value k) · b) ((value n) · c) ((value k) · c) AdditionBuilder applySyllogism

buildEqualityInConsequent </jh> Substitution for the induction case consequent: <jh> (value n) (succ (value k)) (b + c) MultiplicationBuilderRR

(value n) (succ (value k)) b MultiplicationBuilderRR (value n) (succ (value k)) c MultiplicationBuilderRR composeConjunction ((value n) · b) ((succ (value k)) · b)          ((value n) · c) ((succ (value k)) · c) AdditionBuilder applySyllogism

buildEqualityInConsequent </jh> Substitution for the result: <jh> (value n) a (b + c) MultiplicationBuilderRR

(value n) a b MultiplicationBuilderRR (value n) a c MultiplicationBuilderRR composeConjunction ((value n) · b) (a · b) ((value n) · c) (a · c) AdditionBuilder applySyllogism

buildEqualityInConsequent </jh> The base case is. <jh> (b + c) MultiplicativeZeroLeft

b MultiplicativeZeroLeft c MultiplicativeZeroLeft buildAddition (0) AdditiveIdentity applyEqualityTransitivity swapEquality

applyEqualityTransitivity </jh> Now the induction step. We start with  and add (b + c) to the right of both sides: <jh> ((value k) · (b + c)) (((value k) · b) + ((value k) · c)) (b + c) AdditionBuilderRR </jh> The left side is handled by observing that : <jh> (value k) (b + c) MultiplicationCommuted swapEquality </jh> For the right side,, we rearrange the terms and apply MultiplicationCommuted twice, to get. <jh> ((value k) · b) ((value k) · c) b c Addition4

(value k) b MultiplicationCommuted swapEquality (value k) c MultiplicationCommuted swapEquality buildAddition

applyEqualityTransitivity </jh> Now we combine these, to get the induction step. <jh> buildEquality eliminateBiconditionalReverse applySyllogism

Induction6S )) </jh>

It will be convenient to also have a commuted version of this:

<jh> thm (RightDistribution   (((a + b) · c) = ((a · c) + (b · c))) ( (a + b) c MultiplicationCommutativity

c a b LeftDistribution applyEqualityTransitivity

c a MultiplicationCommutativity c b MultiplicationCommutativity buildAddition applyEqualityTransitivity )) </jh>

Multiplication is associative
<jh> thm (MultiplicationAssociativity ((n a) (n b) (n c) (n k) (k b) (k c))  (((a · b) · c) = (a · (b · c))) ( </jh> The proof is by induction on. The substitution for the base case is. <jh> (value n) (0) b MultiplicationBuilderRR ((value n) · b) ((0) · b) c MultiplicationBuilderRR applySyllogism

(value n) (0) (b · c) MultiplicationBuilderRR

buildEqualityInConsequent </jh> Substitution for the induction step antecedent: <jh> (value n) (value k) b MultiplicationBuilderRR ((value n) · b) ((value k) · b) c MultiplicationBuilderRR applySyllogism

(value n) (value k) (b · c) MultiplicationBuilderRR

buildEqualityInConsequent </jh> Substitution for the induction step consequent: <jh> (value n) (succ (value k)) b MultiplicationBuilderRR ((value n) · b) ((succ (value k)) · b) c MultiplicationBuilderRR applySyllogism

(value n) (succ (value k)) (b · c) MultiplicationBuilderRR

buildEqualityInConsequent </jh> Substitution for the result: <jh> (value n) a b MultiplicationBuilderRR ((value n) · b) (a · b) c MultiplicationBuilderRR applySyllogism

(value n) a (b · c) MultiplicationBuilderRR

buildEqualityInConsequent </jh> The base case is <jh> b MultiplicativeZeroLeft c buildMultiplicationRR c MultiplicativeZeroLeft applyEqualityTransitivity

(b · c) MultiplicativeZeroLeft

swapEquality applyEqualityTransitivity </jh> For the induction step, we take  and add   to both sides: <jh> (((value k) · b) · c) ((value k) · (b · c)) (b · c) AdditionBuilderRR </jh> To the left side,, we first collect the   using distributivity: <jh> ((value k) · b) b c RightDistribution swapEquality </jh> That gives us  so we just need to turn it into  : <jh> (value k) b MultiplicationCommuted swapEquality c buildMultiplicationRR applyEqualityTransitivity </jh> The right side,, is even easier: <jh> (value k) (b · c) MultiplicationCommuted swapEquality </jh> Now we combine these, to get the induction step. <jh> buildEquality eliminateBiconditionalReverse applySyllogism

Induction6S )) </jh>

One
One is the successor of zero:

<jh> def ((1) (succ (0))) </jh>

It serves as a multiplicative identity: <jh> thm (MultiplicativeIdentityRight   ((a · (1)) = a) ( a (0) Multiplication </jh> That gives us, so we first simplify   to. <jh> a MultiplicativeZeroRight a buildAdditionLL applyEqualityTransitivity </jh> Now we turn  to. <jh> a AdditiveIdentityRight applyEqualityTransitivity ))

thm (MultiplicativeIdentityLeft   (((1) · a) = a) ( (1) a MultiplicationCommutativity a MultiplicativeIdentityRight applyEqualityTransitivity )) </jh>

One does not equal zero. <jh> thm (ZeroOne  ((0) ≠ (1)) ( (0) ZeroNotSuccessor )) </jh>

Inequality
We define an order on natural numbers:

<jh> def ((≤ a b) (∃ n ((a + (value n)) = b))) </jh>

Definition as an equivalence
The following theorem looks just like the definition for. However, at least as JHilbert is right now, it is subtly different, as it enables one to specify the bound variable on the right hand side. Also note that  has (and needs) distinct variable constraints between   and   and   and , whereas the definition ensures that dummy variables are distinct because they are created internally by JHilbert. (See Wikiproofs:JHilbert definition soundness for more discussion of the definition mechanism).

<jh> var (variable m) thm (LessEqual ((m n) (a m) (a n) (b m) (b n)) ((a ≤ b) ↔ (∃ n ((a + (value n)) = b))) ( </jh> To restate our "subtle difference" in terms of explaining what we need for our proof, the quantified variable on the left side of the biconditional (which results from the expansion of ) is different from the quantified variable on the right hand side. So we need to switch variables.

We start with , <jh> (value m) (value n) a AdditionBuilderLL b buildEqualityRRInConsequent </jh> and apply. <jh> ChangeVariableThereExists </jh> We have proved, and that is enough since JHilbert is able to recognize that the left side is the definition of. <jh> )) </jh>

Builders
The builders for  follow readily from the builders for addition, equality, and so on. <jh> thm (LessEqualBuilderRight ( (a0 n) (a1 n) (b n)) ((a0 = a1) → ((a0 ≤ b) ↔ (a1 ≤ b))) ( </jh> What we do here is prove. On the right hand side it is OK to use the same variable for both quantifiers because we are folding the definition explicitly using. <jh> a0 a1 (value n) AdditionBuilderRR b buildEqualityRRInConsequent n buildThereExistsInConsequent

a0 b n LessEqual a1 b n LessEqual buildBiconditional eliminateBiconditionalForward applySyllogism )) </jh>

The builder for adding a common number to the left is similar, and is proved in the same way. <jh> thm (LessEqualBuilderLeft ( (a n) (b0 n) (b1 n)) ((b0 = b1) → ((a ≤ b0) ↔ (a ≤ b1))) ( b0 b1 (a + (value n)) EqualityBuilderLL n buildThereExistsInConsequent

a b0 n LessEqual a b1 n LessEqual buildBiconditional eliminateBiconditionalForward applySyllogism )) </jh>

Combining  and   gives us the full builder.

<jh> thm (LessEqualBuilder  (((a0 = a1) ∧ (b0 = b1)) → ((a0 ≤ b0) ↔ (a1 ≤ b1))) ( (a0 = a1) (b0 = b1) ConjunctionRightElimination a0 a1 b0 LessEqualBuilderRight applySyllogism

(a0 = a1) (b0 = b1) ConjunctionLeftElimination b0 b1 a1 LessEqualBuilderLeft applySyllogism

composeConjunction

(a0 ≤ b0) (a1 ≤ b0) (a1 ≤ b1) BiconditionalTransitivity applySyllogism )) </jh>

Proving inequality with an object
We can prove  by proving. Well, the usual way to do this is to provide a value for. <jh> thm (LessEqualObject ((c n) (a n) (b n)) (((a + c) = b) → (a ≤ b)) ( </jh> The proof is basically substitution machinery. We start with : <jh> (value n) c a AdditionBuilderLL

b EqualityReflexivity ((value n) = c) introduceAntecedent

composeConjunction

(a + (value n)) (a + c) b b EqualityBuilder applySyllogism </jh> We turn that into , <jh> makeSubstExplicit </jh> and take the reverse implication. <jh> eliminateBiconditionalForward </jh> That in turn implies, which is   by the definition of. <jh> c n ((a + (value n)) = b) ThereExistsIntroductionFromObject applySyllogism

a b n LessEqual eliminateBiconditionalForward applySyllogism )) </jh>

Zero is the smallest natural number
Every number is greater than or equal to zero: <jh> thm (ZeroSmallest  ((0) ≤ a) ( </jh> To prove this inequality, we need to find a number n such that. The number  does this. <jh> a AdditiveIdentityLeft

(0) a a LessEqualObject applyModusPonens )) </jh>

Predecessor
Any nonzero natural number has a predecessor. We express this as. The proof will be by induction on, and we start with the substitution. <jh> thm (Predecessor-sub ((m n) (m sub)) ( ((value n) = sub) → (   (((value n) ≠ (0)) → (∃ m ((succ (value m)) = (value n)))) ↔     ((sub ≠ (0)) → (∃ m ((succ (value m)) = sub)))  )) ( (value n) sub (0) EqualityBuilderRR addNegationInConsequent (value n) sub (succ (value m)) EqualityBuilderLL m buildThereExistsInConsequent buildImplicationInConsequent ))

thm (Predecessor ((n m) (m k) (m a) (n k) (n a)) ((a ≠ (0)) → (∃ m ((succ (value m)) = a))) ( n (0) m Predecessor-sub n (value k) m Predecessor-sub n (succ (value k)) m Predecessor-sub n a m Predecessor-sub </jh> The base case is, which follows from. <jh> (0) EqualityReflexivity (¬ (∃ m ((succ (value m)) = (0)))) introduceAntecedent transposeWithNegatedAntecedent </jh> The induction step is. We first show  (one way of thinking of this is that we could choose   as the value for , but our proof short-cuts that a bit by resorting to the   axiom). <jh> m (value k) Quantifiability

(value m) (value k) Successor eliminateBiconditionalForward m addThereExists

applyModusPonens </jh> To get the induction step, we just need to introduce some antecedents. <jh> ((succ (value k)) ≠ (0)) introduceAntecedent (((value k) ≠ (0)) → (∃ m ((succ (value m)) = (value k)))) introduceAntecedent

Induction6S )) </jh>

Total order
We'll show that ≤ has the expected properties of a total order.
 * If a ≤ b and b ≤ c then a ≤ c (transitivity)
 * If a ≤ b and b ≤ a then a = b (antisymmetry)
 * a ≤ b or b ≤ a (totality).

Transitivity
Here we prove that. The proof is simple to sketch out: by the definition of, we have   and. Applying the addition builder, we get. Rearranging the terms and cancelling the, we get. That implies, by.

Formalizing the proof is somewhat tedious, because "rearranging the terms and cancelling" expands to many steps, but the idea is unchanged (and  takes care of much of the predicate logic which might otherwise clutter this sort of proof).

<jh> var (object ab bc) var (variable vab vbc vac)

</jh> The following lemma includes the rearrangements we will need. It is a straightforward application of commutativity, associativity, and cancellation. <jh> thm (LessEqualTransitivity-1   ((((a + ab) = b) ∧ ((b + bc) = c)) → ((a + (ab + bc)) = c)) ( </jh> We start with <jh> (a + ab) b (b + bc) c AdditionBuilder </jh> On the left hand side of the consequent's equality, we commute  and   and associate: <jh> b bc AdditionCommutativity (a + ab) buildAdditionLL

(a + ab) bc b AdditionAssociativity swapEquality applyEqualityTransitivity </jh> On the right hand side, we just commute  and  : <jh> b c AdditionCommutativity </jh> Combining the two sides and cancelling the  gives <jh> buildEquality eliminateBiconditionalReverse applySyllogism

((a + ab) + bc) b c AdditionCancellationRight eliminateBiconditionalReverse applySyllogism </jh> Now we just apply associativity to the left hand side of that equality: <jh> a ab bc AdditionAssociativity c buildEqualityRR eliminateBiconditionalReverse applySyllogism ))

</jh>

We are now ready to prove. <jh> thm (LessEqualTransitivity ( (vab vbc) (vab a) (vab b) (vab c) (vbc a) (vbc b) (vbc c)  (vab vac) (vbc vac) (vac a) (vac c)  )    (((a ≤ b) ∧ (b ≤ c)) → (a ≤ c)) ( </jh> We start by expanding  and   according to the definition and gathering the quantifiers at the start of the formula. <jh> a b vab LessEqual b c vbc LessEqual buildConjunction eliminateBiconditionalReverse

vab vbc ((a + (value vab)) = b) ((b + (value vbc)) = c) ThereExistsScattering eliminateBiconditionalForward applySyllogism </jh> That gives us.

The  part of this implies first  , <jh> a (value vab) b (value vbc) c LessEqualTransitivity-1 </jh> and then. <jh> a ((value vab) + (value vbc)) c LessEqualObject applySyllogism </jh> Adding back the quantifiers gives us. <jh> vbc addThereExists vab addThereExists applySyllogism </jh> and then we can remove the quantifiers because the variables they quantify over are gone. One detail (at least as long as JHilbert continues to automatically apply definitions): we need to rewrite  as   so that we can express the distinct variable constraint between   and. <jh> a c vac LessEqual vbc buildThereExists vab buildThereExists eliminateBiconditionalReverse applySyllogism

removeThereExistsInConsequent

removeThereExistsInConsequent )) </jh>

Antisymmetry
Before we prove antisymmetry, we prove several lemmas. The first is a substitution (think of it as substituting zero for  in the left hand conjunct). <jh> thm (LessEqualAntisymmetry-1  ((((a + b) = c) ∧ (b = (0))) → (a = c)) ( </jh> We start with. <jh> b (0) a AdditionBuilderLL </jh> Next is. <jh> c buildEqualityRRInConsequent ((a + b) = c) ((a + (0)) = c) BiconditionalReverseElimination applySyllogism </jh> We turn that into , <jh> applyComm import </jh> and all that remains is removing the extra addition of zero. <jh> a AdditiveIdentity c buildEqualityRR eliminateBiconditionalReverse applySyllogism )) </jh>

Our second lemma is. <jh> thm (LessEqualAntisymmetry-2 ((a n) (b n)) (((a + b) = (0)) → (a = (0))) ( </jh> The idea of the proof is not too complicated: if  is not zero,   can be written as the successor of something (namely the predecessor of   added to  ). But this is not possible if  is zero.

Near the end of the proof we'll need, so we stick it on the proof stack. It is a consequence of the axiom that zero is not the successor of anything. <jh> ((value n) + b) ZeroNotSuccessor n generalize n ((0) = (succ ((value n) + b))) NotThereExists eliminateBiconditionalForward applyModusPonens </jh> Setting that aside, we start with. <jh> a n Predecessor </jh> Working with the  part of that, we show it implies , then  , then  , then. <jh> (succ (value n)) a b AdditionBuilderRR

(value n) b AdditionCommuted (a + b) buildEqualityRR eliminateBiconditionalReverse applySyllogism

(succ ((value n) + b)) (a + b) (0) EqualityBuilderLL applySyllogism

((0) = (succ ((value n) + b))) ((0) = (a + b)) BiconditionalForwardElimination applySyllogism </jh> It is now time to add the quantifier and combine with the previous result to get <jh> n addThereExists applySyllogism </jh> Since  does not contain , we can move it out of the quantifier, which gets us. <jh> n ((0) = (a + b)) ((0) = (succ ((value n) + b))) ThereExistsAntecedentMovement eliminateBiconditionalReverse applySyllogism </jh> Pulling  off the proof stack, we turn this into <jh> negatedDetachImplicationImplication </jh> Now we just switch the order of one the equalities and transpose. <jh> (0) (a + b) EqualitySymmetry addNegation eliminateBiconditionalReverse applySyllogism

eliminateTransposition )) </jh>

The next lemma is. The proof proceeds by rearranging the terms to get, and using that to get. <jh> thm (LessEqualAntisymmetry-3  ((((a + (value n)) = b) ∧ ((b + (value m)) = a)) → (a = b)) ( </jh> Although we won't need it for a while, we put  on the proof stack. <jh> ((a + (value n)) = b) ((b + (value m)) = a) ConjunctionRightElimination </jh> Now we start again with. <jh> (a + (value n)) b (value m) AdditionBuilderRR ((b + (value m)) = a) conjoinRR </jh> So far we have. Applying transitivity gives us. <jh> ((a + (value n)) + (value m)) (b + (value m)) a EqualityTransitivity applySyllogism </jh> We now turn the right-hand  into , and reassociate the left-hand side from   to. <jh> a (value n) (value m) AdditionAssociativity a AdditiveIdentity swapEquality buildEquality eliminateBiconditionalReverse applySyllogism </jh> We have  and cancelling the   gives us. <jh> a ((value n) + (value m)) (0) AdditionCancellationLeft eliminateBiconditionalReverse applySyllogism </jh> That in turn implies <jh> (value n) (value m) LessEqualAntisymmetry-2 applySyllogism </jh> The entire statement on the proof stack is. Combining that with our statement from the start of the proof, we get. But the right hand side is, of course, just  away from our desired. <jh> composeConjunction

a (value n) b LessEqualAntisymmetry-1 applySyllogism )) </jh>

That lemma gets us most of the way. We just need to deal with a bit of predicate logic to finish our proof of antisymmetry, <jh> thm (LessEqualAntisymmetry ((n a) (n b) (n m) (m a) (m b)) (((a ≤ b) ∧ (b ≤ a)) → (a = b)) ( a b n LessEqual b a m LessEqual buildConjunction eliminateBiconditionalReverse

n m ((a + (value n)) = b) ((b + (value m)) = a) ThereExistsScattering eliminateBiconditionalForward applySyllogism

a n b m LessEqualAntisymmetry-3 m addThereExists n addThereExists applySyllogism

removeThereExistsInConsequent

removeThereExistsInConsequent )) </jh>

Totality
This section proves. The outline of the proof is as follows. Proceed by induction on. The base case follows from. The induction step,, has two cases. The  case is easy: if   is less than , it is also less than. The  case in turn has two cases, which amount to   and   (although our formal machinery isn't advanced enough to refer to them exactly that way in the proof). In the first case,  easily implies. In the  case, we will show   (via several steps, of which applying   is a key one).

Our first lemma is just working around a problem with JHilbert, as it exists now, and distinct variables. In a just world, it would just be an instance of, but JHilbert expands the definition of  , thus introducing a variable which we need a distinct variable constraint for. The proof is just a matter of applying  so we can name the variable and the constraint. <jh> thm (NullThereExistsLessEqual ((n a) (n b) (n m) (a m) (b m)) ((∃ n (a ≤ b)) ↔ (a ≤ b)) ( a b m LessEqual n buildThereExists

n (∃ m ((a + (value m)) = b)) NullThereExists applyBiconditionalTransitivity

a b m LessEqual swapBiconditional applyBiconditionalTransitivity )) </jh>

While we're at it, we prove another similar lemma we'll need later in the proof of totality. <jh> thm (NullThereExistsDisjunctionLessEqual ((n a) (n b) (n c) (n d)) ((∃ n ((a ≤ b) ∨ (c ≤ d))) ↔ ((a ≤ b) ∨ (c ≤ d))) ( n (a ≤ b) (c ≤ d) ThereExistsDisjunction

n a b NullThereExistsLessEqual n c d NullThereExistsLessEqual buildDisjunction applyBiconditionalTransitivity )) </jh>

The key result for the  case is. <jh> thm (LessEqualSuccessor ((k a) (k n) (n a)) ((a ≤ (value k)) → (a ≤ (succ (value k)))) ( a (value k) n LessEqual eliminateBiconditionalReverse </jh> So far we have. We take the successor of both sides of the equality and rearrange to get <jh> (a + (value n)) (value k) Successor eliminateBiconditionalForward

a (value n) Addition (succ (value k)) buildEqualityRR eliminateBiconditionalForward applySyllogism </jh> But  implies   and a bit of work with the quantifier gives us. <jh> a (succ (value n)) (succ (value k)) LessEqualObject applySyllogism

n addThereExists applySyllogism

n a (succ (value k)) NullThereExistsLessEqual eliminateBiconditionalReverse applySyllogism )) </jh>

What we actually need for the  case is a slight variation of that,. <jh> thm (TotalityLemmaALessEqualK ((a k)) ((a ≤ (value k)) → ((a ≤ (succ (value k))) ∨ ((succ (value k)) ≤ a))) ( a k LessEqualSuccessor

(a ≤ (succ (value k))) ((succ (value k)) ≤ a) DisjunctionRightIntroduction applySyllogism )) </jh>

The  case we express as. We prove it via several lemmas. <jh> thm (TotalityLemmaAEqualK-1  (((value m) = (0)) → ((((value k) + (value m)) = a) → ((value k) = a))) ( (value m) (0) (value k) AdditionBuilderLL

(value k) AdditiveIdentity ((value m) = (0)) introduceAntecedent

applyEqualityTransitivityInConsequent

a buildEqualityRRInConsequent eliminateBiconditionalReverseInConsequent ))

thm (TotalityLemmaAEqualK-2a  ((a = (value k)) → (a ≤ (value k))) ( a (value k) (0) AdditionBuilderRR (value k) AdditiveIdentity (a + (0)) buildEqualityLL eliminateBiconditionalReverse applySyllogism </jh> That gives us. <jh> a (0) (value k) LessEqualObject applySyllogism ))

thm (TotalityLemmaAEqualK-2 ((a k)) ((a = (value k)) → (a ≤ (succ (value k)))) ( a k TotalityLemmaAEqualK-2a a k LessEqualSuccessor applySyllogism ))

thm (TotalityLemmaAEqualK ((a k)) (((value m) = (0)) → ((((value k) + (value m)) = a) → ((a ≤ (succ (value k))) ∨ ((succ (value k)) ≤ a)))) ( m k a TotalityLemmaAEqualK-1

(value k) a EqualitySymmetry eliminateBiconditionalReverse a k TotalityLemmaAEqualK-2 applySyllogism

(a ≤ (succ (value k))) ((succ (value k)) ≤ a) DisjunctionRightIntroduction applySyllogism

(((value k) + (value m)) = a) addCommonAntecedent applySyllogism )) </jh>

The  case we express as. Here is an outline of the proof of this case. We will be proving that  and   imply. To do this we need a number  for which. The predecessor of  is the value we choose. <jh> thm (TotalityLemmaKLessThanA ((n m) (n k) (n a)) (((value m) ≠ (0)) → ((((value k) + (value m)) = a) → ((a ≤ (succ (value k))) ∨ ((succ (value k)) ≤ a)))) ( (value m) n Predecessor </jh> Next we show <jh> (succ (value n)) (value m) (value k) AdditionBuilderLL a buildEqualityRRInConsequent eliminateBiconditionalForwardInConsequent </jh> Adding ∃ and combining with the previous step gives <jh> n addThereExists applySyllogism </jh> We move  out of the quantifier. <jh> n (((value k) + (value m)) = a) (((value k) + (succ (value n))) = a) ThereExistsAntecedentMovement eliminateBiconditionalReverse applySyllogism </jh> We have. We transform  into. <jh> (value k) (value n) Addition

(value k) (value n) AdditionCommutativity addSuccessor applyEqualityTransitivity

(value n) (value k) Addition swapEquality applyEqualityTransitivity

(value n) (succ (value k)) AdditionCommutativity applyEqualityTransitivity

a buildEqualityRR

n buildThereExists transformImplicationImplicationConsequent </jh> Now we show that  implies  , <jh> (succ (value k)) a n LessEqual eliminateBiconditionalForward ((succ (value k)) ≤ a) (a ≤ (succ (value k))) DisjunctionLeftIntroduction applySyllogism </jh> and assemble the result. <jh> (((value k) + (value m)) = a) addCommonAntecedent ((value m) ≠ (0)) addCommonAntecedent applyModusPonens )) </jh>

Taking one step back, the combination of the  and   cases is the   case,. <jh> thm (TotalityLemmaKLessEqualA ((a k) (m a) (m k)) (((value k) ≤ a) → ((a ≤ (succ (value k))) ∨ ((succ (value k)) ≤ a))) ( </jh> We start with. <jh> (value k) a m LessEqual eliminateBiconditionalReverse </jh> That  is just the combination of the   and   cases. <jh> m k a TotalityLemmaAEqualK m k a TotalityLemmaKLessThanA eliminateCases </jh> Now we just add ∃ and combine with the previous result to get. <jh> m addThereExists applySyllogism </jh> Since m does not occur in, the quantifier is unnecessary, and we are done. <jh> m a (succ (value k)) (succ (value k)) a NullThereExistsDisjunctionLessEqual eliminateBiconditionalReverse applySyllogism )) </jh>

We are ready to return to the proof of  by induction. We first prove the substitution. Conceptually, it is. However, as long as JHilbert automatically expands definitions, we need to expand each definition of  so that we can express the distinct variable constraints with the dummy variables. <jh> var (variable an na) thm (Totality-sub ((an n) (an sub) (na n) (na sub)) ( ((value n) = sub) → (   ((∃ an ((a + (value an)) = (value n))) ∨ (∃ na (((value n) + (value na)) = a))) ↔     ((∃ an ((a + (value an)) = sub)) ∨ (∃ na ((sub + (value na)) = a)))  )) ( (value n) sub (a + (value an)) EqualityBuilderLL an buildThereExistsInConsequent
 * 1) Without the need to expand ≤, this would be:
 * 2)        (value n) sub a LessEqualBuilderLL
 * 3)        (value n) sub a LessEqualBuilderRR
 * 4)        buildDisjunctionInConsequent

(value n) sub (value na) AdditionBuilderRR a buildEqualityRRInConsequent na buildThereExistsInConsequent

buildDisjunctionInConsequent )) </jh> And here is the proof, by induction on. <jh> thm (LessEqualTotality ((n k an na) (n a an na) (n b an na) (k a)) ((a ≤ b) ∨ (b ≤ a)) ( n (0) an a na Totality-sub n (value k) an a na Totality-sub n (succ (value k)) an a na Totality-sub n b an a na Totality-sub </jh> The base case is. <jh> a ZeroSmallest (a ≤ (0)) introduceLeftDisjunction </jh> Due to the issue with distinct variables discussed at, we need to expand the inequalities. <jh> a (0) an LessEqual (0) a na LessEqual buildDisjunction eliminateBiconditionalReverse applyModusPonens </jh> The induction step is. <jh> a k TotalityLemmaALessEqualK k a TotalityLemmaKLessEqualA composeDisjunction </jh> Due to the issue with distinct variables discussed at, we need to expand the inequalities. <jh> a (value k) an LessEqual (value k) a na LessEqual buildDisjunction

a (succ (value k)) an LessEqual (succ (value k)) a na LessEqual buildDisjunction

buildImplication eliminateBiconditionalReverse applyModusPonens

Induction6S </jh> Due to the issue with distinct variables discussed at, we unexpand the inequalities. <jh> a b an LessEqual b a na LessEqual buildDisjunction eliminateBiconditionalForward applyModusPonens )) </jh>

Consequences of total order properties
In the above section, we have proved that  is a total order. Total orders have characteristic properties, and due to our import/export system, we can derive many consequences of the total order from this fact without having to prove them (since we have already proved them in First-order linear order defined via nonstrict inequality). In addition to theorems, we also get a definition for, strictly less than. <jh> export (ORDER_DEFINED Interface:First-order_linear_order_defined_via_nonstrict_inequality (PROPOSITIONAL FIRSTORDER) )

import (ORDER Interface:First-order_linear_order_from_nonstrict_inequality(PROPOSITIONAL FIRSTORDER ORDER_DEFINED) ) </jh>

This order is consistent with addition
<jh> thm (LessEqualAdditionRR ((a n) (b n) (c n)) ((a ≤ b) ↔ ((a + c) ≤ (b + c))) ( a b n LessEqual </jh> The right hand side is now. We add  to both sides of the equality, <jh> (a + (value n)) c b AdditionCancellationRight swapBiconditional </jh> rewrite it as , <jh> a (value n) c Addition3 (b + c) buildEqualityRR applyBiconditionalTransitivity </jh> and reinstate the quantifier to get. <jh> n buildThereExists applyBiconditionalTransitivity </jh> Applying  we are done. <jh> (a + c) (b + c) n LessEqual swapBiconditional applyBiconditionalTransitivity )) </jh>

Here is the same theorem with the additions commuted. <jh> thm (LessEqualAdditionLL  ((b0 ≤ b1) ↔ ((a + b0) ≤ (a + b1))) ( b0 b1 a LessEqualAdditionRR

b0 a AdditionCommutativity b1 a AdditionCommutativity buildLessEqual

applyBiconditionalTransitivity )) </jh>

Combining the two gives the full theorem. <jh> thm (LessEqualAddition  (((a0 ≤ a1) ∧ (b0 ≤ b1)) → ((a0 + b0) ≤ (a1 + b1))) ( (a0 ≤ a1) (b0 ≤ b1) ConjunctionRightElimination a0 a1 b0 LessEqualAdditionRR eliminateBiconditionalReverse applySyllogism </jh> That gives us. Now we apply a similar technique to also get. <jh> (a0 ≤ a1) (b0 ≤ b1) ConjunctionLeftElimination b0 b1 a1 LessEqualAdditionLL eliminateBiconditionalReverse applySyllogism </jh> Combining these two finishes the proof. <jh> composeConjunction (a0 + b0) (a1 + b0) (a1 + b1) LessEqualTransitivity applySyllogism )) </jh>

Here we prove the analogous theorems for the strict order. We're just expanding  into   and showing that both sides of the conjunction work. <jh> thm (LessThanAdditionRR  ((a0 < a1) ↔ ((a0 + b) < (a1 + b))) ( a0 a1 LessThanLessEqual

a0 a1 b LessEqualAdditionRR

a0 b a1 AdditionCancellationRight swapBiconditional addNegation

buildConjunction

applyBiconditionalTransitivity

(a0 + b) (a1 + b) LessThanLessEqual swapBiconditional applyBiconditionalTransitivity ))

thm (LessThanAdditionLL  ((b0 < b1) ↔ ((a + b0) < (a + b1))) ( b0 b1 LessThanLessEqual

b0 b1 a LessEqualAdditionLL

a b0 b1 AdditionCancellationLeft swapBiconditional addNegation

buildConjunction

applyBiconditionalTransitivity

(a + b0) (a + b1) LessThanLessEqual swapBiconditional applyBiconditionalTransitivity ))

thm (LessEqualLessThanAddition  (((a0 ≤ a1) ∧ (b0 < b1)) → ((a0 + b0) < (a1 + b1))) ( </jh> First we show. <jh> (a0 ≤ a1) (b0 < b1) ConjunctionRightElimination a0 a1 b0 LessEqualAdditionRR eliminateBiconditionalReverse applySyllogism </jh> Next is. <jh> (a0 ≤ a1) (b0 < b1) ConjunctionLeftElimination b0 b1 a1 LessThanAdditionLL eliminateBiconditionalReverse applySyllogism </jh> Combining the two finishes the proof. <jh> composeConjunction (a0 + b0) (a1 + b0) (a1 + b1) LessEqualLessThanTransitivity applySyllogism ))

thm (LessThanAddition  (((a0 < a1) ∧ (b0 < b1)) → ((a0 + b0) < (a1 + b1))) ( a0 a1 LessThanLessEqualImplication (b0 < b1) conjoinRR

a0 a1 b0 b1 LessEqualLessThanAddition

applySyllogism )) </jh>

This order is consistent with multiplication
In systems admitting negative numbers, such as the integers or reals, the term "multiplication is consistent with ≤" will generally refer to a weaker result, such as. But we prove a more powerful theorem,. The converse only holds if. <jh> thm (LessEqualMultiplicationRR ((a n) (b n) (c n)) ((a ≤ b) → ((a · c) ≤ (b · c))) ( a b n LessEqual eliminateBiconditionalReverse

(a + (value n)) b c MultiplicationBuilderRR </jh> That gives. Distributivity turns  into. <jh> a (value n) c RightDistribution (b · c) buildEqualityRR eliminateBiconditionalReverse applySyllogism </jh> But  implies. <jh> (a · c) ((value n) · c) (b · c) LessEqualObject applySyllogism </jh> Adding back the quantifier and reassembling, we get. <jh> n addThereExists applySyllogism </jh> Removing the quantifier we are done. <jh> n (a · c) (b · c) NullThereExistsLessEqual eliminateBiconditionalReverse applySyllogism )) </jh>

Adding one and successor
Before we export to Interface:Basic arithmetic, we have one style point to clear up. The induction theorems there are stated in terms of  (as that file does not have the successor operation).

<jh> thm (SuccessorAddsOne  ((a + (1)) = (succ a)) ( a (0) Addition

a AdditiveIdentityRight addSuccessor

applyEqualityTransitivity ))

thm (Induction6 ((n a) (φ0 n) (φk n) (φSk n) (φa n) (φ k) (n k)) ((HSUB0 (((value n) = (0)) → (φ ↔ φ0))) (HSUBK (((value n) = (value k)) → (φ ↔ φk))) (HSUBSK (((value n) = ((value k) + (1))) → (φ ↔ φSk))) (HSUBA (((value n) = a) → (φ ↔ φa))) (HBASE φ0) (HIND (φk → φSk)) ) φa ( HSUB0 HSUBK

(value k) SuccessorAddsOne (value n) buildEqualityLL eliminateBiconditionalForward HSUBSK applySyllogism

HSUBA HBASE HIND Induction6S )) </jh>

Changing  to   in the  -based form of induction is a simple application of builders. We apply the builders via several lemmas:

<jh> thm (InductionSubst-1   ((subst ((value k) + (1)) n φ) ↔ (subst (succ (value k)) n φ)) ( (value k) SuccessorAddsOne n φ buildSubstReplacement ))

thm (InductionSubst-2   ((∀ k ((subst (value k) n φ) → (subst ((value k) + (1)) n φ))) ↔ (∀ k ((subst (value k) n φ) → (subst (succ (value k)) n φ)))) ( (subst (value k) n φ) BiconditionalReflexivity k n φ InductionSubst-1 buildImplication k buildForAll ))

thm (InductionSubst-3   ((((subst (0) n φ) ∧ (∀ k ((subst (value k) n φ) → (subst ((value k) + (1)) n φ))))    → (∀ n φ)) ↔ (((subst (0) n φ) ∧ (∀ k ((subst (value k) n φ) → (subst (succ (value k)) n φ))))    → (∀ n φ))) ( (subst (0) n φ) BiconditionalReflexivity k n φ InductionSubst-2 buildConjunction

(∀ n φ) BiconditionalReflexivity buildImplication ))

thm (InductionSubst    (((subst (0) n φ) ∧     (∀ k ((subst (value k) n φ) → (subst ((value k) + (1)) n φ)))) → (∀ n φ)) ( n φ k Induction

n φ k InductionSubst-3 eliminateBiconditionalForward

applyModusPonens )) </jh>

Export
<jh> export (ARITHMETIC Interface:Basic_arithmetic (PROPOSITIONAL FIRSTORDER) ) </jh>