Theory Brouwer_Fixpoint

theory Brouwer_Fixpoint
imports Homeomorphism
(*  Author:     John Harrison
    Author:     Robert Himmelmann, TU Muenchen (Translation from HOL light) and LCP
*)

(* ========================================================================= *)
(* Results connected with topological dimension.                             *)
(*                                                                           *)
(* At the moment this is just Brouwer's fixpoint theorem. The proof is from  *)
(* Kuhn: "some combinatorial lemmas in topology", IBM J. v4. (1960) p. 518   *)
(* See "http://www.research.ibm.com/journal/rd/045/ibmrd0405K.pdf".          *)
(*                                                                           *)
(* The script below is quite messy, but at least we avoid formalizing any    *)
(* topological machinery; we don't even use barycentric subdivision; this is *)
(* the big advantage of Kuhn's proof over the usual Sperner's lemma one.     *)
(*                                                                           *)
(*              (c) Copyright, John Harrison 1998-2008                       *)
(* ========================================================================= *)

section ‹Results connected with topological dimension.›

theory Brouwer_Fixpoint
imports Path_Connected Homeomorphism
begin

lemma bij_betw_singleton_eq:
  assumes f: "bij_betw f A B" and g: "bij_betw g A B" and a: "a ∈ A"
  assumes eq: "(⋀x. x ∈ A ⟹ x ≠ a ⟹ f x = g x)"
  shows "f a = g a"
proof -
  have "f ` (A - {a}) = g ` (A - {a})"
    by (intro image_cong) (simp_all add: eq)
  then have "B - {f a} = B - {g a}"
    using f g a  by (auto simp: bij_betw_def inj_on_image_set_diff set_eq_iff Diff_subset)
  moreover have "f a ∈ B" "g a ∈ B"
    using f g a by (auto simp: bij_betw_def)
  ultimately show ?thesis
    by auto
qed

lemma swap_image:
  "Fun.swap i j f ` A = (if i ∈ A then (if j ∈ A then f ` A else f ` ((A - {i}) ∪ {j}))
                                  else (if j ∈ A then f ` ((A - {j}) ∪ {i}) else f ` A))"
  apply (auto simp: Fun.swap_def image_iff)
  apply metis
  apply (metis member_remove remove_def)
  apply (metis member_remove remove_def)
  done

lemmas swap_apply1 = swap_apply(1)
lemmas swap_apply2 = swap_apply(2)
lemmas lessThan_empty_iff = Iio_eq_empty_iff_nat
lemmas Zero_notin_Suc = zero_notin_Suc_image
lemmas atMost_Suc_eq_insert_0 = Iic_Suc_eq_insert_0

lemma sum_union_disjoint':
  assumes "finite A"
    and "finite B"
    and "A ∩ B = {}"
    and "A ∪ B = C"
  shows "sum g C = sum g A + sum g B"
  using sum.union_disjoint[OF assms(1-3)] and assms(4) by auto

lemma pointwise_minimal_pointwise_maximal:
  fixes s :: "(nat ⇒ nat) set"
  assumes "finite s"
    and "s ≠ {}"
    and "∀x∈s. ∀y∈s. x ≤ y ∨ y ≤ x"
  shows "∃a∈s. ∀x∈s. a ≤ x"
    and "∃a∈s. ∀x∈s. x ≤ a"
  using assms
proof (induct s rule: finite_ne_induct)
  case (insert b s)
  assume *: "∀x∈insert b s. ∀y∈insert b s. x ≤ y ∨ y ≤ x"
  then obtain u l where "l ∈ s" "∀b∈s. l ≤ b" "u ∈ s" "∀b∈s. b ≤ u"
    using insert by auto
  with * show "∃a∈insert b s. ∀x∈insert b s. a ≤ x" "∃a∈insert b s. ∀x∈insert b s. x ≤ a"
    using *[rule_format, of b u] *[rule_format, of b l] by (metis insert_iff order.trans)+
qed auto

lemma brouwer_compactness_lemma:
  fixes f :: "'a::metric_space ⇒ 'b::real_normed_vector"
  assumes "compact s"
    and "continuous_on s f"
    and "¬ (∃x∈s. f x = 0)"
  obtains d where "0 < d" and "∀x∈s. d ≤ norm (f x)"
proof (cases "s = {}")
  case True
  show thesis
    by (rule that [of 1]) (auto simp: True)
next
  case False
  have "continuous_on s (norm ∘ f)"
    by (rule continuous_intros continuous_on_norm assms(2))+
  with False obtain x where x: "x ∈ s" "∀y∈s. (norm ∘ f) x ≤ (norm ∘ f) y"
    using continuous_attains_inf[OF assms(1), of "norm ∘ f"]
    unfolding o_def
    by auto
  have "(norm ∘ f) x > 0"
    using assms(3) and x(1)
    by auto
  then show ?thesis
    by (rule that) (insert x(2), auto simp: o_def)
qed

lemma kuhn_labelling_lemma:
  fixes P Q :: "'a::euclidean_space ⇒ bool"
  assumes "∀x. P x ⟶ P (f x)"
    and "∀x. P x ⟶ (∀i∈Basis. Q i ⟶ 0 ≤ x∙i ∧ x∙i ≤ 1)"
  shows "∃l. (∀x.∀i∈Basis. l x i ≤ (1::nat)) ∧
             (∀x.∀i∈Basis. P x ∧ Q i ∧ (x∙i = 0) ⟶ (l x i = 0)) ∧
             (∀x.∀i∈Basis. P x ∧ Q i ∧ (x∙i = 1) ⟶ (l x i = 1)) ∧
             (∀x.∀i∈Basis. P x ∧ Q i ∧ (l x i = 0) ⟶ x∙i ≤ f x∙i) ∧
             (∀x.∀i∈Basis. P x ∧ Q i ∧ (l x i = 1) ⟶ f x∙i ≤ x∙i)"
proof -
  { fix x i
    let ?R = "λy. (P x ∧ Q i ∧ x ∙ i = 0 ⟶ y = (0::nat)) ∧
        (P x ∧ Q i ∧ x ∙ i = 1 ⟶ y = 1) ∧
        (P x ∧ Q i ∧ y = 0 ⟶ x ∙ i ≤ f x ∙ i) ∧
        (P x ∧ Q i ∧ y = 1 ⟶ f x ∙ i ≤ x ∙ i)"
    { assume "P x" "Q i" "i ∈ Basis" with assms have "0 ≤ f x ∙ i ∧ f x ∙ i ≤ 1" by auto }
    then have "i ∈ Basis ⟹ ?R 0 ∨ ?R 1" by auto }
  then show ?thesis
    unfolding all_conj_distrib[symmetric] Ball_def (* FIXME: shouldn't this work by metis? *)
    by (subst choice_iff[symmetric])+ blast
qed


subsection ‹The key "counting" observation, somewhat abstracted.›

lemma kuhn_counting_lemma:
  fixes bnd compo compo' face S F
  defines "nF s == card {f∈F. face f s ∧ compo' f}"
  assumes [simp, intro]: "finite F"  "faces" and [simp, intro]: "finite S"  "simplices"
    and "⋀f. f ∈ F ⟹ bnd f ⟹ card {s∈S. face f s} = 1"
    and "⋀f. f ∈ F ⟹ ¬ bnd f ⟹ card {s∈S. face f s} = 2"
    and "⋀s. s ∈ S ⟹ compo s ⟹ nF s = 1"
    and "⋀s. s ∈ S ⟹ ¬ compo s ⟹ nF s = 0 ∨ nF s = 2"
    and "odd (card {f∈F. compo' f ∧ bnd f})"
  shows "odd (card {s∈S. compo s})"
proof -
  have "(∑s | s ∈ S ∧ ¬ compo s. nF s) + (∑s | s ∈ S ∧ compo s. nF s) = (∑s∈S. nF s)"
    by (subst sum.union_disjoint[symmetric]) (auto intro!: sum.cong)
  also have "… = (∑s∈S. card {f ∈ {f∈F. compo' f ∧ bnd f}. face f s}) +
                  (∑s∈S. card {f ∈ {f∈F. compo' f ∧ ¬ bnd f}. face f s})"
    unfolding sum.distrib[symmetric]
    by (subst card_Un_disjoint[symmetric])
       (auto simp: nF_def intro!: sum.cong arg_cong[where f=card])
  also have "… = 1 * card {f∈F. compo' f ∧ bnd f} + 2 * card {f∈F. compo' f ∧ ¬ bnd f}"
    using assms(4,5) by (fastforce intro!: arg_cong2[where f="op +"] sum_multicount)
  finally have "odd ((∑s | s ∈ S ∧ ¬ compo s. nF s) + card {s∈S. compo s})"
    using assms(6,8) by simp
  moreover have "(∑s | s ∈ S ∧ ¬ compo s. nF s) =
    (∑s | s ∈ S ∧ ¬ compo s ∧ nF s = 0. nF s) + (∑s | s ∈ S ∧ ¬ compo s ∧ nF s = 2. nF s)"
    using assms(7) by (subst sum.union_disjoint[symmetric]) (fastforce intro!: sum.cong)+
  ultimately show ?thesis
    by auto
qed

subsection ‹The odd/even result for faces of complete vertices, generalized.›

lemma kuhn_complete_lemma:
  assumes [simp]: "finite simplices"
    and face: "⋀f s. face f s ⟷ (∃a∈s. f = s - {a})"
    and card_s[simp]:  "⋀s. s ∈ simplices ⟹ card s = n + 2"
    and rl_bd: "⋀s. s ∈ simplices ⟹ rl ` s ⊆ {..Suc n}"
    and bnd: "⋀f s. s ∈ simplices ⟹ face f s ⟹ bnd f ⟹ card {s∈simplices. face f s} = 1"
    and nbnd: "⋀f s. s ∈ simplices ⟹ face f s ⟹ ¬ bnd f ⟹ card {s∈simplices. face f s} = 2"
    and odd_card: "odd (card {f. (∃s∈simplices. face f s) ∧ rl ` f = {..n} ∧ bnd f})"
  shows "odd (card {s∈simplices. (rl ` s = {..Suc n})})"
proof (rule kuhn_counting_lemma)
  have finite_s[simp]: "⋀s. s ∈ simplices ⟹ finite s"
    by (metis add_is_0 zero_neq_numeral card_infinite assms(3))

  let ?F = "{f. ∃s∈simplices. face f s}"
  have F_eq: "?F = (⋃s∈simplices. ⋃a∈s. {s - {a}})"
    by (auto simp: face)
  show "finite ?F"
    using ‹finite simplices› unfolding F_eq by auto

  show "card {s ∈ simplices. face f s} = 1" if "f ∈ ?F" "bnd f" for f
    using bnd that by auto

  show "card {s ∈ simplices. face f s} = 2" if "f ∈ ?F" "¬ bnd f" for f
    using nbnd that by auto

  show "odd (card {f ∈ {f. ∃s∈simplices. face f s}. rl ` f = {..n} ∧ bnd f})"
    using odd_card by simp

  fix s assume s[simp]: "s ∈ simplices"
  let ?S = "{f ∈ {f. ∃s∈simplices. face f s}. face f s ∧ rl ` f = {..n}}"
  have "?S = (λa. s - {a}) ` {a∈s. rl ` (s - {a}) = {..n}}"
    using s by (fastforce simp: face)
  then have card_S: "card ?S = card {a∈s. rl ` (s - {a}) = {..n}}"
    by (auto intro!: card_image inj_onI)

  { assume rl: "rl ` s = {..Suc n}"
    then have inj_rl: "inj_on rl s"
      by (intro eq_card_imp_inj_on) auto
    moreover obtain a where "rl a = Suc n" "a ∈ s"
      by (metis atMost_iff image_iff le_Suc_eq rl)
    ultimately have n: "{..n} = rl ` (s - {a})"
      by (auto simp add: inj_on_image_set_diff Diff_subset rl)
    have "{a∈s. rl ` (s - {a}) = {..n}} = {a}"
      using inj_rl ‹a ∈ s› by (auto simp add: n inj_on_image_eq_iff[OF inj_rl] Diff_subset)
    then show "card ?S = 1"
      unfolding card_S by simp }

  { assume rl: "rl ` s ≠ {..Suc n}"
    show "card ?S = 0 ∨ card ?S = 2"
    proof cases
      assume *: "{..n} ⊆ rl ` s"
      with rl rl_bd[OF s] have rl_s: "rl ` s = {..n}"
        by (auto simp add: atMost_Suc subset_insert_iff split: if_split_asm)
      then have "¬ inj_on rl s"
        by (intro pigeonhole) simp
      then obtain a b where ab: "a ∈ s" "b ∈ s" "rl a = rl b" "a ≠ b"
        by (auto simp: inj_on_def)
      then have eq: "rl ` (s - {a}) = rl ` s"
        by auto
      with ab have inj: "inj_on rl (s - {a})"
        by (intro eq_card_imp_inj_on) (auto simp add: rl_s card_Diff_singleton_if)

      { fix x assume "x ∈ s" "x ∉ {a, b}"
        then have "rl ` s - {rl x} = rl ` ((s - {a}) - {x})"
          by (auto simp: eq Diff_subset inj_on_image_set_diff[OF inj])
        also have "… = rl ` (s - {x})"
          using ab ‹x ∉ {a, b}› by auto
        also assume "… = rl ` s"
        finally have False
          using ‹x∈s› by auto }
      moreover
      { fix x assume "x ∈ {a, b}" with ab have "x ∈ s ∧ rl ` (s - {x}) = rl ` s"
          by (simp add: set_eq_iff image_iff Bex_def) metis }
      ultimately have "{a∈s. rl ` (s - {a}) = {..n}} = {a, b}"
        unfolding rl_s[symmetric] by fastforce
      with ‹a ≠ b› show "card ?S = 0 ∨ card ?S = 2"
        unfolding card_S by simp
    next
      assume "¬ {..n} ⊆ rl ` s"
      then have "⋀x. rl ` (s - {x}) ≠ {..n}"
        by auto
      then show "card ?S = 0 ∨ card ?S = 2"
        unfolding card_S by simp
    qed }
qed fact

locale kuhn_simplex =
  fixes p n and base upd and s :: "(nat ⇒ nat) set"
  assumes base: "base ∈ {..< n} → {..< p}"
  assumes base_out: "⋀i. n ≤ i ⟹ base i = p"
  assumes upd: "bij_betw upd {..< n} {..< n}"
  assumes s_pre: "s = (λi j. if j ∈ upd`{..< i} then Suc (base j) else base j) ` {.. n}"
begin

definition "enum i j = (if j ∈ upd`{..< i} then Suc (base j) else base j)"

lemma s_eq: "s = enum ` {.. n}"
  unfolding s_pre enum_def[abs_def] ..

lemma upd_space: "i < n ⟹ upd i < n"
  using upd by (auto dest!: bij_betwE)

lemma s_space: "s ⊆ {..< n} → {.. p}"
proof -
  { fix i assume "i ≤ n" then have "enum i ∈ {..< n} → {.. p}"
    proof (induct i)
      case 0 then show ?case
        using base by (auto simp: Pi_iff less_imp_le enum_def)
    next
      case (Suc i) with base show ?case
        by (auto simp: Pi_iff Suc_le_eq less_imp_le enum_def intro: upd_space)
    qed }
  then show ?thesis
    by (auto simp: s_eq)
qed

lemma inj_upd: "inj_on upd {..< n}"
  using upd by (simp add: bij_betw_def)

lemma inj_enum: "inj_on enum {.. n}"
proof -
  { fix x y :: nat assume "x ≠ y" "x ≤ n" "y ≤ n"
    with upd have "upd ` {..< x} ≠ upd ` {..< y}"
      by (subst inj_on_image_eq_iff[where C="{..< n}"]) (auto simp: bij_betw_def)
    then have "enum x ≠ enum y"
      by (auto simp add: enum_def fun_eq_iff) }
  then show ?thesis
    by (auto simp: inj_on_def)
qed

lemma enum_0: "enum 0 = base"
  by (simp add: enum_def[abs_def])

lemma base_in_s: "base ∈ s"
  unfolding s_eq by (subst enum_0[symmetric]) auto

lemma enum_in: "i ≤ n ⟹ enum i ∈ s"
  unfolding s_eq by auto

lemma one_step:
  assumes a: "a ∈ s" "j < n"
  assumes *: "⋀a'. a' ∈ s ⟹ a' ≠ a ⟹ a' j = p'"
  shows "a j ≠ p'"
proof
  assume "a j = p'"
  with * a have "⋀a'. a' ∈ s ⟹ a' j = p'"
    by auto
  then have "⋀i. i ≤ n ⟹ enum i j = p'"
    unfolding s_eq by auto
  from this[of 0] this[of n] have "j ∉ upd ` {..< n}"
    by (auto simp: enum_def fun_eq_iff split: if_split_asm)
  with upd ‹j < n› show False
    by (auto simp: bij_betw_def)
qed

lemma upd_inj: "i < n ⟹ j < n ⟹ upd i = upd j ⟷ i = j"
  using upd by (auto simp: bij_betw_def inj_on_eq_iff)

lemma upd_surj: "upd ` {..< n} = {..< n}"
  using upd by (auto simp: bij_betw_def)

lemma in_upd_image: "A ⊆ {..< n} ⟹ i < n ⟹ upd i ∈ upd ` A ⟷ i ∈ A"
  using inj_on_image_mem_iff[of upd "{..< n}"] upd
  by (auto simp: bij_betw_def)

lemma enum_inj: "i ≤ n ⟹ j ≤ n ⟹ enum i = enum j ⟷ i = j"
  using inj_enum by (auto simp: inj_on_eq_iff)

lemma in_enum_image: "A ⊆ {.. n} ⟹ i ≤ n ⟹ enum i ∈ enum ` A ⟷ i ∈ A"
  using inj_on_image_mem_iff[OF inj_enum] by auto

lemma enum_mono: "i ≤ n ⟹ j ≤ n ⟹ enum i ≤ enum j ⟷ i ≤ j"
  by (auto simp: enum_def le_fun_def in_upd_image Ball_def[symmetric])

lemma enum_strict_mono: "i ≤ n ⟹ j ≤ n ⟹ enum i < enum j ⟷ i < j"
  using enum_mono[of i j] enum_inj[of i j] by (auto simp add: le_less)

lemma chain: "a ∈ s ⟹ b ∈ s ⟹ a ≤ b ∨ b ≤ a"
  by (auto simp: s_eq enum_mono)

lemma less: "a ∈ s ⟹ b ∈ s ⟹ a i < b i ⟹ a < b"
  using chain[of a b] by (auto simp: less_fun_def le_fun_def not_le[symmetric])

lemma enum_0_bot: "a ∈ s ⟹ a = enum 0 ⟷ (∀a'∈s. a ≤ a')"
  unfolding s_eq by (auto simp: enum_mono Ball_def)

lemma enum_n_top: "a ∈ s ⟹ a = enum n ⟷ (∀a'∈s. a' ≤ a)"
  unfolding s_eq by (auto simp: enum_mono Ball_def)

lemma enum_Suc: "i < n ⟹ enum (Suc i) = (enum i)(upd i := Suc (enum i (upd i)))"
  by (auto simp: fun_eq_iff enum_def upd_inj)

lemma enum_eq_p: "i ≤ n ⟹ n ≤ j ⟹ enum i j = p"
  by (induct i) (auto simp: enum_Suc enum_0 base_out upd_space not_less[symmetric])

lemma out_eq_p: "a ∈ s ⟹ n ≤ j ⟹ a j = p"
  unfolding s_eq by (auto simp add: enum_eq_p)

lemma s_le_p: "a ∈ s ⟹ a j ≤ p"
  using out_eq_p[of a j] s_space by (cases "j < n") auto

lemma le_Suc_base: "a ∈ s ⟹ a j ≤ Suc (base j)"
  unfolding s_eq by (auto simp: enum_def)

lemma base_le: "a ∈ s ⟹ base j ≤ a j"
  unfolding s_eq by (auto simp: enum_def)

lemma enum_le_p: "i ≤ n ⟹ j < n ⟹ enum i j ≤ p"
  using enum_in[of i] s_space by auto

lemma enum_less: "a ∈ s ⟹ i < n ⟹ enum i < a ⟷ enum (Suc i) ≤ a"
  unfolding s_eq by (auto simp: enum_strict_mono enum_mono)

lemma ksimplex_0:
  "n = 0 ⟹ s = {(λx. p)}"
  using s_eq enum_def base_out by auto

lemma replace_0:
  assumes "j < n" "a ∈ s" and p: "∀x∈s - {a}. x j = 0" and "x ∈ s"
  shows "x ≤ a"
proof cases
  assume "x ≠ a"
  have "a j ≠ 0"
    using assms by (intro one_step[where a=a]) auto
  with less[OF ‹x∈s› ‹a∈s›, of j] p[rule_format, of x] ‹x ∈ s› ‹x ≠ a›
  show ?thesis
    by auto
qed simp

lemma replace_1:
  assumes "j < n" "a ∈ s" and p: "∀x∈s - {a}. x j = p" and "x ∈ s"
  shows "a ≤ x"
proof cases
  assume "x ≠ a"
  have "a j ≠ p"
    using assms by (intro one_step[where a=a]) auto
  with enum_le_p[of _ j] ‹j < n› ‹a∈s›
  have "a j < p"
    by (auto simp: less_le s_eq)
  with less[OF ‹a∈s› ‹x∈s›, of j] p[rule_format, of x] ‹x ∈ s› ‹x ≠ a›
  show ?thesis
    by auto
qed simp

end

locale kuhn_simplex_pair = s: kuhn_simplex p n b_s u_s s + t: kuhn_simplex p n b_t u_t t
  for p n b_s u_s s b_t u_t t
begin

lemma enum_eq:
  assumes l: "i ≤ l" "l ≤ j" and "j + d ≤ n"
  assumes eq: "s.enum ` {i .. j} = t.enum ` {i + d .. j + d}"
  shows "s.enum l = t.enum (l + d)"
using l proof (induct l rule: dec_induct)
  case base
  then have s: "s.enum i ∈ t.enum ` {i + d .. j + d}" and t: "t.enum (i + d) ∈ s.enum ` {i .. j}"
    using eq by auto
  from t ‹i ≤ j› ‹j + d ≤ n› have "s.enum i ≤ t.enum (i + d)"
    by (auto simp: s.enum_mono)
  moreover from s ‹i ≤ j› ‹j + d ≤ n› have "t.enum (i + d) ≤ s.enum i"
    by (auto simp: t.enum_mono)
  ultimately show ?case
    by auto
next
  case (step l)
  moreover from step.prems ‹j + d ≤ n› have
      "s.enum l < s.enum (Suc l)"
      "t.enum (l + d) < t.enum (Suc l + d)"
    by (simp_all add: s.enum_strict_mono t.enum_strict_mono)
  moreover have
      "s.enum (Suc l) ∈ t.enum ` {i + d .. j + d}"
      "t.enum (Suc l + d) ∈ s.enum ` {i .. j}"
    using step ‹j + d ≤ n› eq by (auto simp: s.enum_inj t.enum_inj)
  ultimately have "s.enum (Suc l) = t.enum (Suc (l + d))"
    using ‹j + d ≤ n›
    by (intro antisym s.enum_less[THEN iffD1] t.enum_less[THEN iffD1])
       (auto intro!: s.enum_in t.enum_in)
  then show ?case by simp
qed

lemma ksimplex_eq_bot:
  assumes a: "a ∈ s" "⋀a'. a' ∈ s ⟹ a ≤ a'"
  assumes b: "b ∈ t" "⋀b'. b' ∈ t ⟹ b ≤ b'"
  assumes eq: "s - {a} = t - {b}"
  shows "s = t"
proof cases
  assume "n = 0" with s.ksimplex_0 t.ksimplex_0 show ?thesis by simp
next
  assume "n ≠ 0"
  have "s.enum 0 = (s.enum (Suc 0)) (u_s 0 := s.enum (Suc 0) (u_s 0) - 1)"
       "t.enum 0 = (t.enum (Suc 0)) (u_t 0 := t.enum (Suc 0) (u_t 0) - 1)"
    using ‹n ≠ 0› by (simp_all add: s.enum_Suc t.enum_Suc)
  moreover have e0: "a = s.enum 0" "b = t.enum 0"
    using a b by (simp_all add: s.enum_0_bot t.enum_0_bot)
  moreover
  { fix j assume "0 < j" "j ≤ n"
    moreover have "s - {a} = s.enum ` {Suc 0 .. n}" "t - {b} = t.enum ` {Suc 0 .. n}"
      unfolding s.s_eq t.s_eq e0 by (auto simp: s.enum_inj t.enum_inj)
    ultimately have "s.enum j = t.enum j"
      using enum_eq[of "1" j n 0] eq by auto }
  note enum_eq = this
  then have "s.enum (Suc 0) = t.enum (Suc 0)"
    using ‹n ≠ 0› by auto
  moreover
  { fix j assume "Suc j < n"
    with enum_eq[of "Suc j"] enum_eq[of "Suc (Suc j)"]
    have "u_s (Suc j) = u_t (Suc j)"
      using s.enum_Suc[of "Suc j"] t.enum_Suc[of "Suc j"]
      by (auto simp: fun_eq_iff split: if_split_asm) }
  then have "⋀j. 0 < j ⟹ j < n ⟹ u_s j = u_t j"
    by (auto simp: gr0_conv_Suc)
  with ‹n ≠ 0› have "u_t 0 = u_s 0"
    by (intro bij_betw_singleton_eq[OF t.upd s.upd, of 0]) auto
  ultimately have "a = b"
    by simp
  with assms show "s = t"
    by auto
qed

lemma ksimplex_eq_top:
  assumes a: "a ∈ s" "⋀a'. a' ∈ s ⟹ a' ≤ a"
  assumes b: "b ∈ t" "⋀b'. b' ∈ t ⟹ b' ≤ b"
  assumes eq: "s - {a} = t - {b}"
  shows "s = t"
proof (cases n)
  assume "n = 0" with s.ksimplex_0 t.ksimplex_0 show ?thesis by simp
next
  case (Suc n')
  have "s.enum n = (s.enum n') (u_s n' := Suc (s.enum n' (u_s n')))"
       "t.enum n = (t.enum n') (u_t n' := Suc (t.enum n' (u_t n')))"
    using Suc by (simp_all add: s.enum_Suc t.enum_Suc)
  moreover have en: "a = s.enum n" "b = t.enum n"
    using a b by (simp_all add: s.enum_n_top t.enum_n_top)
  moreover
  { fix j assume "j < n"
    moreover have "s - {a} = s.enum ` {0 .. n'}" "t - {b} = t.enum ` {0 .. n'}"
      unfolding s.s_eq t.s_eq en by (auto simp: s.enum_inj t.enum_inj Suc)
    ultimately have "s.enum j = t.enum j"
      using enum_eq[of "0" j n' 0] eq Suc by auto }
  note enum_eq = this
  then have "s.enum n' = t.enum n'"
    using Suc by auto
  moreover
  { fix j assume "j < n'"
    with enum_eq[of j] enum_eq[of "Suc j"]
    have "u_s j = u_t j"
      using s.enum_Suc[of j] t.enum_Suc[of j]
      by (auto simp: Suc fun_eq_iff split: if_split_asm) }
  then have "⋀j. j < n' ⟹ u_s j = u_t j"
    by (auto simp: gr0_conv_Suc)
  then have "u_t n' = u_s n'"
    by (intro bij_betw_singleton_eq[OF t.upd s.upd, of n']) (auto simp: Suc)
  ultimately have "a = b"
    by simp
  with assms show "s = t"
    by auto
qed

end

inductive ksimplex for p n :: nat where
  ksimplex: "kuhn_simplex p n base upd s ⟹ ksimplex p n s"

lemma finite_ksimplexes: "finite {s. ksimplex p n s}"
proof (rule finite_subset)
  { fix a s assume "ksimplex p n s" "a ∈ s"
    then obtain b u where "kuhn_simplex p n b u s" by (auto elim: ksimplex.cases)
    then interpret kuhn_simplex p n b u s .
    from s_space ‹a ∈ s› out_eq_p[OF ‹a ∈ s›]
    have "a ∈ (λf x. if n ≤ x then p else f x) ` ({..< n} →E {.. p})"
      by (auto simp: image_iff subset_eq Pi_iff split: if_split_asm
               intro!: bexI[of _ "restrict a {..< n}"]) }
  then show "{s. ksimplex p n s} ⊆ Pow ((λf x. if n ≤ x then p else f x) ` ({..< n} →E {.. p}))"
    by auto
qed (simp add: finite_PiE)

lemma ksimplex_card:
  assumes "ksimplex p n s" shows "card s = Suc n"
using assms proof cases
  case (ksimplex u b)
  then interpret kuhn_simplex p n u b s .
  show ?thesis
    by (simp add: card_image s_eq inj_enum)
qed

lemma simplex_top_face:
  assumes "0 < p" "∀x∈s'. x n = p"
  shows "ksimplex p n s' ⟷ (∃s a. ksimplex p (Suc n) s ∧ a ∈ s ∧ s' = s - {a})"
  using assms
proof safe
  fix s a assume "ksimplex p (Suc n) s" and a: "a ∈ s" and na: "∀x∈s - {a}. x n = p"
  then show "ksimplex p n (s - {a})"
  proof cases
    case (ksimplex base upd)
    then interpret kuhn_simplex p "Suc n" base upd "s" .

    have "a n < p"
      using one_step[of a n p] na ‹a∈s› s_space by (auto simp: less_le)
    then have "a = enum 0"
      using ‹a ∈ s› na by (subst enum_0_bot) (auto simp: le_less intro!: less[of a _ n])
    then have s_eq: "s - {a} = enum ` Suc ` {.. n}"
      using s_eq by (simp add: atMost_Suc_eq_insert_0 insert_ident Zero_notin_Suc in_enum_image subset_eq)
    then have "enum 1 ∈ s - {a}"
      by auto
    then have "upd 0 = n"
      using ‹a n < p› ‹a = enum 0› na[rule_format, of "enum 1"]
      by (auto simp: fun_eq_iff enum_Suc split: if_split_asm)
    then have "bij_betw upd (Suc ` {..< n}) {..< n}"
      using upd
      by (subst notIn_Un_bij_betw3[where b=0])
         (auto simp: lessThan_Suc[symmetric] lessThan_Suc_eq_insert_0)
    then have "bij_betw (upd∘Suc) {..<n} {..<n}"
      by (rule bij_betw_trans[rotated]) (auto simp: bij_betw_def)

    have "a n = p - 1"
      using enum_Suc[of 0] na[rule_format, OF ‹enum 1 ∈ s - {a}›] ‹a = enum 0› by (auto simp: ‹upd 0 = n›)

    show ?thesis
    proof (rule ksimplex.intros, standard)
      show "bij_betw (upd∘Suc) {..< n} {..< n}" by fact
      show "base(n := p) ∈ {..<n} → {..<p}" "⋀i. n≤i ⟹ (base(n := p)) i = p"
        using base base_out by (auto simp: Pi_iff)

      have "⋀i. Suc ` {..< i} = {..< Suc i} - {0}"
        by (auto simp: image_iff Ball_def) arith
      then have upd_Suc: "⋀i. i ≤ n ⟹ (upd∘Suc) ` {..< i} = upd ` {..< Suc i} - {n}"
        using ‹upd 0 = n› upd_inj
        by (auto simp add: image_comp[symmetric] inj_on_image_set_diff[OF inj_upd])
      have n_in_upd: "⋀i. n ∈ upd ` {..< Suc i}"
        using ‹upd 0 = n› by auto

      define f' where "f' i j =
        (if j ∈ (upd∘Suc)`{..< i} then Suc ((base(n := p)) j) else (base(n := p)) j)" for i j
      { fix x i assume i[arith]: "i ≤ n" then have "enum (Suc i) x = f' i x"
          unfolding f'_def enum_def using ‹a n < p› ‹a = enum 0› ‹upd 0 = n› ‹a n = p - 1›
          by (simp add: upd_Suc enum_0 n_in_upd) }
      then show "s - {a} = f' ` {.. n}"
        unfolding s_eq image_comp by (intro image_cong) auto
    qed
  qed
next
  assume "ksimplex p n s'" and *: "∀x∈s'. x n = p"
  then show "∃s a. ksimplex p (Suc n) s ∧ a ∈ s ∧ s' = s - {a}"
  proof cases
    case (ksimplex base upd)
    then interpret kuhn_simplex p n base upd s' .
    define b where "b = base (n := p - 1)"
    define u where "u i = (case i of 0 ⇒ n | Suc i ⇒ upd i)" for i

    have "ksimplex p (Suc n) (s' ∪ {b})"
    proof (rule ksimplex.intros, standard)
      show "b ∈ {..<Suc n} → {..<p}"
        using base ‹0 < p› unfolding lessThan_Suc b_def by (auto simp: PiE_iff)
      show "⋀i. Suc n ≤ i ⟹ b i = p"
        using base_out by (auto simp: b_def)

      have "bij_betw u (Suc ` {..< n} ∪ {0}) ({..<n} ∪ {u 0})"
        using upd
        by (intro notIn_Un_bij_betw) (auto simp: u_def bij_betw_def image_comp comp_def inj_on_def)
      then show "bij_betw u {..<Suc n} {..<Suc n}"
        by (simp add: u_def lessThan_Suc[symmetric] lessThan_Suc_eq_insert_0)

      define f' where "f' i j = (if j ∈ u`{..< i} then Suc (b j) else b j)" for i j

      have u_eq: "⋀i. i ≤ n ⟹ u ` {..< Suc i} = upd ` {..< i} ∪ { n }"
        by (auto simp: u_def image_iff upd_inj Ball_def split: nat.split) arith

      { fix x have "x ≤ n ⟹ n ∉ upd ` {..<x}"
          using upd_space by (simp add: image_iff neq_iff) }
      note n_not_upd = this

      have *: "f' ` {.. Suc n} = f' ` (Suc ` {.. n} ∪ {0})"
        unfolding atMost_Suc_eq_insert_0 by simp
      also have "… = (f' ∘ Suc) ` {.. n} ∪ {b}"
        by (auto simp: f'_def)
      also have "(f' ∘ Suc) ` {.. n} = s'"
        using ‹0 < p› base_out[of n]
        unfolding s_eq enum_def[abs_def] f'_def[abs_def] upd_space
        by (intro image_cong) (simp_all add: u_eq b_def fun_eq_iff n_not_upd)
      finally show "s' ∪ {b} = f' ` {.. Suc n}" ..
    qed
    moreover have "b ∉ s'"
      using * ‹0 < p› by (auto simp: b_def)
    ultimately show ?thesis by auto
  qed
qed

lemma ksimplex_replace_0:
  assumes s: "ksimplex p n s" and a: "a ∈ s"
  assumes j: "j < n" and p: "∀x∈s - {a}. x j = 0"
  shows "card {s'. ksimplex p n s' ∧ (∃b∈s'. s' - {b} = s - {a})} = 1"
  using s
proof cases
  case (ksimplex b_s u_s)

  { fix t b assume "ksimplex p n t"
    then obtain b_t u_t where "kuhn_simplex p n b_t u_t t"
      by (auto elim: ksimplex.cases)
    interpret kuhn_simplex_pair p n b_s u_s s b_t u_t t
      by intro_locales fact+

    assume b: "b ∈ t" "t - {b} = s - {a}"
    with a j p s.replace_0[of _ a] t.replace_0[of _ b] have "s = t"
      by (intro ksimplex_eq_top[of a b]) auto }
  then have "{s'. ksimplex p n s' ∧ (∃b∈s'. s' - {b} = s - {a})} = {s}"
    using s ‹a ∈ s› by auto
  then show ?thesis
    by simp
qed

lemma ksimplex_replace_1:
  assumes s: "ksimplex p n s" and a: "a ∈ s"
  assumes j: "j < n" and p: "∀x∈s - {a}. x j = p"
  shows "card {s'. ksimplex p n s' ∧ (∃b∈s'. s' - {b} = s - {a})} = 1"
  using s
proof cases
  case (ksimplex b_s u_s)

  { fix t b assume "ksimplex p n t"
    then obtain b_t u_t where "kuhn_simplex p n b_t u_t t"
      by (auto elim: ksimplex.cases)
    interpret kuhn_simplex_pair p n b_s u_s s b_t u_t t
      by intro_locales fact+

    assume b: "b ∈ t" "t - {b} = s - {a}"
    with a j p s.replace_1[of _ a] t.replace_1[of _ b] have "s = t"
      by (intro ksimplex_eq_bot[of a b]) auto }
  then have "{s'. ksimplex p n s' ∧ (∃b∈s'. s' - {b} = s - {a})} = {s}"
    using s ‹a ∈ s› by auto
  then show ?thesis
    by simp
qed

lemma card_2_exists: "card s = 2 ⟷ (∃x∈s. ∃y∈s. x ≠ y ∧ (∀z∈s. z = x ∨ z = y))"
  by (auto simp add: card_Suc_eq eval_nat_numeral)

lemma ksimplex_replace_2:
  assumes s: "ksimplex p n s" and "a ∈ s" and "n ≠ 0"
    and lb: "∀j<n. ∃x∈s - {a}. x j ≠ 0"
    and ub: "∀j<n. ∃x∈s - {a}. x j ≠ p"
  shows "card {s'. ksimplex p n s' ∧ (∃b∈s'. s' - {b} = s - {a})} = 2"
  using s
proof cases
  case (ksimplex base upd)
  then interpret kuhn_simplex p n base upd s .

  from ‹a ∈ s› obtain i where "i ≤ n" "a = enum i"
    unfolding s_eq by auto

  from ‹i ≤ n› have "i = 0 ∨ i = n ∨ (0 < i ∧ i < n)"
    by linarith
  then have "∃!s'. s' ≠ s ∧ ksimplex p n s' ∧ (∃b∈s'. s - {a} = s'- {b})"
  proof (elim disjE conjE)
    assume "i = 0"
    define rot where [abs_def]: "rot i = (if i + 1 = n then 0 else i + 1)" for i
    let ?upd = "upd ∘ rot"

    have rot: "bij_betw rot {..< n} {..< n}"
      by (auto simp: bij_betw_def inj_on_def image_iff Ball_def rot_def)
         arith+
    from rot upd have "bij_betw ?upd {..<n} {..<n}"
      by (rule bij_betw_trans)

    define f' where [abs_def]: "f' i j =
      (if j ∈ ?upd`{..< i} then Suc (enum (Suc 0) j) else enum (Suc 0) j)" for i j

    interpret b: kuhn_simplex p n "enum (Suc 0)" "upd ∘ rot" "f' ` {.. n}"
    proof
      from ‹a = enum i› ub ‹n ≠ 0› ‹i = 0›
      obtain i' where "i' ≤ n" "enum i' ≠ enum 0" "enum i' (upd 0) ≠ p"
        unfolding s_eq by (auto intro: upd_space simp: enum_inj)
      then have "enum 1 ≤ enum i'" "enum i' (upd 0) < p"
        using enum_le_p[of i' "upd 0"] by (auto simp add: enum_inj enum_mono upd_space)
      then have "enum 1 (upd 0) < p"
        by (auto simp add: le_fun_def intro: le_less_trans)
      then show "enum (Suc 0) ∈ {..<n} → {..<p}"
        using base ‹n ≠ 0› by (auto simp add: enum_0 enum_Suc PiE_iff extensional_def upd_space)

      { fix i assume "n ≤ i" then show "enum (Suc 0) i = p"
        using ‹n ≠ 0› by (auto simp: enum_eq_p) }
      show "bij_betw ?upd {..<n} {..<n}" by fact
    qed (simp add: f'_def)
    have ks_f': "ksimplex p n (f' ` {.. n})"
      by rule unfold_locales

    have b_enum: "b.enum = f'" unfolding f'_def b.enum_def[abs_def] ..
    with b.inj_enum have inj_f': "inj_on f' {.. n}" by simp

    have [simp]: "⋀j. j < n ⟹ rot ` {..< j} = {0 <..< Suc j}"
      by (auto simp: rot_def image_iff Ball_def)
         arith

    { fix j assume j: "j < n"
      from j ‹n ≠ 0› have "f' j = enum (Suc j)"
        by (auto simp add: f'_def enum_def upd_inj in_upd_image image_comp[symmetric] fun_eq_iff) }
    note f'_eq_enum = this
    then have "enum ` Suc ` {..< n} = f' ` {..< n}"
      by (force simp: enum_inj)
    also have "Suc ` {..< n} = {.. n} - {0}"
      by (auto simp: image_iff Ball_def) arith
    also have "{..< n} = {.. n} - {n}"
      by auto
    finally have eq: "s - {a} = f' ` {.. n} - {f' n}"
      unfolding s_eq ‹a = enum i› ‹i = 0›
      by (simp add: Diff_subset inj_on_image_set_diff[OF inj_enum] inj_on_image_set_diff[OF inj_f'])

    have "enum 0 < f' 0"
      using ‹n ≠ 0› by (simp add: enum_strict_mono f'_eq_enum)
    also have "… < f' n"
      using ‹n ≠ 0› b.enum_strict_mono[of 0 n] unfolding b_enum by simp
    finally have "a ≠ f' n"
      using ‹a = enum i› ‹i = 0› by auto

    { fix t c assume "ksimplex p n t" "c ∈ t" and eq_sma: "s - {a} = t - {c}"
      obtain b u where "kuhn_simplex p n b u t"
        using ‹ksimplex p n t› by (auto elim: ksimplex.cases)
      then interpret t: kuhn_simplex p n b u t .

      { fix x assume "x ∈ s" "x ≠ a"
         then have "x (upd 0) = enum (Suc 0) (upd 0)"
           by (auto simp: ‹a = enum i› ‹i = 0› s_eq enum_def enum_inj) }
      then have eq_upd0: "∀x∈t-{c}. x (upd 0) = enum (Suc 0) (upd 0)"
        unfolding eq_sma[symmetric] by auto
      then have "c (upd 0) ≠ enum (Suc 0) (upd 0)"
        using ‹n ≠ 0› by (intro t.one_step[OF ‹c∈t› ]) (auto simp: upd_space)
      then have "c (upd 0) < enum (Suc 0) (upd 0) ∨ c (upd 0) > enum (Suc 0) (upd 0)"
        by auto
      then have "t = s ∨ t = f' ` {..n}"
      proof (elim disjE conjE)
        assume *: "c (upd 0) < enum (Suc 0) (upd 0)"
        interpret st: kuhn_simplex_pair p n base upd s b u t ..
        { fix x assume "x ∈ t" with * ‹c∈t› eq_upd0[rule_format, of x] have "c ≤ x"
            by (auto simp: le_less intro!: t.less[of _ _ "upd 0"]) }
        note top = this
        have "s = t"
          using ‹a = enum i› ‹i = 0› ‹c ∈ t›
          by (intro st.ksimplex_eq_bot[OF _ _ _ _ eq_sma])
             (auto simp: s_eq enum_mono t.s_eq t.enum_mono top)
        then show ?thesis by simp
      next
        assume *: "c (upd 0) > enum (Suc 0) (upd 0)"
        interpret st: kuhn_simplex_pair p n "enum (Suc 0)" "upd ∘ rot" "f' ` {.. n}" b u t ..
        have eq: "f' ` {..n} - {f' n} = t - {c}"
          using eq_sma eq by simp
        { fix x assume "x ∈ t" with * ‹c∈t› eq_upd0[rule_format, of x] have "x ≤ c"
            by (auto simp: le_less intro!: t.less[of _ _ "upd 0"]) }
        note top = this
        have "f' ` {..n} = t"
          using ‹a = enum i› ‹i = 0› ‹c ∈ t›
          by (intro st.ksimplex_eq_top[OF _ _ _ _ eq])
             (auto simp: b.s_eq b.enum_mono t.s_eq t.enum_mono b_enum[symmetric] top)
        then show ?thesis by simp
      qed }
    with ks_f' eq ‹a ≠ f' n› ‹n ≠ 0› show ?thesis
      apply (intro ex1I[of _ "f' ` {.. n}"])
      apply auto []
      apply metis
      done
  next
    assume "i = n"
    from ‹n ≠ 0› obtain n' where n': "n = Suc n'"
      by (cases n) auto

    define rot where "rot i = (case i of 0 ⇒ n' | Suc i ⇒ i)" for i
    let ?upd = "upd ∘ rot"

    have rot: "bij_betw rot {..< n} {..< n}"
      by (auto simp: bij_betw_def inj_on_def image_iff Bex_def rot_def n' split: nat.splits)
         arith
    from rot upd have "bij_betw ?upd {..<n} {..<n}"
      by (rule bij_betw_trans)

    define b where "b = base (upd n' := base (upd n') - 1)"
    define f' where [abs_def]: "f' i j = (if j ∈ ?upd`{..< i} then Suc (b j) else b j)" for i j

    interpret b: kuhn_simplex p n b "upd ∘ rot" "f' ` {.. n}"
    proof
      { fix i assume "n ≤ i" then show "b i = p"
          using base_out[of i] upd_space[of n'] by (auto simp: b_def n') }
      show "b ∈ {..<n} → {..<p}"
        using base ‹n ≠ 0› upd_space[of n']
        by (auto simp: b_def PiE_def Pi_iff Ball_def upd_space extensional_def n')

      show "bij_betw ?upd {..<n} {..<n}" by fact
    qed (simp add: f'_def)
    have f': "b.enum = f'" unfolding f'_def b.enum_def[abs_def] ..
    have ks_f': "ksimplex p n (b.enum ` {.. n})"
      unfolding f' by rule unfold_locales

    have "0 < n"
      using ‹n ≠ 0› by auto

    { from ‹a = enum i› ‹n ≠ 0› ‹i = n› lb upd_space[of n']
      obtain i' where "i' ≤ n" "enum i' ≠ enum n" "0 < enum i' (upd n')"
        unfolding s_eq by (auto simp: enum_inj n')
      moreover have "enum i' (upd n') = base (upd n')"
        unfolding enum_def using ‹i' ≤ n› ‹enum i' ≠ enum n› by (auto simp: n' upd_inj enum_inj)
      ultimately have "0 < base (upd n')"
        by auto }
    then have benum1: "b.enum (Suc 0) = base"
      unfolding b.enum_Suc[OF ‹0<n›] b.enum_0 by (auto simp: b_def rot_def)

    have [simp]: "⋀j. Suc j < n ⟹ rot ` {..< Suc j} = {n'} ∪ {..< j}"
      by (auto simp: rot_def image_iff Ball_def split: nat.splits)
    have rot_simps: "⋀j. rot (Suc j) = j" "rot 0 = n'"
      by (simp_all add: rot_def)

    { fix j assume j: "Suc j ≤ n" then have "b.enum (Suc j) = enum j"
        by (induct j) (auto simp add: benum1 enum_0 b.enum_Suc enum_Suc rot_simps) }
    note b_enum_eq_enum = this
    then have "enum ` {..< n} = b.enum ` Suc ` {..< n}"
      by (auto simp add: image_comp intro!: image_cong)
    also have "Suc ` {..< n} = {.. n} - {0}"
      by (auto simp: image_iff Ball_def) arith
    also have "{..< n} = {.. n} - {n}"
      by auto
    finally have eq: "s - {a} = b.enum ` {.. n} - {b.enum 0}"
      unfolding s_eq ‹a = enum i› ‹i = n›
      using inj_on_image_set_diff[OF inj_enum Diff_subset, of "{n}"]
            inj_on_image_set_diff[OF b.inj_enum Diff_subset, of "{0}"]
      by (simp add: comp_def )

    have "b.enum 0 ≤ b.enum n"
      by (simp add: b.enum_mono)
    also have "b.enum n < enum n"
      using ‹n ≠ 0› by (simp add: enum_strict_mono b_enum_eq_enum n')
    finally have "a ≠ b.enum 0"
      using ‹a = enum i› ‹i = n› by auto

    { fix t c assume "ksimplex p n t" "c ∈ t" and eq_sma: "s - {a} = t - {c}"
      obtain b' u where "kuhn_simplex p n b' u t"
        using ‹ksimplex p n t› by (auto elim: ksimplex.cases)
      then interpret t: kuhn_simplex p n b' u t .

      { fix x assume "x ∈ s" "x ≠ a"
         then have "x (upd n') = enum n' (upd n')"
           by (auto simp: ‹a = enum i› n' ‹i = n› s_eq enum_def enum_inj in_upd_image) }
      then have eq_upd0: "∀x∈t-{c}. x (upd n') = enum n' (upd n')"
        unfolding eq_sma[symmetric] by auto
      then have "c (upd n') ≠ enum n' (upd n')"
        using ‹n ≠ 0› by (intro t.one_step[OF ‹c∈t› ]) (auto simp: n' upd_space[unfolded n'])
      then have "c (upd n') < enum n' (upd n') ∨ c (upd n') > enum n' (upd n')"
        by auto
      then have "t = s ∨ t = b.enum ` {..n}"
      proof (elim disjE conjE)
        assume *: "c (upd n') > enum n' (upd n')"
        interpret st: kuhn_simplex_pair p n base upd s b' u t ..
        { fix x assume "x ∈ t" with * ‹c∈t› eq_upd0[rule_format, of x] have "x ≤ c"
            by (auto simp: le_less intro!: t.less[of _ _ "upd n'"]) }
        note top = this
        have "s = t"
          using ‹a = enum i› ‹i = n› ‹c ∈ t›
          by (intro st.ksimplex_eq_top[OF _ _ _ _ eq_sma])
             (auto simp: s_eq enum_mono t.s_eq t.enum_mono top)
        then show ?thesis by simp
      next
        assume *: "c (upd n') < enum n' (upd n')"
        interpret st: kuhn_simplex_pair p n b "upd ∘ rot" "f' ` {.. n}" b' u t ..
        have eq: "f' ` {..n} - {b.enum 0} = t - {c}"
          using eq_sma eq f' by simp
        { fix x assume "x ∈ t" with * ‹c∈t› eq_upd0[rule_format, of x] have "c ≤ x"
            by (auto simp: le_less intro!: t.less[of _ _ "upd n'"]) }
        note bot = this
        have "f' ` {..n} = t"
          using ‹a = enum i› ‹i = n› ‹c ∈ t›
          by (intro st.ksimplex_eq_bot[OF _ _ _ _ eq])
             (auto simp: b.s_eq b.enum_mono t.s_eq t.enum_mono bot)
        with f' show ?thesis by simp
      qed }
    with ks_f' eq ‹a ≠ b.enum 0› ‹n ≠ 0› show ?thesis
      apply (intro ex1I[of _ "b.enum ` {.. n}"])
      apply auto []
      apply metis
      done
  next
    assume i: "0 < i" "i < n"
    define i' where "i' = i - 1"
    with i have "Suc i' < n"
      by simp
    with i have Suc_i': "Suc i' = i"
      by (simp add: i'_def)

    let ?upd = "Fun.swap i' i upd"
    from i upd have "bij_betw ?upd {..< n} {..< n}"
      by (subst bij_betw_swap_iff) (auto simp: i'_def)

    define f' where [abs_def]: "f' i j = (if j ∈ ?upd`{..< i} then Suc (base j) else base j)"
      for i j
    interpret b: kuhn_simplex p n base ?upd "f' ` {.. n}"
    proof
      show "base ∈ {..<n} → {..<p}" by fact
      { fix i assume "n ≤ i" then show "base i = p" by fact }
      show "bij_betw ?upd {..<n} {..<n}" by fact
    qed (simp add: f'_def)
    have f': "b.enum = f'" unfolding f'_def b.enum_def[abs_def] ..
    have ks_f': "ksimplex p n (b.enum ` {.. n})"
      unfolding f' by rule unfold_locales

    have "{i} ⊆ {..n}"
      using i by auto
    { fix j assume "j ≤ n"
      moreover have "j < i ∨ i = j ∨ i < j" by arith
      moreover note i
      ultimately have "enum j = b.enum j ⟷ j ≠ i"
        unfolding enum_def[abs_def] b.enum_def[abs_def]
        by (auto simp add: fun_eq_iff swap_image i'_def
                           in_upd_image inj_on_image_set_diff[OF inj_upd]) }
    note enum_eq_benum = this
    then have "enum ` ({.. n} - {i}) = b.enum ` ({.. n} - {i})"
      by (intro image_cong) auto
    then have eq: "s - {a} = b.enum ` {.. n} - {b.enum i}"
      unfolding s_eq ‹a = enum i›
      using inj_on_image_set_diff[OF inj_enum Diff_subset ‹{i} ⊆ {..n}›]
            inj_on_image_set_diff[OF b.inj_enum Diff_subset ‹{i} ⊆ {..n}›]
      by (simp add: comp_def)

    have "a ≠ b.enum i"
      using ‹a = enum i› enum_eq_benum i by auto

    { fix t c assume "ksimplex p n t" "c ∈ t" and eq_sma: "s - {a} = t - {c}"
      obtain b' u where "kuhn_simplex p n b' u t"
        using ‹ksimplex p n t› by (auto elim: ksimplex.cases)
      then interpret t: kuhn_simplex p n b' u t .
      have "enum i' ∈ s - {a}" "enum (i + 1) ∈ s - {a}"
        using ‹a = enum i› i enum_in by (auto simp: enum_inj i'_def)
      then obtain l k where
        l: "t.enum l = enum i'" "l ≤ n" "t.enum l ≠ c" and
        k: "t.enum k = enum (i + 1)" "k ≤ n" "t.enum k ≠ c"
        unfolding eq_sma by (auto simp: t.s_eq)
      with i have "t.enum l < t.enum k"
        by (simp add: enum_strict_mono i'_def)
      with ‹l ≤ n› ‹k ≤ n› have "l < k"
        by (simp add: t.enum_strict_mono)
      { assume "Suc l = k"
        have "enum (Suc (Suc i')) = t.enum (Suc l)"
          using i by (simp add: k ‹Suc l = k› i'_def)
        then have False
          using ‹l < k› ‹k ≤ n› ‹Suc i' < n›
          by (auto simp: t.enum_Suc enum_Suc l upd_inj fun_eq_iff split: if_split_asm)
             (metis Suc_lessD n_not_Suc_n upd_inj) }
      with ‹l < k› have "Suc l < k"
        by arith
      have c_eq: "c = t.enum (Suc l)"
      proof (rule ccontr)
        assume "c ≠ t.enum (Suc l)"
        then have "t.enum (Suc l) ∈ s - {a}"
          using ‹l < k› ‹k ≤ n› by (simp add: t.s_eq eq_sma)
        then obtain j where "t.enum (Suc l) = enum j" "j ≤ n" "enum j ≠ enum i"
          unfolding s_eq ‹a = enum i› by auto
        with i have "t.enum (Suc l) ≤ t.enum l ∨ t.enum k ≤ t.enum (Suc l)"
          by (auto simp add: i'_def enum_mono enum_inj l k)
        with ‹Suc l < k› ‹k ≤ n› show False
          by (simp add: t.enum_mono)
      qed

      { have "t.enum (Suc (Suc l)) ∈ s - {a}"
          unfolding eq_sma c_eq t.s_eq using ‹Suc l < k› ‹k ≤ n› by (auto simp: t.enum_inj)
        then obtain j where eq: "t.enum (Suc (Suc l)) = enum j" and "j ≤ n" "j ≠ i"
          by (auto simp: s_eq ‹a = enum i›)
        moreover have "enum i' < t.enum (Suc (Suc l))"
          unfolding l(1)[symmetric] using ‹Suc l < k› ‹k ≤ n› by (auto simp: t.enum_strict_mono)
        ultimately have "i' < j"
          using i by (simp add: enum_strict_mono i'_def)
        with ‹j ≠ i› ‹j ≤ n› have "t.enum k ≤ t.enum (Suc (Suc l))"
          unfolding i'_def by (simp add: enum_mono k eq)
        then have "k ≤ Suc (Suc l)"
          using ‹k ≤ n› ‹Suc l < k› by (simp add: t.enum_mono) }
      with ‹Suc l < k› have "Suc (Suc l) = k" by simp
      then have "enum (Suc (Suc i')) = t.enum (Suc (Suc l))"
        using i by (simp add: k i'_def)
      also have "… = (enum i') (u l := Suc (enum i' (u l)), u (Suc l) := Suc (enum i' (u (Suc l))))"
        using ‹Suc l < k› ‹k ≤ n› by (simp add: t.enum_Suc l t.upd_inj)
      finally have "(u l = upd i' ∧ u (Suc l) = upd (Suc i')) ∨
        (u l = upd (Suc i') ∧ u (Suc l) = upd i')"
        using ‹Suc i' < n› by (auto simp: enum_Suc fun_eq_iff split: if_split_asm)

      then have "t = s ∨ t = b.enum ` {..n}"
      proof (elim disjE conjE)
        assume u: "u l = upd i'"
        have "c = t.enum (Suc l)" unfolding c_eq ..
        also have "t.enum (Suc l) = enum (Suc i')"
          using u ‹l < k› ‹k ≤ n› ‹Suc i' < n› by (simp add: enum_Suc t.enum_Suc l)
        also have "… = a"
          using ‹a = enum i› i by (simp add: i'_def)
        finally show ?thesis
          using eq_sma ‹a ∈ s› ‹c ∈ t› by auto
      next
        assume u: "u l = upd (Suc i')"
        define B where "B = b.enum ` {..n}"
        have "b.enum i' = enum i'"
          using enum_eq_benum[of i'] i by (auto simp add: i'_def gr0_conv_Suc)
        have "c = t.enum (Suc l)" unfolding c_eq ..
        also have "t.enum (Suc l) = b.enum (Suc i')"
          using u ‹l < k› ‹k ≤ n› ‹Suc i' < n›
          by (simp_all add: enum_Suc t.enum_Suc l b.enum_Suc ‹b.enum i' = enum i'› swap_apply1)
             (simp add: Suc_i')
        also have "… = b.enum i"
          using i by (simp add: i'_def)
        finally have "c = b.enum i" .
        then have "t - {c} = B - {c}" "c ∈ B"
          unfolding eq_sma[symmetric] eq B_def using i by auto
        with ‹c ∈ t› have "t = B"
          by auto
        then show ?thesis
          by (simp add: B_def)
      qed }
    with ks_f' eq ‹a ≠ b.enum i› ‹n ≠ 0› ‹i ≤ n› show ?thesis
      apply (intro ex1I[of _ "b.enum ` {.. n}"])
      apply auto []
      apply metis
      done
  qed
  then show ?thesis
    using s ‹a ∈ s› by (simp add: card_2_exists Ex1_def) metis
qed

text ‹Hence another step towards concreteness.›

lemma kuhn_simplex_lemma:
  assumes "∀s. ksimplex p (Suc n) s ⟶ rl ` s ⊆ {.. Suc n}"
    and "odd (card {f. ∃s a. ksimplex p (Suc n) s ∧ a ∈ s ∧ (f = s - {a}) ∧
      rl ` f = {..n} ∧ ((∃j≤n. ∀x∈f. x j = 0) ∨ (∃j≤n. ∀x∈f. x j = p))})"
  shows "odd (card {s. ksimplex p (Suc n) s ∧ rl ` s = {..Suc n}})"
proof (rule kuhn_complete_lemma[OF finite_ksimplexes refl, unfolded mem_Collect_eq,
    where bnd="λf. (∃j∈{..n}. ∀x∈f. x j = 0) ∨ (∃j∈{..n}. ∀x∈f. x j = p)"],
    safe del: notI)

  have *: "⋀x y. x = y ⟹ odd (card x) ⟹ odd (card y)"
    by auto
  show "odd (card {f. (∃s∈{s. ksimplex p (Suc n) s}. ∃a∈s. f = s - {a}) ∧
    rl ` f = {..n} ∧ ((∃j∈{..n}. ∀x∈f. x j = 0) ∨ (∃j∈{..n}. ∀x∈f. x j = p))})"
    apply (rule *[OF _ assms(2)])
    apply (auto simp: atLeast0AtMost)
    done

next

  fix s assume s: "ksimplex p (Suc n) s"
  then show "card s = n + 2"
    by (simp add: ksimplex_card)

  fix a assume a: "a ∈ s" then show "rl a ≤ Suc n"
    using assms(1) s by (auto simp: subset_eq)

  let ?S = "{t. ksimplex p (Suc n) t ∧ (∃b∈t. s - {a} = t - {b})}"
  { fix j assume j: "j ≤ n" "∀x∈s - {a}. x j = 0"
    with s a show "card ?S = 1"
      using ksimplex_replace_0[of p "n + 1" s a j]
      by (subst eq_commute) simp }

  { fix j assume j: "j ≤ n" "∀x∈s - {a}. x j = p"
    with s a show "card ?S = 1"
      using ksimplex_replace_1[of p "n + 1" s a j]
      by (subst eq_commute) simp }

  { assume "card ?S ≠ 2" "¬ (∃j∈{..n}. ∀x∈s - {a}. x j = p)"
    with s a show "∃j∈{..n}. ∀x∈s - {a}. x j = 0"
      using ksimplex_replace_2[of p "n + 1" s a]
      by (subst (asm) eq_commute) auto }
qed

subsection ‹Reduced labelling›

definition reduced :: "nat ⇒ (nat ⇒ nat) ⇒ nat" where "reduced n x = (LEAST k. k = n ∨ x k ≠ 0)"

lemma reduced_labelling:
  shows "reduced n x ≤ n"
    and "∀i<reduced n x. x i = 0"
    and "reduced n x = n ∨ x (reduced n x) ≠ 0"
proof -
  show "reduced n x ≤ n"
    unfolding reduced_def by (rule LeastI2_wellorder[where a=n]) auto
  show "∀i<reduced n x. x i = 0"
    unfolding reduced_def by (rule LeastI2_wellorder[where a=n]) fastforce+
  show "reduced n x = n ∨ x (reduced n x) ≠ 0"
    unfolding reduced_def by (rule LeastI2_wellorder[where a=n]) fastforce+
qed

lemma reduced_labelling_unique:
  "r ≤ n ⟹ ∀i<r. x i = 0 ⟹ r = n ∨ x r ≠ 0 ⟹ reduced n x = r"
 unfolding reduced_def by (rule LeastI2_wellorder[where a=n]) (metis le_less not_le)+

lemma reduced_labelling_zero: "j < n ⟹ x j = 0 ⟹ reduced n x ≠ j"
  using reduced_labelling[of n x] by auto

lemma reduce_labelling_zero[simp]: "reduced 0 x = 0"
  by (rule reduced_labelling_unique) auto

lemma reduced_labelling_nonzero: "j < n ⟹ x j ≠ 0 ⟹ reduced n x ≤ j"
  using reduced_labelling[of n x] by (elim allE[where x=j]) auto

lemma reduced_labelling_Suc: "reduced (Suc n) x ≠ Suc n ⟹ reduced (Suc n) x = reduced n x"
  using reduced_labelling[of "Suc n" x]
  by (intro reduced_labelling_unique[symmetric]) auto

lemma complete_face_top:
  assumes "∀x∈f. ∀j≤n. x j = 0 ⟶ lab x j = 0"
    and "∀x∈f. ∀j≤n. x j = p ⟶ lab x j = 1"
    and eq: "(reduced (Suc n) ∘ lab) ` f = {..n}"
  shows "((∃j≤n. ∀x∈f. x j = 0) ∨ (∃j≤n. ∀x∈f. x j = p)) ⟷ (∀x∈f. x n = p)"
proof (safe del: disjCI)
  fix x j assume j: "j ≤ n" "∀x∈f. x j = 0"
  { fix x assume "x ∈ f" with assms j have "reduced (Suc n) (lab x) ≠ j"
      by (intro reduced_labelling_zero) auto }
  moreover have "j ∈ (reduced (Suc n) ∘ lab) ` f"
    using j eq by auto
  ultimately show "x n = p"
    by force
next
  fix x j assume j: "j ≤ n" "∀x∈f. x j = p" and x: "x ∈ f"
  have "j = n"
  proof (rule ccontr)
    assume "¬ ?thesis"
    { fix x assume "x ∈ f"
      with assms j have "reduced (Suc n) (lab x) ≤ j"
        by (intro reduced_labelling_nonzero) auto
      then have "reduced (Suc n) (lab x) ≠ n"
        using ‹j ≠ n› ‹j ≤ n› by simp }
    moreover
    have "n ∈ (reduced (Suc n) ∘ lab) ` f"
      using eq by auto
    ultimately show False
      by force
  qed
  moreover have "j ∈ (reduced (Suc n) ∘ lab) ` f"
    using j eq by auto
  ultimately show "x n = p"
    using j x by auto
qed auto

text ‹Hence we get just about the nice induction.›

lemma kuhn_induction:
  assumes "0 < p"
    and lab_0: "∀x. ∀j≤n. (∀j. x j ≤ p) ∧ x j = 0 ⟶ lab x j = 0"
    and lab_1: "∀x. ∀j≤n. (∀j. x j ≤ p) ∧ x j = p ⟶ lab x j = 1"
    and odd: "odd (card {s. ksimplex p n s ∧ (reduced n∘lab) ` s = {..n}})"
  shows "odd (card {s. ksimplex p (Suc n) s ∧ (reduced (Suc n)∘lab) ` s = {..Suc n}})"
proof -
  let ?rl = "reduced (Suc n) ∘ lab" and ?ext = "λf v. ∃j≤n. ∀x∈f. x j = v"
  let ?ext = "λs. (∃j≤n. ∀x∈s. x j = 0) ∨ (∃j≤n. ∀x∈s. x j = p)"
  have "∀s. ksimplex p (Suc n) s ⟶ ?rl ` s ⊆ {..Suc n}"
    by (simp add: reduced_labelling subset_eq)
  moreover
  have "{s. ksimplex p n s ∧ (reduced n ∘ lab) ` s = {..n}} =
        {f. ∃s a. ksimplex p (Suc n) s ∧ a ∈ s ∧ f = s - {a} ∧ ?rl ` f = {..n} ∧ ?ext f}"
  proof (intro set_eqI, safe del: disjCI equalityI disjE)
    fix s assume s: "ksimplex p n s" and rl: "(reduced n ∘ lab) ` s = {..n}"
    from s obtain u b where "kuhn_simplex p n u b s" by (auto elim: ksimplex.cases)
    then interpret kuhn_simplex p n u b s .
    have all_eq_p: "∀x∈s. x n = p"
      by (auto simp: out_eq_p)
    moreover
    { fix x assume "x ∈ s"
      with lab_1[rule_format, of n x] all_eq_p s_le_p[of x]
      have "?rl x ≤ n"
        by (auto intro!: reduced_labelling_nonzero)
      then have "?rl x = reduced n (lab x)"
        by (auto intro!: reduced_labelling_Suc) }
    then have "?rl ` s = {..n}"
      using rl by (simp cong: image_cong)
    moreover
    obtain t a where "ksimplex p (Suc n) t" "a ∈ t" "s = t - {a}"
      using s unfolding simplex_top_face[OF ‹0 < p› all_eq_p] by auto
    ultimately
    show "∃t a. ksimplex p (Suc n) t ∧ a ∈ t ∧ s = t - {a} ∧ ?rl ` s = {..n} ∧ ?ext s"
      by auto
  next
    fix x s a assume s: "ksimplex p (Suc n) s" and rl: "?rl ` (s - {a}) = {.. n}"
      and a: "a ∈ s" and "?ext (s - {a})"
    from s obtain u b where "kuhn_simplex p (Suc n) u b s" by (auto elim: ksimplex.cases)
    then interpret kuhn_simplex p "Suc n" u b s .
    have all_eq_p: "∀x∈s. x (Suc n) = p"
      by (auto simp: out_eq_p)

    { fix x assume "x ∈ s - {a}"
      then have "?rl x ∈ ?rl ` (s - {a})"
        by auto
      then have "?rl x ≤ n"
        unfolding rl by auto
      then have "?rl x = reduced n (lab x)"
        by (auto intro!: reduced_labelling_Suc) }
    then show rl': "(reduced n∘lab) ` (s - {a}) = {..n}"
      unfolding rl[symmetric] by (intro image_cong) auto

    from ‹?ext (s - {a})›
    have all_eq_p: "∀x∈s - {a}. x n = p"
    proof (elim disjE exE conjE)
      fix j assume "j ≤ n" "∀x∈s - {a}. x j = 0"
      with lab_0[rule_format, of j] all_eq_p s_le_p
      have "⋀x. x ∈ s - {a} ⟹ reduced (Suc n) (lab x) ≠ j"
        by (intro reduced_labelling_zero) auto
      moreover have "j ∈ ?rl ` (s - {a})"
        using ‹j ≤ n› unfolding rl by auto
      ultimately show ?thesis
        by force
    next
      fix j assume "j ≤ n" and eq_p: "∀x∈s - {a}. x j = p"
      show ?thesis
      proof cases
        assume "j = n" with eq_p show ?thesis by simp
      next
        assume "j ≠ n"
        { fix x assume x: "x ∈ s - {a}"
          have "reduced n (lab x) ≤ j"
          proof (rule reduced_labelling_nonzero)
            show "lab x j ≠ 0"
              using lab_1[rule_format, of j x] x s_le_p[of x] eq_p ‹j ≤ n› by auto
            show "j < n"
              using ‹j ≤ n› ‹j ≠ n› by simp
          qed
          then have "reduced n (lab x) ≠ n"
            using ‹j ≤ n› ‹j ≠ n› by simp }
        moreover have "n ∈ (reduced n∘lab) ` (s - {a})"
          unfolding rl' by auto
        ultimately show ?thesis
          by force
      qed
    qed
    show "ksimplex p n (s - {a})"
      unfolding simplex_top_face[OF ‹0 < p› all_eq_p] using s a by auto
  qed
  ultimately show ?thesis
    using assms by (intro kuhn_simplex_lemma) auto
qed

text ‹And so we get the final combinatorial result.›

lemma ksimplex_0: "ksimplex p 0 s ⟷ s = {(λx. p)}"
proof
  assume "ksimplex p 0 s" then show "s = {(λx. p)}"
    by (blast dest: kuhn_simplex.ksimplex_0 elim: ksimplex.cases)
next
  assume s: "s = {(λx. p)}"
  show "ksimplex p 0 s"
  proof (intro ksimplex, unfold_locales)
    show "(λ_. p) ∈ {..<0::nat} → {..<p}" by auto
    show "bij_betw id {..<0} {..<0}"
      by simp
  qed (auto simp: s)
qed

lemma kuhn_combinatorial:
  assumes "0 < p"
    and "∀x j. (∀j. x j ≤ p) ∧ j < n ∧ x j = 0 ⟶ lab x j = 0"
    and "∀x j. (∀j. x j ≤ p) ∧ j < n  ∧ x j = p ⟶ lab x j = 1"
  shows "odd (card {s. ksimplex p n s ∧ (reduced n∘lab) ` s = {..n}})"
    (is "odd (card (?M n))")
  using assms
proof (induct n)
  case 0 then show ?case
    by (simp add: ksimplex_0 cong: conj_cong)
next
  case (Suc n)
  then have "odd (card (?M n))"
    by force
  with Suc show ?case
    using kuhn_induction[of p n] by (auto simp: comp_def)
qed

lemma kuhn_lemma:
  fixes n p :: nat
  assumes "0 < p"
    and "∀x. (∀i<n. x i ≤ p) ⟶ (∀i<n. label x i = (0::nat) ∨ label x i = 1)"
    and "∀x. (∀i<n. x i ≤ p) ⟶ (∀i<n. x i = 0 ⟶ label x i = 0)"
    and "∀x. (∀i<n. x i ≤ p) ⟶ (∀i<n. x i = p ⟶ label x i = 1)"
  obtains q where "∀i<n. q i < p"
    and "∀i<n. ∃r s. (∀j<n. q j ≤ r j ∧ r j ≤ q j + 1) ∧ (∀j<n. q j ≤ s j ∧ s j ≤ q j + 1) ∧ label r i ≠ label s i"
proof -
  let ?rl = "reduced n ∘ label"
  let ?A = "{s. ksimplex p n s ∧ ?rl ` s = {..n}}"
  have "odd (card ?A)"
    using assms by (intro kuhn_combinatorial[of p n label]) auto
  then have "?A ≠ {}"
    by fastforce
  then obtain s b u where "kuhn_simplex p n b u s" and rl: "?rl ` s = {..n}"
    by (auto elim: ksimplex.cases)
  interpret kuhn_simplex p n b u s by fact

  show ?thesis
  proof (intro that[of b] allI impI)
    fix i
    assume "i < n"
    then show "b i < p"
      using base by auto
  next
    fix i
    assume "i < n"
    then have "i ∈ {.. n}" "Suc i ∈ {.. n}"
      by auto
    then obtain u v where u: "u ∈ s" "Suc i = ?rl u" and v: "v ∈ s" "i = ?rl v"
      unfolding rl[symmetric] by blast

    have "label u i ≠ label v i"
      using reduced_labelling [of n "label u"] reduced_labelling [of n "label v"]
        u(2)[symmetric] v(2)[symmetric] ‹i < n›
      by auto
    moreover
    have "b j ≤ u j" "u j ≤ b j + 1" "b j ≤ v j" "v j ≤ b j + 1" if "j < n" for j
      using that base_le[OF ‹u∈s›] le_Suc_base[OF ‹u∈s›] base_le[OF ‹v∈s›] le_Suc_base[OF ‹v∈s›]
      by auto
    ultimately show "∃r s. (∀j<n. b j ≤ r j ∧ r j ≤ b j + 1) ∧
        (∀j<n. b j ≤ s j ∧ s j ≤ b j + 1) ∧ label r i ≠ label s i"
      by blast
  qed
qed

subsection ‹The main result for the unit cube›

lemma kuhn_labelling_lemma':
  assumes "(∀x::nat⇒real. P x ⟶ P (f x))"
    and "∀x. P x ⟶ (∀i::nat. Q i ⟶ 0 ≤ x i ∧ x i ≤ 1)"
  shows "∃l. (∀x i. l x i ≤ (1::nat)) ∧
             (∀x i. P x ∧ Q i ∧ x i = 0 ⟶ l x i = 0) ∧
             (∀x i. P x ∧ Q i ∧ x i = 1 ⟶ l x i = 1) ∧
             (∀x i. P x ∧ Q i ∧ l x i = 0 ⟶ x i ≤ f x i) ∧
             (∀x i. P x ∧ Q i ∧ l x i = 1 ⟶ f x i ≤ x i)"
proof -
  have and_forall_thm: "⋀P Q. (∀x. P x) ∧ (∀x. Q x) ⟷ (∀x. P x ∧ Q x)"
    by auto
  have *: "∀x y::real. 0 ≤ x ∧ x ≤ 1 ∧ 0 ≤ y ∧ y ≤ 1 ⟶ x ≠ 1 ∧ x ≤ y ∨ x ≠ 0 ∧ y ≤ x"
    by auto
  show ?thesis
    unfolding and_forall_thm
    apply (subst choice_iff[symmetric])+
    apply rule
    apply rule
  proof -
    fix x x'
    let ?R = "λy::nat.
      (P x ∧ Q x' ∧ x x' = 0 ⟶ y = 0) ∧
      (P x ∧ Q x' ∧ x x' = 1 ⟶ y = 1) ∧
      (P x ∧ Q x' ∧ y = 0 ⟶ x x' ≤ (f x) x') ∧
      (P x ∧ Q x' ∧ y = 1 ⟶ (f x) x' ≤ x x')"
    have "0 ≤ f x x' ∧ f x x' ≤ 1" if "P x" "Q x'"
      using assms(2)[rule_format,of "f x" x'] that
      apply (drule_tac assms(1)[rule_format])
      apply auto
      done
    then have "?R 0 ∨ ?R 1"
      by auto
    then show "∃y≤1. ?R y"
      by auto
  qed
qed

definition unit_cube :: "'a::euclidean_space set"
  where "unit_cube = {x. ∀i∈Basis. 0 ≤ x ∙ i ∧ x ∙ i ≤ 1}"

lemma mem_unit_cube: "x ∈ unit_cube ⟷ (∀i∈Basis. 0 ≤ x ∙ i ∧ x ∙ i ≤ 1)"
  unfolding unit_cube_def by simp

lemma bounded_unit_cube: "bounded unit_cube"
  unfolding bounded_def
proof (intro exI ballI)
  fix y :: 'a assume y: "y ∈ unit_cube"
  have "dist 0 y = norm y" by (rule dist_0_norm)
  also have "… = norm (∑i∈Basis. (y ∙ i) *R i)" unfolding euclidean_representation ..
  also have "… ≤ (∑i∈Basis. norm ((y ∙ i) *R i))" by (rule norm_sum)
  also have "… ≤ (∑i::'a∈Basis. 1)"
    by (rule sum_mono, simp add: y [unfolded mem_unit_cube])
  finally show "dist 0 y ≤ (∑i::'a∈Basis. 1)" .
qed

lemma closed_unit_cube: "closed unit_cube"
  unfolding unit_cube_def Collect_ball_eq Collect_conj_eq
  by (rule closed_INT, auto intro!: closed_Collect_le continuous_on_inner continuous_on_const continuous_on_id)

lemma compact_unit_cube: "compact unit_cube" (is "compact ?C")
  unfolding compact_eq_seq_compact_metric
  using bounded_unit_cube closed_unit_cube
  by (rule bounded_closed_imp_seq_compact)

lemma brouwer_cube:
  fixes f :: "'a::euclidean_space ⇒ 'a"
  assumes "continuous_on unit_cube f"
    and "f ` unit_cube ⊆ unit_cube"
  shows "∃x∈unit_cube. f x = x"
proof (rule ccontr)
  define n where "n = DIM('a)"
  have n: "1 ≤ n" "0 < n" "n ≠ 0"
    unfolding n_def by (auto simp add: Suc_le_eq DIM_positive)
  assume "¬ ?thesis"
  then have *: "¬ (∃x∈unit_cube. f x - x = 0)"
    by auto
  obtain d where
      d: "d > 0" "⋀x. x ∈ unit_cube ⟹ d ≤ norm (f x - x)"
    apply (rule brouwer_compactness_lemma[OF compact_unit_cube _ *])
    apply (rule continuous_intros assms)+
    apply blast
    done
  have *: "∀x. x ∈ unit_cube ⟶ f x ∈ unit_cube"
    "∀x. x ∈ (unit_cube::'a set) ⟶ (∀i∈Basis. True ⟶ 0 ≤ x ∙ i ∧ x ∙ i ≤ 1)"
    using assms(2)[unfolded image_subset_iff Ball_def]
    unfolding mem_unit_cube
    by auto
  obtain label :: "'a ⇒ 'a ⇒ nat" where
    "∀x. ∀i∈Basis. label x i ≤ 1"
    "∀x. ∀i∈Basis. x ∈ unit_cube ∧ True ∧ x ∙ i = 0 ⟶ label x i = 0"
    "∀x. ∀i∈Basis. x ∈ unit_cube ∧ True ∧ x ∙ i = 1 ⟶ label x i = 1"
    "∀x. ∀i∈Basis. x ∈ unit_cube ∧ True ∧ label x i = 0 ⟶ x ∙ i ≤ f x ∙ i"
    "∀x. ∀i∈Basis. x ∈ unit_cube ∧ True ∧ label x i = 1 ⟶ f x ∙ i ≤ x ∙ i"
    using kuhn_labelling_lemma[OF *] by blast
  note label = this [rule_format]
  have lem1: "∀x∈unit_cube. ∀y∈unit_cube. ∀i∈Basis. label x i ≠ label y i ⟶
    ¦f x ∙ i - x ∙ i¦ ≤ norm (f y - f x) + norm (y - x)"
  proof safe
    fix x y :: 'a
    assume x: "x ∈ unit_cube"
    assume y: "y ∈ unit_cube"
    fix i
    assume i: "label x i ≠ label y i" "i ∈ Basis"
    have *: "⋀x y fx fy :: real. x ≤ fx ∧ fy ≤ y ∨ fx ≤ x ∧ y ≤ fy ⟹
      ¦fx - x¦ ≤ ¦fy - fx¦ + ¦y - x¦" by auto
    have "¦(f x - x) ∙ i¦ ≤ ¦(f y - f x)∙i¦ + ¦(y - x)∙i¦"
      unfolding inner_simps
      apply (rule *)
      apply (cases "label x i = 0")
      apply (rule disjI1)
      apply rule
      prefer 3
      apply (rule disjI2)
      apply rule
    proof -
      assume lx: "label x i = 0"
      then have ly: "label y i = 1"
        using i label(1)[of i y]
        by auto
      show "x ∙ i ≤ f x ∙ i"
        apply (rule label(4)[rule_format])
        using x y lx i(2)
        apply auto
        done
      show "f y ∙ i ≤ y ∙ i"
        apply (rule label(5)[rule_format])
        using x y ly i(2)
        apply auto
        done
    next
      assume "label x i ≠ 0"
      then have l: "label x i = 1" "label y i = 0"
        using i label(1)[of i x] label(1)[of i y]
        by auto
      show "f x ∙ i ≤ x ∙ i"
        apply (rule label(5)[rule_format])
        using x y l i(2)
        apply auto
        done
      show "y ∙ i ≤ f y ∙ i"
        apply (rule label(4)[rule_format])
        using x y l i(2)
        apply auto
        done
    qed
    also have "… ≤ norm (f y - f x) + norm (y - x)"
      apply (rule add_mono)
      apply (rule Basis_le_norm[OF i(2)])+
      done
    finally show "¦f x ∙ i - x ∙ i¦ ≤ norm (f y - f x) + norm (y - x)"
      unfolding inner_simps .
  qed
  have "∃e>0. ∀x∈unit_cube. ∀y∈unit_cube. ∀z∈unit_cube. ∀i∈Basis.
    norm (x - z) < e ∧ norm (y - z) < e ∧ label x i ≠ label y i ⟶
      ¦(f(z) - z)∙i¦ < d / (real n)"
  proof -
    have d': "d / real n / 8 > 0"
      using d(1) by (simp add: n_def DIM_positive)
    have *: "uniformly_continuous_on unit_cube f"
      by (rule compact_uniformly_continuous[OF assms(1) compact_unit_cube])
    obtain e where e:
        "e > 0"
        "⋀x x'. x ∈ unit_cube ⟹
          x' ∈ unit_cube ⟹
          norm (x' - x) < e ⟹
          norm (f x' - f x) < d / real n / 8"
      using *[unfolded uniformly_continuous_on_def,rule_format,OF d']
      unfolding dist_norm
      by blast
    show ?thesis
      apply (rule_tac x="min (e/2) (d/real n/8)" in exI)
      apply safe
    proof -
      show "0 < min (e / 2) (d / real n / 8)"
        using d' e by auto
      fix x y z i
      assume as:
        "x ∈ unit_cube" "y ∈ unit_cube" "z ∈ unit_cube"
        "norm (x - z) < min (e / 2) (d / real n / 8)"
        "norm (y - z) < min (e / 2) (d / real n / 8)"
        "label x i ≠ label y i"
      assume i: "i ∈ Basis"
      have *: "⋀z fz x fx n1 n2 n3 n4 d4 d :: real. ¦fx - x¦ ≤ n1 + n2 ⟹
        ¦fx - fz¦ ≤ n3 ⟹ ¦x - z¦ ≤ n4 ⟹
        n1 < d4 ⟹ n2 < 2 * d4 ⟹ n3 < d4 ⟹ n4 < d4 ⟹
        (8 * d4 = d) ⟹ ¦fz - z¦ < d"
        by auto
      show "¦(f z - z) ∙ i¦ < d / real n"
        unfolding inner_simps
      proof (rule *)
        show "¦f x ∙ i - x ∙ i¦ ≤ norm (f y -f x) + norm (y - x)"
          apply (rule lem1[rule_format])
          using as i
          apply auto
          done
        show "¦f x ∙ i - f z ∙ i¦ ≤ norm (f x - f z)" "¦x ∙ i - z ∙ i¦ ≤ norm (x - z)"
          unfolding inner_diff_left[symmetric]
          by (rule Basis_le_norm[OF i])+
        have tria: "norm (y - x) ≤ norm (y - z) + norm (x - z)"
          using dist_triangle[of y x z, unfolded dist_norm]
          unfolding norm_minus_commute
          by auto
        also have "… < e / 2 + e / 2"
          apply (rule add_strict_mono)
          using as(4,5)
          apply auto
          done
        finally show "norm (f y - f x) < d / real n / 8"
          apply -
          apply (rule e(2))
          using as
          apply auto
          done
        have "norm (y - z) + norm (x - z) < d / real n / 8 + d / real n / 8"
          apply (rule add_strict_mono)
          using as
          apply auto
          done
        then show "norm (y - x) < 2 * (d / real n / 8)"
          using tria
          by auto
        show "norm (f x - f z) < d / real n / 8"
          apply (rule e(2))
          using as e(1)
          apply auto
          done
      qed (insert as, auto)
    qed
  qed
  then
  obtain e where e:
    "e > 0"
    "⋀x y z i. x ∈ unit_cube ⟹
      y ∈ unit_cube ⟹
      z ∈ unit_cube ⟹
      i ∈ Basis ⟹
      norm (x - z) < e ∧ norm (y - z) < e ∧ label x i ≠ label y i ⟹
      ¦(f z - z) ∙ i¦ < d / real n"
    by blast
  obtain p :: nat where p: "1 + real n / e ≤ real p"
    using real_arch_simple ..
  have "1 + real n / e > 0"
    using e(1) n by (simp add: add_pos_pos)
  then have "p > 0"
    using p by auto

  obtain b :: "nat ⇒ 'a" where b: "bij_betw b {..< n} Basis"
    by atomize_elim (auto simp: n_def intro!: finite_same_card_bij)
  define b' where "b' = inv_into {..< n} b"
  then have b': "bij_betw b' Basis {..< n}"
    using bij_betw_inv_into[OF b] by auto
  then have b'_Basis: "⋀i. i ∈ Basis ⟹ b' i ∈ {..< n}"
    unfolding bij_betw_def by (auto simp: set_eq_iff)
  have bb'[simp]:"⋀i. i ∈ Basis ⟹ b (b' i) = i"
    unfolding b'_def
    using b
    by (auto simp: f_inv_into_f bij_betw_def)
  have b'b[simp]:"⋀i. i < n ⟹ b' (b i) = i"
    unfolding b'_def
    using b
    by (auto simp: inv_into_f_eq bij_betw_def)
  have *: "⋀x :: nat. x = 0 ∨ x = 1 ⟷ x ≤ 1"
    by auto
  have b'': "⋀j. j < n ⟹ b j ∈ Basis"
    using b unfolding bij_betw_def by auto
  have q1: "0 < p" "∀x. (∀i<n. x i ≤ p) ⟶
    (∀i<n. (label (∑i∈Basis. (real (x (b' i)) / real p) *R i) ∘ b) i = 0 ∨
           (label (∑i∈Basis. (real (x (b' i)) / real p) *R i) ∘ b) i = 1)"
    unfolding *
    using ‹p > 0› ‹n > 0›
    using label(1)[OF b'']
    by auto
  { fix x :: "nat ⇒ nat" and i assume "∀i<n. x i ≤ p" "i < n" "x i = p ∨ x i = 0"
    then have "(∑i∈Basis. (real (x (b' i)) / real p) *R i) ∈ (unit_cube::'a set)"
      using b'_Basis
      by (auto simp add: mem_unit_cube inner_simps bij_betw_def zero_le_divide_iff divide_le_eq_1) }
  note cube = this
  have q2: "∀x. (∀i<n. x i ≤ p) ⟶ (∀i<n. x i = 0 ⟶
      (label (∑i∈Basis. (real (x (b' i)) / real p) *R i) ∘ b) i = 0)"
    unfolding o_def using cube ‹p > 0› by (intro allI impI label(2)) (auto simp add: b'')
  have q3: "∀x. (∀i<n. x i ≤ p) ⟶ (∀i<n. x i = p ⟶
      (label (∑i∈Basis. (real (x (b' i)) / real p) *R i) ∘ b) i = 1)"
    using cube ‹p > 0› unfolding o_def by (intro allI impI label(3)) (auto simp add: b'')
  obtain q where q:
      "∀i<n. q i < p"
      "∀i<n.
         ∃r s. (∀j<n. q j ≤ r j ∧ r j ≤ q j + 1) ∧
               (∀j<n. q j ≤ s j ∧ s j ≤ q j + 1) ∧
               (label (∑i∈Basis. (real (r (b' i)) / real p) *R i) ∘ b) i ≠
               (label (∑i∈Basis. (real (s (b' i)) / real p) *R i) ∘ b) i"
    by (rule kuhn_lemma[OF q1 q2 q3])
  define z :: 'a where "z = (∑i∈Basis. (real (q (b' i)) / real p) *R i)"
  have "∃i∈Basis. d / real n ≤ ¦(f z - z)∙i¦"
  proof (rule ccontr)
    have "∀i∈Basis. q (b' i) ∈ {0..p}"
      using q(1) b'
      by (auto intro: less_imp_le simp: bij_betw_def)
    then have "z ∈ unit_cube"
      unfolding z_def mem_unit_cube
      using b'_Basis
      by (auto simp add: bij_betw_def zero_le_divide_iff divide_le_eq_1)
    then have d_fz_z: "d ≤ norm (f z - z)"
      by (rule d)
    assume "¬ ?thesis"
    then have as: "∀i∈Basis. ¦f z ∙ i - z ∙ i¦ < d / real n"
      using ‹n > 0›
      by (auto simp add: not_le inner_diff)
    have "norm (f z - z) ≤ (∑i∈Basis. ¦f z ∙ i - z ∙ i¦)"
      unfolding inner_diff_left[symmetric]
      by (rule norm_le_l1)
    also have "… < (∑(i::'a) ∈ Basis. d / real n)"
      apply (rule sum_strict_mono)
      using as
      apply auto
      done
    also have "… = d"
      using DIM_positive[where 'a='a]
      by (auto simp: n_def)
    finally show False
      using d_fz_z by auto
  qed
  then obtain i where i: "i ∈ Basis" "d / real n ≤ ¦(f z - z) ∙ i¦" ..
  have *: "b' i < n"
    using i and b'[unfolded bij_betw_def]
    by auto
  obtain r s where rs:
    "⋀j. j < n ⟹ q j ≤ r j ∧ r j ≤ q j + 1"
    "⋀j. j < n ⟹ q j ≤ s j ∧ s j ≤ q j + 1"
    "(label (∑i∈Basis. (real (r (b' i)) / real p) *R i) ∘ b) (b' i) ≠
      (label (∑i∈Basis. (real (s (b' i)) / real p) *R i) ∘ b) (b' i)"
    using q(2)[rule_format,OF *] by blast
  have b'_im: "⋀i. i ∈ Basis ⟹  b' i < n"
    using b' unfolding bij_betw_def by auto
  define r' ::'a where "r' = (∑i∈Basis. (real (r (b' i)) / real p) *R i)"
  have "⋀i. i ∈ Basis ⟹ r (b' i) ≤ p"
    apply (rule order_trans)
    apply (rule rs(1)[OF b'_im,THEN conjunct2])
    using q(1)[rule_format,OF b'_im]
    apply (auto simp add: Suc_le_eq)
    done
  then have "r' ∈ unit_cube"
    unfolding r'_def mem_unit_cube
    using b'_Basis
    by (auto simp add: bij_betw_def zero_le_divide_iff divide_le_eq_1)
  define s' :: 'a where "s' = (∑i∈Basis. (real (s (b' i)) / real p) *R i)"
  have "⋀i. i ∈ Basis ⟹ s (b' i) ≤ p"
    apply (rule order_trans)
    apply (rule rs(2)[OF b'_im, THEN conjunct2])
    using q(1)[rule_format,OF b'_im]
    apply (auto simp add: Suc_le_eq)
    done
  then have "s' ∈ unit_cube"
    unfolding s'_def mem_unit_cube
    using b'_Basis
    by (auto simp add: bij_betw_def zero_le_divide_iff divide_le_eq_1)
  have "z ∈ unit_cube"
    unfolding z_def mem_unit_cube
    using b'_Basis q(1)[rule_format,OF b'_im] ‹p > 0›
    by (auto simp add: bij_betw_def zero_le_divide_iff divide_le_eq_1 less_imp_le)
  have *: "⋀x. 1 + real x = real (Suc x)"
    by auto
  {
    have "(∑i∈Basis. ¦real (r (b' i)) - real (q (b' i))¦) ≤ (∑(i::'a)∈Basis. 1)"
      apply (rule sum_mono)
      using rs(1)[OF b'_im]
      apply (auto simp add:* field_simps simp del: of_nat_Suc)
      done
    also have "… < e * real p"
      using p ‹e > 0› ‹p > 0›
      by (auto simp add: field_simps n_def)
    finally have "(∑i∈Basis. ¦real (r (b' i)) - real (q (b' i))¦) < e * real p" .
  }
  moreover
  {
    have "(∑i∈Basis. ¦real (s (b' i)) - real (q (b' i))¦) ≤ (∑(i::'a)∈Basis. 1)"
      apply (rule sum_mono)
      using rs(2)[OF b'_im]
      apply (auto simp add:* field_simps simp del: of_nat_Suc)
      done
    also have "… < e * real p"
      using p ‹e > 0› ‹p > 0›
      by (auto simp add: field_simps n_def)
    finally have "(∑i∈Basis. ¦real (s (b' i)) - real (q (b' i))¦) < e * real p" .
  }
  ultimately
  have "norm (r' - z) < e" and "norm (s' - z) < e"
    unfolding r'_def s'_def z_def
    using ‹p > 0›
    apply (rule_tac[!] le_less_trans[OF norm_le_l1])
    apply (auto simp add: field_simps sum_divide_distrib[symmetric] inner_diff_left)
    done
  then have "¦(f z - z) ∙ i¦ < d / real n"
    using rs(3) i
    unfolding r'_def[symmetric] s'_def[symmetric] o_def bb'
    by (intro e(2)[OF ‹r'∈unit_cube› ‹s'∈unit_cube› ‹z∈unit_cube›]) auto
  then show False
    using i by auto
qed


subsection ‹Retractions›

definition "retraction s t r ⟷ t ⊆ s ∧ continuous_on s r ∧ r ` s ⊆ t ∧ (∀x∈t. r x = x)"

definition retract_of (infixl "retract'_of" 50)
  where "(t retract_of s) ⟷ (∃r. retraction s t r)"

lemma retraction_idempotent: "retraction s t r ⟹ x ∈ s ⟹  r (r x) = r x"
  unfolding retraction_def by auto

subsection ‹Preservation of fixpoints under (more general notion of) retraction›

lemma invertible_fixpoint_property:
  fixes s :: "'a::euclidean_space set"
    and t :: "'b::euclidean_space set"
  assumes "continuous_on t i"
    and "i ` t ⊆ s"
    and "continuous_on s r"
    and "r ` s ⊆ t"
    and "∀y∈t. r (i y) = y"
    and "∀f. continuous_on s f ∧ f ` s ⊆ s ⟶ (∃x∈s. f x = x)"
    and "continuous_on t g"
    and "g ` t ⊆ t"
  obtains y where "y ∈ t" and "g y = y"
proof -
  have "∃x∈s. (i ∘ g ∘ r) x = x"
    apply (rule assms(6)[rule_format])
    apply rule
    apply (rule continuous_on_compose assms)+
    apply ((rule continuous_on_subset)?, rule assms)+
    using assms(2,4,8)
    apply auto
    apply blast
    done
  then obtain x where x: "x ∈ s" "(i ∘ g ∘ r) x = x" ..
  then have *: "g (r x) ∈ t"
    using assms(4,8) by auto
  have "r ((i ∘ g ∘ r) x) = r x"
    using x by auto
  then show ?thesis
    apply (rule_tac that[of "r x"])
    using x
    unfolding o_def
    unfolding assms(5)[rule_format,OF *]
    using assms(4)
    apply auto
    done
qed

lemma homeomorphic_fixpoint_property:
  fixes s :: "'a::euclidean_space set"
    and t :: "'b::euclidean_space set"
  assumes "s homeomorphic t"
  shows "(∀f. continuous_on s f ∧ f ` s ⊆ s ⟶ (∃x∈s. f x = x)) ⟷
    (∀g. continuous_on t g ∧ g ` t ⊆ t ⟶ (∃y∈t. g y = y))"
proof -
  obtain r i where
      "∀x∈s. i (r x) = x"
      "r ` s = t"
      "continuous_on s r"
      "∀y∈t. r (i y) = y"
      "i ` t = s"
      "continuous_on t i"
    using assms
    unfolding homeomorphic_def homeomorphism_def
    by blast
  then show ?thesis
    apply -
    apply rule
    apply (rule_tac[!] allI impI)+
    apply (rule_tac g=g in invertible_fixpoint_property[of t i s r])
    prefer 10
    apply (rule_tac g=f in invertible_fixpoint_property[of s r t i])
    apply auto
    done
qed

lemma retract_fixpoint_property:
  fixes f :: "'a::euclidean_space ⇒ 'b::euclidean_space"
    and s :: "'a set"
  assumes "t retract_of s"
    and "∀f. continuous_on s f ∧ f ` s ⊆ s ⟶ (∃x∈s. f x = x)"
    and "continuous_on t g"
    and "g ` t ⊆ t"
  obtains y where "y ∈ t" and "g y = y"
proof -
  obtain h where "retraction s t h"
    using assms(1) unfolding retract_of_def ..
  then show ?thesis
    unfolding retraction_def
    apply -
    apply (rule invertible_fixpoint_property[OF continuous_on_id _ _ _ _ assms(2), of t h g])
    prefer 7
    apply (rule_tac y = y in that)
    using assms
    apply auto
    done
qed


subsection ‹The Brouwer theorem for any set with nonempty interior›

lemma convex_unit_cube: "convex unit_cube"
  apply (rule is_interval_convex)
  apply (clarsimp simp add: is_interval_def mem_unit_cube)
  apply (drule (1) bspec)+
  apply auto
  done

lemma brouwer_weak:
  fixes f :: "'a::euclidean_space ⇒ 'a"
  assumes "compact s"
    and "convex s"
    and "interior s ≠ {}"
    and "continuous_on s f"
    and "f ` s ⊆ s"
  obtains x where "x ∈ s" and "f x = x"
proof -
  let ?U = "unit_cube :: 'a set"
  have "∑Basis /R 2 ∈ interior ?U"
  proof (rule interiorI)
    let ?I = "(⋂i∈Basis. {x::'a. 0 < x ∙ i} ∩ {x. x ∙ i < 1})"
    show "open ?I"
      by (intro open_INT finite_Basis ballI open_Int, auto intro: open_Collect_less simp: continuous_on_inner continuous_on_const continuous_on_id)
    show "∑Basis /R 2 ∈ ?I"
      by simp
    show "?I ⊆ unit_cube"
      unfolding unit_cube_def by force
  qed
  then have *: "interior ?U ≠ {}" by fast
  have *: "?U homeomorphic s"
    using homeomorphic_convex_compact[OF convex_unit_cube compact_unit_cube * assms(2,1,3)] .
  have "∀f. continuous_on ?U f ∧ f ` ?U ⊆ ?U ⟶
    (∃x∈?U. f x = x)"
    using brouwer_cube by auto
  then show ?thesis
    unfolding homeomorphic_fixpoint_property[OF *]
    using assms
    by (auto simp: intro: that)
qed


text ‹And in particular for a closed ball.›

lemma brouwer_ball:
  fixes f :: "'a::euclidean_space ⇒ 'a"
  assumes "e > 0"
    and "continuous_on (cball a e) f"
    and "f ` cball a e ⊆ cball a e"
  obtains x where "x ∈ cball a e" and "f x = x"
  using brouwer_weak[OF compact_cball convex_cball, of a e f]
  unfolding interior_cball ball_eq_empty
  using assms by auto

text ‹Still more general form; could derive this directly without using the
  rather involved ‹HOMEOMORPHIC_CONVEX_COMPACT› theorem, just using
  a scaling and translation to put the set inside the unit cube.›

lemma brouwer:
  fixes f :: "'a::euclidean_space ⇒ 'a"
  assumes "compact s"
    and "convex s"
    and "s ≠ {}"
    and "continuous_on s f"
    and "f ` s ⊆ s"
  obtains x where "x ∈ s" and "f x = x"
proof -
  have "∃e>0. s ⊆ cball 0 e"
    using compact_imp_bounded[OF assms(1)]
    unfolding bounded_pos
    apply (erule_tac exE)
    apply (rule_tac x=b in exI)
    apply (auto simp add: dist_norm)
    done
  then obtain e where e: "e > 0" "s ⊆ cball 0 e"
    by blast
  have "∃x∈ cball 0 e. (f ∘ closest_point s) x = x"
    apply (rule_tac brouwer_ball[OF e(1), of 0 "f ∘ closest_point s"])
    apply (rule continuous_on_compose )
    apply (rule continuous_on_closest_point[OF assms(2) compact_imp_closed[OF assms(1)] assms(3)])
    apply (rule continuous_on_subset[OF assms(4)])
    apply (insert closest_point_in_set[OF compact_imp_closed[OF assms(1)] assms(3)])
    using assms(5)[unfolded subset_eq]
    using e(2)[unfolded subset_eq mem_cball]
    apply (auto simp add: dist_norm)
    done
  then obtain x where x: "x ∈ cball 0 e" "(f ∘ closest_point s) x = x" ..
  have *: "closest_point s x = x"
    apply (rule closest_point_self)
    apply (rule assms(5)[unfolded subset_eq,THEN bspec[where x="x"], unfolded image_iff])
    apply (rule_tac x="closest_point s x" in bexI)
    using x
    unfolding o_def
    using closest_point_in_set[OF compact_imp_closed[OF assms(1)] assms(3), of x]
    apply auto
    done
  show thesis
    apply (rule_tac x="closest_point s x" in that)
    unfolding x(2)[unfolded o_def]
    apply (rule closest_point_in_set[OF compact_imp_closed[OF assms(1)] assms(3)])
    using *
    apply auto
    done
qed

text ‹So we get the no-retraction theorem.›

theorem no_retraction_cball:
  fixes a :: "'a::euclidean_space"
  assumes "e > 0"
  shows "¬ (frontier (cball a e) retract_of (cball a e))"
proof
  assume *: "frontier (cball a e) retract_of (cball a e)"
  have **: "⋀xa. a - (2 *R a - xa) = - (a - xa)"
    using scaleR_left_distrib[of 1 1 a] by auto
  obtain x where x:
      "x ∈ {x. norm (a - x) = e}"
      "2 *R a - x = x"
    apply (rule retract_fixpoint_property[OF *, of "λx. scaleR 2 a - x"])
    apply (blast intro: brouwer_ball[OF assms])
    apply (intro continuous_intros)
    unfolding frontier_cball subset_eq Ball_def image_iff dist_norm sphere_def
    apply (auto simp add: ** norm_minus_commute)
    done
  then have "scaleR 2 a = scaleR 1 x + scaleR 1 x"
    by (auto simp add: algebra_simps)
  then have "a = x"
    unfolding scaleR_left_distrib[symmetric]
    by auto
  then show False
    using x assms by auto
qed

corollary contractible_sphere:
  fixes a :: "'a::euclidean_space"
  shows "contractible(sphere a r) ⟷ r ≤ 0"
proof (cases "0 < r")
  case True
  then show ?thesis
    unfolding contractible_def nullhomotopic_from_sphere_extension
    using no_retraction_cball [OF True, of a]
    by (auto simp: retract_of_def retraction_def)
next
  case False
  then show ?thesis
    unfolding contractible_def nullhomotopic_from_sphere_extension
    apply (simp add: not_less)
    apply (rule_tac x=id in exI)
    apply (auto simp: continuous_on_def)
    apply (meson dist_not_less_zero le_less less_le_trans)
    done
qed

lemma connected_sphere_eq:
  fixes a :: "'a :: euclidean_space"
  shows "connected(sphere a r) ⟷ 2 ≤ DIM('a) ∨ r ≤ 0"
    (is "?lhs = ?rhs")
proof (cases r "0::real" rule: linorder_cases)
  case less
  then show ?thesis by auto
next
  case equal
  then show ?thesis by auto
next
  case greater
  show ?thesis
  proof
    assume L: ?lhs
    have "False" if 1: "DIM('a) = 1"
    proof -
      obtain x y where xy: "sphere a r = {x,y}" "x ≠ y"
        using sphere_1D_doubleton [OF 1 greater]
        by (metis dist_self greater insertI1 less_add_same_cancel1 mem_sphere mult_2 not_le zero_le_dist)
      then have "finite (sphere a r)"
        by auto
      with L ‹r > 0› show "False"
        apply (auto simp: connected_finite_iff_sing)
        using xy by auto
    qed
    with greater show ?rhs
      by (metis DIM_ge_Suc0 One_nat_def Suc_1 le_antisym not_less_eq_eq)
  next
    assume ?rhs
    then show ?lhs
      using connected_sphere greater by auto
  qed
qed

lemma path_connected_sphere_eq:
  fixes a :: "'a :: euclidean_space"
  shows "path_connected(sphere a r) ⟷ 2 ≤ DIM('a) ∨ r ≤ 0"
         (is "?lhs = ?rhs")
proof
  assume ?lhs
  then show ?rhs
    using connected_sphere_eq path_connected_imp_connected by blast
next
  assume R: ?rhs
  then show ?lhs
    by (auto simp: contractible_imp_path_connected contractible_sphere path_connected_sphere)
qed

proposition frontier_subset_retraction:
  fixes S :: "'a::euclidean_space set"
  assumes "bounded S" and fros: "frontier S ⊆ T"
      and contf: "continuous_on (closure S) f"
      and fim: "f ` S ⊆ T"
      and fid: "⋀x. x ∈ T ⟹ f x = x"
    shows "S ⊆ T"
proof (rule ccontr)
  assume "¬ S ⊆ T"
  then obtain a where "a ∈ S" "a ∉ T" by blast
  define g where "g ≡ λz. if z ∈ closure S then f z else z"
  have "continuous_on (closure S ∪ closure(-S)) g"
    unfolding g_def
    apply (rule continuous_on_cases)
    using fros fid frontier_closures
        apply (auto simp: contf continuous_on_id)
    done
  moreover have "closure S ∪ closure(- S) = UNIV"
    using closure_Un by fastforce
  ultimately have contg: "continuous_on UNIV g" by metis
  obtain B where "0 < B" and B: "closure S ⊆ ball a B"
    using ‹bounded S› bounded_subset_ballD by blast
  have notga: "g x ≠ a" for x
    unfolding g_def using fros fim ‹a ∉ T›
    apply (auto simp: frontier_def)
    using fid interior_subset apply fastforce
    by (simp add: ‹a ∈ S› closure_def)
  define h where "h ≡ (λy. a + (B / norm(y - a)) *R (y - a)) ∘ g"
  have "¬ (frontier (cball a B) retract_of (cball a B))"
    by (metis no_retraction_cball ‹0 < B›)
  then have "⋀k. ¬ retraction (cball a B) (frontier (cball a B)) k"
    by (simp add: retract_of_def)
  moreover have "retraction (cball a B) (frontier (cball a B)) h"
    unfolding retraction_def
  proof (intro conjI ballI)
    show "frontier (cball a B) ⊆ cball a B"
      by (force simp:)
    show "continuous_on (cball a B) h"
      unfolding h_def
      apply (intro continuous_intros)
      using contg continuous_on_subset notga apply auto
      done
    show "h ` cball a B ⊆ frontier (cball a B)"
      using ‹0 < B› by (auto simp: h_def notga dist_norm)
    show "⋀x. x ∈ frontier (cball a B) ⟹ h x = x"
      apply (auto simp: h_def algebra_simps)
      apply (simp add: vector_add_divide_simps  notga)
      by (metis (no_types, hide_lams) B add.commute dist_commute  dist_norm g_def mem_ball not_less_iff_gr_or_eq  subset_eq)
  qed
  ultimately show False by simp
qed

subsection‹More Properties of Retractions›

lemma retraction:
   "retraction s t r ⟷
    t ⊆ s ∧ continuous_on s r ∧ r ` s = t ∧ (∀x ∈ t. r x = x)"
by (force simp: retraction_def)

lemma retract_of_imp_extensible:
  assumes "s retract_of t" and "continuous_on s f" and "f ` s ⊆ u"
  obtains g where "continuous_on t g" "g ` t ⊆ u" "⋀x. x ∈ s ⟹ g x = f x"
using assms
apply (clarsimp simp add: retract_of_def retraction)
apply (rule_tac g = "f o r" in that)
apply (auto simp: continuous_on_compose2)
done

lemma idempotent_imp_retraction:
  assumes "continuous_on s f" and "f ` s ⊆ s" and "⋀x. x ∈ s ⟹ f(f x) = f x"
    shows "retraction s (f ` s) f"
by (simp add: assms retraction)

lemma retraction_subset:
  assumes "retraction s t r" and "t ⊆ s'" and "s' ⊆ s"
    shows "retraction s' t r"
apply (simp add: retraction_def)
by (metis assms continuous_on_subset image_mono retraction)

lemma retract_of_subset:
  assumes "t retract_of s" and "t ⊆ s'" and "s' ⊆ s"
    shows "t retract_of s'"
by (meson assms retract_of_def retraction_subset)

lemma retraction_refl [simp]: "retraction s s (λx. x)"
by (simp add: continuous_on_id retraction)

lemma retract_of_refl [iff]: "s retract_of s"
  using continuous_on_id retract_of_def retraction_def by fastforce

lemma retract_of_imp_subset:
   "s retract_of t ⟹ s ⊆ t"
by (simp add: retract_of_def retraction_def)

lemma retract_of_empty [simp]:
     "({} retract_of s) ⟷ s = {}"  "(s retract_of {}) ⟷ s = {}"
by (auto simp: retract_of_def retraction_def)

lemma retract_of_singleton [iff]: "({x} retract_of s) ⟷ x ∈ s"
  using continuous_on_const
  by (auto simp: retract_of_def retraction_def)

lemma retraction_comp:
   "⟦retraction s t f; retraction t u g⟧
        ⟹ retraction s u (g o f)"
apply (auto simp: retraction_def intro: continuous_on_compose2)
by blast

lemma retract_of_trans [trans]:
  assumes "s retract_of t" and "t retract_of u"
    shows "s retract_of u"
using assms by (auto simp: retract_of_def intro: retraction_comp)

lemma closedin_retract:
  fixes s :: "'a :: real_normed_vector set"
  assumes "s retract_of t"
    shows "closedin (subtopology euclidean t) s"
proof -
  obtain r where "s ⊆ t" "continuous_on t r" "r ` t ⊆ s" "⋀x. x ∈ s ⟹ r x = x"
    using assms by (auto simp: retract_of_def retraction_def)
  then have s: "s = {x ∈ t. (norm(r x - x)) = 0}" by auto
  show ?thesis
    apply (subst s)
    apply (rule continuous_closedin_preimage_constant)
    by (simp add: ‹continuous_on t r› continuous_on_diff continuous_on_id continuous_on_norm)
qed

lemma closedin_self [simp]:
    fixes S :: "'a :: real_normed_vector set"
    shows "closedin (subtopology euclidean S) S"
  by (simp add: closedin_retract)

lemma retract_of_contractible:
  assumes "contractible t" "s retract_of t"
    shows "contractible s"
using assms
apply (clarsimp simp add: retract_of_def contractible_def retraction_def homotopic_with)
apply (rule_tac x="r a" in exI)
apply (rule_tac x="r o h" in exI)
apply (intro conjI continuous_intros continuous_on_compose)
apply (erule continuous_on_subset | force)+
done

lemma retract_of_compact:
     "⟦compact t; s retract_of t⟧ ⟹ compact s"
  by (metis compact_continuous_image retract_of_def retraction)

lemma retract_of_closed:
    fixes s :: "'a :: real_normed_vector set"
    shows "⟦closed t; s retract_of t⟧ ⟹ closed s"
  by (metis closedin_retract closedin_closed_eq)

lemma retract_of_connected:
    "⟦connected t; s retract_of t⟧ ⟹ connected s"
  by (metis Topological_Spaces.connected_continuous_image retract_of_def retraction)

lemma retract_of_path_connected:
    "⟦path_connected t; s retract_of t⟧ ⟹ path_connected s"
  by (metis path_connected_continuous_image retract_of_def retraction)

lemma retract_of_simply_connected:
    "⟦simply_connected t; s retract_of t⟧ ⟹ simply_connected s"
apply (simp add: retract_of_def retraction_def, clarify)
apply (rule simply_connected_retraction_gen)
apply (force simp: continuous_on_id elim!: continuous_on_subset)+
done

lemma retract_of_homotopically_trivial:
  assumes ts: "t retract_of s"
      and hom: "⋀f g. ⟦continuous_on u f; f ` u ⊆ s;
                       continuous_on u g; g ` u ⊆ s⟧
                       ⟹ homotopic_with (λx. True) u s f g"
      and "continuous_on u f" "f ` u ⊆ t"
      and "continuous_on u g" "g ` u ⊆ t"
    shows "homotopic_with (λx. True) u t f g"
proof -
  obtain r where "r ` s ⊆ s" "continuous_on s r" "∀x∈s. r (r x) = r x" "t = r ` s"
    using ts by (auto simp: retract_of_def retraction)
  then obtain k where "Retracts s r t k"
    unfolding Retracts_def
    by (metis continuous_on_subset dual_order.trans image_iff image_mono)
  then show ?thesis
    apply (rule Retracts.homotopically_trivial_retraction_gen)
    using assms
    apply (force simp: hom)+
    done
qed

lemma retract_of_homotopically_trivial_null:
  assumes ts: "t retract_of s"
      and hom: "⋀f. ⟦continuous_on u f; f ` u ⊆ s⟧
                     ⟹ ∃c. homotopic_with (λx. True) u s f (λx. c)"
      and "continuous_on u f" "f ` u ⊆ t"
  obtains c where "homotopic_with (λx. True) u t f (λx. c)"
proof -
  obtain r where "r ` s ⊆ s" "continuous_on s r" "∀x∈s. r (r x) = r x" "t = r ` s"
    using ts by (auto simp: retract_of_def retraction)
  then obtain k where "Retracts s r t k"
    unfolding Retracts_def
    by (metis continuous_on_subset dual_order.trans image_iff image_mono)
  then show ?thesis
    apply (rule Retracts.homotopically_trivial_retraction_null_gen)
    apply (rule TrueI refl assms that | assumption)+
    done
qed

lemma retraction_imp_quotient_map:
   "retraction s t r
    ⟹ u ⊆ t
            ⟹ (openin (subtopology euclidean s) {x. x ∈ s ∧ r x ∈ u} ⟷
                 openin (subtopology euclidean t) u)"
apply (clarsimp simp add: retraction)
apply (rule continuous_right_inverse_imp_quotient_map [where g=r])
apply (auto simp: elim: continuous_on_subset)
done

lemma retract_of_locally_compact:
    fixes s :: "'a :: {heine_borel,real_normed_vector} set"
    shows  "⟦ locally compact s; t retract_of s⟧ ⟹ locally compact t"
  by (metis locally_compact_closedin closedin_retract)

lemma retract_of_Times:
   "⟦s retract_of s'; t retract_of t'⟧ ⟹ (s × t) retract_of (s' × t')"
apply (simp add: retract_of_def retraction_def Sigma_mono, clarify)
apply (rename_tac f g)
apply (rule_tac x="λz. ((f o fst) z, (g o snd) z)" in exI)
apply (rule conjI continuous_intros | erule continuous_on_subset | force)+
done

lemma homotopic_into_retract:
   "⟦f ` s ⊆ t; g ` s ⊆ t; t retract_of u;
        homotopic_with (λx. True) s u f g⟧
        ⟹ homotopic_with (λx. True) s t f g"
apply (subst (asm) homotopic_with_def)
apply (simp add: homotopic_with retract_of_def retraction_def, clarify)
apply (rule_tac x="r o h" in exI)
apply (rule conjI continuous_intros | erule continuous_on_subset | force simp: image_subset_iff)+
done

lemma retract_of_locally_connected:
  assumes "locally connected T" "S retract_of T"
    shows "locally connected S"
  using assms
  by (auto simp: retract_of_def retraction intro!: retraction_imp_quotient_map elim!: locally_connected_quotient_image)

lemma retract_of_locally_path_connected:
  assumes "locally path_connected T" "S retract_of T"
    shows "locally path_connected S"
  using assms
  by (auto simp: retract_of_def retraction intro!: retraction_imp_quotient_map elim!: locally_path_connected_quotient_image)

subsubsection‹A few simple lemmas about deformation retracts›

lemma deformation_retract_imp_homotopy_eqv:
  fixes S :: "'a::euclidean_space set"
  assumes "homotopic_with (λx. True) S S id r" "retraction S T r"
    shows "S homotopy_eqv T"
  apply (simp add: homotopy_eqv_def)
  apply (rule_tac x=r in exI)
  using assms apply (simp add: retraction_def)
  apply (rule_tac x=id in exI)
  apply (auto simp: continuous_on_id)
   apply (metis homotopic_with_symD)
  by (metis continuous_on_id' homotopic_with_equal homotopic_with_symD id_apply image_id subset_refl)

lemma deformation_retract:
  fixes S :: "'a::euclidean_space set"
    shows "(∃r. homotopic_with (λx. True) S S id r ∧ retraction S T r) ⟷
           T retract_of S ∧ (∃f. homotopic_with (λx. True) S S id f ∧ f ` S ⊆ T)"
    (is "?lhs = ?rhs")
proof
  assume ?lhs
  then show ?rhs
    by (auto simp: retract_of_def retraction_def)
next
  assume ?rhs
  then show ?lhs
    apply (clarsimp simp add: retract_of_def retraction_def)
    apply (rule_tac x=r in exI, simp)
     apply (rule homotopic_with_trans, assumption)
     apply (rule_tac f = "r ∘ f" and g="r ∘ id" in homotopic_with_eq)
        apply (rule_tac Y=S in homotopic_compose_continuous_left)
         apply (auto simp: homotopic_with_sym)
    done
qed

lemma deformation_retract_of_contractible_sing:
  fixes S :: "'a::euclidean_space set"
  assumes "contractible S" "a ∈ S"
  obtains r where "homotopic_with (λx. True) S S id r" "retraction S {a} r"
proof -
  have "{a} retract_of S"
    by (simp add: ‹a ∈ S›)
  moreover have "homotopic_with (λx. True) S S id (λx. a)"
    using assms
    apply (clarsimp simp add: contractible_def)
    apply (rule homotopic_with_trans, assumption)
    by (metis assms(1) contractible_imp_path_connected homotopic_constant_maps homotopic_with_sym homotopic_with_trans insert_absorb insert_not_empty path_component_mem(1) path_connected_component)
  moreover have "(λx. a) ` S ⊆ {a}"
    by (simp add: image_subsetI)
  ultimately show ?thesis
    using that deformation_retract  by metis
qed


subsection‹Punctured affine hulls, etc.›

lemma continuous_on_compact_surface_projection_aux:
  fixes S :: "'a::t2_space set"
  assumes "compact S" "S ⊆ T" "image q T ⊆ S"
      and contp: "continuous_on T p"
      and "⋀x. x ∈ S ⟹ q x = x"
      and [simp]: "⋀x. x ∈ T ⟹ q(p x) = q x"
      and "⋀x. x ∈ T ⟹ p(q x) = p x"
    shows "continuous_on T q"
proof -
  have *: "image p T = image p S"
    using assms by auto (metis imageI subset_iff)
  have contp': "continuous_on S p"
    by (rule continuous_on_subset [OF contp ‹S ⊆ T›])
  have "continuous_on T (q ∘ p)"
    apply (rule continuous_on_compose [OF contp])
    apply (simp add: *)
    apply (rule continuous_on_inv [OF contp' ‹compact S›])
    using assms by auto
  then show ?thesis
    apply (rule continuous_on_eq [of _ "q o p"])
    apply (simp add: o_def)
    done
qed

lemma continuous_on_compact_surface_projection:
  fixes S :: "'a::real_normed_vector set"
  assumes "compact S"
      and S: "S ⊆ V - {0}" and "cone V"
      and iff: "⋀x k. x ∈ V - {0} ⟹ 0 < k ∧ (k *R x) ∈ S ⟷ d x = k"
  shows "continuous_on (V - {0}) (λx. d x *R x)"
proof (rule continuous_on_compact_surface_projection_aux [OF ‹compact S› S])
  show "(λx. d x *R x) ` (V - {0}) ⊆ S"
    using iff by auto
  show "continuous_on (V - {0}) (λx. inverse(norm x) *R x)"
    by (intro continuous_intros) force
  show "⋀x. x ∈ S ⟹ d x *R x = x"
    by (metis S zero_less_one local.iff scaleR_one subset_eq)
  show "d (x /R norm x) *R (x /R norm x) = d x *R x" if "x ∈ V - {0}" for x
    using iff [of "inverse(norm x) *R x" "norm x * d x", symmetric] iff that ‹cone V›
    by (simp add: field_simps cone_def zero_less_mult_iff)
  show "d x *R x /R norm (d x *R x) = x /R norm x" if "x ∈ V - {0}" for x
  proof -
    have "0 < d x"
      using local.iff that by blast
    then show ?thesis
      by simp
  qed
qed

proposition rel_frontier_deformation_retract_of_punctured_convex:
  fixes S :: "'a::euclidean_space set"
  assumes "convex S" "convex T" "bounded S"
      and arelS: "a ∈ rel_interior S"
      and relS: "rel_frontier S ⊆ T"
      and affS: "T ⊆ affine hull S"
  obtains r where "homotopic_with (λx. True) (T - {a}) (T - {a}) id r"
                  "retraction (T - {a}) (rel_frontier S) r"
proof -
  have "∃d. 0 < d ∧ (a + d *R l) ∈ rel_frontier S ∧
            (∀e. 0 ≤ e ∧ e < d ⟶ (a + e *R l) ∈ rel_interior S)"
       if "(a + l) ∈ affine hull S" "l ≠ 0" for l
    apply (rule ray_to_rel_frontier [OF ‹bounded S› arelS])
    apply (rule that)+
    by metis
  then obtain dd
    where dd1: "⋀l. ⟦(a + l) ∈ affine hull S; l ≠ 0⟧ ⟹ 0 < dd l ∧ (a + dd l *R l) ∈ rel_frontier S"
      and dd2: "⋀l e. ⟦(a + l) ∈ affine hull S; e < dd l; 0 ≤ e; l ≠ 0⟧
                      ⟹ (a + e *R l) ∈ rel_interior S"
    by metis+
  have aaffS: "a ∈ affine hull S"
    by (meson arelS subsetD hull_inc rel_interior_subset)
  have "((λz. z - a) ` (affine hull S - {a})) = ((λz. z - a) ` (affine hull S)) - {0}"
    by (auto simp: )
  moreover have "continuous_on (((λz. z - a) ` (affine hull S)) - {0}) (λx. dd x *R x)"
  proof (rule continuous_on_compact_surface_projection)
    show "compact (rel_frontier ((λz. z - a) ` S))"
      by (simp add: ‹bounded S› bounded_translation_minus compact_rel_frontier_bounded)
    have releq: "rel_frontier ((λz. z - a) ` S) = (λz. z - a) ` rel_frontier S"
      using rel_frontier_translation [of "-a"] add.commute by simp
    also have "... ⊆ (λz. z - a) ` (affine hull S) - {0}"
      using rel_frontier_affine_hull arelS rel_frontier_def by fastforce
    finally show "rel_frontier ((λz. z - a) ` S) ⊆ (λz. z - a) ` (affine hull S) - {0}" .
    show "cone ((λz. z - a) ` (affine hull S))"
      apply (rule subspace_imp_cone)
      using aaffS
      apply (simp add: subspace_affine image_comp o_def affine_translation_aux [of a])
      done
    show "(0 < k ∧ k *R x ∈ rel_frontier ((λz. z - a) ` S)) ⟷ (dd x = k)"
         if x: "x ∈ (λz. z - a) ` (affine hull S) - {0}" for k x
    proof
      show "dd x = k ⟹ 0 < k ∧ k *R x ∈ rel_frontier ((λz. z - a) ` S)"
      using dd1 [of x] that image_iff by (fastforce simp add: releq)
    next
      assume k: "0 < k ∧ k *R x ∈ rel_frontier ((λz. z - a) ` S)"
      have False if "dd x < k"
      proof -
        have "k ≠ 0" "a + k *R x ∈ closure S"
          using k closure_translation [of "-a"]
          by (auto simp: rel_frontier_def)
        then have segsub: "open_segment a (a + k *R x) ⊆ rel_interior S"
          by (metis rel_interior_closure_convex_segment [OF ‹convex S› arelS])
        have "x ≠ 0" and xaffS: "a + x ∈ affine hull S"
          using x by (auto simp: )
        then have "0 < dd x" and inS: "a + dd x *R x ∈ rel_frontier S"
          using dd1 by auto
        moreover have "a + dd x *R x ∈ open_segment a (a + k *R x)"
          using k ‹x ≠ 0› ‹0 < dd x›
          apply (simp add: in_segment)
          apply (rule_tac x = "dd x / k" in exI)
          apply (simp add: field_simps that)
          apply (simp add: vector_add_divide_simps algebra_simps)
          apply (metis (no_types) ‹k ≠ 0› divide_inverse_commute inverse_eq_divide mult.left_commute right_inverse)
          done
        ultimately show ?thesis
          using segsub by (auto simp add: rel_frontier_def)
      qed
      moreover have False if "k < dd x"
        using x k that rel_frontier_def
        by (fastforce simp: algebra_simps releq dest!: dd2)
      ultimately show "dd x = k"
        by fastforce
    qed
  qed
  ultimately have *: "continuous_on ((λz. z - a) ` (affine hull S - {a})) (λx. dd x *R x)"
    by auto
  have "continuous_on (affine hull S - {a}) ((λx. a + dd x *R x) ∘ (λz. z - a))"
    by (intro * continuous_intros continuous_on_compose)
  with affS have contdd: "continuous_on (T - {a}) ((λx. a + dd x *R x) ∘ (λz. z - a))"
    by (blast intro: continuous_on_subset elim: )
  show ?thesis
  proof
    show "homotopic_with (λx. True) (T - {a}) (T - {a}) id (λx. a + dd (x - a) *R (x - a))"
    proof (rule homotopic_with_linear)
      show "continuous_on (T - {a}) id"
        by (intro continuous_intros continuous_on_compose)
      show "continuous_on (T - {a}) (λx. a + dd (x - a) *R (x - a))"
        using contdd by (simp add: o_def)
      show "closed_segment (id x) (a + dd (x - a) *R (x - a)) ⊆ T - {a}"
           if "x ∈ T - {a}" for x
      proof (clarsimp simp: in_segment, intro conjI)
        fix u::real assume u: "0 ≤ u" "u ≤ 1"
        show "(1 - u) *R x + u *R (a + dd (x - a) *R (x - a)) ∈ T"
          apply (rule convexD [OF ‹convex T›])
          using that u apply (auto simp add: )
          apply (metis add.commute affS dd1 diff_add_cancel eq_iff_diff_eq_0 relS subsetD)
          done
        have iff: "(1 - u) *R x + u *R (a + d *R (x - a)) = a ⟷
                  (1 - u + u * d) *R (x - a) = 0" for d
          by (auto simp: algebra_simps)
        have "x ∈ T" "x ≠ a" using that by auto
        then have axa: "a + (x - a) ∈ affine hull S"
           by (metis (no_types) add.commute affS diff_add_cancel set_rev_mp)
        then have "¬ dd (x - a) ≤ 0 ∧ a + dd (x - a) *R (x - a) ∈ rel_frontier S"
          using ‹x ≠ a› dd1 by fastforce
        with ‹x ≠ a› show "(1 - u) *R x + u *R (a + dd (x - a) *R (x - a)) ≠ a"
          apply (auto simp: iff)
          using less_eq_real_def mult_le_0_iff not_less u by fastforce
      qed
    qed
    show "retraction (T - {a}) (rel_frontier S) (λx. a + dd (x - a) *R (x - a))"
    proof (simp add: retraction_def, intro conjI ballI)
      show "rel_frontier S ⊆ T - {a}"
        using arelS relS rel_frontier_def by fastforce
      show "continuous_on (T - {a}) (λx. a + dd (x - a) *R (x - a))"
        using contdd by (simp add: o_def)
      show "(λx. a + dd (x - a) *R (x - a)) ` (T - {a}) ⊆ rel_frontier S"
        apply (auto simp: rel_frontier_def)
        apply (metis Diff_subset add.commute affS dd1 diff_add_cancel eq_iff_diff_eq_0 rel_frontier_def subset_iff)
        by (metis DiffE add.commute affS dd1 diff_add_cancel eq_iff_diff_eq_0 rel_frontier_def rev_subsetD)
      show "a + dd (x - a) *R (x - a) = x" if x: "x ∈ rel_frontier S" for x
      proof -
        have "x ≠ a"
          using that arelS by (auto simp add: rel_frontier_def)
        have False if "dd (x - a) < 1"
        proof -
          have "x ∈ closure S"
            using x by (auto simp: rel_frontier_def)
          then have segsub: "open_segment a x ⊆ rel_interior S"
            by (metis rel_interior_closure_convex_segment [OF ‹convex S› arelS])
          have  xaffS: "x ∈ affine hull S"
            using affS relS x by auto
          then have "0 < dd (x - a)" and inS: "a + dd (x - a) *R (x - a) ∈ rel_frontier S"
            using dd1 by (auto simp add: ‹x ≠ a›)
          moreover have "a + dd (x - a) *R (x - a) ∈ open_segment a x"
            using  ‹x ≠ a› ‹0 < dd (x - a)›
            apply (simp add: in_segment)
            apply (rule_tac x = "dd (x - a)" in exI)
            apply (simp add: algebra_simps that)
            done
          ultimately show ?thesis
            using segsub by (auto simp add: rel_frontier_def)
        qed
        moreover have False if "1 < dd (x - a)"
          using x that dd2 [of "x - a" 1] ‹x ≠ a› closure_affine_hull
          by (auto simp: rel_frontier_def)
        ultimately have "dd (x - a) = 1" ‹similar to another proof above›
          by fastforce
        with that show ?thesis
          by (simp add: rel_frontier_def)
      qed
    qed
  qed
qed

corollary rel_frontier_retract_of_punctured_affine_hull:
  fixes S :: "'a::euclidean_space set"
  assumes "bounded S" "convex S" "a ∈ rel_interior S"
    shows "rel_frontier S retract_of (affine hull S - {a})"
apply (rule rel_frontier_deformation_retract_of_punctured_convex [of S "affine hull S" a])
apply (auto simp add: affine_imp_convex rel_frontier_affine_hull retract_of_def assms)
done

corollary rel_boundary_retract_of_punctured_affine_hull:
  fixes S :: "'a::euclidean_space set"
  assumes "compact S" "convex S" "a ∈ rel_interior S"
    shows "(S - rel_interior S) retract_of (affine hull S - {a})"
by (metis assms closure_closed compact_eq_bounded_closed rel_frontier_def
          rel_frontier_retract_of_punctured_affine_hull)

lemma homotopy_eqv_rel_frontier_punctured_convex:
  fixes S :: "'a::euclidean_space set"
  assumes "convex S" "bounded S" "a ∈ rel_interior S" "convex T" "rel_frontier S ⊆ T" "T ⊆ affine hull S"
  shows "(rel_frontier S) homotopy_eqv (T - {a})"
  apply (rule rel_frontier_deformation_retract_of_punctured_convex [of S T])
  using assms
  apply auto
  apply (subst homotopy_eqv_sym)
  using deformation_retract_imp_homotopy_eqv by blast

lemma homotopy_eqv_rel_frontier_punctured_affine_hull:
  fixes S :: "'a::euclidean_space set"
  assumes "convex S" "bounded S" "a ∈ rel_interior S"
    shows "(rel_frontier S) homotopy_eqv (affine hull S - {a})"
apply (rule homotopy_eqv_rel_frontier_punctured_convex)
  using assms rel_frontier_affine_hull  by force+

lemma path_connected_sphere_gen:
  assumes "convex S" "bounded S" "aff_dim S ≠ 1"
  shows "path_connected(rel_frontier S)"
proof (cases "rel_interior S = {}")
  case True
  then show ?thesis
    by (simp add: ‹convex S› convex_imp_path_connected rel_frontier_def)
next
  case False
  then show ?thesis
    by (metis aff_dim_affine_hull affine_affine_hull affine_imp_convex all_not_in_conv assms path_connected_punctured_convex rel_frontier_retract_of_punctured_affine_hull retract_of_path_connected)
qed

lemma connected_sphere_gen:
  assumes "convex S" "bounded S" "aff_dim S ≠ 1"
  shows "connected(rel_frontier S)"
  by (simp add: assms path_connected_imp_connected path_connected_sphere_gen)

subsection‹Borsuk-style characterization of separation›

lemma continuous_on_Borsuk_map:
   "a ∉ s ⟹  continuous_on s (λx. inverse(norm (x - a)) *R (x - a))"
by (rule continuous_intros | force)+

lemma Borsuk_map_into_sphere:
   "(λx. inverse(norm (x - a)) *R (x - a)) ` s ⊆ sphere 0 1 ⟷ (a ∉ s)"
  by auto (metis eq_iff_diff_eq_0 left_inverse norm_eq_zero)

lemma Borsuk_maps_homotopic_in_path_component:
  assumes "path_component (- s) a b"
    shows "homotopic_with (λx. True) s (sphere 0 1)
                   (λx. inverse(norm(x - a)) *R (x - a))
                   (λx. inverse(norm(x - b)) *R (x - b))"
proof -
  obtain g where "path g" "path_image g ⊆ -s" "pathstart g = a" "pathfinish g = b"
    using assms by (auto simp: path_component_def)
  then show ?thesis
    apply (simp add: path_def path_image_def pathstart_def pathfinish_def homotopic_with_def)
    apply (rule_tac x = "λz. inverse(norm(snd z - (g o fst)z)) *R (snd z - (g o fst)z)" in exI)
    apply (intro conjI continuous_intros)
    apply (rule continuous_intros | erule continuous_on_subset | fastforce simp: divide_simps sphere_def)+
    done
qed

lemma non_extensible_Borsuk_map:
  fixes a :: "'a :: euclidean_space"
  assumes "compact s" and cin: "c ∈ components(- s)" and boc: "bounded c" and "a ∈ c"
    shows "~ (∃g. continuous_on (s ∪ c) g ∧
                  g ` (s ∪ c) ⊆ sphere 0 1 ∧
                  (∀x ∈ s. g x = inverse(norm(x - a)) *R (x - a)))"
proof -
  have "closed s" using assms by (simp add: compact_imp_closed)
  have "c ⊆ -s"
    using assms by (simp add: in_components_subset)
  with ‹a ∈ c› have "a ∉ s" by blast
  then have ceq: "c = connected_component_set (- s) a"
    by (metis ‹a ∈ c› cin components_iff connected_component_eq)
  then have "bounded (s ∪ connected_component_set (- s) a)"
    using ‹compact s› boc compact_imp_bounded by auto
  with bounded_subset_ballD obtain r where "0 < r" and r: "(s ∪ connected_component_set (- s) a) ⊆ ball a r"
    by blast
  { fix g
    assume "continuous_on (s ∪ c) g"
            "g ` (s ∪ c) ⊆ sphere 0 1"
       and [simp]: "⋀x. x ∈ s ⟹ g x = (x - a) /R norm (x - a)"
    then have [simp]: "⋀x. x ∈ s ∪ c ⟹ norm (g x) = 1"
      by force
    have cb_eq: "cball a r = (s ∪ connected_component_set (- s) a) ∪
                      (cball a r - connected_component_set (- s) a)"
      using ball_subset_cball [of a r] r by auto
    have cont1: "continuous_on (s ∪ connected_component_set (- s) a)
                     (λx. a + r *R g x)"
      apply (rule continuous_intros)+
      using ‹continuous_on (s ∪ c) g› ceq by blast
    have cont2: "continuous_on (cball a r - connected_component_set (- s) a)
            (λx. a + r *R ((x - a) /R norm (x - a)))"
      by (rule continuous_intros | force simp: ‹a ∉ s›)+
    have 1: "continuous_on (cball a r)
             (λx. if connected_component (- s) a x
                  then a + r *R g x
                  else a + r *R ((x - a) /R norm (x - a)))"
      apply (subst cb_eq)
      apply (rule continuous_on_cases [OF _ _ cont1 cont2])
        using ceq cin
      apply (auto intro: closed_Un_complement_component
                  simp: ‹closed s› open_Compl open_connected_component)
      done
    have 2: "(λx. a + r *R g x) ` (cball a r ∩ connected_component_set (- s) a)
             ⊆ sphere a r "
      using ‹0 < r› by (force simp: dist_norm ceq)
    have "retraction (cball a r) (sphere a r)
            (λx. if x ∈ connected_component_set (- s) a
                 then a + r *R g x
                 else a + r *R ((x - a) /R norm (x - a)))"
      using  ‹0 < r›
      apply (simp add: retraction_def dist_norm 1 2, safe)
      apply (force simp: dist_norm abs_if mult_less_0_iff divide_simps ‹a ∉ s›)
      using r
      by (auto simp: dist_norm norm_minus_commute)
    then have False
      using no_retraction_cball
             [OF ‹0 < r›, of a, unfolded retract_of_def, simplified, rule_format,
              of "λx. if x ∈ connected_component_set (- s) a
                      then a + r *R g x
                      else a + r *R inverse(norm(x - a)) *R (x - a)"]
      by blast
  }
  then show ?thesis
    by blast
qed

subsection‹Absolute retracts, Etc.›

text‹Absolute retracts (AR), absolute neighbourhood retracts (ANR) and also
 Euclidean neighbourhood retracts (ENR). We define AR and ANR by
 specializing the standard definitions for a set to embedding in
spaces of higher dimension. ›

(*This turns out to be sufficient (since any set in
R^n can be embedded as a closed subset of a convex subset of R^{n+1}) to
derive the usual definitions, but we need to split them into two
implications because of the lack of type quantifiers. Then ENR turns out
to be equivalent to ANR plus local compactness. -- JRH*)

definition AR :: "'a::topological_space set => bool"
  where
   "AR S ≡ ∀U. ∀S'::('a * real) set. S homeomorphic S' ∧ closedin (subtopology euclidean U) S'
                ⟶ S' retract_of U"

definition ANR :: "'a::topological_space set => bool"
  where
   "ANR S ≡ ∀U. ∀S'::('a * real) set. S homeomorphic S' ∧ closedin (subtopology euclidean U) S'
                ⟶ (∃T. openin (subtopology euclidean U) T ∧
                        S' retract_of T)"

definition ENR :: "'a::topological_space set => bool"
  where "ENR S ≡ ∃U. open U ∧ S retract_of U"

text‹ First, show that we do indeed get the "usual" properties of ARs and ANRs.›

proposition AR_imp_absolute_extensor:
  fixes f :: "'a::euclidean_space ⇒ 'b::euclidean_space"
  assumes "AR S" and contf: "continuous_on T f" and "f ` T ⊆ S"
      and cloUT: "closedin (subtopology euclidean U) T"
  obtains g where "continuous_on U g" "g ` U ⊆ S" "⋀x. x ∈ T ⟹ g x = f x"
proof -
  have "aff_dim S < int (DIM('b × real))"
    using aff_dim_le_DIM [of S] by simp
  then obtain C and S' :: "('b * real) set"
          where C: "convex C" "C ≠ {}"
            and cloCS: "closedin (subtopology euclidean C) S'"
            and hom: "S homeomorphic S'"
    by (metis that homeomorphic_closedin_convex)
  then have "S' retract_of C"
    using ‹AR S› by (simp add: AR_def)
  then obtain r where "S' ⊆ C" and contr: "continuous_on C r"
                  and "r ` C ⊆ S'" and rid: "⋀x. x∈S' ⟹ r x = x"
    by (auto simp: retraction_def retract_of_def)
  obtain g h where "homeomorphism S S' g h"
    using hom by (force simp: homeomorphic_def)
  then have "continuous_on (f ` T) g"
    by (meson ‹f ` T ⊆ S› continuous_on_subset homeomorphism_def)
  then have contgf: "continuous_on T (g o f)"
    by (metis continuous_on_compose contf)
  have gfTC: "(g ∘ f) ` T ⊆ C"
  proof -
    have "g ` S = S'"
      by (metis (no_types) ‹homeomorphism S S' g h› homeomorphism_def)
    with ‹S' ⊆ C› ‹f ` T ⊆ S› show ?thesis by force
  qed
  obtain f' where f': "continuous_on U f'"  "f' ` U ⊆ C"
                      "⋀x. x ∈ T ⟹ f' x = (g ∘ f) x"
    by (metis Dugundji [OF C cloUT contgf gfTC])
  show ?thesis
  proof (rule_tac g = "h o r o f'" in that)
    show "continuous_on U (h ∘ r ∘ f')"
      apply (intro continuous_on_compose f')
       using continuous_on_subset contr f' apply blast
      by (meson ‹homeomorphism S S' g h› ‹r ` C ⊆ S'› continuous_on_subset ‹f' ` U ⊆ C› homeomorphism_def image_mono)
    show "(h ∘ r ∘ f') ` U ⊆ S"
      using ‹homeomorphism S S' g h› ‹r ` C ⊆ S'› ‹f' ` U ⊆ C›
      by (fastforce simp: homeomorphism_def)
    show "⋀x. x ∈ T ⟹ (h ∘ r ∘ f') x = f x"
      using ‹homeomorphism S S' g h› ‹f ` T ⊆ S› f'
      by (auto simp: rid homeomorphism_def)
  qed
qed

lemma AR_imp_absolute_retract:
  fixes S :: "'a::euclidean_space set" and S' :: "'b::euclidean_space set"
  assumes "AR S" "S homeomorphic S'"
      and clo: "closedin (subtopology euclidean U) S'"
    shows "S' retract_of U"
proof -
  obtain g h where hom: "homeomorphism S S' g h"
    using assms by (force simp: homeomorphic_def)
  have h: "continuous_on S' h" " h ` S' ⊆ S"
    using hom homeomorphism_def apply blast
    apply (metis hom equalityE homeomorphism_def)
    done
  obtain h' where h': "continuous_on U h'" "h' ` U ⊆ S"
              and h'h: "⋀x. x ∈ S' ⟹ h' x = h x"
    by (blast intro: AR_imp_absolute_extensor [OF ‹AR S› h clo])
  have [simp]: "S' ⊆ U" using clo closedin_limpt by blast
  show ?thesis
  proof (simp add: retraction_def retract_of_def, intro exI conjI)
    show "continuous_on U (g o h')"
      apply (intro continuous_on_compose h')
      apply (meson hom continuous_on_subset h' homeomorphism_cont1)
      done
    show "(g ∘ h') ` U ⊆ S'"
      using h'  by clarsimp (metis hom subsetD homeomorphism_def imageI)
    show "∀x∈S'. (g ∘ h') x = x"
      by clarsimp (metis h'h hom homeomorphism_def)
  qed
qed

lemma AR_imp_absolute_retract_UNIV:
  fixes S :: "'a::euclidean_space set" and S' :: "'b::euclidean_space set"
  assumes "AR S" and hom: "S homeomorphic S'"
      and clo: "closed S'"
    shows "S' retract_of UNIV"
apply (rule AR_imp_absolute_retract [OF ‹AR S› hom])
using clo closed_closedin by auto

lemma absolute_extensor_imp_AR:
  fixes S :: "'a::euclidean_space set"
  assumes "⋀f :: 'a * real ⇒ 'a.
           ⋀U T. ⟦continuous_on T f;  f ` T ⊆ S;
                  closedin (subtopology euclidean U) T⟧
                 ⟹ ∃g. continuous_on U g ∧ g ` U ⊆ S ∧ (∀x ∈ T. g x = f x)"
  shows "AR S"
proof (clarsimp simp: AR_def)
  fix U and T :: "('a * real) set"
  assume "S homeomorphic T" and clo: "closedin (subtopology euclidean U) T"
  then obtain g h where hom: "homeomorphism S T g h"
    by (force simp: homeomorphic_def)
  have h: "continuous_on T h" " h ` T ⊆ S"
    using hom homeomorphism_def apply blast
    apply (metis hom equalityE homeomorphism_def)
    done
  obtain h' where h': "continuous_on U h'" "h' ` U ⊆ S"
              and h'h: "∀x∈T. h' x = h x"
    using assms [OF h clo] by blast
  have [simp]: "T ⊆ U"
    using clo closedin_imp_subset by auto
  show "T retract_of U"
  proof (simp add: retraction_def retract_of_def, intro exI conjI)
    show "continuous_on U (g o h')"
      apply (intro continuous_on_compose h')
      apply (meson hom continuous_on_subset h' homeomorphism_cont1)
      done
    show "(g ∘ h') ` U ⊆ T"
      using h'  by clarsimp (metis hom subsetD homeomorphism_def imageI)
    show "∀x∈T. (g ∘ h') x = x"
      by clarsimp (metis h'h hom homeomorphism_def)
  qed
qed

lemma AR_eq_absolute_extensor:
  fixes S :: "'a::euclidean_space set"
  shows "AR S ⟷
       (∀f :: 'a * real ⇒ 'a.
        ∀U T. continuous_on T f ⟶ f ` T ⊆ S ⟶
               closedin (subtopology euclidean U) T ⟶
                (∃g. continuous_on U g ∧ g ` U ⊆ S ∧ (∀x ∈ T. g x = f x)))"
apply (rule iffI)
 apply (metis AR_imp_absolute_extensor)
apply (simp add: absolute_extensor_imp_AR)
done

lemma AR_imp_retract:
  fixes S :: "'a::euclidean_space set"
  assumes "AR S ∧ closedin (subtopology euclidean U) S"
    shows "S retract_of U"
using AR_imp_absolute_retract assms homeomorphic_refl by blast

lemma AR_homeomorphic_AR:
  fixes S :: "'a::euclidean_space set" and T :: "'b::euclidean_space set"
  assumes "AR T" "S homeomorphic T"
    shows "AR S"
unfolding AR_def
by (metis assms AR_imp_absolute_retract homeomorphic_trans [of _ S] homeomorphic_sym)

lemma homeomorphic_AR_iff_AR:
  fixes S :: "'a::euclidean_space set" and T :: "'b::euclidean_space set"
  shows "S homeomorphic T ⟹ AR S ⟷ AR T"
by (metis AR_homeomorphic_AR homeomorphic_sym)


proposition ANR_imp_absolute_neighbourhood_extensor:
  fixes f :: "'a::euclidean_space ⇒ 'b::euclidean_space"
  assumes "ANR S" and contf: "continuous_on T f" and "f ` T ⊆ S"
      and cloUT: "closedin (subtopology euclidean U) T"
  obtains V g where "T ⊆ V" "openin (subtopology euclidean U) V"
                    "continuous_on V g"
                    "g ` V ⊆ S" "⋀x. x ∈ T ⟹ g x = f x"
proof -
  have "aff_dim S < int (DIM('b × real))"
    using aff_dim_le_DIM [of S] by simp
  then obtain C and S' :: "('b * real) set"
          where C: "convex C" "C ≠ {}"
            and cloCS: "closedin (subtopology euclidean C) S'"
            and hom: "S homeomorphic S'"
    by (metis that homeomorphic_closedin_convex)
  then obtain D where opD: "openin (subtopology euclidean C) D" and "S' retract_of D"
    using ‹ANR S› by (auto simp: ANR_def)
  then obtain r where "S' ⊆ D" and contr: "continuous_on D r"
                  and "r ` D ⊆ S'" and rid: "⋀x. x ∈ S' ⟹ r x = x"
    by (auto simp: retraction_def retract_of_def)
  obtain g h where homgh: "homeomorphism S S' g h"
    using hom by (force simp: homeomorphic_def)
  have "continuous_on (f ` T) g"
    by (meson ‹f ` T ⊆ S› continuous_on_subset homeomorphism_def homgh)
  then have contgf: "continuous_on T (g o f)"
    by (intro continuous_on_compose contf)
  have gfTC: "(g ∘ f) ` T ⊆ C"
  proof -
    have "g ` S = S'"
      by (metis (no_types) homeomorphism_def homgh)
    then show ?thesis
      by (metis (no_types) assms(3) cloCS closedin_def image_comp image_mono order.trans topspace_euclidean_subtopology)
  qed
  obtain f' where contf': "continuous_on U f'"
              and "f' ` U ⊆ C"
              and eq: "⋀x. x ∈ T ⟹ f' x = (g ∘ f) x"
    by (metis Dugundji [OF C cloUT contgf gfTC])
  show ?thesis
  proof (rule_tac V = "{x ∈ U. f' x ∈ D}" and g = "h o r o f'" in that)
    show "T ⊆ {x ∈ U. f' x ∈ D}"
      using cloUT closedin_imp_subset ‹S' ⊆ D› ‹f ` T ⊆ S› eq homeomorphism_image1 homgh
      by fastforce
    show ope: "openin (subtopology euclidean U) {x ∈ U. f' x ∈ D}"
      using  ‹f' ` U ⊆ C› by (auto simp: opD contf' continuous_openin_preimage)
    have conth: "continuous_on (r ` f' ` {x ∈ U. f' x ∈ D}) h"
      apply (rule continuous_on_subset [of S'])
      using homeomorphism_def homgh apply blast
      using ‹r ` D ⊆ S'› by blast
    show "continuous_on {x ∈ U. f' x ∈ D} (h ∘ r ∘ f')"
      apply (intro continuous_on_compose conth
                   continuous_on_subset [OF contr] continuous_on_subset [OF contf'], auto)
      done
    show "(h ∘ r ∘ f') ` {x ∈ U. f' x ∈ D} ⊆ S"
      using ‹homeomorphism S S' g h›  ‹f' ` U ⊆ C›  ‹r ` D ⊆ S'›
      by (auto simp: homeomorphism_def)
    show "⋀x. x ∈ T ⟹ (h ∘ r ∘ f') x = f x"
      using ‹homeomorphism S S' g h› ‹f ` T ⊆ S› eq
      by (auto simp: rid homeomorphism_def)
  qed
qed


corollary ANR_imp_absolute_neighbourhood_retract:
  fixes S :: "'a::euclidean_space set" and S' :: "'b::euclidean_space set"
  assumes "ANR S" "S homeomorphic S'"
      and clo: "closedin (subtopology euclidean U) S'"
  obtains V where "openin (subtopology euclidean U) V" "S' retract_of V"
proof -
  obtain g h where hom: "homeomorphism S S' g h"
    using assms by (force simp: homeomorphic_def)
  have h: "continuous_on S' h" " h ` S' ⊆ S"
    using hom homeomorphism_def apply blast
    apply (metis hom equalityE homeomorphism_def)
    done
    from ANR_imp_absolute_neighbourhood_extensor [OF ‹ANR S› h clo]
  obtain V h' where "S' ⊆ V" and opUV: "openin (subtopology euclidean U) V"
                and h': "continuous_on V h'" "h' ` V ⊆ S"
                and h'h:"⋀x. x ∈ S' ⟹ h' x = h x"
    by (blast intro: ANR_imp_absolute_neighbourhood_extensor [OF ‹ANR S› h clo])
  have "S' retract_of V"
  proof (simp add: retraction_def retract_of_def, intro exI conjI ‹S' ⊆ V›)
    show "continuous_on V (g o h')"
      apply (intro continuous_on_compose h')
      apply (meson hom continuous_on_subset h' homeomorphism_cont1)
      done
    show "(g ∘ h') ` V ⊆ S'"
      using h'  by clarsimp (metis hom subsetD homeomorphism_def imageI)
    show "∀x∈S'. (g ∘ h') x = x"
      by clarsimp (metis h'h hom homeomorphism_def)
  qed
  then show ?thesis
    by (rule that [OF opUV])
qed

corollary ANR_imp_absolute_neighbourhood_retract_UNIV:
  fixes S :: "'a::euclidean_space set" and S' :: "'b::euclidean_space set"
  assumes "ANR S" and hom: "S homeomorphic S'" and clo: "closed S'"
  obtains V where "open V" "S' retract_of V"
  using ANR_imp_absolute_neighbourhood_retract [OF ‹ANR S› hom]
by (metis clo closed_closedin open_openin subtopology_UNIV)

corollary neighbourhood_extension_into_ANR:
  fixes f :: "'a::euclidean_space ⇒ 'b::euclidean_space"
  assumes contf: "continuous_on S f" and fim: "f ` S ⊆ T" and "ANR T" "closed S"
  obtains V g where "S ⊆ V" "open V" "continuous_on V g"
                    "g ` V ⊆ T" "⋀x. x ∈ S ⟹ g x = f x"
  using ANR_imp_absolute_neighbourhood_extensor [OF  ‹ANR T› contf fim]
  by (metis ‹closed S› closed_closedin open_openin subtopology_UNIV)

lemma absolute_neighbourhood_extensor_imp_ANR:
  fixes S :: "'a::euclidean_space set"
  assumes "⋀f :: 'a * real ⇒ 'a.
           ⋀U T. ⟦continuous_on T f;  f ` T ⊆ S;
                  closedin (subtopology euclidean U) T⟧
                 ⟹ ∃V g. T ⊆ V ∧ openin (subtopology euclidean U) V ∧
                       continuous_on V g ∧ g ` V ⊆ S ∧ (∀x ∈ T. g x = f x)"
  shows "ANR S"
proof (clarsimp simp: ANR_def)
  fix U and T :: "('a * real) set"
  assume "S homeomorphic T" and clo: "closedin (subtopology euclidean U) T"
  then obtain g h where hom: "homeomorphism S T g h"
    by (force simp: homeomorphic_def)
  have h: "continuous_on T h" " h ` T ⊆ S"
    using hom homeomorphism_def apply blast
    apply (metis hom equalityE homeomorphism_def)
    done
  obtain V h' where "T ⊆ V" and opV: "openin (subtopology euclidean U) V"
                and h': "continuous_on V h'" "h' ` V ⊆ S"
              and h'h: "∀x∈T. h' x = h x"
    using assms [OF h clo] by blast
  have [simp]: "T ⊆ U"
    using clo closedin_imp_subset by auto
  have "T retract_of V"
  proof (simp add: retraction_def retract_of_def, intro exI conjI ‹T ⊆ V›)
    show "continuous_on V (g o h')"
      apply (intro continuous_on_compose h')
      apply (meson hom continuous_on_subset h' homeomorphism_cont1)
      done
    show "(g ∘ h') ` V ⊆ T"
      using h'  by clarsimp (metis hom subsetD homeomorphism_def imageI)
    show "∀x∈T. (g ∘ h') x = x"
      by clarsimp (metis h'h hom homeomorphism_def)
  qed
  then show "∃V. openin (subtopology euclidean U) V ∧ T retract_of V"
    using opV by blast
qed

lemma ANR_eq_absolute_neighbourhood_extensor:
  fixes S :: "'a::euclidean_space set"
  shows "ANR S ⟷
         (∀f :: 'a * real ⇒ 'a.
          ∀U T. continuous_on T f ⟶ f ` T ⊆ S ⟶
                closedin (subtopology euclidean U) T ⟶
               (∃V g. T ⊆ V ∧ openin (subtopology euclidean U) V ∧
                       continuous_on V g ∧ g ` V ⊆ S ∧ (∀x ∈ T. g x = f x)))"
apply (rule iffI)
 apply (metis ANR_imp_absolute_neighbourhood_extensor)
apply (simp add: absolute_neighbourhood_extensor_imp_ANR)
done

lemma ANR_imp_neighbourhood_retract:
  fixes S :: "'a::euclidean_space set"
  assumes "ANR S" "closedin (subtopology euclidean U) S"
  obtains V where "openin (subtopology euclidean U) V" "S retract_of V"
using ANR_imp_absolute_neighbourhood_retract assms homeomorphic_refl by blast

lemma ANR_imp_absolute_closed_neighbourhood_retract:
  fixes S :: "'a::euclidean_space set" and S' :: "'b::euclidean_space set"
  assumes "ANR S" "S homeomorphic S'" and US': "closedin (subtopology euclidean U) S'"
  obtains V W
    where "openin (subtopology euclidean U) V"
          "closedin (subtopology euclidean U) W"
          "S' ⊆ V" "V ⊆ W" "S' retract_of W"
proof -
  obtain Z where "openin (subtopology euclidean U) Z" and S'Z: "S' retract_of Z"
    by (blast intro: assms ANR_imp_absolute_neighbourhood_retract)
  then have UUZ: "closedin (subtopology euclidean U) (U - Z)"
    by auto
  have "S' ∩ (U - Z) = {}"
    using ‹S' retract_of Z› closedin_retract closedin_subtopology by fastforce
  then obtain V W
      where "openin (subtopology euclidean U) V"
        and "openin (subtopology euclidean U) W"
        and "S' ⊆ V" "U - Z ⊆ W" "V ∩ W = {}"
      using separation_normal_local [OF US' UUZ]  by auto
  moreover have "S' retract_of U - W"
    apply (rule retract_of_subset [OF S'Z])
    using US' ‹S' ⊆ V› ‹V ∩ W = {}› closedin_subset apply fastforce
    using Diff_subset_conv ‹U - Z ⊆ W› by blast
  ultimately show ?thesis
    apply (rule_tac V=V and W = "U-W" in that)
    using openin_imp_subset apply (force simp:)+
    done
qed

lemma ANR_imp_closed_neighbourhood_retract:
  fixes S :: "'a::euclidean_space set"
  assumes "ANR S" "closedin (subtopology euclidean U) S"
  obtains V W where "openin (subtopology euclidean U) V"
                    "closedin (subtopology euclidean U) W"
                    "S ⊆ V" "V ⊆ W" "S retract_of W"
by (meson ANR_imp_absolute_closed_neighbourhood_retract assms homeomorphic_refl)

lemma ANR_homeomorphic_ANR:
  fixes S :: "'a::euclidean_space set" and T :: "'b::euclidean_space set"
  assumes "ANR T" "S homeomorphic T"
    shows "ANR S"
unfolding ANR_def
by (metis assms ANR_imp_absolute_neighbourhood_retract homeomorphic_trans [of _ S] homeomorphic_sym)

lemma homeomorphic_ANR_iff_ANR:
  fixes S :: "'a::euclidean_space set" and T :: "'b::euclidean_space set"
  shows "S homeomorphic T ⟹ ANR S ⟷ ANR T"
by (metis ANR_homeomorphic_ANR homeomorphic_sym)

subsection‹ Analogous properties of ENRs.›

proposition ENR_imp_absolute_neighbourhood_retract:
  fixes S :: "'a::euclidean_space set" and S' :: "'b::euclidean_space set"
  assumes "ENR S" and hom: "S homeomorphic S'"
      and "S' ⊆ U"
  obtains V where "openin (subtopology euclidean U) V" "S' retract_of V"
proof -
  obtain X where "open X" "S retract_of X"
    using ‹ENR S› by (auto simp: ENR_def)
  then obtain r where "retraction X S r"
    by (auto simp: retract_of_def)
  have "locally compact S'"
    using retract_of_locally_compact open_imp_locally_compact
          homeomorphic_local_compactness ‹S retract_of X› ‹open X› hom by blast
  then obtain W where UW: "openin (subtopology euclidean U) W"
                  and WS': "closedin (subtopology euclidean W) S'"
    apply (rule locally_compact_closedin_open)
    apply (rename_tac W)
    apply (rule_tac W = "U ∩ W" in that, blast)
    by (simp add: ‹S' ⊆ U› closedin_limpt)
  obtain f g where hom: "homeomorphism S S' f g"
    using assms by (force simp: homeomorphic_def)
  have contg: "continuous_on S' g"
    using hom homeomorphism_def by blast
  moreover have "g ` S' ⊆ S" by (metis hom equalityE homeomorphism_def)
  ultimately obtain h where conth: "continuous_on W h" and hg: "⋀x. x ∈ S' ⟹ h x = g x"
    using Tietze_unbounded [of S' g W] WS' by blast
  have "W ⊆ U" using UW openin_open by auto
  have "S' ⊆ W" using WS' closedin_closed by auto
  have him: "⋀x. x ∈ S' ⟹ h x ∈ X"
    by (metis (no_types) ‹S retract_of X› hg hom homeomorphism_def image_insert insert_absorb insert_iff retract_of_imp_subset subset_eq)
  have "S' retract_of {x ∈ W. h x ∈ X}"
  proof (simp add: retraction_def retract_of_def, intro exI conjI)
    show "S' ⊆ {x ∈ W. h x ∈ X}"
      using him WS' closedin_imp_subset by blast
    show "continuous_on {x ∈ W. h x ∈ X} (f o r o h)"
    proof (intro continuous_on_compose)
      show "continuous_on {x ∈ W. h x ∈ X} h"
        by (metis (no_types) Collect_restrict conth continuous_on_subset)
      show "continuous_on (h ` {x ∈ W. h x ∈ X}) r"
      proof -
        have "h ` {b ∈ W. h b ∈ X} ⊆ X"
          by blast
        then show "continuous_on (h ` {b ∈ W. h b ∈ X}) r"
          by (meson ‹retraction X S r› continuous_on_subset retraction)
      qed
      show "continuous_on (r ` h ` {x ∈ W. h x ∈ X}) f"
        apply (rule continuous_on_subset [of S])
         using hom homeomorphism_def apply blast
        apply clarify
        apply (meson ‹retraction X S r› subsetD imageI retraction_def)
        done
    qed
    show "(f ∘ r ∘ h) ` {x ∈ W. h x ∈ X} ⊆ S'"
      using ‹retraction X S r› hom
      by (auto simp: retraction_def homeomorphism_def)
    show "∀x∈S'. (f ∘ r ∘ h) x = x"
      using ‹retraction X S r› hom by (auto simp: retraction_def homeomorphism_def hg)
  qed
  then show ?thesis
    apply (rule_tac V = "{x. x ∈ W ∧ h x ∈ X}" in that)
     apply (rule openin_trans [OF _ UW])
     using ‹continuous_on W h› ‹open X› continuous_openin_preimage_eq apply blast+
     done
qed

corollary ENR_imp_absolute_neighbourhood_retract_UNIV:
  fixes S :: "'a::euclidean_space set" and S' :: "'b::euclidean_space set"
  assumes "ENR S" "S homeomorphic S'"
  obtains T' where "open T'" "S' retract_of T'"
by (metis ENR_imp_absolute_neighbourhood_retract UNIV_I assms(1) assms(2) open_openin subsetI subtopology_UNIV)

lemma ENR_homeomorphic_ENR:
  fixes S :: "'a::euclidean_space set" and T :: "'b::euclidean_space set"
  assumes "ENR T" "S homeomorphic T"
    shows "ENR S"
unfolding ENR_def
by (meson ENR_imp_absolute_neighbourhood_retract_UNIV assms homeomorphic_sym)

lemma homeomorphic_ENR_iff_ENR:
  fixes S :: "'a::euclidean_space set" and T :: "'b::euclidean_space set"
  assumes "S homeomorphic T"
    shows "ENR S ⟷ ENR T"
by (meson ENR_homeomorphic_ENR assms homeomorphic_sym)

lemma ENR_translation:
  fixes S :: "'a::euclidean_space set"
  shows "ENR(image (λx. a + x) S) ⟷ ENR S"
by (meson homeomorphic_sym homeomorphic_translation homeomorphic_ENR_iff_ENR)

lemma ENR_linear_image_eq:
  fixes f :: "'a::euclidean_space ⇒ 'b::euclidean_space"
  assumes "linear f" "inj f"
  shows "ENR (image f S) ⟷ ENR S"
apply (rule homeomorphic_ENR_iff_ENR)
using assms homeomorphic_sym linear_homeomorphic_image by auto

subsection‹Some relations among the concepts›

text‹We also relate AR to being a retract of UNIV, which is often a more convenient proxy in the closed case.›

lemma AR_imp_ANR: "AR S ⟹ ANR S"
  using ANR_def AR_def by fastforce

lemma ENR_imp_ANR:
  fixes S :: "'a::euclidean_space set"
  shows "ENR S ⟹ ANR S"
apply (simp add: ANR_def)
by (metis ENR_imp_absolute_neighbourhood_retract closedin_imp_subset)

lemma ENR_ANR:
  fixes S :: "'a::euclidean_space set"
  shows "ENR S ⟷ ANR S ∧ locally compact S"
proof
  assume "ENR S"
  then have "locally compact S"
    using ENR_def open_imp_locally_compact retract_of_locally_compact by auto
  then show "ANR S ∧ locally compact S"
    using ENR_imp_ANR ‹ENR S› by blast
next
  assume "ANR S ∧ locally compact S"
  then have "ANR S" "locally compact S" by auto
  then obtain T :: "('a * real) set" where "closed T" "S homeomorphic T"
    using locally_compact_homeomorphic_closed
    by (metis DIM_prod DIM_real Suc_eq_plus1 lessI)
  then show "ENR S"
    using ‹ANR S›
    apply (simp add: ANR_def)
    apply (drule_tac x=UNIV in spec)
    apply (drule_tac x=T in spec)
    apply (auto simp: closed_closedin)
    apply (meson ENR_def ENR_homeomorphic_ENR open_openin)
    done
qed


proposition AR_ANR:
  fixes S :: "'a::euclidean_space set"
  shows "AR S ⟷ ANR S ∧ contractible S ∧ S ≠ {}"
        (is "?lhs = ?rhs")
proof
  assume ?lhs
  obtain C and S' :: "('a * real) set"
    where "convex C" "C ≠ {}" "closedin (subtopology euclidean C) S'" "S homeomorphic S'"
      apply (rule homeomorphic_closedin_convex [of S, where 'n = "'a * real"])
      using aff_dim_le_DIM [of S] by auto
  with ‹AR S› have "contractible S"
    apply (simp add: AR_def)
    apply (drule_tac x=C in spec)
    apply (drule_tac x="S'" in spec, simp)
    using convex_imp_contractible homeomorphic_contractible_eq retract_of_contractible by fastforce
  with ‹AR S› show ?rhs
    apply (auto simp: AR_imp_ANR)
    apply (force simp: AR_def)
    done
next
  assume ?rhs
  then obtain a and h:: "real × 'a ⇒ 'a"
      where conth: "continuous_on ({0..1} × S) h"
        and hS: "h ` ({0..1} × S) ⊆ S"
        and [simp]: "⋀x. h(0, x) = x"
        and [simp]: "⋀x. h(1, x) = a"
        and "ANR S" "S ≠ {}"
    by (auto simp: contractible_def homotopic_with_def)
  then have "a ∈ S"
    by (metis all_not_in_conv atLeastAtMost_iff image_subset_iff mem_Sigma_iff order_refl zero_le_one)
  have "∃g. continuous_on W g ∧ g ` W ⊆ S ∧ (∀x∈T. g x = f x)"
         if      f: "continuous_on T f" "f ` T ⊆ S"
            and WT: "closedin (subtopology euclidean W) T"
         for W T and f :: "'a × real ⇒ 'a"
  proof -
    obtain U g
      where "T ⊆ U" and WU: "openin (subtopology euclidean W) U"
        and contg: "continuous_on U g"
        and "g ` U ⊆ S" and gf: "⋀x. x ∈ T ⟹ g x = f x"
      using iffD1 [OF ANR_eq_absolute_neighbourhood_extensor ‹ANR S›, rule_format, OF f WT]
      by auto
    have WWU: "closedin (subtopology euclidean W) (W - U)"
      using WU closedin_diff by fastforce
    moreover have "(W - U) ∩ T = {}"
      using ‹T ⊆ U› by auto
    ultimately obtain V V'
      where WV': "openin (subtopology euclidean W) V'"
        and WV: "openin (subtopology euclidean W) V"
        and "W - U ⊆ V'" "T ⊆ V" "V' ∩ V = {}"
      using separation_normal_local [of W "W-U" T] WT by blast
    then have WVT: "T ∩ (W - V) = {}"
      by auto
    have WWV: "closedin (subtopology euclidean W) (W - V)"
      using WV closedin_diff by fastforce
    obtain j :: " 'a × real ⇒ real"
      where contj: "continuous_on W j"
        and j:  "⋀x. x ∈ W ⟹ j x ∈ {0..1}"
        and j0: "⋀x. x ∈ W - V ⟹ j x = 1"
        and j1: "⋀x. x ∈ T ⟹ j x = 0"
      by (rule Urysohn_local [OF WT WWV WVT, of 0 "1::real"]) (auto simp: in_segment)
    have Weq: "W = (W - V) ∪ (W - V')"
      using ‹V' ∩ V = {}› by force
    show ?thesis
    proof (intro conjI exI)
      have *: "continuous_on (W - V') (λx. h (j x, g x))"
        apply (rule continuous_on_compose2 [OF conth continuous_on_Pair])
          apply (rule continuous_on_subset [OF contj Diff_subset])
         apply (rule continuous_on_subset [OF contg])
         apply (metis Diff_subset_conv Un_commute ‹W - U ⊆ V'›)
        using j ‹g ` U ⊆ S› ‹W - U ⊆ V'› apply fastforce
        done
      show "continuous_on W (λx. if x ∈ W - V then a else h (j x, g x))"
        apply (subst Weq)
        apply (rule continuous_on_cases_local)
            apply (simp_all add: Weq [symmetric] WWV continuous_on_const *)
          using WV' closedin_diff apply fastforce
         apply (auto simp: j0 j1)
        done
    next
      have "h (j (x, y), g (x, y)) ∈ S" if "(x, y) ∈ W" "(x, y) ∈ V" for x y
      proof -
        have "j(x, y) ∈ {0..1}"
          using j that by blast
        moreover have "g(x, y) ∈ S"
          using ‹V' ∩ V = {}› ‹W - U ⊆ V'› ‹g ` U ⊆ S› that by fastforce
        ultimately show ?thesis
          using hS by blast
      qed
      with ‹a ∈ S› ‹g ` U ⊆ S›
      show "(λx. if x ∈ W - V then a else h (j x, g x)) ` W ⊆ S"
        by auto
    next
      show "∀x∈T. (if x ∈ W - V then a else h (j x, g x)) = f x"
        using ‹T ⊆ V› by (auto simp: j0 j1 gf)
    qed
  qed
  then show ?lhs
    by (simp add: AR_eq_absolute_extensor)
qed


lemma ANR_retract_of_ANR:
  fixes S :: "'a::euclidean_space set"
  assumes "ANR T" "S retract_of T"
  shows "ANR S"
using assms
apply (simp add: