2. The assumptions in A.11 imply either the antecedent in A.12 or R¹(K¹). Formally,

R¹( ˆK) ^

∀k, K :k /∈K∧R¹(K ∪ {k}) =⇒ R¹(K)

=⇒

∀k, K :R¹(K ∪ {k}) =⇒ R¹(K) _ R¹(K¹).

Skolemizing and simplifying, we have R¹(K² ∪

k¹ ) ^

∀k, K :k /∈K∧R¹(K ∪ {k}) =⇒ R¹(K) (A.13)

=⇒ R¹(K²).

Letk =k¹ and K =K² in A.13. The theorem follows, since R¹(K² ∪

k¹ )∧K²(k¹) =⇒ R¹(K²).

Lemma 11 Let k be an element of K, M

k∈K

S(k) =S(k)⊕ M

j∈K\{k}

S(j).

2

Proof The proof is by induction onK: Base Case When K =∅:

k ∈K∧K =∅ =⇒ ¯0 =S(k)⊕ M

j∈K\{k}

S(j).

Inductive Step Let an element raised to the n denote a bound, or skolemized, instance of its respective type, where n ∈ N⁰. For example, K¹ is an in instance of K ⊂ A and S¹ is an instance of S ∈ S. Elements without superscript notation are the opposite.

Assume K¹ 6=∅, and S ∈ S,K ⊂ A, and k∈K,

|K|<

K¹ =⇒



k ∈K =⇒ M

k∈K

S=S(k)⊕ M

K\{k}

S





^ (A.14)

k¹ ∈K¹ (A.15)

=⇒

S¹((K¹))⊕ M

K¹\{(K¹)}

S¹ =S¹(k¹)⊕ M

K¹\{k¹}

S¹. (A.16)

First, we assume two instances of A.14. We must choose appropriate instantiations for the free variables in each. In the first, letK =K¹\{k¹},S =S¹, andk =(K¹); in the second,K =K¹\ {(K¹)},S =S¹, and k¹. Choices forK are both valid assumptions since |K¹\ {k¹}| < |K¹| and |K¹\ {(K¹)}| < |K¹|. Substituted into A.14, with

cardinality assumptions removed for brevity, we have

(K¹)∈K¹\

k¹ =⇒ M

K¹\{k¹}

S¹ =



S¹((K¹))⊕ M

K¹\{k¹}\{(K¹)}

S¹





^ (A.17)

k¹ ∈K¹\

(K¹) =⇒ M

K¹\{(K¹)}

S¹ =



S(k¹)⊕ M

K¹\{(K¹)}\{k¹}

S¹



. (A.18)

Before we can apply A.17 or A.18 to A.14, we must discharge their respective an- tecedents.

1. From A.17,

(K¹)∈/ K¹\

k¹ =⇒ S¹((K¹))⊕ M

K¹\{(K¹)}

S¹ =S¹(k¹)⊕ M

K¹\{k¹}

S¹,

which holds since, (K¹)∈/ K¹\ {k¹} =⇒ (K¹) = k¹. 2. From A.18,

k¹ ∈/ K¹\

(K¹) =⇒ S¹((K¹))⊕ M

K¹\{(K¹)}

S¹ =S¹(k¹)⊕ M

K¹\{k¹}

S¹,

which holds since, k¹ ∈/K¹\ {(K¹)} =⇒ k¹ =(K¹).

M

K¹\{k¹}

S¹ =



S¹((K¹))⊕ M

K¹\{k¹}\{(K¹)}

S¹





^ (A.19)

M

K¹\{(K¹)}

S¹ =



S(k¹)⊕ M

K¹\{(K¹)}\{k¹}

S¹





^ (A.20)

k¹ ∈K¹

=⇒

S¹((K¹))⊕ M

K¹\{(K¹)}

S¹ =S¹(k¹)⊕ M

K¹\{k¹}

S¹ (A.21)

SinceK¹\ {k¹} \ {(K¹)}=K¹\ {(K¹)} \ {k¹}, we can replace A.19 and A.20 in A.21:

S¹((K¹))⊕S(k¹)⊕ M

K¹\{(K¹)}\{k¹}

S¹ =S¹(k¹)⊕S¹((K¹))⊕ M

K¹\{(K¹)}\{k¹}

S¹.

The equality holds from the commutativity of⊕.

A.2.2 Examples

Min/Max

Definition 30 The minimum and maximum values over a set of natural numbers S is defined:

min : i, j →if i < j then i else j

max : i, j →if i < j then j else i. ₂

Theorem 26 (Min is Idempotent)

∀i: min(i, i) =i

2

Proof This follows from the definition: i≮i, so the result will be i.

Theorem 27 (Min is Commutative)

∀i, j: min(i, j) = min(j, i)

2

Proof From the definition, the theorem can be rewritten

if i < j then i else j

=

if j < i then j else i ,

which is equivalent.

Theorem 28 (Min is Associative)

∀i, j, k: min(i,min(j, k)) = min(min(i, j), k)

2

Proof Using the definition of min, we have several if-then branches to consider. However, as was the case in the proof of Theorem 27, exhaustive analysis shows their equivalence.

Theorem 29 (Min is Closed)

∀i, j ∈Z: min(i, j)∈Z ₂

Proof Follows from the definition of min.

Proofs for max are symmetric with respect to the ordering relation.

GCD/LCM

The greatest common divisor (gcd) and least common multiple (lcm) are two binary operators that fit our operator specification. Inherent in their definition is the concept of divisibility:

we say that a number i “divides” another number j.

Definition 31 (Divisibility)

divides : i, j → ∃x: j =i×x

2

Definition 32 (Greatest Common Divisor)

gcd : i, j →max

{k | divides(k, i)∧divides(k, j)}

lcm : i, j →min

{k | divides(i, k)∧divides(j, k)}

where i,j, and k are all positive natural numbers.¹ ₂

1In the case of lcm, it is imperative that neither i nor j be zero. For gcd, however, this condition can be relaxed: either variable can be zero, but not both. In the case of our proof sketch, we assume the

Whereas proofs for max and min were completely symmetric, the same relationship between gcd and lcm is not as straightforward; thus we give their proofs separate treatment. We start with gcd, specifically, a supporting lemma for its idempotence.

Lemma 12

∀i: gcd(0, i) =i

2

Theorem 30 (GCD is Idempotent)

∀i: gcd(i, i) = i

2

Proof

gcd(i, i) =i {From Lemma 12}

gcd(i, i) = gcd(0, i) {From the definition of gcd}

max

{divides(k, i)∧divides(k, i)}

= max

{divides(0, i)∧divides(0, i)}

{Applying extensionality and simplifying}

divides(k, i) = divides(k,0)∧divides(k, i) {if and only if equivalence}

divides(k, i) ⇐⇒ divides(k,0)∧divides(k, i)

lcm conditions for both operators; in our formal setting, however, gcd’s possible zero value is taken into consideration.

The final line yields three subgoals

divides(k, i) =⇒ divides(k,0) (A.22) divides(k, i) =⇒ divides(k, i) (A.23) divides(k,0)∧divides(k, i) =⇒ divides(k, i). (A.24) Equation A.22, even without the antecedent, is true the definition. Equation A.23 and

Equation A.24 hold trivially.

Theorem 31 (GCD is Commutative)

∀i, j, k: gcd(i, j) = gcd(j, i)

2

Proof

gcd(i, j) = gcd(j, i) {By definition}

max

{divides(k, i)∧divides(k, j)}

= max

{divides(k, j)∧divides(k, i)}

{Applying extensionality and simplifying}

divides(k, i)∧divides(k, j) = divides(k, j)∧divides(k, i) {if and only if equivalence}

divides(k, i)∧divides(k, j) ⇐⇒ divides(k, j)∧divides(k, i)

{True by conjunctive commutativity}

The following lemmas relate gcd and divides over three positive natural numbers. They aid in the subsequent proof of gcd associativity.

Lemma 13

∀i, j, k: divides(i,gcd(j, k)) =⇒ divides(i, j)∧divides(i, k)

2

Lemma 14

∀i, j, k : divides(i, j)∧divides(i, k) =⇒ divides(i,gcd(j, k))

2

Theorem 32 (GCD is Associative)

∀i, j: gcd(i,gcd(j, k)) = gcd(gcd(i, j), k)

2

Proof

gcd(i,gcd(j, k)) = gcd(gcd(i, j), k) {From the definition of gcd}

max

{divides(z, i)∧divides(z,gcd(j, k))}

= max

{divides(z,gcd(i, j))∧divides(z, k)}

{Applying extensionality and simplifying}

divides(z, i)∧divides(z,gcd(j, k)) = divides(z,gcd(i, j))∧divides(z, k) {if and only if equivalence}

divides(z, i)∧divides(z,gcd(j, k)) ⇐⇒ divides(z,gcd(i, j))∧divides(z, k) The final line yields four subgoals

divides(z, i)∧divides(z,gcd(j, k)) =⇒ divides(z,gcd(i, j)) (A.25) divides(z, i)∧divides(z,gcd(j, k)) =⇒ divides(z, k) (A.26) divides(z,gcd(i, j))∧divides(z, k) =⇒ divides(z, i) (A.27) divides(z,gcd(i, j))∧divides(z, k) =⇒ divides(z,gcd(j, k)). (A.28) Equation A.25and A.28hold fromLemma 13andLemma 14;Equation A.27and A.26hold

directly from Lemma 13.

We turn our attention to equivalent proofs with respect to the lcm. As mentioned earlier, the subtle difference is significant enough to warrant separate treatment.

Lemma 15

∀i: lcm(1, i) = i

2

Theorem 33 (LCM is Idempotent)

∀i: lcm(i, i) =i

2

Proof

lcm(i, i) =i {From Lemma 15}

lcm(i, i) = lcm(1, i) {From the definition of lcm}

min

{divides(lcm(1, i), k)∧divides(lcm(1, i), k)}

= min

{divides(1, k)∧divides(i, k)}

{Applying extensionality and simplifying}

divides(lcm(1, i), k) = divides(1, k)∧divides(i, k) {if and only if equivalence}

divides(lcm(1, i), k) ⇐⇒ divides(1, k)∧divides(i, k)

The final line yields three subgoals

divides(lcm(1, i), k) =⇒ divides(1, k) (A.29) divides(lcm(1, i), k) =⇒ divides(i, k) (A.30) divides(1, k)∧divides(i, k) =⇒ divides(lcm(1, i), k). (A.31)

Equation A.29 holds trivially. Equation A.30 and A.31 hold byLemma 15.

Theorem 34 (LCM is Commutative)

∀i, j: lcm(i, j) = lcm(j, i)

2

Proof

lcm(i, j) = lcm(j, i) {From the definition of lcm}

max

{divides(i, k)∧divides(j, k)}

= max

{divides(j, k)∧divides(i, k)}

{Applying extensionality and simplifying}

divides(i, k)∧divides(j, k) = divides(j, k)∧divides(i, k) {if and only if equivalence}

divides(i, k)∧divides(j, k) ⇐⇒ divides(j, k)∧divides(i, k)

{True by conjunctive commutativity}

Lemma 16

∀i, j, k: divides(lcm(i, j), k) =⇒ divides(i, k)∧divides(j, k)

2

Lemma 17

∀i, j, k : divides(i, k)∧divides(j, k) =⇒ divides(lcm(i, j), k)

2

Theorem 35 (LCM is Associative)

∀i, j, k: lcm(i,lcm(j, k)) = lcm(lcm(i, j), k)

2

Proof

lcm(i,lcm(j, k)) = lcm(lcm(i, j), k) {From the definition of lcm}

min

{divides(i, z)∧divides(lcm(j, k), z)}

= min

{divides(lcm(i, j), z)∧divides(k, z)}

{Applying extensionality and simplifying}

divides(i, z)∧divides(lcm(j, k), z) = divides(lcm(i, j), z)∧divides(k, z) {if and only if equivalence}

divides(i, z)∧divides(lcm(j, k), z) ⇐⇒ divides(lcm(i, j), z)∧divides(k, z) The final line yields four subgoals

divides(i, z)∧divides(lcm(j, k), z) =⇒ divides(lcm(i, j), z) (A.32) divides(i, z)∧divides(lcm(j, k), z) =⇒ divides(k, z) (A.33) divides(lcm(i, j), z)∧divides(k, z) =⇒ divides(i, z) (A.34) divides(lcm(i, j), z)∧divides(k, z) =⇒ divides(lcm(j, k), z). (A.35) Equations A.32 and A.35 hold from Lemmas 16 and 17; Equations A.34 and A.33 hold

directly from Lemma 16.

Convex Hull

From Example 8, we denote by Ch: P →P the convex hull of a set of points that produces another set of points.

Theorem 36 (Super Idempotent)

∀p, q ∈P: C_h(p ∪ q) =C_h(p ∪ C_h(q))

2

Proofs are left to concrete definitions C_h.

Theorem 37 (Idempotent)

∀p:C_h(p) =C_h(C_h(p))

2

Proof Holds by substituting∅ for p inTheorem 36

C_h(p ∪ ∅) =C_h(C_h(p ∪ ∅) ∪ ∅) {From principles of logic: x ∪ ∅=x}

C_h(p) =C_h(C_h(p)).

Theorem 38 (Commutative)

∀p, q ∈P: C_h(p ∪ q) = C_h(q ∪ p)

2

Proof Holds by union commutativity: p ∪ q=q ∪ p.

Theorem 39 (Associative)

∀p, q, r ∈P: Ch(Ch(p ∪ q) ∪ r) = Ch(p ∪ Ch(q ∪ r))

2

Proof

C_h(C_h(p ∪ q) ∪ r) =C_h(p ∪ C_h(q ∪ r)) {From Theorem 38}

C_h(r ∪ C_h(p ∪ q)) = {From Theorem 36}

C_h(r ∪ p ∪ q) = {From union commutativity}

C_h(p ∪ q ∪ r) = {From Theorem 36}

C_h(p ∪ C_h(q ∪ r))