# Theory Measure_Space

theory Measure_Space
imports Measurable
(*  Title:      HOL/Analysis/Measure_Space.thy
Author:     Lawrence C Paulson
Author:     Johannes Hölzl, TU München
Author:     Armin Heller, TU München
*)

section ‹Measure spaces and their properties›

theory Measure_Space
imports
Measurable "HOL-Library.Extended_Nonnegative_Real"
begin

subsection%unimportant "Relate extended reals and the indicator function"

lemma suminf_cmult_indicator:
fixes f :: "nat ⇒ ennreal"
assumes "disjoint_family A" "x ∈ A i"
shows "(∑n. f n * indicator (A n) x) = f i"
proof -
have **: "⋀n. f n * indicator (A n) x = (if n = i then f n else 0 :: ennreal)"
using ‹x ∈ A i› assms unfolding disjoint_family_on_def indicator_def by auto
then have "⋀n. (∑j<n. f j * indicator (A j) x) = (if i < n then f i else 0 :: ennreal)"
by (auto simp: sum.If_cases)
moreover have "(SUP n. if i < n then f i else 0) = (f i :: ennreal)"
proof (rule SUP_eqI)
fix y :: ennreal assume "⋀n. n ∈ UNIV ⟹ (if i < n then f i else 0) ≤ y"
from this[of "Suc i"] show "f i ≤ y" by auto
qed (insert assms, simp)
ultimately show ?thesis using assms
by (subst suminf_eq_SUP) (auto simp: indicator_def)
qed

lemma suminf_indicator:
assumes "disjoint_family A"
shows "(∑n. indicator (A n) x :: ennreal) = indicator (⋃i. A i) x"
proof cases
assume *: "x ∈ (⋃i. A i)"
then obtain i where "x ∈ A i" by auto
from suminf_cmult_indicator[OF assms(1), OF ‹x ∈ A i›, of "λk. 1"]
show ?thesis using * by simp
qed simp

lemma sum_indicator_disjoint_family:
fixes f :: "'d ⇒ 'e::semiring_1"
assumes d: "disjoint_family_on A P" and "x ∈ A j" and "finite P" and "j ∈ P"
shows "(∑i∈P. f i * indicator (A i) x) = f j"
proof -
have "P ∩ {i. x ∈ A i} = {j}"
using d ‹x ∈ A j› ‹j ∈ P› unfolding disjoint_family_on_def
by auto
thus ?thesis
unfolding indicator_def
by (simp add: if_distrib sum.If_cases[OF ‹finite P›])
qed

text ‹
The type for emeasure spaces is already defined in @{theory "HOL-Analysis.Sigma_Algebra"}, as it
is also used to represent sigma algebras (with an arbitrary emeasure).
›

subsection%unimportant "Extend binary sets"

lemma LIMSEQ_binaryset:
assumes f: "f {} = 0"
shows  "(λn. ∑i<n. f (binaryset A B i)) ⇢ f A + f B"
proof -
have "(λn. ∑i < Suc (Suc n). f (binaryset A B i)) = (λn. f A + f B)"
proof
fix n
show "(∑i < Suc (Suc n). f (binaryset A B i)) = f A + f B"
by (induct n)  (auto simp add: binaryset_def f)
qed
moreover
have "... ⇢ f A + f B" by (rule tendsto_const)
ultimately
have "(λn. ∑i< Suc (Suc n). f (binaryset A B i)) ⇢ f A + f B"
by metis
hence "(λn. ∑i< n+2. f (binaryset A B i)) ⇢ f A + f B"
by simp
thus ?thesis by (rule LIMSEQ_offset [where k=2])
qed

lemma binaryset_sums:
assumes f: "f {} = 0"
shows  "(λn. f (binaryset A B n)) sums (f A + f B)"
by (simp add: sums_def LIMSEQ_binaryset [where f=f, OF f] atLeast0LessThan)

lemma suminf_binaryset_eq:
fixes f :: "'a set ⇒ 'b::{comm_monoid_add, t2_space}"
shows "f {} = 0 ⟹ (∑n. f (binaryset A B n)) = f A + f B"
by (metis binaryset_sums sums_unique)

subsection%unimportant ‹Properties of a premeasure @{term μ}›

text ‹
The definitions for @{const positive} and @{const countably_additive} should be here, by they are
necessary to define @{typ "'a measure"} in @{theory "HOL-Analysis.Sigma_Algebra"}.
›

"subadditive M f ⟷ (∀x∈M. ∀y∈M. x ∩ y = {} ⟶ f (x ∪ y) ≤ f x + f y)"

lemma subadditiveD: "subadditive M f ⟹ x ∩ y = {} ⟹ x ∈ M ⟹ y ∈ M ⟹ f (x ∪ y) ≤ f x + f y"

(∀A. range A ⊆ M ⟶ disjoint_family A ⟶ (⋃i. A i) ∈ M ⟶ (f (⋃i. A i) ≤ (∑i. f (A i))))"

fixes f :: "'a set ⇒ ennreal"
assumes f: "positive M f" and cs: "countably_subadditive M f"
fix x y
assume x: "x ∈ M" and y: "y ∈ M" and "x ∩ y = {}"
hence "disjoint_family (binaryset x y)"
by (auto simp add: disjoint_family_on_def binaryset_def)
hence "range (binaryset x y) ⊆ M ⟶
(⋃i. binaryset x y i) ∈ M ⟶
f (⋃i. binaryset x y i) ≤ (∑ n. f (binaryset x y n))"
hence "{x,y,{}} ⊆ M ⟶ x ∪ y ∈ M ⟶
f (x ∪ y) ≤ (∑ n. f (binaryset x y n))"
thus "f (x ∪ y) ≤  f x + f y" using f x y
by (auto simp add: Un o_def suminf_binaryset_eq positive_def)
qed

"additive M μ ⟷ (∀x∈M. ∀y∈M. x ∩ y = {} ⟶ μ (x ∪ y) = μ x + μ y)"

definition increasing where
"increasing M μ ⟷ (∀x∈M. ∀y∈M. x ⊆ y ⟶ μ x ≤ μ y)"

lemma positiveD1: "positive M f ⟹ f {} = 0" by (auto simp: positive_def)

lemma positiveD_empty:
"positive M f ⟹ f {} = 0"

"additive M f ⟹ x ∩ y = {} ⟹ x ∈ M ⟹ y ∈ M ⟹ f (x ∪ y) = f x + f y"

lemma increasingD:
"increasing M f ⟹ x ⊆ y ⟹ x∈M ⟹ y∈M ⟹ f x ≤ f y"

"(⋀A. range A ⊆ M ⟹ disjoint_family A ⟹ (⋃i. A i) ∈ M ⟹ (∑i. f (A i)) = f (⋃i. A i))

assumes f: "positive M f" "additive M f" and A: "range A ⊆ M" "incseq A"
shows "(∑i≤n. f (disjointed A i)) = f (A n)"
proof (induct n)
case (Suc n)
then have "(∑i≤Suc n. f (disjointed A i)) = f (A n) + f (disjointed A (Suc n))"
by simp
also have "… = f (A n ∪ disjointed A (Suc n))"
using A by (subst f(2)[THEN additiveD]) (auto simp: disjointed_mono)
also have "A n ∪ disjointed A (Suc n) = A (Suc n)"
using ‹incseq A› by (auto dest: incseq_SucD simp: disjointed_mono)
finally show ?case .
qed simp

fixes A:: "'i ⇒ 'a set"
assumes f: "positive M f" and ad: "additive M f" and "finite S"
and A: "AS ⊆ M"
and disj: "disjoint_family_on A S"
shows  "(∑i∈S. f (A i)) = f (⋃i∈S. A i)"
using ‹finite S› disj A
proof induct
case empty show ?case using f by (simp add: positive_def)
next
case (insert s S)
then have "A s ∩ (⋃i∈S. A i) = {}"
by (auto simp add: disjoint_family_on_def neq_iff)
moreover
have "A s ∈ M" using insert by blast
moreover have "(⋃i∈S. A i) ∈ M"
using insert ‹finite S› by auto
ultimately have "f (A s ∪ (⋃i∈S. A i)) = f (A s) + f(⋃i∈S. A i)"
with insert show ?case using ad disjoint_family_on_mono[of S "insert s S" A]
qed

fixes f :: "'a set ⇒ ennreal"
shows "increasing M f"
fix x y
assume xy: "x ∈ M" "y ∈ M" "x ⊆ y"
then have "y - x ∈ M" by auto
then have "f x + 0 ≤ f x + f (y-x)" by (intro add_left_mono zero_le)
also have "... = f (x ∪ (y-x))" using addf
also have "... = f y"
by (metis Un_Diff_cancel Un_absorb1 xy(3))
finally show "f x ≤ f y" by simp
qed

fixes f :: "'a set ⇒ ennreal"
assumes f: "positive M f" "additive M f" and A: "AS ⊆ M" and S: "finite S"
shows "f (⋃i∈S. A i) ≤ (∑i∈S. f (A i))"
using S A
proof (induct S)
case empty thus ?case using f by (auto simp: positive_def)
next
case (insert x F)
hence in_M: "A x ∈ M" "(⋃i∈F. A i) ∈ M" "(⋃i∈F. A i) - A x ∈ M" using A by force+
have subs: "(⋃i∈F. A i) - A x ⊆ (⋃i∈F. A i)" by auto
have "(⋃i∈(insert x F). A i) = A x ∪ ((⋃i∈F. A i) - A x)" by auto
hence "f (⋃i∈(insert x F). A i) = f (A x ∪ ((⋃i∈F. A i) - A x))"
by simp
also have "… = f (A x) + f ((⋃i∈F. A i) - A x)"
using f(2) by (rule additiveD) (insert in_M, auto)
also have "… ≤ f (A x) + f (⋃i∈F. A i)"
also have "… ≤ f (A x) + (∑i∈F. f (A i))" using insert by (auto intro: add_left_mono)
finally show "f (⋃i∈(insert x F). A i) ≤ (∑i∈(insert x F). f (A i))" using insert by simp
qed

fixes f :: "'a set ⇒ ennreal"
assumes posf: "positive M f" and ca: "countably_additive M f"
fix x y
assume x: "x ∈ M" and y: "y ∈ M" and "x ∩ y = {}"
hence "disjoint_family (binaryset x y)"
by (auto simp add: disjoint_family_on_def binaryset_def)
hence "range (binaryset x y) ⊆ M ⟶
(⋃i. binaryset x y i) ∈ M ⟶
f (⋃i. binaryset x y i) = (∑ n. f (binaryset x y n))"
using ca
hence "{x,y,{}} ⊆ M ⟶ x ∪ y ∈ M ⟶
f (x ∪ y) = (∑n. f (binaryset x y n))"
thus "f (x ∪ y) = f x + f y" using posf x y
by (auto simp add: Un suminf_binaryset_eq positive_def)
qed

fixes A:: "nat ⇒ 'a set" and  f :: "'a set ⇒ ennreal"
and inc: "increasing M f"
and A: "range A ⊆ M"
and disj: "disjoint_family A"
shows  "(∑i. f (A i)) ≤ f Ω"
proof (safe intro!: suminf_le_const)
fix N
note disj_N = disjoint_family_on_mono[OF _ disj, of "{..<N}"]
have "(∑i<N. f (A i)) = f (⋃i∈{..<N}. A i)"
using A by (intro additive_sum [OF f ad _ _]) (auto simp: disj_N)
also have "... ≤ f Ω" using space_closed A
by (intro increasingD[OF inc] finite_UN) auto
finally show "(∑i<N. f (A i)) ≤ f Ω" by simp
qed (insert f A, auto simp: positive_def)

fixes μ :: "'a set ⇒ ennreal"
assumes "finite Ω" "positive M μ" "additive M μ"
fix F :: "nat ⇒ 'a set" assume F: "range F ⊆ M" "(⋃i. F i) ∈ M" and disj: "disjoint_family F"

have "∀i∈{i. F i ≠ {}}. ∃x. x ∈ F i" by auto
from bchoice[OF this] obtain f where f: "⋀i. F i ≠ {} ⟹ f i ∈ F i" by auto

have inj_f: "inj_on f {i. F i ≠ {}}"
proof (rule inj_onI, simp)
fix i j a b assume *: "f i = f j" "F i ≠ {}" "F j ≠ {}"
then have "f i ∈ F i" "f j ∈ F j" using f by force+
with disj * show "i = j" by (auto simp: disjoint_family_on_def)
qed
have "finite (⋃i. F i)"
by (metis F(2) assms(1) infinite_super sets_into_space)

have F_subset: "{i. μ (F i) ≠ 0} ⊆ {i. F i ≠ {}}"
by (auto simp: positiveD_empty[OF ‹positive M μ›])
moreover have fin_not_empty: "finite {i. F i ≠ {}}"
proof (rule finite_imageD)
from f have "f{i. F i ≠ {}} ⊆ (⋃i. F i)" by auto
then show "finite (f{i. F i ≠ {}})"
by (rule finite_subset) fact
qed fact
ultimately have fin_not_0: "finite {i. μ (F i) ≠ 0}"
by (rule finite_subset)

have disj_not_empty: "disjoint_family_on F {i. F i ≠ {}}"
using disj by (auto simp: disjoint_family_on_def)

from fin_not_0 have "(∑i. μ (F i)) = (∑i | μ (F i) ≠ 0. μ (F i))"
by (rule suminf_finite) auto
also have "… = (∑i | F i ≠ {}. μ (F i))"
using fin_not_empty F_subset by (rule sum.mono_neutral_left) auto
also have "… = μ (⋃i∈{i. F i ≠ {}}. F i)"
using ‹positive M μ› ‹additive M μ› fin_not_empty disj_not_empty F by (intro additive_sum) auto
also have "… = μ (⋃i. F i)"
by (rule arg_cong[where f=μ]) auto
finally show "(∑i. μ (F i)) = μ (⋃i. F i)" .
qed

fixes f :: "'a set ⇒ ennreal"
assumes f: "positive M f" "additive M f"
(∀A. range A ⊆ M ⟶ incseq A ⟶ (⋃i. A i) ∈ M ⟶ (λi. f (A i)) ⇢ f (⋃i. A i))"
proof safe
assume count_sum: "∀A. range A ⊆ M ⟶ disjoint_family A ⟶ UNION UNIV A ∈ M ⟶ (∑i. f (A i)) = f (UNION UNIV A)"
fix A :: "nat ⇒ 'a set" assume A: "range A ⊆ M" "incseq A" "(⋃i. A i) ∈ M"
then have dA: "range (disjointed A) ⊆ M" by (auto simp: range_disjointed_sets)
with count_sum[THEN spec, of "disjointed A"] A(3)
have f_UN: "(∑i. f (disjointed A i)) = f (⋃i. A i)"
by (auto simp: UN_disjointed_eq disjoint_family_disjointed)
moreover have "(λn. (∑i<n. f (disjointed A i))) ⇢ (∑i. f (disjointed A i))"
using f(1)[unfolded positive_def] dA
by (auto intro!: summable_LIMSEQ)
from LIMSEQ_Suc[OF this]
have "(λn. (∑i≤n. f (disjointed A i))) ⇢ (∑i. f (disjointed A i))"
unfolding lessThan_Suc_atMost .
moreover have "⋀n. (∑i≤n. f (disjointed A i)) = f (A n)"
ultimately show "(λi. f (A i)) ⇢ f (⋃i. A i)" by simp
next
assume cont: "∀A. range A ⊆ M ⟶ incseq A ⟶ (⋃i. A i) ∈ M ⟶ (λi. f (A i)) ⇢ f (⋃i. A i)"
fix A :: "nat ⇒ 'a set" assume A: "range A ⊆ M" "disjoint_family A" "(⋃i. A i) ∈ M"
have *: "(⋃n. (⋃i<n. A i)) = (⋃i. A i)" by auto
have "(λn. f (⋃i<n. A i)) ⇢ f (⋃i. A i)"
proof (unfold *[symmetric], intro cont[rule_format])
show "range (λi. ⋃i<i. A i) ⊆ M" "(⋃i. ⋃i<i. A i) ∈ M"
using A * by auto
qed (force intro!: incseq_SucI)
moreover have "⋀n. f (⋃i<n. A i) = (∑i<n. f (A i))"
using A
by (intro additive_sum[OF f, of _ A, symmetric])
(auto intro: disjoint_family_on_mono[where B=UNIV])
ultimately
have "(λi. f (A i)) sums f (⋃i. A i)"
unfolding sums_def by simp
from sums_unique[OF this]
show "(∑i. f (A i)) = f (⋃i. A i)" by simp
qed

lemma (in ring_of_sets) continuous_from_above_iff_empty_continuous:
fixes f :: "'a set ⇒ ennreal"
assumes f: "positive M f" "additive M f"
shows "(∀A. range A ⊆ M ⟶ decseq A ⟶ (⋂i. A i) ∈ M ⟶ (∀i. f (A i) ≠ ∞) ⟶ (λi. f (A i)) ⇢ f (⋂i. A i))
⟷ (∀A. range A ⊆ M ⟶ decseq A ⟶ (⋂i. A i) = {} ⟶ (∀i. f (A i) ≠ ∞) ⟶ (λi. f (A i)) ⇢ 0)"
proof safe
assume cont: "(∀A. range A ⊆ M ⟶ decseq A ⟶ (⋂i. A i) ∈ M ⟶ (∀i. f (A i) ≠ ∞) ⟶ (λi. f (A i)) ⇢ f (⋂i. A i))"
fix A :: "nat ⇒ 'a set" assume A: "range A ⊆ M" "decseq A" "(⋂i. A i) = {}" "∀i. f (A i) ≠ ∞"
with cont[THEN spec, of A] show "(λi. f (A i)) ⇢ 0"
using ‹positive M f›[unfolded positive_def] by auto
next
assume cont: "∀A. range A ⊆ M ⟶ decseq A ⟶ (⋂i. A i) = {} ⟶ (∀i. f (A i) ≠ ∞) ⟶ (λi. f (A i)) ⇢ 0"
fix A :: "nat ⇒ 'a set" assume A: "range A ⊆ M" "decseq A" "(⋂i. A i) ∈ M" "∀i. f (A i) ≠ ∞"

have f_mono: "⋀a b. a ∈ M ⟹ b ∈ M ⟹ a ⊆ b ⟹ f a ≤ f b"
using additive_increasing[OF f] unfolding increasing_def by simp

have decseq_fA: "decseq (λi. f (A i))"
using A by (auto simp: decseq_def intro!: f_mono)
have decseq: "decseq (λi. A i - (⋂i. A i))"
using A by (auto simp: decseq_def)
then have decseq_f: "decseq (λi. f (A i - (⋂i. A i)))"
using A unfolding decseq_def by (auto intro!: f_mono Diff)
have "f (⋂x. A x) ≤ f (A 0)"
using A by (auto intro!: f_mono)
then have f_Int_fin: "f (⋂x. A x) ≠ ∞"
using A by (auto simp: top_unique)
{ fix i
have "f (A i - (⋂i. A i)) ≤ f (A i)" using A by (auto intro!: f_mono)
then have "f (A i - (⋂i. A i)) ≠ ∞"
using A by (auto simp: top_unique) }
note f_fin = this
have "(λi. f (A i - (⋂i. A i))) ⇢ 0"
proof (intro cont[rule_format, OF _ decseq _ f_fin])
show "range (λi. A i - (⋂i. A i)) ⊆ M" "(⋂i. A i - (⋂i. A i)) = {}"
using A by auto
qed
from INF_Lim[OF decseq_f this]
have "(INF n. f (A n - (⋂i. A i))) = 0" .
moreover have "(INF n. f (⋂i. A i)) = f (⋂i. A i)"
by auto
ultimately have "(INF n. f (A n - (⋂i. A i)) + f (⋂i. A i)) = 0 + f (⋂i. A i)"
using A(4) f_fin f_Int_fin
by (subst INF_ennreal_add_const) (auto simp: decseq_f)
moreover {
fix n
have "f (A n - (⋂i. A i)) + f (⋂i. A i) = f ((A n - (⋂i. A i)) ∪ (⋂i. A i))"
using A by (subst f(2)[THEN additiveD]) auto
also have "(A n - (⋂i. A i)) ∪ (⋂i. A i) = A n"
by auto
finally have "f (A n - (⋂i. A i)) + f (⋂i. A i) = f (A n)" . }
ultimately have "(INF n. f (A n)) = f (⋂i. A i)"
by simp
with LIMSEQ_INF[OF decseq_fA]
show "(λi. f (A i)) ⇢ f (⋂i. A i)" by simp
qed

lemma (in ring_of_sets) empty_continuous_imp_continuous_from_below:
fixes f :: "'a set ⇒ ennreal"
assumes f: "positive M f" "additive M f" "∀A∈M. f A ≠ ∞"
assumes cont: "∀A. range A ⊆ M ⟶ decseq A ⟶ (⋂i. A i) = {} ⟶ (λi. f (A i)) ⇢ 0"
assumes A: "range A ⊆ M" "incseq A" "(⋃i. A i) ∈ M"
shows "(λi. f (A i)) ⇢ f (⋃i. A i)"
proof -
from A have "(λi. f ((⋃i. A i) - A i)) ⇢ 0"
by (intro cont[rule_format]) (auto simp: decseq_def incseq_def)
moreover
{ fix i
have "f ((⋃i. A i) - A i ∪ A i) = f ((⋃i. A i) - A i) + f (A i)"
using A by (intro f(2)[THEN additiveD]) auto
also have "((⋃i. A i) - A i) ∪ A i = (⋃i. A i)"
by auto
finally have "f ((⋃i. A i) - A i) = f (⋃i. A i) - f (A i)"
using f(3)[rule_format, of "A i"] A by (auto simp: ennreal_add_diff_cancel subset_eq) }
moreover have "∀⇩F i in sequentially. f (A i) ≤ f (⋃i. A i)"
using increasingD[OF additive_increasing[OF f(1, 2)], of "A _" "⋃i. A i"] A
by (auto intro!: always_eventually simp: subset_eq)
ultimately show "(λi. f (A i)) ⇢ f (⋃i. A i)"
by (auto intro: ennreal_tendsto_const_minus)
qed

fixes f :: "'a set ⇒ ennreal"
assumes f: "positive M f" "additive M f" and fin: "∀A∈M. f A ≠ ∞"
assumes cont: "⋀A. range A ⊆ M ⟹ decseq A ⟹ (⋂i. A i) = {} ⟹ (λi. f (A i)) ⇢ 0"
using empty_continuous_imp_continuous_from_below[OF f fin] cont
by blast

subsection%unimportant ‹Properties of @{const emeasure}›

lemma emeasure_positive: "positive (sets M) (emeasure M)"
by (cases M) (auto simp: sets_def emeasure_def Abs_measure_inverse measure_space_def)

lemma emeasure_empty[simp, intro]: "emeasure M {} = 0"
using emeasure_positive[of M] by (simp add: positive_def)

lemma emeasure_single_in_space: "emeasure M {x} ≠ 0 ⟹ x ∈ space M"
using emeasure_notin_sets[of "{x}" M] by (auto dest: sets.sets_into_space zero_less_iff_neq_zero[THEN iffD2])

by (cases M) (auto simp: sets_def emeasure_def Abs_measure_inverse measure_space_def)

lemma suminf_emeasure:
"range A ⊆ sets M ⟹ disjoint_family A ⟹ (∑i. emeasure M (A i)) = emeasure M (⋃i. A i)"
using sets.countable_UN[of A UNIV M] emeasure_countably_additive[of M]

lemma sums_emeasure:
"disjoint_family F ⟹ (⋀i. F i ∈ sets M) ⟹ (λi. emeasure M (F i)) sums emeasure M (⋃i. F i)"
unfolding sums_iff by (intro conjI suminf_emeasure) auto

lemma plus_emeasure:
"a ∈ sets M ⟹ b ∈ sets M ⟹ a ∩ b = {} ⟹ emeasure M a + emeasure M b = emeasure M (a ∪ b)"

lemma emeasure_Union:
"A ∈ sets M ⟹ B ∈ sets M ⟹ emeasure M (A ∪ B) = emeasure M A + emeasure M (B - A)"
using plus_emeasure[of A M "B - A"] by auto

lemma sum_emeasure:
"FI ⊆ sets M ⟹ disjoint_family_on F I ⟹ finite I ⟹
(∑i∈I. emeasure M (F i)) = emeasure M (⋃i∈I. F i)"

lemma emeasure_mono:
"a ⊆ b ⟹ b ∈ sets M ⟹ emeasure M a ≤ emeasure M b"

lemma emeasure_space:
"emeasure M A ≤ emeasure M (space M)"
by (metis emeasure_mono emeasure_notin_sets sets.sets_into_space sets.top zero_le)

lemma emeasure_Diff:
assumes finite: "emeasure M B ≠ ∞"
and [measurable]: "A ∈ sets M" "B ∈ sets M" and "B ⊆ A"
shows "emeasure M (A - B) = emeasure M A - emeasure M B"
proof -
have "(A - B) ∪ B = A" using ‹B ⊆ A› by auto
then have "emeasure M A = emeasure M ((A - B) ∪ B)" by simp
also have "… = emeasure M (A - B) + emeasure M B"
by (subst plus_emeasure[symmetric]) auto
finally show "emeasure M (A - B) = emeasure M A - emeasure M B"
using finite by simp
qed

lemma emeasure_compl:
"s ∈ sets M ⟹ emeasure M s ≠ ∞ ⟹ emeasure M (space M - s) = emeasure M (space M) - emeasure M s"
by (rule emeasure_Diff) (auto dest: sets.sets_into_space)

lemma Lim_emeasure_incseq:
"range A ⊆ sets M ⟹ incseq A ⟹ (λi. (emeasure M (A i))) ⇢ emeasure M (⋃i. A i)"

lemma incseq_emeasure:
assumes "range B ⊆ sets M" "incseq B"
shows "incseq (λi. emeasure M (B i))"
using assms by (auto simp: incseq_def intro!: emeasure_mono)

lemma SUP_emeasure_incseq:
assumes A: "range A ⊆ sets M" "incseq A"
shows "(SUP n. emeasure M (A n)) = emeasure M (⋃i. A i)"
using LIMSEQ_SUP[OF incseq_emeasure, OF A] Lim_emeasure_incseq[OF A]

lemma decseq_emeasure:
assumes "range B ⊆ sets M" "decseq B"
shows "decseq (λi. emeasure M (B i))"
using assms by (auto simp: decseq_def intro!: emeasure_mono)

lemma INF_emeasure_decseq:
assumes A: "range A ⊆ sets M" and "decseq A"
and finite: "⋀i. emeasure M (A i) ≠ ∞"
shows "(INF n. emeasure M (A n)) = emeasure M (⋂i. A i)"
proof -
have le_MI: "emeasure M (⋂i. A i) ≤ emeasure M (A 0)"
using A by (auto intro!: emeasure_mono)
hence *: "emeasure M (⋂i. A i) ≠ ∞" using finite[of 0] by (auto simp: top_unique)

have "emeasure M (A 0) - (INF n. emeasure M (A n)) = (SUP n. emeasure M (A 0) - emeasure M (A n))"
also have "… = (SUP n. emeasure M (A 0 - A n))"
using A finite ‹decseq A›[unfolded decseq_def] by (subst emeasure_Diff) auto
also have "… = emeasure M (⋃i. A 0 - A i)"
proof (rule SUP_emeasure_incseq)
show "range (λn. A 0 - A n) ⊆ sets M"
using A by auto
show "incseq (λn. A 0 - A n)"
using ‹decseq A› by (auto simp add: incseq_def decseq_def)
qed
also have "… = emeasure M (A 0) - emeasure M (⋂i. A i)"
using A finite * by (simp, subst emeasure_Diff) auto
finally show ?thesis
by (rule ennreal_minus_cancel[rotated 3])
(insert finite A, auto intro: INF_lower emeasure_mono)
qed

lemma INF_emeasure_decseq':
assumes A: "⋀i. A i ∈ sets M" and "decseq A"
and finite: "∃i. emeasure M (A i) ≠ ∞"
shows "(INF n. emeasure M (A n)) = emeasure M (⋂i. A i)"
proof -
from finite obtain i where i: "emeasure M (A i) < ∞"
by (auto simp: less_top)
have fin: "i ≤ j ⟹ emeasure M (A j) < ∞" for j
by (rule le_less_trans[OF emeasure_mono i]) (auto intro!: decseqD[OF ‹decseq A›] A)

have "(INF n. emeasure M (A n)) = (INF n. emeasure M (A (n + i)))"
proof (rule INF_eq)
show "∃j∈UNIV. emeasure M (A (j + i)) ≤ emeasure M (A i')" for i'
by (intro bexI[of _ i'] emeasure_mono decseqD[OF ‹decseq A›] A) auto
qed auto
also have "… = emeasure M (INF n. (A (n + i)))"
using A ‹decseq A› fin by (intro INF_emeasure_decseq) (auto simp: decseq_def less_top)
also have "(INF n. (A (n + i))) = (INF n. A n)"
by (meson INF_eq UNIV_I assms(2) decseqD le_add1)
finally show ?thesis .
qed

lemma emeasure_INT_decseq_subset:
fixes F :: "nat ⇒ 'a set"
assumes I: "I ≠ {}" and F: "⋀i j. i ∈ I ⟹ j ∈ I ⟹ i ≤ j ⟹ F j ⊆ F i"
assumes F_sets[measurable]: "⋀i. i ∈ I ⟹ F i ∈ sets M"
and fin: "⋀i. i ∈ I ⟹ emeasure M (F i) ≠ ∞"
shows "emeasure M (⋂i∈I. F i) = (INF i:I. emeasure M (F i))"
proof cases
assume "finite I"
have "(⋂i∈I. F i) = F (Max I)"
using I ‹finite I› by (intro antisym INF_lower INF_greatest F) auto
moreover have "(INF i:I. emeasure M (F i)) = emeasure M (F (Max I))"
using I ‹finite I› by (intro antisym INF_lower INF_greatest F emeasure_mono) auto
ultimately show ?thesis
by simp
next
assume "infinite I"
define L where "L n = (LEAST i. i ∈ I ∧ i ≥ n)" for n
have L: "L n ∈ I ∧ n ≤ L n" for n
unfolding L_def
proof (rule LeastI_ex)
show "∃x. x ∈ I ∧ n ≤ x"
using ‹infinite I› finite_subset[of I "{..< n}"]
by (rule_tac ccontr) (auto simp: not_le)
qed
have L_eq[simp]: "i ∈ I ⟹ L i = i" for i
unfolding L_def by (intro Least_equality) auto
have L_mono: "i ≤ j ⟹ L i ≤ L j" for i j
using L[of j] unfolding L_def by (intro Least_le) (auto simp: L_def)

have "emeasure M (⋂i. F (L i)) = (INF i. emeasure M (F (L i)))"
proof (intro INF_emeasure_decseq[symmetric])
show "decseq (λi. F (L i))"
using L by (intro antimonoI F L_mono) auto
qed (insert L fin, auto)
also have "… = (INF i:I. emeasure M (F i))"
proof (intro antisym INF_greatest)
show "i ∈ I ⟹ (INF i. emeasure M (F (L i))) ≤ emeasure M (F i)" for i
by (intro INF_lower2[of i]) auto
qed (insert L, auto intro: INF_lower)
also have "(⋂i. F (L i)) = (⋂i∈I. F i)"
proof (intro antisym INF_greatest)
show "i ∈ I ⟹ (⋂i. F (L i)) ⊆ F i" for i
by (intro INF_lower2[of i]) auto
qed (insert L, auto)
finally show ?thesis .
qed

lemma Lim_emeasure_decseq:
assumes A: "range A ⊆ sets M" "decseq A" and fin: "⋀i. emeasure M (A i) ≠ ∞"
shows "(λi. emeasure M (A i)) ⇢ emeasure M (⋂i. A i)"
using LIMSEQ_INF[OF decseq_emeasure, OF A]
using INF_emeasure_decseq[OF A fin] by simp

lemma emeasure_lfp'[consumes 1, case_names cont measurable]:
assumes "P M"
assumes cont: "sup_continuous F"
assumes *: "⋀M A. P M ⟹ (⋀N. P N ⟹ Measurable.pred N A) ⟹ Measurable.pred M (F A)"
shows "emeasure M {x∈space M. lfp F x} = (SUP i. emeasure M {x∈space M. (F ^^ i) (λx. False) x})"
proof -
have "emeasure M {x∈space M. lfp F x} = emeasure M (⋃i. {x∈space M. (F ^^ i) (λx. False) x})"
using sup_continuous_lfp[OF cont] by (auto simp add: bot_fun_def intro!: arg_cong2[where f=emeasure])
moreover { fix i from ‹P M› have "{x∈space M. (F ^^ i) (λx. False) x} ∈ sets M"
by (induct i arbitrary: M) (auto simp add: pred_def[symmetric] intro: *) }
moreover have "incseq (λi. {x∈space M. (F ^^ i) (λx. False) x})"
proof (rule incseq_SucI)
fix i
have "(F ^^ i) (λx. False) ≤ (F ^^ (Suc i)) (λx. False)"
proof (induct i)
case 0 show ?case by (simp add: le_fun_def)
next
case Suc thus ?case using monoD[OF sup_continuous_mono[OF cont] Suc] by auto
qed
then show "{x ∈ space M. (F ^^ i) (λx. False) x} ⊆ {x ∈ space M. (F ^^ Suc i) (λx. False) x}"
by auto
qed
ultimately show ?thesis
by (subst SUP_emeasure_incseq) auto
qed

lemma emeasure_lfp:
assumes [simp]: "⋀s. sets (M s) = sets N"
assumes cont: "sup_continuous F" "sup_continuous f"
assumes meas: "⋀P. Measurable.pred N P ⟹ Measurable.pred N (F P)"
assumes iter: "⋀P s. Measurable.pred N P ⟹ P ≤ lfp F ⟹ emeasure (M s) {x∈space N. F P x} = f (λs. emeasure (M s) {x∈space N. P x}) s"
shows "emeasure (M s) {x∈space N. lfp F x} = lfp f s"
proof (subst lfp_transfer_bounded[where α="λF s. emeasure (M s) {x∈space N. F x}" and g=f and f=F and P="Measurable.pred N", symmetric])
fix C assume "incseq C" "⋀i. Measurable.pred N (C i)"
then show "(λs. emeasure (M s) {x ∈ space N. (SUP i. C i) x}) = (SUP i. (λs. emeasure (M s) {x ∈ space N. C i x}))"
unfolding SUP_apply[abs_def]
by (subst SUP_emeasure_incseq) (auto simp: mono_def fun_eq_iff intro!: arg_cong2[where f=emeasure])
qed (auto simp add: iter le_fun_def SUP_apply[abs_def] intro!: meas cont)

"finite I ⟹ A  I ⊆ sets M ⟹ emeasure M (⋃i∈I. A i) ≤ (∑i∈I. emeasure M (A i))"

"A ∈ sets M ⟹ B ∈ sets M ⟹ emeasure M (A ∪ B) ≤ emeasure M A + emeasure M B"
using emeasure_subadditive_finite[of "{True, False}" "λTrue ⇒ A | False ⇒ B" M] by simp

assumes "range f ⊆ sets M"
shows "emeasure M (⋃i. f i) ≤ (∑i. emeasure M (f i))"
proof -
have "emeasure M (⋃i. f i) = emeasure M (⋃i. disjointed f i)"
unfolding UN_disjointed_eq ..
also have "… = (∑i. emeasure M (disjointed f i))"
using sets.range_disjointed_sets[OF assms] suminf_emeasure[of "disjointed f"]
also have "… ≤ (∑i. emeasure M (f i))"
using sets.range_disjointed_sets[OF assms] assms
by (auto intro!: suminf_le emeasure_mono disjointed_subset)
finally show ?thesis .
qed

lemma emeasure_insert:
assumes sets: "{x} ∈ sets M" "A ∈ sets M" and "x ∉ A"
shows "emeasure M (insert x A) = emeasure M {x} + emeasure M A"
proof -
have "{x} ∩ A = {}" using ‹x ∉ A› by auto
from plus_emeasure[OF sets this] show ?thesis by simp
qed

lemma emeasure_insert_ne:
"A ≠ {} ⟹ {x} ∈ sets M ⟹ A ∈ sets M ⟹ x ∉ A ⟹ emeasure M (insert x A) = emeasure M {x} + emeasure M A"
by (rule emeasure_insert)

lemma emeasure_eq_sum_singleton:
assumes "finite S" "⋀x. x ∈ S ⟹ {x} ∈ sets M"
shows "emeasure M S = (∑x∈S. emeasure M {x})"
using sum_emeasure[of "λx. {x}" S M] assms
by (auto simp: disjoint_family_on_def subset_eq)

lemma sum_emeasure_cover:
assumes "finite S" and "A ∈ sets M" and br_in_M: "B  S ⊆ sets M"
assumes A: "A ⊆ (⋃i∈S. B i)"
assumes disj: "disjoint_family_on B S"
shows "emeasure M A = (∑i∈S. emeasure M (A ∩ (B i)))"
proof -
have "(∑i∈S. emeasure M (A ∩ (B i))) = emeasure M (⋃i∈S. A ∩ (B i))"
proof (rule sum_emeasure)
show "disjoint_family_on (λi. A ∩ B i) S"
using ‹disjoint_family_on B S›
unfolding disjoint_family_on_def by auto
qed (insert assms, auto)
also have "(⋃i∈S. A ∩ (B i)) = A"
using A by auto
finally show ?thesis by simp
qed

lemma emeasure_eq_0:
"N ∈ sets M ⟹ emeasure M N = 0 ⟹ K ⊆ N ⟹ emeasure M K = 0"
by (metis emeasure_mono order_eq_iff zero_le)

lemma emeasure_UN_eq_0:
assumes "⋀i::nat. emeasure M (N i) = 0" and "range N ⊆ sets M"
shows "emeasure M (⋃i. N i) = 0"
proof -
have "emeasure M (⋃i. N i) ≤ 0"
using emeasure_subadditive_countably[OF assms(2)] assms(1) by simp
then show ?thesis
by (auto intro: antisym zero_le)
qed

lemma measure_eqI_finite:
assumes [simp]: "sets M = Pow A" "sets N = Pow A" and "finite A"
assumes eq: "⋀a. a ∈ A ⟹ emeasure M {a} = emeasure N {a}"
shows "M = N"
proof (rule measure_eqI)
fix X assume "X ∈ sets M"
then have X: "X ⊆ A" by auto
then have "emeasure M X = (∑a∈X. emeasure M {a})"
using ‹finite A› by (subst emeasure_eq_sum_singleton) (auto dest: finite_subset)
also have "… = (∑a∈X. emeasure N {a})"
using X eq by (auto intro!: sum.cong)
also have "… = emeasure N X"
using X ‹finite A› by (subst emeasure_eq_sum_singleton) (auto dest: finite_subset)
finally show "emeasure M X = emeasure N X" .
qed simp

lemma measure_eqI_generator_eq:
fixes M N :: "'a measure" and E :: "'a set set" and A :: "nat ⇒ 'a set"
assumes "Int_stable E" "E ⊆ Pow Ω"
and eq: "⋀X. X ∈ E ⟹ emeasure M X = emeasure N X"
and M: "sets M = sigma_sets Ω E"
and N: "sets N = sigma_sets Ω E"
and A: "range A ⊆ E" "(⋃i. A i) = Ω" "⋀i. emeasure M (A i) ≠ ∞"
shows "M = N"
proof -
let ?μ  = "emeasure M" and ?ν = "emeasure N"
interpret S: sigma_algebra Ω "sigma_sets Ω E" by (rule sigma_algebra_sigma_sets) fact
have "space M = Ω"
using sets.top[of M] sets.space_closed[of M] S.top S.space_closed ‹sets M = sigma_sets Ω E›
by blast

{ fix F D assume "F ∈ E" and "?μ F ≠ ∞"
then have [intro]: "F ∈ sigma_sets Ω E" by auto
have "?ν F ≠ ∞" using ‹?μ F ≠ ∞› ‹F ∈ E› eq by simp
assume "D ∈ sets M"
with ‹Int_stable E› ‹E ⊆ Pow Ω› have "emeasure M (F ∩ D) = emeasure N (F ∩ D)"
unfolding M
proof (induct rule: sigma_sets_induct_disjoint)
case (basic A)
then have "F ∩ A ∈ E" using ‹Int_stable E› ‹F ∈ E› by (auto simp: Int_stable_def)
then show ?case using eq by auto
next
case empty then show ?case by simp
next
case (compl A)
then have **: "F ∩ (Ω - A) = F - (F ∩ A)"
and [intro]: "F ∩ A ∈ sigma_sets Ω E"
using ‹F ∈ E› S.sets_into_space by (auto simp: M)
have "?ν (F ∩ A) ≤ ?ν F" by (auto intro!: emeasure_mono simp: M N)
then have "?ν (F ∩ A) ≠ ∞" using ‹?ν F ≠ ∞› by (auto simp: top_unique)
have "?μ (F ∩ A) ≤ ?μ F" by (auto intro!: emeasure_mono simp: M N)
then have "?μ (F ∩ A) ≠ ∞" using ‹?μ F ≠ ∞› by (auto simp: top_unique)
then have "?μ (F ∩ (Ω - A)) = ?μ F - ?μ (F ∩ A)" unfolding **
using ‹F ∩ A ∈ sigma_sets Ω E› by (auto intro!: emeasure_Diff simp: M N)
also have "… = ?ν F - ?ν (F ∩ A)" using eq ‹F ∈ E› compl by simp
also have "… = ?ν (F ∩ (Ω - A))" unfolding **
using ‹F ∩ A ∈ sigma_sets Ω E› ‹?ν (F ∩ A) ≠ ∞›
by (auto intro!: emeasure_Diff[symmetric] simp: M N)
finally show ?case
using ‹space M = Ω› by auto
next
case (union A)
then have "?μ (⋃x. F ∩ A x) = ?ν (⋃x. F ∩ A x)"
by (subst (1 2) suminf_emeasure[symmetric]) (auto simp: disjoint_family_on_def subset_eq M N)
with A show ?case
by auto
qed }
note * = this
show "M = N"
proof (rule measure_eqI)
show "sets M = sets N"
using M N by simp
have [simp, intro]: "⋀i. A i ∈ sets M"
using A(1) by (auto simp: subset_eq M)
fix F assume "F ∈ sets M"
let ?D = "disjointed (λi. F ∩ A i)"
from ‹space M = Ω› have F_eq: "F = (⋃i. ?D i)"
using ‹F ∈ sets M›[THEN sets.sets_into_space] A(2)[symmetric] by (auto simp: UN_disjointed_eq)
have [simp, intro]: "⋀i. ?D i ∈ sets M"
using sets.range_disjointed_sets[of "λi. F ∩ A i" M] ‹F ∈ sets M›
by (auto simp: subset_eq)
have "disjoint_family ?D"
by (auto simp: disjoint_family_disjointed)
moreover
have "(∑i. emeasure M (?D i)) = (∑i. emeasure N (?D i))"
proof (intro arg_cong[where f=suminf] ext)
fix i
have "A i ∩ ?D i = ?D i"
by (auto simp: disjointed_def)
then show "emeasure M (?D i) = emeasure N (?D i)"
using *[of "A i" "?D i", OF _ A(3)] A(1) by auto
qed
ultimately show "emeasure M F = emeasure N F"
by (simp add: image_subset_iff ‹sets M = sets N›[symmetric] F_eq[symmetric] suminf_emeasure)
qed
qed

lemma space_empty: "space M = {} ⟹ M = count_space {}"
by (rule measure_eqI) (simp_all add: space_empty_iff)

lemma measure_eqI_generator_eq_countable:
fixes M N :: "'a measure" and E :: "'a set set" and A :: "'a set set"
assumes E: "Int_stable E" "E ⊆ Pow Ω" "⋀X. X ∈ E ⟹ emeasure M X = emeasure N X"
and sets: "sets M = sigma_sets Ω E" "sets N = sigma_sets Ω E"
and A: "A ⊆ E" "(⋃A) = Ω" "countable A" "⋀a. a ∈ A ⟹ emeasure M a ≠ ∞"
shows "M = N"
proof cases
assume "Ω = {}"
have *: "sigma_sets Ω E = sets (sigma Ω E)"
using E(2) by simp
have "space M = Ω" "space N = Ω"
using sets E(2) unfolding * by (auto dest: sets_eq_imp_space_eq simp del: sets_measure_of)
then show "M = N"
unfolding ‹Ω = {}› by (auto dest: space_empty)
next
assume "Ω ≠ {}" with ‹⋃A = Ω› have "A ≠ {}" by auto
from this ‹countable A› have rng: "range (from_nat_into A) = A"
by (rule range_from_nat_into)
show "M = N"
proof (rule measure_eqI_generator_eq[OF E sets])
show "range (from_nat_into A) ⊆ E"
unfolding rng using ‹A ⊆ E› .
show "(⋃i. from_nat_into A i) = Ω"
unfolding rng using ‹⋃A = Ω› .
show "emeasure M (from_nat_into A i) ≠ ∞" for i
using rng by (intro A) auto
qed
qed

lemma measure_of_of_measure: "measure_of (space M) (sets M) (emeasure M) = M"
proof (intro measure_eqI emeasure_measure_of_sigma)
show "sigma_algebra (space M) (sets M)" ..
show "positive (sets M) (emeasure M)"
show "countably_additive (sets M) (emeasure M)"
qed simp_all

subsection ‹‹μ›-null sets›

definition%important null_sets :: "'a measure ⇒ 'a set set" where
"null_sets M = {N∈sets M. emeasure M N = 0}"

lemma null_setsD1[dest]: "A ∈ null_sets M ⟹ emeasure M A = 0"

lemma null_setsD2[dest]: "A ∈ null_sets M ⟹ A ∈ sets M"
unfolding null_sets_def by simp

lemma null_setsI[intro]: "emeasure M A = 0 ⟹ A ∈ sets M ⟹ A ∈ null_sets M"
unfolding null_sets_def by simp

interpretation null_sets: ring_of_sets "space M" "null_sets M" for M
proof (rule ring_of_setsI)
show "null_sets M ⊆ Pow (space M)"
using sets.sets_into_space by auto
show "{} ∈ null_sets M"
by auto
fix A B assume null_sets: "A ∈ null_sets M" "B ∈ null_sets M"
then have sets: "A ∈ sets M" "B ∈ sets M"
by auto
then have *: "emeasure M (A ∪ B) ≤ emeasure M A + emeasure M B"
"emeasure M (A - B) ≤ emeasure M A"
then have "emeasure M B = 0" "emeasure M A = 0"
using null_sets by auto
with sets * show "A - B ∈ null_sets M" "A ∪ B ∈ null_sets M"
by (auto intro!: antisym zero_le)
qed

lemma UN_from_nat_into:
assumes I: "countable I" "I ≠ {}"
shows "(⋃i∈I. N i) = (⋃i. N (from_nat_into I i))"
proof -
have "(⋃i∈I. N i) = ⋃(N  range (from_nat_into I))"
using I by simp
also have "… = (⋃i. (N ∘ from_nat_into I) i)"
by simp
finally show ?thesis by simp
qed

lemma null_sets_UN':
assumes "countable I"
assumes "⋀i. i ∈ I ⟹ N i ∈ null_sets M"
shows "(⋃i∈I. N i) ∈ null_sets M"
proof cases
assume "I = {}" then show ?thesis by simp
next
assume "I ≠ {}"
show ?thesis
proof (intro conjI CollectI null_setsI)
show "(⋃i∈I. N i) ∈ sets M"
using assms by (intro sets.countable_UN') auto
have "emeasure M (⋃i∈I. N i) ≤ (∑n. emeasure M (N (from_nat_into I n)))"
unfolding UN_from_nat_into[OF ‹countable I› ‹I ≠ {}›]
using assms ‹I ≠ {}› by (intro emeasure_subadditive_countably) (auto intro: from_nat_into)
also have "(λn. emeasure M (N (from_nat_into I n))) = (λ_. 0)"
using assms ‹I ≠ {}› by (auto intro: from_nat_into)
finally show "emeasure M (⋃i∈I. N i) = 0"
by (intro antisym zero_le) simp
qed
qed

lemma null_sets_UN[intro]:
"(⋀i::'i::countable. N i ∈ null_sets M) ⟹ (⋃i. N i) ∈ null_sets M"
by (rule null_sets_UN') auto

lemma null_set_Int1:
assumes "B ∈ null_sets M" "A ∈ sets M" shows "A ∩ B ∈ null_sets M"
proof (intro CollectI conjI null_setsI)
show "emeasure M (A ∩ B) = 0" using assms
by (intro emeasure_eq_0[of B _ "A ∩ B"]) auto
qed (insert assms, auto)

lemma null_set_Int2:
assumes "B ∈ null_sets M" "A ∈ sets M" shows "B ∩ A ∈ null_sets M"
using assms by (subst Int_commute) (rule null_set_Int1)

lemma emeasure_Diff_null_set:
assumes "B ∈ null_sets M" "A ∈ sets M"
shows "emeasure M (A - B) = emeasure M A"
proof -
have *: "A - B = (A - (A ∩ B))" by auto
have "A ∩ B ∈ null_sets M" using assms by (rule null_set_Int1)
then show ?thesis
unfolding * using assms
by (subst emeasure_Diff) auto
qed

lemma null_set_Diff:
assumes "B ∈ null_sets M" "A ∈ sets M" shows "B - A ∈ null_sets M"
proof (intro CollectI conjI null_setsI)
show "emeasure M (B - A) = 0" using assms by (intro emeasure_eq_0[of B _ "B - A"]) auto
qed (insert assms, auto)

lemma emeasure_Un_null_set:
assumes "A ∈ sets M" "B ∈ null_sets M"
shows "emeasure M (A ∪ B) = emeasure M A"
proof -
have *: "A ∪ B = A ∪ (B - A)" by auto
have "B - A ∈ null_sets M" using assms(2,1) by (rule null_set_Diff)
then show ?thesis
unfolding * using assms
by (subst plus_emeasure[symmetric]) auto
qed

subsection ‹The almost everywhere filter (i.e.\ quantifier)›

definition%important ae_filter :: "'a measure ⇒ 'a filter" where
"ae_filter M = (INF N:null_sets M. principal (space M - N))"

abbreviation almost_everywhere :: "'a measure ⇒ ('a ⇒ bool) ⇒ bool" where
"almost_everywhere M P ≡ eventually P (ae_filter M)"

syntax
"_almost_everywhere" :: "pttrn ⇒ 'a ⇒ bool ⇒ bool" ("AE _ in _. _" [0,0,10] 10)

translations
"AE x in M. P" ⇌ "CONST almost_everywhere M (λx. P)"

abbreviation
"set_almost_everywhere A M P ≡ AE x in M. x ∈ A ⟶ P x"

syntax
"_set_almost_everywhere" :: "pttrn ⇒ 'a set ⇒ 'a ⇒ bool ⇒ bool"
("AE _∈_ in _./ _" [0,0,0,10] 10)

translations
"AE x∈A in M. P" ⇌ "CONST set_almost_everywhere A M (λx. P)"

lemma eventually_ae_filter: "eventually P (ae_filter M) ⟷ (∃N∈null_sets M. {x ∈ space M. ¬ P x} ⊆ N)"
unfolding ae_filter_def by (subst eventually_INF_base) (auto simp: eventually_principal subset_eq)

lemma AE_I':
"N ∈ null_sets M ⟹ {x∈space M. ¬ P x} ⊆ N ⟹ (AE x in M. P x)"
unfolding eventually_ae_filter by auto

lemma AE_iff_null:
assumes "{x∈space M. ¬ P x} ∈ sets M" (is "?P ∈ sets M")
shows "(AE x in M. P x) ⟷ {x∈space M. ¬ P x} ∈ null_sets M"
proof
assume "AE x in M. P x" then obtain N where N: "N ∈ sets M" "?P ⊆ N" "emeasure M N = 0"
unfolding eventually_ae_filter by auto
have "emeasure M ?P ≤ emeasure M N"
using assms N(1,2) by (auto intro: emeasure_mono)
then have "emeasure M ?P = 0"
unfolding ‹emeasure M N = 0› by auto
then show "?P ∈ null_sets M" using assms by auto
next
assume "?P ∈ null_sets M" with assms show "AE x in M. P x" by (auto intro: AE_I')
qed

lemma AE_iff_null_sets:
"N ∈ sets M ⟹ N ∈ null_sets M ⟷ (AE x in M. x ∉ N)"
using Int_absorb1[OF sets.sets_into_space, of N M]
by (subst AE_iff_null) (auto simp: Int_def[symmetric])

lemma AE_not_in:
"N ∈ null_sets M ⟹ AE x in M. x ∉ N"
by (metis AE_iff_null_sets null_setsD2)

lemma AE_iff_measurable:
"N ∈ sets M ⟹ {x∈space M. ¬ P x} = N ⟹ (AE x in M. P x) ⟷ emeasure M N = 0"
using AE_iff_null[of _ P] by auto

lemma AE_E[consumes 1]:
assumes "AE x in M. P x"
obtains N where "{x ∈ space M. ¬ P x} ⊆ N" "emeasure M N = 0" "N ∈ sets M"
using assms unfolding eventually_ae_filter by auto

lemma AE_E2:
assumes "AE x in M. P x" "{x∈space M. P x} ∈ sets M"
shows "emeasure M {x∈space M. ¬ P x} = 0" (is "emeasure M ?P = 0")
proof -
have "{x∈space M. ¬ P x} = space M - {x∈space M. P x}" by auto
with AE_iff_null[of M P] assms show ?thesis by auto
qed

lemma AE_E3:
assumes "AE x in M. P x"
obtains N where "⋀x. x ∈ space M - N ⟹ P x" "N ∈ null_sets M"
using assms unfolding eventually_ae_filter by auto

lemma AE_I:
assumes "{x ∈ space M. ¬ P x} ⊆ N" "emeasure M N = 0" "N ∈ sets M"
shows "AE x in M. P x"
using assms unfolding eventually_ae_filter by auto

lemma AE_mp[elim!]:
assumes AE_P: "AE x in M. P x" and AE_imp: "AE x in M. P x ⟶ Q x"
shows "AE x in M. Q x"
proof -
from AE_P obtain A where P: "{x∈space M. ¬ P x} ⊆ A"
and A: "A ∈ sets M" "emeasure M A = 0"
by (auto elim!: AE_E)

from AE_imp obtain B where imp: "{x∈space M. P x ∧ ¬ Q x} ⊆ B"
and B: "B ∈ sets M" "emeasure M B = 0"
by (auto elim!: AE_E)

show ?thesis
proof (intro AE_I)
have "emeasure M (A ∪ B) ≤ 0"
using emeasure_subadditive[of A M B] A B by auto
then show "A ∪ B ∈ sets M" "emeasure M (A ∪ B) = 0"
using A B by auto
show "{x∈space M. ¬ Q x} ⊆ A ∪ B"
using P imp by auto
qed
qed

text ‹The next lemma is convenient to combine with a lemma whose conclusion is of the
form ‹AE x in M. P x = Q x›: for such a lemma, there is no \verb+[symmetric]+ variant,
but using ‹AE_symmetric[OF...]› will replace it.›

(* depricated replace by laws about eventually *)
lemma
shows AE_iffI: "AE x in M. P x ⟹ AE x in M. P x ⟷ Q x ⟹ AE x in M. Q x"
and AE_disjI1: "AE x in M. P x ⟹ AE x in M. P x ∨ Q x"
and AE_disjI2: "AE x in M. Q x ⟹ AE x in M. P x ∨ Q x"
and AE_conjI: "AE x in M. P x ⟹ AE x in M. Q x ⟹ AE x in M. P x ∧ Q x"
and AE_conj_iff[simp]: "(AE x in M. P x ∧ Q x) ⟷ (AE x in M. P x) ∧ (AE x in M. Q x)"
by auto

lemma AE_symmetric:
assumes "AE x in M. P x = Q x"
shows "AE x in M. Q x = P x"
using assms by auto

lemma AE_impI:
"(P ⟹ AE x in M. Q x) ⟹ AE x in M. P ⟶ Q x"
by (cases P) auto

lemma AE_measure:
assumes AE: "AE x in M. P x" and sets: "{x∈space M. P x} ∈ sets M" (is "?P ∈ sets M")
shows "emeasure M {x∈space M. P x} = emeasure M (space M)"
proof -
from AE_E[OF AE] guess N . note N = this
with sets have "emeasure M (space M) ≤ emeasure M (?P ∪ N)"
by (intro emeasure_mono) auto
also have "… ≤ emeasure M ?P + emeasure M N"
using sets N by (intro emeasure_subadditive) auto
also have "… = emeasure M ?P" using N by simp
finally show "emeasure M ?P = emeasure M (space M)"
using emeasure_space[of M "?P"] by auto
qed

lemma AE_space: "AE x in M. x ∈ space M"
by (rule AE_I[where N="{}"]) auto

lemma AE_I2[simp, intro]:
"(⋀x. x ∈ space M ⟹ P x) ⟹ AE x in M. P x"
using AE_space by force

lemma AE_Ball_mp:
"∀x∈space M. P x ⟹ AE x in M. P x ⟶ Q x ⟹ AE x in M. Q x"
by auto

lemma AE_cong[cong]:
"(⋀x. x ∈ space M ⟹ P x ⟷ Q x) ⟹ (AE x in M. P x) ⟷ (AE x in M. Q x)"
by auto

lemma AE_cong_strong: "M = N ⟹ (⋀x. x ∈ space N =simp=> P x = Q x) ⟹ (AE x in M. P x) ⟷ (AE x in N. Q x)"
by (auto simp: simp_implies_def)

lemma AE_all_countable:
"(AE x in M. ∀i. P i x) ⟷ (∀i::'i::countable. AE x in M. P i x)"
proof
assume "∀i. AE x in M. P i x"
from this[unfolded eventually_ae_filter Bex_def, THEN choice]
obtain N where N: "⋀i. N i ∈ null_sets M" "⋀i. {x∈space M. ¬ P i x} ⊆ N i" by auto
have "{x∈space M. ¬ (∀i. P i x)} ⊆ (⋃i. {x∈space M. ¬ P i x})" by auto
also have "… ⊆ (⋃i. N i)" using N by auto
finally have "{x∈space M. ¬ (∀i. P i x)} ⊆ (⋃i. N i)" .
moreover from N have "(⋃i. N i) ∈ null_sets M"
by (intro null_sets_UN) auto
ultimately show "AE x in M. ∀i. P i x"
unfolding eventually_ae_filter by auto
qed auto

lemma AE_ball_countable:
assumes [intro]: "countable X"
shows "(AE x in M. ∀y∈X. P x y) ⟷ (∀y∈X. AE x in M. P x y)"
proof
assume "∀y∈X. AE x in M. P x y"
from this[unfolded eventually_ae_filter Bex_def, THEN bchoice]
obtain N where N: "⋀y. y ∈ X ⟹ N y ∈ null_sets M" "⋀y. y ∈ X ⟹ {x∈space M. ¬ P x y} ⊆ N y"
by auto
have "{x∈space M. ¬ (∀y∈X. P x y)} ⊆ (⋃y∈X. {x∈space M. ¬ P x y})"
by auto
also have "… ⊆ (⋃y∈X. N y)"
using N by auto
finally have "{x∈space M. ¬ (∀y∈X. P x y)} ⊆ (⋃y∈X. N y)" .
moreover from N have "(⋃y∈X. N y) ∈ null_sets M"
by (intro null_sets_UN') auto
ultimately show "AE x in M. ∀y∈X. P x y"
unfolding eventually_ae_filter by auto
qed auto

lemma AE_ball_countable':
"(⋀N. N ∈ I ⟹ AE x in M. P N x) ⟹ countable I ⟹ AE x in M. ∀N ∈ I. P N x"
unfolding AE_ball_countable by simp

lemma pairwise_alt: "pairwise R S ⟷ (∀x∈S. ∀y∈S-{x}. R x y)"

lemma AE_pairwise: "countable F ⟹ pairwise (λA B. AE x in M. R x A B) F ⟷ (AE x in M. pairwise (R x) F)"
unfolding pairwise_alt by (simp add: AE_ball_countable)

lemma AE_discrete_difference:
assumes X: "countable X"
assumes null: "⋀x. x ∈ X ⟹ emeasure M {x} = 0"
assumes sets: "⋀x. x ∈ X ⟹ {x} ∈ sets M"
shows "AE x in M. x ∉ X"
proof -
have "(⋃x∈X. {x}) ∈ null_sets M"
using assms by (intro null_sets_UN') auto
from AE_not_in[OF this] show "AE x in M. x ∉ X"
by auto
qed

lemma AE_finite_all:
assumes f: "finite S" shows "(AE x in M. ∀i∈S. P i x) ⟷ (∀i∈S. AE x in M. P i x)"
using f by induct auto

lemma AE_finite_allI:
assumes "finite S"
shows "(⋀s. s ∈ S ⟹ AE x in M. Q s x) ⟹ AE x in M. ∀s∈S. Q s x"
using AE_finite_all[OF ‹finite S›] by auto

lemma emeasure_mono_AE:
assumes imp: "AE x in M. x ∈ A ⟶ x ∈ B"
and B: "B ∈ sets M"
shows "emeasure M A ≤ emeasure M B"
proof cases
assume A: "A ∈ sets M"
from imp obtain N where N: "{x∈space M. ¬ (x ∈ A ⟶ x ∈ B)} ⊆ N" "N ∈ null_sets M"
by (auto simp: eventually_ae_filter)
have "emeasure M A = emeasure M (A - N)"
using N A by (subst emeasure_Diff_null_set) auto
also have "emeasure M (A - N) ≤ emeasure M (B - N)"
using N A B sets.sets_into_space by (auto intro!: emeasure_mono)
also have "emeasure M (B - N) = emeasure M B"
using N B by (subst emeasure_Diff_null_set) auto
finally show ?thesis .

lemma emeasure_eq_AE:
assumes iff: "AE x in M. x ∈ A ⟷ x ∈ B"
assumes A: "A ∈ sets M" and B: "B ∈ sets M"
shows "emeasure M A = emeasure M B"
using assms by (safe intro!: antisym emeasure_mono_AE) auto

lemma emeasure_Collect_eq_AE:
"AE x in M. P x ⟷ Q x ⟹ Measurable.pred M Q ⟹ Measurable.pred M P ⟹
emeasure M {x∈space M. P x} = emeasure M {x∈space M. Q x}"
by (intro emeasure_eq_AE) auto

lemma emeasure_eq_0_AE: "AE x in M. ¬ P x ⟹ emeasure M {x∈space M. P x} = 0"
using AE_iff_measurable[OF _ refl, of M "λx. ¬ P x"]
by (cases "{x∈space M. P x} ∈ sets M") (simp_all add: emeasure_notin_sets)

lemma emeasure_0_AE:
assumes "emeasure M (space M) = 0"
shows "AE x in M. P x"
using eventually_ae_filter assms by blast

assumes [measurable]: "A ∈ sets M" "B ∈ sets M" "C ∈ sets M"
assumes 1: "AE x in M. x ∈ C ⟷ x ∈ A ∨ x ∈ B"
assumes 2: "AE x in M. ¬ (x ∈ A ∧ x ∈ B)"
shows "emeasure M C = emeasure M A + emeasure M B"
proof -
have "emeasure M C = emeasure M (A ∪ B)"
by (rule emeasure_eq_AE) (insert 1, auto)
also have "… = emeasure M A + emeasure M (B - A)"
by (subst plus_emeasure) auto
also have "emeasure M (B - A) = emeasure M B"
by (rule emeasure_eq_AE) (insert 2, auto)
finally show ?thesis .
qed

subsection ‹‹σ›-finite Measures›

locale%important sigma_finite_measure =
fixes M :: "'a measure"
assumes sigma_finite_countable:
"∃A::'a set set. countable A ∧ A ⊆ sets M ∧ (⋃A) = space M ∧ (∀a∈A. emeasure M a ≠ ∞)"

lemma (in sigma_finite_measure) sigma_finite:
obtains A :: "nat ⇒ 'a set"
where "range A ⊆ sets M" "(⋃i. A i) = space M" "⋀i. emeasure M (A i) ≠ ∞"
proof -
obtain A :: "'a set set" where
[simp]: "countable A" and
A: "A ⊆ sets M" "(⋃A) = space M" "⋀a. a ∈ A ⟹ emeasure M a ≠ ∞"
using sigma_finite_countable by metis
show thesis
proof cases
assume "A = {}" with ‹(⋃A) = space M› show thesis
by (intro that[of "λ_. {}"]) auto
next
assume "A ≠ {}"
show thesis
proof
show "range (from_nat_into A) ⊆ sets M"
using ‹A ≠ {}› A by auto
have "(⋃i. from_nat_into A i) = ⋃A"
using range_from_nat_into[OF ‹A ≠ {}› ‹countable A›] by auto
with A show "(⋃i. from_nat_into A i) = space M"
by auto
qed (intro A from_nat_into ‹A ≠ {}›)
qed
qed

lemma (in sigma_finite_measure) sigma_finite_disjoint:
obtains A :: "nat ⇒ 'a set"
where "range A ⊆ sets M" "(⋃i. A i) = space M" "⋀i. emeasure M (A i) ≠ ∞" "disjoint_family A"
proof -
obtain A :: "nat ⇒ 'a set" where
range: "range A ⊆ sets M" and
space: "(⋃i. A i) = space M" and
measure: "⋀i. emeasure M (A i) ≠ ∞"
using sigma_finite by blast
show thesis
proof (rule that[of "disjointed A"])
show "range (disjointed A) ⊆ sets M"
by (rule sets.range_disjointed_sets[OF range])
show "(⋃i. disjointed A i) = space M"
and "disjoint_family (disjointed A)"
using disjoint_family_disjointed UN_disjointed_eq[of A] space range
by auto
show "emeasure M (disjointed A i) ≠ ∞" for i
proof -
have "emeasure M (disjointed A i) ≤ emeasure M (A i)"
using range disjointed_subset[of A i] by (auto intro!: emeasure_mono)
then show ?thesis using measure[of i] by (auto simp: top_unique)
qed
qed
qed

lemma (in sigma_finite_measure) sigma_finite_incseq:
obtains A :: "nat ⇒ 'a set"
where "range A ⊆ sets M" "(⋃i. A i) = space M" "⋀i. emeasure M (A i) ≠ ∞" "incseq A"
proof -
obtain F :: "nat ⇒ 'a set" where
F: "range F ⊆ sets M" "(⋃i. F i) = space M" "⋀i. emeasure M (F i) ≠ ∞"
using sigma_finite by blast
show thesis
proof (rule that[of "λn. ⋃i≤n. F i"])
show "range (λn. ⋃i≤n. F i) ⊆ sets M"
using F by (force simp: incseq_def)
show "(⋃n. ⋃i≤n. F i) = space M"
proof -
from F have "⋀x. x ∈ space M ⟹ ∃i. x ∈ F i" by auto
with F show ?thesis by fastforce
qed
show "emeasure M (⋃i≤n. F i) ≠ ∞" for n
proof -
have "emeasure M (⋃i≤n. F i) ≤ (∑i≤n. emeasure M (F i))"
using F by (auto intro!: emeasure_subadditive_finite)
also have "… < ∞"
using F by (auto simp: sum_Pinfty less_top)
finally show ?thesis by simp
qed
show "incseq (λn. ⋃i≤n. F i)"
by (force simp: incseq_def)
qed
qed

lemma (in sigma_finite_measure) approx_PInf_emeasure_with_finite:
fixes C::real
assumes W_meas: "W ∈ sets M"
and W_inf: "emeasure M W = ∞"
obtains Z where "Z ∈ sets M" "Z ⊆ W" "emeasure M Z < ∞" "emeasure M Z > C"
proof -
obtain A :: "nat ⇒ 'a set"
where A: "range A ⊆ sets M" "(⋃i. A i) = space M" "⋀i. emeasure M (A i) ≠ ∞" "incseq A"
using sigma_finite_incseq by blast
define B where "B = (λi. W ∩ A i)"
have B_meas: "⋀i. B i ∈ sets M" using W_meas ‹range A ⊆ sets M› B_def by blast
have b: "⋀i. B i ⊆ W" using B_def by blast

{ fix i
have "emeasure M (B i) ≤ emeasure M (A i)"
using A by (intro emeasure_mono) (auto simp: B_def)
also have "emeasure M (A i) < ∞"
using ‹⋀i. emeasure M (A i) ≠ ∞› by (simp add: less_top)
finally have "emeasure M (B i) < ∞" . }
note c = this

have "W = (⋃i. B i)" using B_def ‹(⋃i. A i) = space M› W_meas by auto
moreover have "incseq B" using B_def ‹incseq A› by (simp add: incseq_def subset_eq)
ultimately have "(λi. emeasure M (B i)) ⇢ emeasure M W" using W_meas B_meas
by (simp add: B_meas Lim_emeasure_incseq image_subset_iff)
then have "(λi. emeasure M (B i)) ⇢ ∞" using W_inf by simp
from order_tendstoD(1)[OF this, of C]
obtain i where d: "emeasure M (B i) > C"
by (auto simp: eventually_sequentially)
have "B i ∈ sets M" "B i ⊆ W" "emeasure M (B i) < ∞" "emeasure M (B i) > C"
using B_meas b c d by auto
then show ?thesis using that by blast
qed

subsection ‹Measure space induced by distribution of @{const measurable}-functions›

definition%important distr :: "'a measure ⇒ 'b measure ⇒ ('a ⇒ 'b) ⇒ 'b measure" where
"distr M N f = measure_of (space N) (sets N) (λA. emeasure M (f - A ∩ space M))"

lemma
shows sets_distr[simp, measurable_cong]: "sets (distr M N f) = sets N"
and space_distr[simp]: "space (distr M N f) = space N"
by (auto simp: distr_def)

lemma
shows measurable_distr_eq1[simp]: "measurable (distr Mf Nf f) Mf' = measurable Nf Mf'"
and measurable_distr_eq2[simp]: "measurable Mg' (distr Mg Ng g) = measurable Mg' Ng"
by (auto simp: measurable_def)

lemma distr_cong:
"M = K ⟹ sets N = sets L ⟹ (⋀x. x ∈ space M ⟹ f x = g x) ⟹ distr M N f = distr K L g"
using sets_eq_imp_space_eq[of N L] by (simp add: distr_def Int_def cong: rev_conj_cong)

lemma emeasure_distr:
fixes f :: "'a ⇒ 'b"
assumes f: "f ∈ measurable M N" and A: "A ∈ sets N"
shows "emeasure (distr M N f) A = emeasure M (f - A ∩ space M)" (is "_ = ?μ A")
unfolding distr_def
proof (rule emeasure_measure_of_sigma)
show "positive (sets N) ?μ"
by (auto simp: positive_def)

fix A :: "nat ⇒ 'b set" assume "range A ⊆ sets N" "disjoint_family A"
then have A: "⋀i. A i ∈ sets N" "(⋃i. A i) ∈ sets N" by auto
then have *: "range (λi. f - (A i) ∩ space M) ⊆ sets M"
using f by (auto simp: measurable_def)
moreover have "(⋃i. f -  A i ∩ space M) ∈ sets M"
using * by blast
moreover have **: "disjoint_family (λi. f - A i ∩ space M)"
using ‹disjoint_family A› by (auto simp: disjoint_family_on_def)
ultimately show "(∑i. ?μ (A i)) = ?μ (⋃i. A i)"
using suminf_emeasure[OF _ **] A f
by (auto simp: comp_def vimage_UN)
qed
show "sigma_algebra (space N) (sets N)" ..
qed fact

lemma emeasure_Collect_distr:
assumes X[measurable]: "X ∈ measurable M N" "Measurable.pred N P"
shows "emeasure (distr M N X) {x∈space N. P x} = emeasure M {x∈space M. P (X x)}"
by (subst emeasure_distr)
(auto intro!: arg_cong2[where f=emeasure] X(1)[THEN measurable_space])

lemma emeasure_lfp2[consumes 1, case_names cont f measurable]:
assumes "P M"
assumes cont: "sup_continuous F"
assumes f: "⋀M. P M ⟹ f ∈ measurable M' M"
assumes *: "⋀M A. P M ⟹ (⋀N. P N ⟹ Measurable.pred N A) ⟹ Measurable.pred M (F A)"
shows "emeasure M' {x∈space M'. lfp F (f x)} = (SUP i. emeasure M' {x∈space M'. (F ^^ i) (λx. False) (f x)})"
proof (subst (1 2) emeasure_Collect_distr[symmetric, where X=f])
show "f ∈ measurable M' M"  "f ∈ measurable M' M"
using f[OF ‹P M›] by auto
{ fix i show "Measurable.pred M ((F ^^ i) (λx. False))"
using ‹P M› by (induction i arbitrary: M) (auto intro!: *) }
show "Measurable.pred M (lfp F)"
using ‹P M› cont * by (rule measurable_lfp_coinduct[of P])

have "emeasure (distr M' M f) {x ∈ space (distr M' M f). lfp F x} =
(SUP i. emeasure (distr M' M f) {x ∈ space (distr M' M f). (F ^^ i) (λx. False) x})"
using ‹P M›
proof (coinduction arbitrary: M rule: emeasure_lfp')
case (measurable A N) then have "⋀N. P N ⟹ Measurable.pred (distr M' N f) A"
by metis
then have "⋀N. P N ⟹ Measurable.pred N A"
by simp
with ‹P N›[THEN *] show ?case
by auto
qed fact
then show "emeasure (distr M' M f) {x ∈ space M. lfp F x} =
(SUP i. emeasure (distr M' M f) {x ∈ space M. (F ^^ i) (λx. False) x})"
by simp
qed

lemma distr_id[simp]: "distr N N (λx. x) = N"
by (rule measure_eqI) (auto simp: emeasure_distr)

lemma distr_id2: "sets M = sets N ⟹ distr N M (λx. x) = N"
by (rule measure_eqI) (auto simp: emeasure_distr)

lemma measure_distr:
"f ∈ measurable M N ⟹ S ∈ sets N ⟹ measure (distr M N f) S = measure M (f - S ∩ space M)"

lemma distr_cong_AE:
assumes 1: "M = K" "sets N = sets L" and
2: "(AE x in M. f x = g x)" and "f ∈ measurable M N" and "g ∈ measurable K L"
shows "distr M N f = distr K L g"
proof (rule measure_eqI)
fix A assume "A ∈ sets (distr M N f)"
with assms show "emeasure (distr M N f) A = emeasure (distr K L g) A"
by (auto simp add: emeasure_distr intro!: emeasure_eq_AE measurable_sets)
qed (insert 1, simp)

lemma AE_distrD:
assumes f: "f ∈ measurable M M'"
and AE: "AE x in distr M M' f. P x"
shows "AE x in M. P (f x)"
proof -
from AE[THEN AE_E] guess N .
with f show ?thesis
unfolding eventually_ae_filter
by (intro bexI[of _ "f - N ∩ space M"])
(auto simp: emeasure_distr measurable_def)
qed

lemma AE_distr_iff:
assumes f[measurable]: "f ∈ measurable M N" and P[measurable]: "{x ∈ space N. P x} ∈ sets N"
shows "(AE x in distr M N f. P x) ⟷ (AE x in M. P (f x))"
proof (subst (1 2) AE_iff_measurable[OF _ refl])
have "f - {x∈space N. ¬ P x} ∩ space M = {x ∈ space M. ¬ P (f x)}"
using f[THEN measurable_space] by auto
then show "(emeasure (distr M N f) {x ∈ space (distr M N f). ¬ P x} = 0) =
(emeasure M {x ∈ space M. ¬ P (f x)} = 0)"
qed auto

lemma null_sets_distr_iff:
"f ∈ measurable M N ⟹ A ∈ null_sets (distr M N f) ⟷ f - A ∩ space M ∈ null_sets M ∧ A ∈ sets N"
by (auto simp add: null_sets_def emeasure_distr)

proposition distr_distr:
"g ∈ measurable N L ⟹ f ∈ measurable M N ⟹ distr (distr M N f) L g = distr M L (g ∘ f)"
by (auto simp add: emeasure_distr measurable_space
intro!: arg_cong[where f="emeasure M"] measure_eqI)

subsection%unimportant ‹Real measure values›

lemma ring_of_finite_sets: "ring_of_sets (space M) {A∈sets M. emeasure M A ≠ top}"
proof (rule ring_of_setsI)
show "a ∈ {A ∈ sets M. emeasure M A ≠ top} ⟹ b ∈ {A ∈ sets M. emeasure M A ≠ top} ⟹
a ∪ b ∈ {A ∈ sets M. emeasure M A ≠ top}" for a b
using emeasure_subadditive[of a M b] by (auto simp: top_unique)

show "a ∈ {A ∈ sets M. emeasure M A ≠ top} ⟹ b ∈ {A ∈ sets M. emeasure M A ≠ top} ⟹
a - b ∈ {A ∈ sets M. emeasure M A ≠ top}" for a b
using emeasure_mono[of "a - b" a M] by (auto simp: Diff_subset top_unique)
qed (auto dest: sets.sets_into_space)

lemma measure_nonneg[simp]: "0 ≤ measure M A"
unfolding measure_def by auto

lemma measure_nonneg' [simp]: "¬ measure M A < 0"
using measure_nonneg not_le by blast

lemma zero_less_measure_iff: "0 < measure M A ⟷ measure M A ≠ 0"
using measure_nonneg[of M A] by (auto simp add: le_less)

lemma measure_le_0_iff: "measure M X ≤ 0 ⟷ measure M X = 0"
using measure_nonneg[of M X] by linarith

lemma measure_empty[simp]: "measure M {} = 0"
unfolding measure_def by (simp add: zero_ennreal.rep_eq)

lemma emeasure_eq_ennreal_measure:
"emeasure M A ≠ top ⟹ emeasure M A = ennreal (measure M A)"
by (cases "emeasure M A" rule: ennreal_cases) (auto simp: measure_def)

lemma measure_zero_top: "emeasure M A = top ⟹ measure M A = 0"

lemma measure_eq_emeasure_eq_ennreal: "0 ≤ x ⟹ emeasure M A = ennreal x ⟹ measure M A = x"
using emeasure_eq_ennreal_measure[of M A]
by (cases "A ∈ M") (auto simp: measure_notin_sets emeasure_notin_sets)

lemma enn2real_plus:"a < top ⟹ b < top ⟹ enn2real (a + b) = enn2real a + enn2real b"
del: real_of_ereal_enn2ereal)

lemma measure_eq_AE:
assumes iff: "AE x in M. x ∈ A ⟷ x ∈ B"
assumes A: "A ∈ sets M" and B: "B ∈ sets M"
shows "measure M A = measure M B"
using assms emeasure_eq_AE[OF assms] by (simp add: measure_def)

lemma measure_Union:
"emeasure M A ≠ ∞ ⟹ emeasure M B ≠ ∞ ⟹ A ∈ sets M ⟹ B ∈ sets M ⟹ A ∩ B = {} ⟹
measure M (A ∪ B) = measure M A + measure M B"
by (simp add: measure_def plus_emeasure[symmetric] enn2real_plus less_top)

lemma disjoint_family_on_insert:
"i ∉ I ⟹ disjoint_family_on A (insert i I) ⟷ A i ∩ (⋃i∈I. A i) = {} ∧ disjoint_family_on A I"
by (fastforce simp: disjoint_family_on_def)

lemma measure_finite_Union:
"finite S ⟹ AS ⊆ sets M ⟹ disjoint_family_on A S ⟹ (⋀i. i ∈ S ⟹ emeasure M (A i) ≠ ∞) ⟹
measure M (⋃i∈S. A i) = (∑i∈S. measure M (A i))"
by (induction S rule: finite_induct)
(auto simp: disjoint_family_on_insert measure_Union sum_emeasure[symmetric] sets.countable_UN'[OF countable_finite])

lemma measure_Diff:
assumes finite: "emeasure M A ≠ ∞"
and measurable: "A ∈ sets M" "B ∈ sets M" "B ⊆ A"
shows "measure M (A - B) = measure M A - measure M B"
proof -
have "emeasure M (A - B) ≤ emeasure M A" "emeasure M B ≤ emeasure M A"
using measurable by (auto intro!: emeasure_mono)
hence "measure M ((A - B) ∪ B) = measure M (A - B) + measure M B"
using measurable finite by (rule_tac measure_Union) (auto simp: top_unique)
thus ?thesis using ‹B ⊆ A› by (auto simp: Un_absorb2)
qed

lemma measure_UNION:
assumes measurable: "range A ⊆ sets M" "disjoint_family A"
assumes finite: "emeasure M (⋃i. A i) ≠ ∞"
shows "(λi. measure M (A i)) sums (measure M (⋃i. A i))"
proof -
have "(λi. emeasure M (A i)) sums (emeasure M (⋃i. A i))"
unfolding suminf_emeasure[OF measurable, symmetric] by (simp add: summable_sums)
moreover
{ fix i
have "emeasure M (A i) ≤ emeasure M (⋃i. A i)"
using measurable by (auto intro!: emeasure_mono)
then have "emeasure M (A i) = ennreal ((measure M (A i)))"
using finite by (intro emeasure_eq_ennreal_measure) (auto simp: top_unique) }
ultimately show ?thesis using finite
by (subst (asm) (2) emeasure_eq_ennreal_measure) simp_all
qed

assumes measurable: "A ∈ sets M" "B ∈ sets M"
and fin: "emeasure M A ≠ ∞" "emeasure M B ≠ ∞"
shows "measure M (A ∪ B) ≤ measure M A + measure M B"
proof -
have "emeasure M (A ∪ B) ≠ ∞"
using emeasure_subadditive[OF measurable] fin by (auto simp: top_unique)
then show "(measure M (A ∪ B)) ≤ (measure M A) + (measure M B)"
apply simp
apply (subst (asm) (2 3 4) emeasure_eq_ennreal_measure)
apply (auto simp flip: ennreal_plus)
done
qed

assumes A: "finite I" "AI ⊆ sets M" and fin: "⋀i. i ∈ I ⟹ emeasure M (A i) ≠ ∞"
shows "measure M (⋃i∈I. A i) ≤ (∑i∈I. measure M (A i))"
proof -
{ have "emeasure M (⋃i∈I. A i) ≤ (∑i∈I. emeasure M (A i))"
also have "… < ∞"
using fin by (simp add: less_top A)
finally have "emeasure M (⋃i∈I. A i) ≠ top" by simp }
note * = this
show ?thesis
unfolding emeasure_eq_ennreal_measure[OF *]
qed

assumes A: "range A ⊆ sets M" and fin: "(∑i. emeasure M (A i)) ≠ ∞"
shows "measure M (⋃i. A i) ≤ (∑i. measure M (A i))"
proof -
from fin have **: "⋀i. emeasure M (A i) ≠ top"
using ennreal_suminf_lessD[of "λi. emeasure M (A i)"] by (simp add: less_top)
{ have "emeasure M (⋃i. A i) ≤ (∑i. emeasure M (A i))"
also have "… < ∞"
using fin by (simp add: less_top)
finally have "emeasure M (⋃i. A i) ≠ top" by simp }
then have "ennreal (measure M (⋃i. A i)) = emeasure M (⋃i. A i)"
by (rule emeasure_eq_ennreal_measure[symmetric])
also have "… ≤ (∑i. emeasure M (A i))"
also have "… = ennreal (∑i. measure M (A i))"
using fin unfolding emeasure_eq_ennreal_measure[OF **]
by (subst suminf_ennreal) (auto simp: **)
finally show ?thesis
apply (rule ennreal_le_iff[THEN iffD1, rotated])
apply (intro suminf_nonneg allI measure_nonneg summable_suminf_not_top)
using fin
done
qed

lemma measure_Un_null_set: "A ∈ sets M ⟹ B ∈ null_sets M ⟹ measure M (A ∪ B) = measure M A"

lemma measure_Diff_null_set: "A ∈ sets M ⟹ B ∈ null_sets M ⟹ measure M (A - B) = measure M A"

lemma measure_eq_sum_singleton:
"finite S ⟹ (⋀x. x ∈ S ⟹ {x} ∈ sets M) ⟹ (⋀x. x ∈ S ⟹ emeasure M {x} ≠ ∞) ⟹
measure M S = (∑x∈S. measure M {x})"
using emeasure_eq_sum_singleton[of S M]
by (intro measure_eq_emeasure_eq_ennreal) (auto simp: sum_nonneg emeasure_eq_ennreal_measure)

lemma Lim_measure_incseq:
assumes A: "range A ⊆ sets M" "incseq A" and fin: "emeasure M (⋃i. A i) ≠ ∞"
shows "(λi. measure M (A i)) ⇢ measure M (⋃i. A i)"
proof (rule tendsto_ennrealD)
have "ennreal (measure M (⋃i. A i)) = emeasure M (⋃i. A i)"
using fin by (auto simp: emeasure_eq_ennreal_measure)
moreover have "ennreal (measure M (A i)) = emeasure M (A i)" for i
using assms emeasure_mono[of "A _" "⋃i. A i" M]
by (intro emeasure_eq_ennreal_measure[symmetric]) (auto simp: less_top UN_upper intro: le_less_trans)
ultimately show "(λx. ennreal (measure M (A x))) ⇢ ennreal (measure M (⋃i. A i))"
using A by (auto intro!: Lim_emeasure_incseq)
qed auto

lemma Lim_measure_decseq:
assumes A: "range A ⊆ sets M" "decseq A" and fin: "⋀i. emeasure M (A i) ≠ ∞"
shows "(λn. measure M (A n)) ⇢ measure M (⋂i. A i)"
proof (rule tendsto_ennrealD)
have "ennreal (measure M (⋂i. A i)) = emeasure M (⋂i. A i)"
using fin[of 0] A emeasure_mono[of "⋂i. A i" "A 0" M]
by (auto intro!: emeasure_eq_ennreal_measure[symmetric] simp: INT_lower less_top intro: le_less_trans)
moreover have "ennreal (measure M (A i)) = emeasure M (A i)" for i
using A fin[of i] by (intro emeasure_eq_ennreal_measure[symmetric]) auto
ultimately show "(λx. ennreal (measure M (A x))) ⇢ ennreal (measure M (⋂i. A i))"
using fin A by (auto intro!: Lim_emeasure_decseq)
qed auto

subsection ‹Set of measurable sets with finite measure›

definition%important fmeasurable :: "'a measure ⇒ 'a set set"
where
"fmeasurable M = {A∈sets M. emeasure M A < ∞}"

lemma fmeasurableD[dest, measurable_dest]: "A ∈ fmeasurable M ⟹ A ∈ sets M"
by (auto simp: fmeasurable_def)

lemma fmeasurableD2: "A ∈ fmeasurable M ⟹ emeasure M A ≠ top"
by (auto simp: fmeasurable_def)

lemma fmeasurableI: "A ∈ sets M ⟹ emeasure M A < ∞ ⟹ A ∈ fmeasurable M"
by (auto simp: fmeasurable_def)

lemma fmeasurableI_null_sets: "A ∈ null_sets M ⟹ A ∈ fmeasurable M"
by (auto simp: fmeasurable_def)

lemma fmeasurableI2: "A ∈ fmeasurable M ⟹ B ⊆ A ⟹ B ∈ sets M ⟹ B ∈ fmeasurable M"
using emeasure_mono[of B A M] by (auto simp: fmeasurable_def)

lemma measure_mono_fmeasurable:
"A ⊆ B ⟹ A ∈ sets M ⟹ B ∈ fmeasurable M ⟹ measure M A ≤ measure M B"
by (auto simp: measure_def fmeasurable_def intro!: emeasure_mono enn2real_mono)

lemma emeasure_eq_measure2: "A ∈ fmeasurable M ⟹ emeasure M A = measure M A"
by (simp add: emeasure_eq_ennreal_measure fmeasurable_def less_top)

interpretation fmeasurable: ring_of_sets "space M" "fmeasurable M"
proof (rule ring_of_setsI)
show "fmeasurable M ⊆ Pow (space M)" "{} ∈ fmeasurable M"
by (auto simp: fmeasurable_def dest: sets.sets_into_space)
fix a b assume *: "a ∈ fmeasurable M" "b ∈ fmeasurable M"
then have "emeasure M (a ∪ b) ≤ emeasure M a + emeasure M b"
also have "… < top"
using * by (auto simp: fmeasurable_def)
finally show  "a ∪ b ∈ fmeasurable M"
using * by (auto intro: fmeasurableI)
show "a - b ∈ fmeasurable M"
using emeasure_mono[of "a - b" a M] * by (auto simp: fmeasurable_def Diff_subset)
qed

subsection‹Measurable sets formed by unions and intersections›

lemma fmeasurable_Diff: "A ∈ fmeasurable M ⟹ B ∈ sets M ⟹ A - B ∈ fmeasurable M"
using fmeasurableI2[of A M "A - B"] by auto

lemma fmeasurable_Int_fmeasurable:
"⟦S ∈ fmeasurable M; T ∈ sets M⟧ ⟹ (S ∩ T) ∈ fmeasurable M"
by (meson fmeasurableD fmeasurableI2 inf_le1 sets.Int)

lemma fmeasurable_UN:
assumes "countable I" "⋀i. i ∈ I ⟹ F i ⊆ A" "⋀i. i ∈ I ⟹ F i ∈ sets M" "A ∈ fmeasurable M"
shows "(⋃i∈I. F i) ∈ fmeasurable M"
proof (rule fmeasurableI2)
show "A ∈ fmeasurable M" "(⋃i∈I. F i) ⊆ A" using assms by auto
show "(⋃i∈I. F i) ∈ sets M"
using assms by (intro sets.countable_UN') auto
qed

lemma fmeasurable_INT:
assumes "countable I" "i ∈ I" "⋀i. i ∈ I ⟹ F i ∈ sets M" "F i ∈ fmeasurable M"
shows "(⋂i∈I. F i) ∈ fmeasurable M"
proof (rule fmeasurableI2)
show "F i ∈ fmeasurable M" "(⋂i∈I. F i) ⊆ F i"
using assms by auto
show "(⋂i∈I. F i) ∈ sets M"
using assms by (intro sets.countable_INT') auto
qed

lemma measurable_measure_Diff:
assumes "A ∈ fmeasurable M" "B ∈ sets M" "B ⊆ A"
shows "measure M (A - B) = measure M A - measure M B"
by (simp add: assms fmeasurableD fmeasurableD2 measure_Diff)

lemma measurable_Un_null_set:
assumes "B ∈ null_sets M"
shows "(A ∪ B ∈ fmeasurable M ∧ A ∈ sets M) ⟷ A ∈ fmeasurable M"
using assms  by (fastforce simp add: fmeasurable.Un fmeasurableI_null_sets intro: fmeasurableI2)

lemma measurable_Diff_null_set:
assumes "B ∈ null_sets M"
shows "(A - B) ∈ fmeasurable M ∧ A ∈ sets M ⟷ A ∈ fmeasurable M"
using assms
by (metis Un_Diff_cancel2 fmeasurable.Diff fmeasurableD fmeasurableI_null_sets measurable_Un_null_set)

lemma fmeasurable_Diff_D:
assumes m: "T - S ∈ fmeasurable M" "S ∈ fmeasurable M" and sub: "S ⊆ T"
shows "T ∈ fmeasurable M"
proof -
have "T = S ∪ (T - S)"
using assms by blast
then show ?thesis
by (metis m fmeasurable.Un)
qed

lemma measure_Un2:
"A ∈ fmeasurable M ⟹ B ∈ fmeasurable M ⟹ measure M (A ∪ B) = measure M A + measure M (B - A)"
using measure_Union[of M A "B - A"] by (auto simp: fmeasurableD2 fmeasurable.Diff)

lemma measure_Un3:
assumes "A ∈ fmeasurable M" "B ∈ fmeasurable M"
shows "measure M (A ∪ B) = measure M A + measure M B - measure M (A ∩ B)"
proof -
have "measure M (A ∪ B) = measure M A + measure M (B - A)"
using assms by (rule measure_Un2)
also have "B - A = B - (A ∩ B)"
by auto
also have "measure M (B - (A ∩ B)) = measure M B - measure M (A ∩ B)"
using assms by (intro measure_Diff) (auto simp: fmeasurable_def)
finally show ?thesis
by simp
qed

lemma measure_Un_AE:
"AE x in M. x ∉ A ∨ x ∉ B ⟹ A ∈ fmeasurable M ⟹ B ∈ fmeasurable M ⟹
measure M (A ∪ B) = measure M A + measure M B"
by (subst measure_Un2) (auto intro!: measure_eq_AE)

lemma measure_UNION_AE:
assumes I: "finite I"
shows "(⋀i. i ∈ I ⟹ F i ∈ fmeasurable M) ⟹ pairwise (λi j. AE x in M. x ∉ F i ∨ x ∉ F j) I ⟹
measure M (⋃i∈I. F i) = (∑i∈I. measure M (F i))"
unfolding AE_pairwise[OF countable_finite, OF I]
using I
proof (induction I rule: finite_induct)
case (insert x I)
have "measure M (F x ∪ UNION I F) = measure M (F x) + measure M (UNION I F)"
by (rule measure_Un_AE) (use insert in ‹auto simp: pairwise_insert›)
with insert show ?case
qed simp

lemma measure_UNION':
"finite I ⟹ (⋀i. i ∈ I ⟹ F i ∈ fmeasurable M) ⟹ pairwise (λi j. disjnt (F i) (F j)) I ⟹
measure M (⋃i∈I. F i) = (∑i∈I. measure M (F i))"
by (intro measure_UNION_AE) (auto simp: disjnt_def elim!: pairwise_mono intro!: always_eventually)

lemma measure_Union_AE:
"finite F ⟹ (⋀S. S ∈ F ⟹ S ∈ fmeasurable M) ⟹ pairwise (λS T. AE x in M. x ∉ S ∨ x ∉ T) F ⟹
measure M (⋃F) = (∑S∈F. measure M S)"
using measure_UNION_AE[of F "λx. x" M] by simp

lemma measure_Union':
"finite F ⟹ (⋀S. S ∈ F ⟹ S ∈ fmeasurable M) ⟹ pairwise disjnt F ⟹ measure M (⋃F) = (∑S∈F. measure M S)"
using measure_UNION'[of F "λx. x" M] by simp

lemma measure_Un_le:
assumes "A ∈ sets M" "B ∈ sets M" shows "measure M (A ∪ B) ≤ measure M A + measure M B"
proof cases
assume "A ∈ fmeasurable M ∧ B ∈ fmeasurable M"
with measure_subadditive[of A M B] assms show ?thesis
by (auto simp: fmeasurableD2)
next
assume "¬ (A ∈ fmeasurable M ∧ B ∈ fmeasurable M)"
then have "A ∪ B ∉ fmeasurable M"
using fmeasurableI2[of "A ∪ B" M A] fmeasurableI2[of "A ∪ B" M B] assms by auto
with assms show ?thesis
by (auto simp: fmeasurable_def measure_def less_top[symmetric])
qed

lemma measure_UNION_le:
"finite I ⟹ (⋀i. i ∈ I ⟹ F i ∈ sets M) ⟹ measure M (⋃i∈I. F i) ≤ (∑i∈I. measure M (F i))"
proof (induction I rule: finite_induct)
case (insert i I)
then have "measure M (⋃i∈insert i I. F i) ≤ measure M (F i) + measure M (⋃i∈I. F i)"
by (auto intro!: measure_Un_le)
also have "measure M (⋃i∈I. F i) ≤ (∑i∈I. measure M (F i))"
using insert by auto
finally show ?case
using insert by simp
qed simp

lemma measure_Union_le:
"finite F ⟹ (⋀S. S ∈ F ⟹ S ∈ sets M) ⟹ measure M (⋃F) ≤ (∑S∈F. measure M S)"
using measure_UNION_le[of F "λx. x" M] by simp

text‹Version for indexed union over a countable set›
lemma
assumes "countable I" and I: "⋀i. i ∈ I ⟹ A i ∈ fmeasurable M"
and bound: "⋀I'. I' ⊆ I ⟹ finite I' ⟹ measure M (⋃i∈I'. A i) ≤ B"
shows fmeasurable_UN_bound: "(⋃i∈I. A i) ∈ fmeasurable M" (is ?fm)
and measure_UN_bound: "measure M (⋃i∈I. A i) ≤ B" (is ?m)
proof -
have "B ≥ 0"
using bound by force
have "?fm ∧ ?m"
proof cases
assume "I = {}"
with ‹B ≥ 0› show ?thesis
by simp
next
assume "I ≠ {}"
have "(⋃i∈I. A i) = (⋃i. (⋃n≤i. A (from_nat_into I n)))"
by (subst range_from_nat_into[symmetric, OF ‹I ≠ {}› ‹countable I›]) auto
then have "emeasure M (⋃i∈I. A i) = emeasure M (⋃i. (⋃n≤i. A (from_nat_into I n)))" by simp
also have "… = (SUP i. emeasure M (⋃n≤i. A (from_nat_into I n)))"
using I ‹I ≠ {}›[THEN from_nat_into] by (intro SUP_emeasure_incseq[symmetric]) (fastforce simp: incseq_Suc_iff)+
also have "… ≤ B"
proof (intro SUP_least)
fix i :: nat
have "emeasure M (⋃n≤i. A (from_nat_into I n)) = measure M (⋃n≤i. A (from_nat_into I n))"
using I ‹I ≠ {}›[THEN from_nat_into] by (intro emeasure_eq_measure2 fmeasurable.finite_UN) auto
also have "… = measure M (⋃n∈from_nat_into I  {..i}. A n)"
by simp
also have "… ≤ B"
by (intro ennreal_leI bound) (auto intro:  from_nat_into[OF ‹I ≠ {}›])
finally show "emeasure M (⋃n≤i. A (from_nat_into I n)) ≤ ennreal B" .
qed
finally have *: "emeasure M (⋃i∈I. A i) ≤ B" .
then have ?fm
using I ‹countable I› by (intro fmeasurableI conjI) (auto simp: less_top[symmetric] top_unique)
with * ‹0≤B› show ?thesis
qed
then show ?fm ?m by auto
qed

text‹Version for big union of a countable set›
lemma
assumes "countable 𝒟"
and meas: "⋀D. D ∈ 𝒟 ⟹ D ∈ fmeasurable M"
and bound:  "⋀ℰ. ⟦ℰ ⊆ 𝒟; finite ℰ⟧ ⟹ measure M (⋃ℰ) ≤ B"
shows fmeasurable_Union_bound: "⋃𝒟 ∈ fmeasurable M"  (is ?fm)
and measure_Union_bound: "measure M (⋃𝒟) ≤ B"     (is ?m)
proof -
have "B ≥ 0"
using bound by force
have "?fm ∧ ?m"
proof (cases "𝒟 = {}")
case True
with ‹B ≥ 0› show ?thesis
by auto
next
case False
then obtain D :: "nat ⇒ 'a set" where D: "𝒟 = range D"
using ‹countable 𝒟› uncountable_def by force
have 1: "⋀i. D i ∈ fmeasurable M"
have 2: "⋀I'. finite I' ⟹ measure M (⋃x∈I'. D x) ≤ B"
by (simp add: D bound image_subset_iff)
show ?thesis
unfolding D
by (intro conjI fmeasurable_UN_bound [OF _ 1 2] measure_UN_bound [OF _ 1 2]) auto
qed
then show ?fm ?m by auto
qed

text‹Version for indexed union over the type of naturals›
lemma
fixes S :: "nat ⇒ 'a set"
assumes S: "⋀i. S i ∈ fmeasurable M" and B: "⋀n. measure M (⋃i≤n. S i) ≤ B"
shows fmeasurable_countable_Union: "(⋃i. S i) ∈ fmeasurable M"
and measure_countable_Union_le: "measure M (⋃i. S i) ≤ B"
proof -
have mB: "measure M (⋃i∈I. S i) ≤ B" if "finite I" for I
proof -
have "(⋃i∈I. S i) ⊆ (⋃i≤Max I. S i)"
using Max_ge that by force
then have "measure M (⋃i∈I. S i) ≤ measure M (⋃i ≤ Max I. S i)"
by (rule measure_mono_fmeasurable) (use S in ‹blast+›)
then show ?thesis
using B order_trans by blast
qed
show "(⋃i. S i) ∈ fmeasurable M"
by (auto intro: fmeasurable_UN_bound [OF _ S mB])
show "measure M (⋃n. S n) ≤ B"
by (auto intro: measure_UN_bound [OF _ S mB])
qed

lemma measure_diff_le_measure_setdiff:
assumes "S ∈ fmeasurable M" "T ∈ fmeasurable M"
shows "measure M S - measure M T ≤ measure M (S - T)"
proof -
have "measure M S ≤ measure M ((S - T) ∪ T)"
by (simp add: assms fmeasurable.Un fmeasurableD measure_mono_fmeasurable)
also have "… ≤ measure M (S - T) + measure M T"
using assms by (blast intro: measure_Un_le)
finally show ?thesis
qed

lemma suminf_exist_split2:
fixes f :: "nat ⇒ 'a::real_normed_vector"
assumes "summable f"
shows "(λn. (∑k. f(k+n))) ⇢ 0"
by (subst lim_sequentially, auto simp add: dist_norm suminf_exist_split[OF _ assms])

lemma emeasure_union_summable:
assumes [measurable]: "⋀n. A n ∈ sets M"
and "⋀n. emeasure M (A n) < ∞" "summable (λn. measure M (A n))"
shows "emeasure M (⋃n. A n) < ∞" "emeasure M (⋃n. A n) ≤ (∑n. measure M (A n))"
proof -
define B where "B = (λN. (⋃n∈{..<N}. A n))"
have [measurable]: "B N ∈ sets M" for N unfolding B_def by auto
have "(λN. emeasure M (B N)) ⇢ emeasure M (⋃N. B N)"
apply (rule Lim_emeasure_incseq) unfolding B_def by (auto simp add: SUP_subset_mono incseq_def)
moreover have "emeasure M (B N) ≤ ennreal (∑n. measure M (A n))" for N
proof -
have *: "(∑n∈{..<N}. measure M (A n)) ≤ (∑n. measure M (A n))"
using assms(3) measure_nonneg sum_le_suminf by blast

have "emeasure M (B N) ≤ (∑n∈{..<N}. emeasure M (A n))"
unfolding B_def by (rule emeasure_subadditive_finite, auto)
also have "... = (∑n∈{..<N}. ennreal(measure M (A n)))"
using assms(2) by (simp add: emeasure_eq_ennreal_measure less_top)
also have "... = ennreal (∑n∈{..<N}. measure M (A n))"
by auto
also have "... ≤ ennreal (∑n. measure M (A n))"
using * by (auto simp: ennreal_leI)
finally show ?thesis by simp
qed
ultimately have "emeasure M (⋃N. B N) ≤ ennreal (∑n. measure M (A n))"
then show "emeasure M (⋃n. A n) ≤ (∑n. measure M (A n))"
unfolding B_def by (metis UN_UN_flatten UN_lessThan_UNIV)
then show "emeasure M (⋃n. A n) < ∞"
by (auto simp: less_top[symmetric] top_unique)
qed

lemma borel_cantelli_limsup1:
assumes [measurable]: "⋀n. A n ∈ sets M"
and "⋀n. emeasure M (A n) < ∞" "summable (λn. measure M (A n))"
shows "limsup A ∈ null_sets M"
proof -
have "emeasure M (limsup A) ≤ 0"
proof (rule LIMSEQ_le_const)
have "(λn. (∑k. measure M (A (k+n)))) ⇢ 0" by (rule suminf_exist_split2[OF assms(3)])
then show "(λn. ennreal (∑k. measure M (A (k+n)))) ⇢ 0"
unfolding ennreal_0[symmetric] by (intro tendsto_ennrealI)
have "emeasure M (limsup A) ≤ (∑k. measure M (A (k+n)))" for n
proof -
have I: "(⋃k∈{n..}. A k) = (⋃k. A (k+n))" by (auto, metis le_add_diff_inverse2, fastforce)
have "emeasure M (limsup A) ≤ emeasure M (⋃k∈{n..}. A k)"
by (rule emeasure_mono, auto simp add: limsup_INF_SUP)
also have "... = emeasure M (⋃k. A (k+n))"
using I by auto
also have "... ≤ (∑k. measure M (A (k+n)))"
apply (rule emeasure_union_summable)
using assms summable_ignore_initial_segment[OF assms(3), of n] by auto
finally show ?thesis by simp
qed
then show "∃N. ∀n≥N. emeasure M (limsup A) ≤ (∑k. measure M (A (k+n)))"
by auto
qed
then show ?thesis using assms(1) measurable_limsup by auto
qed

lemma borel_cantelli_AE1:
assumes [measurable]: "⋀n. A n ∈ sets M"
and "⋀n. emeasure M (A n) < ∞" "summable (λn. measure M (A n))"
shows "AE x in M. eventually (λn. x ∈ space M - A n) sequentially"
proof -
have "AE x in M. x ∉ limsup A"
using borel_cantelli_limsup1[OF assms] unfolding eventually_ae_filter by auto
moreover
{
fix x assume "x ∉ limsup A"
then obtain N where "x ∉ (⋃n∈{N..}. A n)" unfolding limsup_INF_SUP by blast
then have "eventually (λn. x ∉ A n) sequentially" using eventually_sequentially by auto
}
ultimately show ?thesis by auto
qed

subsection ‹Measure spaces with @{term "emeasure M (space M) < ∞"}›

locale%important finite_measure = sigma_finite_measure M for M +
assumes finite_emeasure_space: "emeasure M (space M) ≠ top"

lemma finite_measureI[Pure.intro!]:
"emeasure M (space M) ≠ ∞ ⟹ finite_measure M"
proof qed (auto intro!: exI[of _ "{space M}"])

lemma (in finite_measure) emeasure_finite[simp, intro]: "emeasure M A ≠ top"
using finite_emeasure_space emeasure_space[of M A] by (auto simp: top_unique)

lemma (in finite_measure) fmeasurable_eq_sets: "fmeasurable M = sets M"
by (auto simp: fmeasurable_def less_top[symmetric])

lemma (in finite_measure) emeasure_eq_measure: "emeasure M A = ennreal (measure M A)"
by (intro emeasure_eq_ennreal_measure) simp

lemma (in finite_measure) emeasure_real: "∃r. 0 ≤ r ∧ emeasure M A = ennreal r"
using emeasure_finite[of A] by (cases "emeasure M A" rule: ennreal_cases) auto

lemma (in finite_measure) bounded_measure: "measure M A ≤ measure M (space M)"
using emeasure_space[of M A] emeasure_real[of A] emeasure_real[of "space M"] by (auto simp: measure_def)

lemma (in finite_measure) finite_measure_Diff:
assumes sets: "A ∈ sets M" "B ∈ sets M" and "B ⊆ A"
shows "measure M (A - B) = measure M A - measure M B"
using measure_Diff[OF _ assms] by simp

lemma (in finite_measure) finite_measure_Union:
assumes sets: "A ∈ sets M" "B ∈ sets M" and "A ∩ B = {}"
shows "measure M (A ∪ B) = measure M A + measure M B"
using measure_Union[OF _ _ assms] by simp

lemma (in finite_measure) finite_measure_finite_Union:
assumes measurable: "finite S" "AS ⊆ sets M" "disjoint_family_on A S"
shows "measure M (⋃i∈S. A i) = (∑i∈S. measure M (A i))"
using measure_finite_Union[OF assms] by simp

lemma (in finite_measure) finite_measure_UNION:
assumes A: "range A ⊆ sets M" "disjoint_family A"
shows "(λi. measure M (A i)) sums (measure M (⋃i. A i))"
using measure_UNION[OF A] by simp

lemma (in finite_measure) finite_measure_mono:
assumes "A ⊆ B" "B ∈ sets M" shows "measure M A ≤ measure M B"
using emeasure_mono[OF assms] emeasure_real[of A] emeasure_real[of B] by (auto simp: measure_def)

assumes m: "A ∈ sets M" "B ∈ sets M"
shows "measure M (A ∪ B) ≤ measure M A + measure M B"

assumes "finite I" "AI ⊆ sets M" shows "measure M (⋃i∈I. A i) ≤ (∑i∈I. measure M (A i))"

"range A ⊆ sets M ⟹ summable (λi. measure M (A i)) ⟹ measure M (⋃i. A i) ≤ (∑i. measure M (A i))"

lemma (in finite_measure) finite_measure_eq_sum_singleton:
assumes "finite S" and *: "⋀x. x ∈ S ⟹ {x} ∈ sets M"
shows "measure M S = (∑x∈S. measure M {x})"
using measure_eq_sum_singleton[OF assms] by simp

lemma (in finite_measure) finite_Lim_measure_incseq:
assumes A: "range A ⊆ sets M" "incseq A"
shows "(λi. measure M (A i)) ⇢ measure M (⋃i. A i)"
using Lim_measure_incseq[OF A] by simp

lemma (in finite_measure) finite_Lim_measure_decseq:
assumes A: "range A ⊆ sets M" "decseq A"
shows "(λn. measure M (A n)) ⇢ measure M (⋂i. A i)"
using Lim_measure_decseq[OF A] by simp

lemma (in finite_measure) finite_measure_compl:
assumes S: "S ∈ sets M"
shows "measure M (space M - S) = measure M (space M) - measure M S"
using measure_Diff[OF _ sets.top S sets.sets_into_space] S by simp

lemma (in finite_measure) finite_measure_mono_AE:
assumes imp: "AE x in M. x ∈ A ⟶ x ∈ B" and B: "B ∈ sets M"
shows "measure M A ≤ measure M B"
using assms emeasure_mono_AE[OF imp B]

lemma (in finite_measure) finite_measure_eq_AE:
assumes iff: "AE x in M. x ∈ A ⟷ x ∈ B"
assumes A: "A ∈ sets M" and B: "B ∈ sets M"
shows "measure M A = measure M B"
using assms emeasure_eq_AE[OF assms] by (simp add: emeasure_eq_measure)

lemma (in finite_measure) measure_increasing: "increasing M (measure M)"
by (auto intro!: finite_measure_mono simp: increasing_def)

lemma (in finite_measure) measure_zero_union:
assumes "s ∈ sets M" "t ∈ sets M" "measure M t = 0"
shows "measure M (s ∪ t) = measure M s"
using assms
proof -
have "measure M (s ∪ t) ≤ measure M s"
using finite_measure_subadditive[of s t] assms by auto
moreover have "measure M (s ∪ t) ≥ measure M s"
using assms by (blast intro: finite_measure_mono)
ultimately show ?thesis by simp
qed

lemma (in finite_measure) measure_eq_compl:
assumes "s ∈ sets M" "t ∈ sets M"
assumes "measure M (space M - s) = measure M (space M - t)"
shows "measure M s = measure M t"
using assms finite_measure_compl by auto

lemma (in finite_measure) measure_eq_bigunion_image:
assumes "range f ⊆ sets M" "range g ⊆ sets M"
assumes "disjoint_family f" "disjoint_family g"
assumes "⋀ n :: nat. measure M (f n) = measure M (g n)"
shows "measure M (⋃i. f i) = measure M (⋃i. g i)"
using assms
proof -
have a: "(λ i. measure M (f i)) sums (measure M (⋃i. f i))"
by (rule finite_measure_UNION[OF assms(1,3)])
have b: "(λ i. measure M (g i)) sums (measure M (⋃i. g i))"
by (rule finite_measure_UNION[OF assms(2,4)])
show ?thesis using sums_unique[OF b] sums_unique[OF a] assms by simp
qed

lemma (in finite_measure) measure_countably_zero:
assumes "range c ⊆ sets M"
assumes "⋀ i. measure M (c i) = 0"
shows "measure M (⋃i :: nat. c i) = 0"
proof (rule antisym)
show "measure M (⋃i :: nat. c i) ≤ 0"
qed simp

lemma (in finite_measure) measure_space_inter:
assumes events:"s ∈ sets M" "t ∈ sets M"
assumes "measure M t = measure M (space M)"
shows "measure M (s ∩ t) = measure M s"
proof -
have "measure M ((space M - s) ∪ (space M - t)) = measure M (space M - s)"
using events assms finite_measure_compl[of "t"] by (auto intro!: measure_zero_union)
also have "(space M - s) ∪ (space M - t) = space M - (s ∩ t)"
by blast
finally show "measure M (s ∩ t) = measure M s"
using events by (auto intro!: measure_eq_compl[of "s ∩ t" s])
qed

lemma (in finite_measure) measure_equiprobable_finite_unions:
assumes s: "finite s" "⋀x. x ∈ s ⟹ {x} ∈ sets M"
assumes "⋀ x y. ⟦x ∈ s; y ∈ s⟧ ⟹ measure M {x} = measure M {y}"
shows "measure M s = real (card s) * measure M {SOME x. x ∈ s}"
proof cases
assume "s ≠ {}"
then have "∃ x. x ∈ s" by blast
from someI_ex[OF this] assms
have prob_some: "⋀ x. x ∈ s ⟹ measure M {x} = measure M {SOME y. y ∈ s}" by blast
have "measure M s = (∑ x ∈ s. measure M {x})"
using finite_measure_eq_sum_singleton[OF s] by simp
also have "… = (∑ x ∈ s. measure M {SOME y. y ∈ s})" using prob_some by auto
also have "… = real (card s) * measure M {(SOME x. x ∈ s)}"
using sum_constant assms by simp
finally show ?thesis by simp
qed simp

lemma (in finite_measure) measure_real_sum_image_fn:
assumes "e ∈ sets M"
assumes "⋀ x. x ∈ s ⟹ e ∩ f x ∈ sets M"
assumes "finite s"
assumes disjoint: "⋀ x y. ⟦x ∈ s ; y ∈ s ; x ≠ y⟧ ⟹ f x ∩ f y = {}"
assumes upper: "space M ⊆ (⋃i ∈ s. f i)"
shows "measure M e = (∑ x ∈ s. measure M (e ∩ f x))"
proof -
have "e ⊆ (⋃i∈s. f i)"
using ‹e ∈ sets M› sets.sets_into_space upper by blast
then have e: "e = (⋃i ∈ s. e ∩ f i)"
by auto
hence "measure M e = measure M (⋃i ∈ s. e ∩ f i)" by simp
also have "… = (∑ x ∈ s. measure M (e ∩ f x))"
proof (rule finite_measure_finite_Union)
show "finite s" by fact
show "(λi. e ∩ f i)s ⊆ sets M" using assms(2) by auto
show "disjoint_family_on (λi. e ∩ f i) s"
using disjoint by (auto simp: disjoint_family_on_def)
qed
finally show ?thesis .
qed

lemma (in finite_measure) measure_exclude:
assumes "A ∈ sets M" "B ∈ sets M"
assumes "measure M A = measure M (space M)" "A ∩ B = {}"
shows "measure M B = 0"
using measure_space_inter[of B A] assms by (auto simp: ac_simps)
lemma (in finite_measure) finite_measure_distr:
assumes f: "f ∈ measurable M M'"
shows "finite_measure (distr M M' f)"
proof (rule finite_measureI)
have "f - space M' ∩ space M = space M" using f by (auto dest: measurable_space)
with f show "emeasure (distr M M' f) (space (distr M M' f)) ≠ ∞" by (auto simp: emeasure_distr)
qed

lemma emeasure_gfp[consumes 1, case_names cont measurable]:
assumes sets[simp]: "⋀s. sets (M s) = sets N"
assumes "⋀s. finite_measure (M s)"
assumes cont: "inf_continuous F" "inf_continuous f"
assumes meas: "⋀P. Measurable.pred N P ⟹ Measurable.pred N (F P)"
assumes iter: "⋀P s. Measurable.pred N P ⟹ emeasure (M s) {x∈space N. F P x} = f (λs. emeasure (M s) {x∈space N. P x}) s"
assumes bound: "⋀P. f P ≤ f (λs. emeasure (M s) (space (M s)))"
shows "emeasure (M s) {x∈space N. gfp F x} = gfp f s"
proof (subst gfp_transfer_bounded[where α="λF s. emeasure (M s) {x∈space N. F x}" and g=f and f=F and
P="Measurable.pred N", symmetric])
interpret finite_measure "M s" for s by fact
fix C assume "decseq C" "⋀i. Measurable.pred N (C i)"
then show "(λs. emeasure (M s) {x ∈ space N. (INF i. C i) x}) = (INF i. (λs. emeasure (M s) {x ∈ space N. C i x}))"
unfolding INF_apply[abs_def]
by (subst INF_emeasure_decseq) (auto simp: antimono_def fun_eq_iff intro!: arg_cong2[where f=emeasure])
next
show "f x ≤ (λs. emeasure (M s) {x ∈ space N. F top x})" for x
using bound[of x] sets_eq_imp_space_eq[OF sets] by (simp add: iter)
qed (auto simp add: iter le_fun_def INF_apply[abs_def] intro!: meas cont)

subsection%unimportant ‹Counting space›

lemma strict_monoI_Suc:
assumes ord [simp]: "(⋀n. f n < f (Suc n))" shows "strict_mono f"
unfolding strict_mono_def
proof safe
fix n m :: nat assume "n < m" then show "f n < f m"
by (induct m) (auto simp: less_Suc_eq intro: less_trans ord)
qed

lemma emeasure_count_space:
assumes "X ⊆ A" shows "emeasure (count_space A) X = (if finite X then of_nat (card X) else ∞)"
(is "_ = ?M X")
unfolding count_space_def
proof (rule emeasure_measure_of_sigma)
show "X ∈ Pow A" using ‹X ⊆ A› by auto
show "sigma_algebra A (Pow A)" by (rule sigma_algebra_Pow)
show positive: "positive (Pow A) ?M"
by (auto simp: positive_def)

interpret ring_of_sets A "Pow A"
by (rule ring_of_setsI) auto
proof safe
fix F :: "nat ⇒ 'a set" assume "incseq F"
show "(λi. ?M (F i)) ⇢ ?M (⋃i. F i)"
proof cases
assume "∃i. ∀j≥i. F i = F j"
then guess i .. note i = this
{ fix j from i ‹incseq F› have "F j ⊆ F i"
by (cases "i ≤ j") (auto simp: incseq_def) }
then have eq: "(⋃i. F i) = F i"
by auto
with i show ?thesis
by (auto intro!: Lim_transform_eventually[OF _ tendsto_const] eventually_sequentiallyI[where c=i])
next
assume "¬ (∃i. ∀j≥i. F i = F j)"
then obtain f where f: "⋀i. i ≤ f i" "⋀i. F i ≠ F (f i)" by metis
then have "⋀i. F i ⊆ F (f i)" using ‹incseq F› by (auto simp: incseq_def)
with f have *: "⋀i. F i ⊂ F (f i)" by auto

have "incseq (λi. ?M (F i))"
using ‹incseq F› unfolding incseq_def by (auto simp: card_mono dest: finite_subset)
then have "(λi. ?M (F i)) ⇢ (SUP n. ?M (F n))"
by (rule LIMSEQ_SUP)

moreover have "(SUP n. ?M (F n)) = top"
proof (rule ennreal_SUP_eq_top)
fix n :: nat show "∃k::nat∈UNIV. of_nat n ≤ ?M (F k)"
proof (induct n)
case (Suc n)
then guess k .. note k = this
moreover have "finite (F k) ⟹ finite (F (f k)) ⟹ card (F k) < card (F (f k))"
using ‹F k ⊂ F (f k)› by (simp add: psubset_card_mono)
moreover have "finite (F (f k)) ⟹ finite (F k)"
using ‹k ≤ f k› ‹incseq F› by (auto simp: incseq_def dest: finite_subset)
ultimately show ?case
by (auto intro!: exI[of _ "f k"] simp del: of_nat_Suc)
qed auto
qed

moreover
have "inj (λn. F ((f ^^ n) 0))"
by (intro strict_mono_imp_inj_on strict_monoI_Suc) (simp add: *)
then have 1: "infinite (range (λi. F ((f ^^ i) 0)))"
by (rule range_inj_infinite)
have "infinite (Pow (⋃i. F i))"
by (rule infinite_super[OF _ 1]) auto
then have "infinite (⋃i. F i)"
by auto

ultimately show ?thesis by auto
qed
qed
qed

lemma distr_bij_count_space:
assumes f: "bij_betw f A B"
shows "distr (count_space A) (count_space B) f = count_space B"
proof (rule measure_eqI)
have f': "f ∈ measurable (count_space A) (count_space B)"
using f unfolding Pi_def bij_betw_def by auto
fix X assume "X ∈ sets (distr (count_space A) (count_space B) f)"
then have X: "X ∈ sets (count_space B)" by auto
moreover from X have "f - X ∩ A = the_inv_into A f  X"
using f by (auto simp: bij_betw_def subset_image_iff image_iff the_inv_into_f_f intro: the_inv_into_f_f[symmetric])
moreover have "inj_on (the_inv_into A f) B"
using X f by (auto simp: bij_betw_def inj_on_the_inv_into)
with X have "inj_on (the_inv_into A f) X"
by (auto intro: subset_inj_on)
ultimately show "emeasure (distr (count_space A) (count_space B) f) X = emeasure (count_space B) X"
using f unfolding emeasure_distr[OF f' X]
by (subst (1 2) emeasure_count_space) (auto simp: card_image dest: finite_imageD)
qed simp

lemma emeasure_count_space_finite[simp]:
"X ⊆ A ⟹ finite X ⟹ emeasure (count_space A) X = of_nat (card X)"
using emeasure_count_space[of X A] by simp

lemma emeasure_count_space_infinite[simp]:
"X ⊆ A ⟹ infinite X ⟹ emeasure (count_space A) X = ∞"
using emeasure_count_space[of X A] by simp

lemma measure_count_space: "measure (count_space A) X = (if X ⊆ A then of_nat (card X) else 0)"
by (cases "finite X") (auto simp: measure_notin_sets ennreal_of_nat_eq_real_of_nat
measure_zero_top measure_eq_emeasure_eq_ennreal)

lemma emeasure_count_space_eq_0:
"emeasure (count_space A) X = 0 ⟷ (X ⊆ A ⟶ X = {})"
proof cases
assume X: "X ⊆ A"
then show ?thesis
proof (intro iffI impI)
assume "emeasure (count_space A) X = 0"
with X show "X = {}"
by (subst (asm) emeasure_count_space) (auto split: if_split_asm)
qed simp

lemma null_sets_count_space: "null_sets (count_space A) = { {} }"
unfolding null_sets_def by (auto simp add: emeasure_count_space_eq_0)

lemma AE_count_space: "(AE x in count_space A. P x) ⟷ (∀x∈A. P x)"
unfolding eventually_ae_filter by (auto simp add: null_sets_count_space)

lemma sigma_finite_measure_count_space_countable:
assumes A: "countable A"
shows "sigma_finite_measure (count_space A)"
proof qed (insert A, auto intro!: exI[of _ "(λa. {a})  A"])

lemma sigma_finite_measure_count_space:
fixes A :: "'a::countable set" shows "sigma_finite_measure (count_space A)"
by (rule sigma_finite_measure_count_space_countable) auto

lemma finite_measure_count_space:
assumes [simp]: "finite A"
shows "finite_measure (count_space A)"
by rule simp

lemma sigma_finite_measure_count_space_finite:
assumes A: "finite A" shows "sigma_finite_measure (count_space A)"
proof -
interpret finite_measure "count_space A" using A by (rule finite_measure_count_space)
show "sigma_finite_measure (count_space A)" ..
qed

subsection%unimportant ‹Measure restricted to space›

lemma emeasure_restrict_space:
assumes "Ω ∩ space M ∈ sets M" "A ⊆ Ω"
shows "emeasure (restrict_space M Ω) A = emeasure M A"
proof (cases "A ∈ sets M")
case True
show ?thesis
proof (rule emeasure_measure_of[OF restrict_space_def])
show "(∩) Ω  sets M ⊆ Pow (Ω ∩ space M)" "A ∈ sets (restrict_space M Ω)"
using ‹A ⊆ Ω› ‹A ∈ sets M› sets.space_closed by (auto simp: sets_restrict_space)
show "positive (sets (restrict_space M Ω)) (emeasure M)"
by (auto simp: positive_def)
show "countably_additive (sets (restrict_space M Ω)) (emeasure M)"
fix A :: "nat ⇒ _" assume "range A ⊆ sets (restrict_space M Ω)" "disjoint_family A"
with assms have "⋀i. A i ∈ sets M" "⋀i. A i ⊆ space M" "disjoint_family A"
by (fastforce simp: sets_restrict_space_iff[OF assms(1)] image_subset_iff
dest: sets.sets_into_space)+
then show "(∑i. emeasure M (A i)) = emeasure M (⋃i. A i)"
by (subst suminf_emeasure) (auto simp: disjoint_family_subset)
qed
qed
next
case False
with assms have "A ∉ sets (restrict_space M Ω)"
with False show ?thesis
qed

lemma measure_restrict_space:
assumes "Ω ∩ space M ∈ sets M" "A ⊆ Ω"
shows "measure (restrict_space M Ω) A = measure M A"
using emeasure_restrict_space[OF assms] by (simp add: measure_def)

lemma AE_restrict_space_iff:
assumes "Ω ∩ space M ∈ sets M"
shows "(AE x in restrict_space M Ω. P x) ⟷ (AE x in M. x ∈ Ω ⟶ P x)"
proof -
have ex_cong: "⋀P Q f. (⋀x. P x ⟹ Q x) ⟹ (⋀x. Q x ⟹ P (f x)) ⟹ (∃x. P x) ⟷ (∃x. Q x)"
by auto
{ fix X assume X: "X ∈ sets M" "emeasure M X = 0"
then have "emeasure M (Ω ∩ space M ∩ X) ≤ emeasure M X"
by (intro emeasure_mono) auto
then have "emeasure M (Ω ∩ space M ∩ X) = 0"
using X by (auto intro!: antisym) }
with assms show ?thesis
unfolding eventually_ae_filter
by (auto simp add: space_restrict_space null_sets_def sets_restrict_space_iff
emeasure_restrict_space cong: conj_cong
intro!: ex_cong[where f="λX. (Ω ∩ space M) ∩ X"])
qed

lemma restrict_restrict_space:
assumes "A ∩ space M ∈ sets M" "B ∩ space M ∈ sets M"
shows "restrict_space (restrict_space M A) B = restrict_space M (A ∩ B)" (is "?l = ?r")
proof (rule measure_eqI[symmetric])
show "sets ?r = sets ?l"
unfolding sets_restrict_space image_comp by (intro image_cong) auto
next
fix X assume "X ∈ sets (restrict_space M (A ∩ B))"
then obtain Y where "Y ∈ sets M" "X = Y ∩ A ∩ B"
by (auto simp: sets_restrict_space)
with assms sets.Int[OF assms] show "emeasure ?r X = emeasure ?l X"
by (subst (1 2) emeasure_restrict_space)
(auto simp: space_restrict_space sets_restrict_space_iff emeasure_restrict_space ac_simps)
qed

lemma restrict_count_space: "restrict_space (count_space B) A = count_space (A ∩ B)"
proof (rule measure_eqI)
show "sets (restrict_space (count_space B) A) = sets (count_space (A ∩ B))"
by (subst sets_restrict_space) auto
moreover fix X assume "X ∈ sets (restrict_space (count_space B) A)"
ultimately have "X ⊆ A ∩ B" by auto
then show "emeasure (restrict_space (count_space B) A) X = emeasure (count_space (A ∩ B)) X"
by (cases "finite X") (auto simp add: emeasure_restrict_space)
qed

lemma sigma_finite_measure_restrict_space:
assumes "sigma_finite_measure M"
and A: "A ∈ sets M"
shows "sigma_finite_measure (restrict_space M A)"
proof -
interpret sigma_finite_measure M by fact
from sigma_finite_countable obtain C
where C: "countable C" "C ⊆ sets M" "(⋃C) = space M" "∀a∈C. emeasure M a ≠ ∞"
by blast
let ?C = "(∩) A  C"
from C have "countable ?C" "?C ⊆ sets (restrict_space M A)" "(⋃?C) = space (restrict_space M A)"
moreover {
fix a
assume "a ∈ ?C"
then obtain a' where "a = A ∩ a'" "a' ∈ C" ..
then have "emeasure (restrict_space M A) a ≤ emeasure M a'"
using A C by(auto simp add: emeasure_restrict_space intro: emeasure_mono)
also have "… < ∞" using C(4)[rule_format, of a'] ‹a' ∈ C› by (simp add: less_top)
finally have "emeasure (restrict_space M A) a ≠ ∞" by simp }
ultimately show ?thesis
by unfold_locales (rule exI conjI|assumption|blast)+
qed

lemma finite_measure_restrict_space:
assumes "finite_measure M"
and A: "A ∈ sets M"
shows "finite_measure (restrict_space M A)"
proof -
interpret finite_measure M by fact
show ?thesis
by(rule finite_measureI)(simp add: emeasure_restrict_space A space_restrict_space)
qed

lemma restrict_distr:
assumes [measurable]: "f ∈ measurable M N"
assumes [simp]: "Ω ∩ space N ∈ sets N" and restrict: "f ∈ space M → Ω"
shows "restrict_space (distr M N f) Ω = distr M (restrict_space N Ω) f"
(is "?l = ?r")
proof (rule measure_eqI)
fix A assume "A ∈ sets (restrict_space (distr M N f) Ω)"
with restrict show "emeasure ?l A = emeasure ?r A"
by (subst emeasure_distr)
(auto simp: sets_restrict_space_iff emeasure_restrict_space emeasure_distr
intro!: measurable_restrict_space2)

lemma measure_eqI_restrict_generator:
assumes E: "Int_stable E" "E ⊆ Pow Ω" "⋀X. X ∈ E ⟹ emeasure M X = emeasure N X"
assumes sets_eq: "sets M = sets N" and Ω: "Ω ∈ sets M"
assumes "sets (restrict_space M Ω) = sigma_sets Ω E"
assumes "sets (restrict_space N Ω) = sigma_sets Ω E"
assumes ae: "AE x in M. x ∈ Ω" "AE x in N. x ∈ Ω"
assumes A: "countable A" "A ≠ {}" "A ⊆ E" "⋃A = Ω" "⋀a. a ∈ A ⟹ emeasure M a ≠ ∞"
shows "M = N"
proof (rule measure_eqI)
fix X assume X: "X ∈ sets M"
then have "emeasure M X = emeasure (restrict_space M Ω) (X ∩ Ω)"
using ae Ω by (auto simp add: emeasure_restrict_space intro!: emeasure_eq_AE)
also have "restrict_space M Ω = restrict_space N Ω"
proof (rule measure_eqI_generator_eq)
fix X assume "X ∈ E"
then show "emeasure (restrict_space M Ω) X = emeasure (restrict_space N Ω) X"
using E Ω by (subst (1 2) emeasure_restrict_space) (auto simp: sets_eq sets_eq[THEN sets_eq_imp_space_eq])
next
show "range (from_nat_into A) ⊆ E" "(⋃i. from_nat_into A i) = Ω"
using A by (auto cong del: strong_SUP_cong)
next
fix i
have "emeasure (restrict_space M Ω) (from_nat_into A i) = emeasure M (from_nat_into A i)"
using A Ω by (subst emeasure_restrict_space)
(auto simp: sets_eq sets_eq[THEN sets_eq_imp_space_eq] intro: from_nat_into)
with A show "emeasure (restrict_space M Ω) (from_nat_into A i) ≠ ∞"
by (auto intro: from_nat_into)
qed fact+
also have "emeasure (restrict_space N Ω) (X ∩ Ω) = emeasure N X"
using X ae Ω by (auto simp add: emeasure_restrict_space sets_eq intro!: emeasure_eq_AE)
finally show "emeasure M X = emeasure N X" .
qed fact

subsection%unimportant ‹Null measure›

definition "null_measure M = sigma (space M) (sets M)"

lemma space_null_measure[simp]: "space (null_measure M) = space M"

lemma sets_null_measure[simp, measurable_cong]: "sets (null_measure M) = sets M"

lemma emeasure_null_measure[simp]: "emeasure (null_measure M) X = 0"
by (cases "X ∈ sets M", rule emeasure_measure_of)
(auto simp: positive_def countably_additive_def emeasure_notin_sets null_measure_def
dest: sets.sets_into_space)

lemma measure_null_measure[simp]: "measure (null_measure M) X = 0"
by (intro measure_eq_emeasure_eq_ennreal) auto

lemma null_measure_idem [simp]: "null_measure (null_measure M) = null_measure M"
by(rule measure_eqI) simp_all

subsection ‹Scaling a measure›

definition%important scale_measure :: "ennreal ⇒ 'a measure ⇒ 'a measure"
where
"scale_measure r M = measure_of (space M) (sets M) (λA. r * emeasure M A)"

lemma space_scale_measure: "space (scale_measure r M) = space M"

lemma sets_scale_measure [simp, measurable_cong]: "sets (scale_measure r M) = sets M"

lemma emeasure_scale_measure [simp]:
"emeasure (scale_measure r M) A = r * emeasure M A"
(is "_ = ?μ A")
proof(cases "A ∈ sets M")
case True
show ?thesis unfolding scale_measure_def
proof(rule emeasure_measure_of_sigma)
show "sigma_algebra (space M) (sets M)" ..
show "positive (sets M) ?μ" by (simp add: positive_def)
fix A :: "nat ⇒ _"  assume *: "range A ⊆ sets M" "disjoint_family A"
have "(∑i. ?μ (A i)) = r * (∑i. emeasure M (A i))"
by simp
also have "… = ?μ (⋃i. A i)" using * by(simp add: suminf_emeasure)
finally show "(∑i. ?μ (A i)) = ?μ (⋃i. A i)" .
qed
qed(fact True)

lemma scale_measure_1 [simp]: "scale_measure 1 M = M"
by(rule measure_eqI) simp_all

lemma scale_measure_0[simp]: "scale_measure 0 M = null_measure M"
by(rule measure_eqI) simp_all

lemma measure_scale_measure [simp]: "0 ≤ r ⟹ measure (scale_measure r M) A = r * measure M A"
using emeasure_scale_measure[of r M A]
emeasure_eq_ennreal_measure[of M A]
measure_eq_emeasure_eq_ennreal[of _ "scale_measure r M" A]
by (cases "emeasure (scale_measure r M) A = top")
(auto simp del: emeasure_scale_measure
simp: ennreal_top_eq_mult_iff ennreal_mult_eq_top_iff measure_zero_top ennreal_mult[symmetric])

lemma scale_scale_measure [simp]:
"scale_measure r (scale_measure r' M) = scale_measure (r * r') M"
by (rule measure_eqI) (simp_all add: max_def mult.assoc)

lemma scale_null_measure [simp]: "scale_measure r (null_measure M) = null_measure M"
by (rule measure_eqI) simp_all

subsection ‹Complete lattice structure on measures›

lemma (in finite_measure) finite_measure_Diff':
"A ∈ sets M ⟹ B ∈ sets M ⟹ measure M (A - B) = measure M A - measure M (A ∩ B)"
using finite_measure_Diff[of A "A ∩ B"] by (auto simp: Diff_Int)

lemma (in finite_measure) finite_measure_Union':
"A ∈ sets M ⟹ B ∈ sets M ⟹ measure M (A ∪ B) = measure M A + measure M (B - A)"
using finite_measure_Union[of A "B - A"] by auto

lemma finite_unsigned_Hahn_decomposition:
assumes "finite_measure M" "finite_measure N" and [simp]: "sets N = sets M"
shows "∃Y∈sets M. (∀X∈sets M. X ⊆ Y ⟶ N X ≤ M X) ∧ (∀X∈sets M. X ∩ Y = {} ⟶ M X ≤ N X)"
proof -
interpret M: finite_measure M by fact
interpret N: finite_measure N by fact

define d where "d X = measure M X - measure N X" for X

have [intro]: "bdd_above (dsets M)"
using sets.sets_into_space[of _ M]
by (intro bdd_aboveI[where M="measure M (space M)"])
(auto simp: d_def field_simps subset_eq intro!: add_increasing M.finite_measure_mono)

define γ where "γ = (SUP X:sets M. d X)"
have le_γ[intro]: "X ∈ sets M ⟹ d X ≤ γ" for X
by (auto simp: γ_def intro!: cSUP_upper)

have "∃f. ∀n. f n ∈ sets M ∧ d (f n) > γ - 1 / 2^n"
proof (intro choice_iff[THEN iffD1] allI)
fix n
have "∃X∈sets M. γ - 1 / 2^n < d X"
unfolding γ_def by (intro less_cSUP_iff[THEN iffD1]) auto
then show "∃y. y ∈ sets M ∧ γ - 1 / 2 ^ n < d y"
by auto
qed
then obtain E where [measurable]: "E n ∈ sets M" and E: "d (E n) > γ - 1 / 2^n" for n
by auto

define F where "F m n = (if m ≤ n then ⋂i∈{m..n}. E i else space M)" for m n

have [measurable]: "m ≤ n ⟹ F m n ∈ sets M" for m n
by (auto simp: F_def)

have 1: "γ - 2 / 2 ^ m + 1 / 2 ^ n ≤ d (F m n)" if "m ≤ n" for m n
using that
proof (induct rule: dec_induct)
case base with E[of m] show ?case
next
case (step i)
have F_Suc: "F m (Suc i) = F m i ∩ E (Suc i)"
using ‹m ≤ i› by (auto simp: F_def le_Suc_eq)

have "γ + (γ - 2 / 2^m + 1 / 2 ^ Suc i) ≤ (γ - 1 / 2^Suc i) + (γ - 2 / 2^m + 1 / 2^i)"
also have "… ≤ d (E (Suc i)) + d (F m i)"
using E[of "Suc i"] by (intro add_mono step) auto
also have "… = d (E (Suc i)) + d (F m i - E (Suc i)) + d (F m (Suc i))"
using ‹m ≤ i› by (simp add: d_def field_simps F_Suc M.finite_measure_Diff' N.finite_measure_Diff')
also have "… = d (E (Suc i) ∪ F m i) + d (F m (Suc i))"
using ‹m ≤ i› by (simp add: d_def field_simps M.finite_measure_Union' N.finite_measure_Union')
also have "… ≤ γ + d (F m (Suc i))"
using ‹m ≤ i› by auto
finally show ?case
by auto
qed

define F' where "F' m = (⋂i∈{m..}. E i)" for m
have F'_eq: "F' m = (⋂i. F m (i + m))" for m
by (fastforce simp: le_iff_add[of m] F'_def F_def)

have [measurable]: "F' m ∈ sets M" for m
by (auto simp: F'_def)

have γ_le: "γ - 0 ≤ d (⋃m. F' m)"
proof (rule LIMSEQ_le)
show "(λn. γ - 2 / 2 ^ n) ⇢ γ - 0"
by (intro tendsto_intros LIMSEQ_divide_realpow_zero) auto
have "incseq F'"
by (auto simp: incseq_def F'_def)
then show "(λm. d (F' m)) ⇢ d (⋃m. F' m)"
unfolding d_def
by (intro tendsto_diff M.finite_Lim_measure_incseq N.finite_Lim_measure_incseq) auto

have "γ - 2 / 2 ^ m + 0 ≤ d (F' m)" for m
proof (rule LIMSEQ_le)
have *: "decseq (λn. F m (n + m))"
by (auto simp: decseq_def F_def)
show "(λn. d (F m n)) ⇢ d (F' m)"
unfolding d_def F'_eq
by (rule LIMSEQ_offset[where k=m])
(auto intro!: tendsto_diff M.finite_Lim_measure_decseq N.finite_Lim_measure_decseq *)
show "(λn. γ - 2 / 2 ^ m + 1 / 2 ^ n) ⇢ γ - 2 / 2 ^ m + 0"
by (intro tendsto_add LIMSEQ_divide_realpow_zero tendsto_const) auto
show "∃N. ∀n≥N. γ - 2 / 2 ^ m + 1 / 2 ^ n ≤ d (F m n)"
using 1[of m] by (intro exI[of _ m]) auto
qed
then show "∃N. ∀n≥N. γ - 2 / 2 ^ n ≤ d (F' n)"
by auto
qed

show ?thesis
proof (safe intro!: bexI[of _ "⋃m. F' m"])
fix X assume [measurable]: "X ∈ sets M" and X: "X ⊆ (⋃m. F' m)"
have "d (⋃m. F' m) - d X = d ((⋃m. F' m) - X)"
using X by (auto simp: d_def M.finite_measure_Diff N.finite_measure_Diff)
also have "… ≤ γ"
by auto
finally have "0 ≤ d X"
using γ_le by auto
then show "emeasure N X ≤ emeasure M X"
by (auto simp: d_def M.emeasure_eq_measure N.emeasure_eq_measure)
next
fix X assume [measurable]: "X ∈ sets M" and X: "X ∩ (⋃m. F' m) = {}"
then have "d (⋃m. F' m) + d X = d (X ∪ (⋃m. F' m))"
by (auto simp: d_def M.finite_measure_Union N.finite_measure_Union)
also have "… ≤ γ"
by auto
finally have "d X ≤ 0"
using γ_le by auto
then show "emeasure M X ≤ emeasure N X"
by (auto simp: d_def M.emeasure_eq_measure N.emeasure_eq_measure)
qed auto
qed

proposition unsigned_Hahn_decomposition:
assumes [simp]: "sets N = sets M" and [measurable]: "A ∈ sets M"
and [simp]: "emeasure M A ≠ top" "emeasure N A ≠ top"
shows "∃Y∈sets M. Y ⊆ A ∧ (∀X∈sets M. X ⊆ Y ⟶ N X ≤ M X) ∧ (∀X∈sets M. X ⊆ A ⟶ X ∩ Y = {} ⟶ M X ≤ N X)"
proof -
have "∃Y∈sets (restrict_space M A).
(∀X∈sets (restrict_space M A). X ⊆ Y ⟶ (restrict_space N A) X ≤ (restrict_space M A) X) ∧
(∀X∈sets (restrict_space M A). X ∩ Y = {} ⟶ (restrict_space M A) X ≤ (restrict_space N A) X)"
proof (rule finite_unsigned_Hahn_decomposition)
show "finite_measure (restrict_space M A)" "finite_measure (restrict_space N A)"
by (auto simp: space_restrict_space emeasure_restrict_space less_top intro!: finite_measureI)
then guess Y ..
then show ?thesis
apply (intro bexI[of _ Y] conjI ballI conjI)
apply safe
subgoal for X Z
by (erule ballE[of _ _ X]) (auto simp add: Int_absorb1)
subgoal for X Z
by (erule ballE[of _ _ X])  (auto simp add: Int_absorb1 ac_simps)
apply auto
done
qed

text%important ‹
Define a lexicographical order on @{type measure}, in the order space, sets and measure. The parts
of the lexicographical order are point-wise ordered.
›

instantiation measure :: (type) order_bot
begin

inductive less_eq_measure :: "'a measure ⇒ 'a measure ⇒ bool" where
"space M ⊂ space N ⟹ less_eq_measure M N"
| "space M = space N ⟹ sets M ⊂ sets N ⟹ less_eq_measure M N"
| "space M = space N ⟹ sets M = sets N ⟹ emeasure M ≤ emeasure N ⟹ less_eq_measure M N"

lemma le_measure_iff:
"M ≤ N ⟷ (if space M = space N then
if sets M = sets N then emeasure M ≤ emeasure N else sets M ⊆ sets N else space M ⊆ space N)"
by (auto elim: less_eq_measure.cases intro: less_eq_measure.intros)

definition%important less_measure :: "'a measure ⇒ 'a measure ⇒ bool" where
"less_measure M N ⟷ (M ≤ N ∧ ¬ N ≤ M)"

definition%important bot_measure :: "'a measure" where
"bot_measure = sigma {} {}"

lemma
shows space_bot[simp]: "space bot = {}"
and sets_bot[simp]: "sets bot = {{}}"
and emeasure_bot[simp]: "emeasure bot X = 0"
by (auto simp: bot_measure_def sigma_sets_empty_eq emeasure_sigma)

instance
proof standard
show "bot ≤ a" for a :: "'a measure"
by (simp add: le_measure_iff bot_measure_def sigma_sets_empty_eq emeasure_sigma le_fun_def)
qed (auto simp: le_measure_iff less_measure_def split: if_split_asm intro: measure_eqI)

end

proposition le_measure: "sets M = sets N ⟹ M ≤ N ⟷ (∀A∈sets M. emeasure M A ≤ emeasure N A)"
apply -
apply (auto simp: le_measure_iff le_fun_def dest: sets_eq_imp_space_eq)
subgoal for X
by (cases "X ∈ sets M") (auto simp: emeasure_notin_sets)
done

definition%important sup_measure' :: "'a measure ⇒ 'a measure ⇒ 'a measure"
where
"sup_measure' A B = measure_of (space A) (sets A) (λX. SUP Y:sets A. emeasure A (X ∩ Y) + emeasure B (X ∩ - Y))"

lemma assumes [simp]: "sets B = sets A"
shows space_sup_measure'[simp]: "space (sup_measure' A B) = space A"
and sets_sup_measure'[simp]: "sets (sup_measure' A B) = sets A"
using sets_eq_imp_space_eq[OF assms] by (simp_all add: sup_measure'_def)

lemma emeasure_sup_measure':
assumes sets_eq[simp]: "sets B = sets A" and [simp, intro]: "X ∈ sets A"
shows "emeasure (sup_measure' A B) X = (SUP Y:sets A. emeasure A (X ∩ Y) + emeasure B (X ∩ - Y))"
(is "_ = ?S X")
proof -
note sets_eq_imp_space_eq[OF sets_eq, simp]
show ?thesis
using sup_measure'_def
proof (rule emeasure_measure_of)
let ?d = "λX Y. emeasure A (X ∩ Y) + emeasure B (X ∩ - Y)"
show "countably_additive (sets (sup_measure' A B)) (λX. SUP Y : sets A. emeasure A (X ∩ Y) + emeasure B (X ∩ - Y))"
case (1 X)
then have [measurable]: "⋀i. X i ∈ sets A" and "disjoint_family X"
by auto
have "(∑i. ?S (X i)) = (SUP Y:sets A. ∑i. ?d (X i) Y)"
proof (rule ennreal_suminf_SUP_eq_directed)
fix J :: "nat set" and a b assume "finite J" and [measurable]: "a ∈ sets A" "b ∈ sets A"
have "∃c∈sets A. c ⊆ X i ∧ (∀a∈sets A. ?d (X i) a ≤ ?d (X i) c)" for i
proof cases
assume "emeasure A (X i) = top ∨ emeasure B (X i) = top"
then show ?thesis
proof
assume "emeasure A (X i) = top" then show ?thesis
by (intro bexI[of _ "X i"]) auto
next
assume "emeasure B (X i) = top" then show ?thesis
by (intro bexI[of _ "{}"]) auto
qed
next
assume finite: "¬ (emeasure A (X i) = top ∨ emeasure B (X i) = top)"
then have "∃Y∈sets A. Y ⊆ X i ∧ (∀C∈sets A. C ⊆ Y ⟶ B C ≤ A C) ∧ (∀C∈sets A. C ⊆ X i ⟶ C ∩ Y = {} ⟶ A C ≤ B C)"
using unsigned_Hahn_decomposition[of B A "X i"] by simp
then obtain Y where [measurable]: "Y ∈ sets A" and [simp]: "Y ⊆ X i"
and B_le_A: "⋀C. C ∈ sets A ⟹ C ⊆ Y ⟹ B C ≤ A C"
and A_le_B: "⋀C. C ∈ sets A ⟹ C ⊆ X i ⟹ C ∩ Y = {} ⟹ A C ≤ B C"
by auto

show ?thesis
proof (intro bexI[of _ Y] ballI conjI)
fix a assume [measurable]: "a ∈ sets A"
have *: "(X i ∩ a ∩ Y ∪ (X i ∩ a - Y)) = X i ∩ a" "(X i - a) ∩ Y ∪ (X i - a - Y) = X i ∩ - a"
for a Y by auto
then have "?d (X i) a =
(A (X i ∩ a ∩ Y) + A (X i ∩ a ∩ - Y)) + (B (X i ∩ - a ∩ Y) + B (X i ∩ - a ∩ - Y))"
by (subst (1 2) plus_emeasure) (auto simp: Diff_eq[symmetric])
also have "… ≤ (A (X i ∩ a ∩ Y) + B (X i ∩ a ∩ - Y)) + (A (X i ∩ - a ∩ Y) + B (X i ∩ - a ∩ - Y))"
by (intro add_mono order_refl B_le_A A_le_B) (auto simp: Diff_eq[symmetric])
also have "… ≤ (A (X i ∩ Y ∩ a) + A (X i ∩ Y ∩ - a)) + (B (X i ∩ - Y ∩ a) + B (X i ∩ - Y ∩ - a))"
also have "… ≤ A (X i ∩ Y) + B (X i ∩ - Y)"
by (subst (1 2) plus_emeasure) (auto simp: Diff_eq[symmetric] *)
finally show "?d (X i) a ≤ ?d (X i) Y" .
qed auto
qed
then obtain C where [measurable]: "C i ∈ sets A" and "C i ⊆ X i"
and C: "⋀a. a ∈ sets A ⟹ ?d (X i) a ≤ ?d (X i) (C i)" for i
by metis
have *: "X i ∩ (⋃i. C i) = X i ∩ C i" for i
proof safe
fix x j assume "x ∈ X i" "x ∈ C j"
moreover have "i = j ∨ X i ∩ X j = {}"
using ‹disjoint_family X› by (auto simp: disjoint_family_on_def)
ultimately show "x ∈ C i"
using ‹C i ⊆ X i› ‹C j ⊆ X j› by auto
qed auto
have **: "X i ∩ - (⋃i. C i) = X i ∩ - C i" for i
proof safe
fix x j assume "x ∈ X i" "x ∉ C i" "x ∈ C j"
moreover have "i = j ∨ X i ∩ X j = {}"
using ‹disjoint_family X› by (auto simp: disjoint_family_on_def)
ultimately show False
using ‹C i ⊆ X i› ‹C j ⊆ X j› by auto
qed auto
show "∃c∈sets A. ∀i∈J. ?d (X i) a ≤ ?d (X i) c ∧ ?d (X i) b ≤ ?d (X i) c"
apply (intro bexI[of _ "⋃i. C i"])
unfolding * **
apply (intro C ballI conjI)
apply auto
done
qed
also have "… = ?S (⋃i. X i)"
unfolding UN_extend_simps(4)
intro!: SUP_cong arg_cong2[where f="(+)"] suminf_emeasure
disjoint_family_on_bisimulation[OF ‹disjoint_family X›])
finally show "(∑i. ?S (X i)) = ?S (⋃i. X i)" .
qed
qed (auto dest: sets.sets_into_space simp: positive_def intro!: SUP_const)
qed

lemma le_emeasure_sup_measure'1:
assumes "sets B = sets A" "X ∈ sets A" shows "emeasure A X ≤ emeasure (sup_measure' A B) X"
by (subst emeasure_sup_measure'[OF assms]) (auto intro!: SUP_upper2[of "X"] assms)

lemma le_emeasure_sup_measure'2:
assumes "sets B = sets A" "X ∈ sets A" shows "emeasure B X ≤ emeasure (sup_measure' A B) X"
by (subst emeasure_sup_measure'[OF assms]) (auto intro!: SUP_upper2[of "{}"] assms)

lemma emeasure_sup_measure'_le2:
assumes [simp]: "sets B = sets C" "sets A = sets C" and [measurable]: "X ∈ sets C"
assumes A: "⋀Y. Y ⊆ X ⟹ Y ∈ sets A ⟹ emeasure A Y ≤ emeasure C Y"
assumes B: "⋀Y. Y ⊆ X ⟹ Y ∈ sets A ⟹ emeasure B Y ≤ emeasure C Y"
shows "emeasure (sup_measure' A B) X ≤ emeasure C X"
proof (subst emeasure_sup_measure')
show "(SUP Y:sets A. emeasure A (X ∩ Y) + emeasure B (X ∩ - Y)) ≤ emeasure C X"
unfolding ‹sets A = sets C›
proof (intro SUP_least)
fix Y assume [measurable]: "Y ∈ sets C"
have [simp]: "X ∩ Y ∪ (X - Y) = X"
by auto
have "emeasure A (X ∩ Y) + emeasure B (X ∩ - Y) ≤ emeasure C (X ∩ Y) + emeasure C (X ∩ - Y)"
by (intro add_mono A B) (auto simp: Diff_eq[symmetric])
also have "… = emeasure C X"
by (subst plus_emeasure) (auto simp: Diff_eq[symmetric])
finally show "emeasure A (X ∩ Y) + emeasure B (X ∩ - Y) ≤ emeasure C X" .
qed
qed simp_all

definition%important sup_lexord :: "'a ⇒ 'a ⇒ ('a ⇒ 'b::order) ⇒ 'a ⇒ 'a ⇒ 'a"
where
"sup_lexord A B k s c =
(if k A = k B then c else if ¬ k A ≤ k B ∧ ¬ k B ≤ k A then s else if k B ≤ k A then A else B)"

lemma sup_lexord:
"(k A < k B ⟹ P B) ⟹ (k B < k A ⟹ P A) ⟹ (k A = k B ⟹ P c) ⟹
(¬ k B ≤ k A ⟹ ¬ k A ≤ k B ⟹ P s) ⟹ P (sup_lexord A B k s c)"
by (auto simp: sup_lexord_def)

lemmas le_sup_lexord = sup_lexord[where P="λa. c ≤ a" for c]

lemma sup_lexord1: "k A = k B ⟹ sup_lexord A B k s c = c"

lemma sup_lexord_commute: "sup_lexord A B k s c = sup_lexord B A k s c"
by (auto simp: sup_lexord_def)

lemma sigma_sets_le_sets_iff: "(sigma_sets (space x) 𝒜 ⊆ sets x) = (𝒜 ⊆ sets x)"
using sets.sigma_sets_subset[of 𝒜 x] by auto

lemma sigma_le_iff: "𝒜 ⊆ Pow Ω ⟹ sigma Ω 𝒜 ≤ x ⟷ (Ω ⊆ space x ∧ (space x = Ω ⟶ 𝒜 ⊆ sets x))"
by (cases "Ω = space x")
(simp_all add: eq_commute[of _ "sets x"] le_measure_iff emeasure_sigma le_fun_def
sigma_sets_superset_generator sigma_sets_le_sets_iff)

instantiation measure :: (type) semilattice_sup
begin

definition%important sup_measure :: "'a measure ⇒ 'a measure ⇒ 'a measure"
where
"sup_measure A B =
sup_lexord A B space (sigma (space A ∪ space B) {})
(sup_lexord A B sets (sigma (space A) (sets A ∪ sets B)) (sup_measure' A B))"

instance
proof
fix x y z :: "'a measure"
show "x ≤ sup x y"
unfolding sup_measure_def
proof (intro le_sup_lexord)
assume "space x = space y"
then have *: "sets x ∪ sets y ⊆ Pow (space x)"
using sets.space_closed by auto
assume "¬ sets y ⊆ sets x" "¬ sets x ⊆ sets y"
then have "sets x ⊂ sets x ∪ sets y"
by auto
also have "… ≤ sigma (space x) (sets x ∪ sets y)"
by (subst sets_measure_of[OF *]) (rule sigma_sets_superset_generator)
finally show "x ≤ sigma (space x) (sets x ∪ sets y)"
by (simp add: space_measure_of[OF *] less_eq_measure.intros(2))
next
assume "¬ space y ⊆ space x" "¬ space x ⊆ space y"
then show "x ≤ sigma (space x ∪ space y) {}"
by (intro less_eq_measure.intros) auto
next
assume "sets x = sets y" then show "x ≤ sup_measure' x y"
qed (auto intro: less_eq_measure.intros)
show "y ≤ sup x y"
unfolding sup_measure_def
proof (intro le_sup_lexord)
assume **: "space x = space y"
then have *: "sets x ∪ sets y ⊆ Pow (space y)"
using sets.space_closed by auto
assume "¬ sets y ⊆ sets x" "¬ sets x ⊆ sets y"
then have "sets y ⊂ sets x ∪ sets y"
by auto
also have "… ≤ sigma (space y) (sets x ∪ sets y)"
by (subst sets_measure_of[OF *]) (rule sigma_sets_superset_generator)
finally show "y ≤ sigma (space x) (sets x ∪ sets y)"
by (simp add: ** space_measure_of[OF *] less_eq_measure.intros(2))
next
assume "¬ space y ⊆ space x" "¬ space x ⊆ space y"
then show "y ≤ sigma (space x ∪ space y) {}"
by (intro less_eq_measure.intros) auto
next
assume "sets x = sets y" then show "y ≤ sup_measure' x y"
qed (auto intro: less_eq_measure.intros)
show "x ≤ y ⟹ z ≤ y ⟹ sup x z ≤ y"
unfolding sup_measure_def
proof (intro sup_lexord[where P="λx. x ≤ y"])
assume "x ≤ y" "z ≤ y" and [simp]: "space x = space z" "sets x = sets z"
from ‹x ≤ y› show "sup_measure' x z ≤ y"
proof cases
case 1 then show ?thesis
by (intro less_eq_measure.intros(1)) simp
next
case 2 then show ?thesis
by (intro less_eq_measure.intros(2)) simp_all
next
case 3 with ‹z ≤ y› ‹x ≤ y› show ?thesis
by (auto simp add: le_measure intro!: emeasure_sup_measure'_le2)
qed
next
assume **: "x ≤ y" "z ≤ y" "space x = space z" "¬ sets z ⊆ sets x" "¬ sets x ⊆ sets z"
then have *: "sets x ∪ sets z ⊆ Pow (space x)"
using sets.space_closed by auto
show "sigma (space x) (sets x ∪ sets z) ≤ y"
unfolding sigma_le_iff[OF *] using ** by (auto simp: le_measure_iff split: if_split_asm)
next
assume "x ≤ y" "z ≤ y" "¬ space z ⊆ space x" "¬ space x ⊆ space z"
then have "space x ⊆ space y" "space z ⊆ space y"
by (auto simp: le_measure_iff split: if_split_asm)
then show "sigma (space x ∪ space z) {} ≤ y"
qed
qed

end

lemma space_empty_eq_bot: "space a = {} ⟷ a = bot"
using space_empty[of a] by (auto intro!: measure_eqI)

lemma sets_eq_iff_bounded: "A ≤ B ⟹ B ≤ C ⟹ sets A = sets C ⟹ sets B = sets A"
by (auto dest: sets_eq_imp_space_eq simp add: le_measure_iff split: if_split_asm)

lemma sets_sup: "sets A = sets M ⟹ sets B = sets M ⟹ sets (sup A B) = sets M"
by (auto simp add: sup_measure_def sup_lexord_def dest: sets_eq_imp_space_eq)

lemma le_measureD1: "A ≤ B ⟹ space A ≤ space B"
by (auto simp: le_measure_iff split: if_split_asm)

lemma le_measureD2: "A ≤ B ⟹ space A = space B ⟹ sets A ≤ sets B"
by (auto simp: le_measure_iff split: if_split_asm)

lemma le_measureD3: "A ≤ B ⟹ sets A = sets B ⟹ emeasure A X ≤ emeasure B X"
by (auto simp: le_measure_iff le_fun_def dest: sets_eq_imp_space_eq split: if_split_asm)

lemma UN_space_closed: "UNION S sets ⊆ Pow (UNION S space)"
using sets.space_closed by auto

definition Sup_lexord :: "('a ⇒ 'b::complete_lattice) ⇒ ('a set ⇒ 'a) ⇒ ('a set ⇒ 'a) ⇒ 'a set ⇒ 'a"
where
"Sup_lexord k c s A = (let U = (SUP a:A. k a) in if ∃a∈A. k a = U then c {a∈A. k a = U} else s A)"

lemma Sup_lexord:
"(⋀a S. a ∈ A ⟹ k a = (SUP a:A. k a) ⟹ S = {a'∈A. k a' = k a} ⟹ P (c S)) ⟹ ((⋀a. a ∈ A ⟹ k a ≠ (SUP a:A. k a)) ⟹ P (s A)) ⟹
P (Sup_lexord k c s A)"
by (auto simp: Sup_lexord_def Let_def)

lemma Sup_lexord1:
assumes A: "A ≠ {}" "(⋀a. a ∈ A ⟹ k a = (⋃a∈A. k a))" "P (c A)"
shows "P (Sup_lexord k c s A)"
unfolding Sup_lexord_def Let_def
proof (clarsimp, safe)
show "∀a∈A. k a ≠ (⋃x∈A. k x) ⟹ P (s A)"
by (metis assms(1,2) ex_in_conv)
next
fix a assume "a ∈ A" "k a = (⋃x∈A. k x)"
then have "{a ∈ A. k a = (⋃x∈A. k x)} = {a ∈ A. k a = k a}"
by (metis A(2)[symmetric])
then show "P (c {a ∈ A. k a = (⋃x∈A. k x)})"
qed

instantiation measure :: (type) complete_lattice
begin

interpretation sup_measure: comm_monoid_set sup "bot :: 'a measure"
by standard (auto intro!: antisym)

lemma sup_measure_F_mono':
"finite J ⟹ finite I ⟹ sup_measure.F id I ≤ sup_measure.F id (I ∪ J)"
proof (induction J rule: finite_induct)
case empty then show ?case
by simp
next
case (insert i J)
show ?case
proof cases
assume "i ∈ I" with insert show ?thesis
by (auto simp: insert_absorb)
next
assume "i ∉ I"
have "sup_measure.F id I ≤ sup_measure.F id (I ∪ J)"
by (intro insert)
also have "… ≤ sup_measure.F id (insert i (I ∪ J))"
using insert ‹i ∉ I› by (subst sup_measure.insert) auto
finally show ?thesis
by auto
qed
qed

lemma sup_measure_F_mono: "finite I ⟹ J ⊆ I ⟹ sup_measure.F id J ≤ sup_measure.F id I"
using sup_measure_F_mono'[of I J] by (auto simp: finite_subset Un_absorb1)

lemma sets_sup_measure_F:
"finite I ⟹ I ≠ {} ⟹ (⋀i. i ∈ I ⟹ sets i = sets M) ⟹ sets (sup_measure.F id I) = sets M"
by (induction I rule: finite_ne_induct) (simp_all add: sets_sup)

definition%important Sup_measure' :: "'a measure set ⇒ 'a measure"
where
"Sup_measure' M = measure_of (⋃a∈M. space a) (⋃a∈M. sets a)
(λX. (SUP P:{P. finite P ∧ P ⊆ M }. sup_measure.F id P X))"

lemma space_Sup_measure'2: "space (Sup_measure' M) = (⋃m∈M. space m)"
unfolding Sup_measure'_def by (intro space_measure_of[OF UN_space_closed])

lemma sets_Sup_measure'2: "sets (Sup_measure' M) = sigma_sets (⋃m∈M. space m) (⋃m∈M. sets m)"
unfolding Sup_measure'_def by (intro sets_measure_of[OF UN_space_closed])

lemma sets_Sup_measure':
assumes sets_eq[simp]: "⋀m. m ∈ M ⟹ sets m = sets A" and "M ≠ {}"
shows "sets (Sup_measure' M) = sets A"
using sets_eq[THEN sets_eq_imp_space_eq, simp] ‹M ≠ {}› by (simp add: Sup_measure'_def)

lemma space_Sup_measure':
assumes sets_eq[simp]: "⋀m. m ∈ M ⟹ sets m = sets A" and "M ≠ {}"
shows "space (Sup_measure' M) = space A"
using sets_eq[THEN sets_eq_imp_space_eq, simp] ‹M ≠ {}›

lemma emeasure_Sup_measure':
assumes sets_eq[simp]: "⋀m. m ∈ M ⟹ sets m = sets A" and "X ∈ sets A" "M ≠ {}"
shows "emeasure (Sup_measure' M) X = (SUP P:{P. finite P ∧ P ⊆ M}. sup_measure.F id P X)"
(is "_ = ?S X")
using Sup_measure'_def
proof (rule emeasure_measure_of)
note sets_eq[THEN sets_eq_imp_space_eq, simp]
have *: "sets (Sup_measure' M) = sets A" "space (Sup_measure' M) = space A"
using ‹M ≠ {}› by (simp_all add: Sup_measure'_def)
let ?μ = "sup_measure.F id"
show "countably_additive (sets (Sup_measure' M)) ?S"
case (1 F)
then have **: "range F ⊆ sets A"
by (auto simp: *)
show "(∑i. ?S (F i)) = ?S (⋃i. F i)"
proof (subst ennreal_suminf_SUP_eq_directed)
fix i j and N :: "nat set" assume ij: "i ∈ {P. finite P ∧ P ⊆ M}" "j ∈ {P. finite P ∧ P ⊆ M}"
have "(i ≠ {} ⟶ sets (?μ i) = sets A) ∧ (j ≠ {} ⟶ sets (?μ j) = sets A) ∧
(i ≠ {} ∨ j ≠ {} ⟶ sets (?μ (i ∪ j)) = sets A)"
using ij by (intro impI sets_sup_measure_F conjI) auto
then have "?μ j (F n) ≤ ?μ (i ∪ j) (F n) ∧ ?μ i (F n) ≤ ?μ (i ∪ j) (F n)" for n
using ij
by (cases "i = {}"; cases "j = {}")
(auto intro!: le_measureD3 sup_measure_F_mono simp: sets_sup_measure_F
simp del: id_apply)
with ij show "∃k∈{P. finite P ∧ P ⊆ M}. ∀n∈N. ?μ i (F n) ≤ ?μ k (F n) ∧ ?μ j (F n) ≤ ?μ k (F n)"
by (safe intro!: bexI[of _ "i ∪ j"]) auto
next
show "(SUP P : {P. finite P ∧ P ⊆ M}. ∑n. ?μ P (F n)) = (SUP P : {P. finite P ∧ P ⊆ M}. ?μ P (UNION UNIV F))"
proof (intro SUP_cong refl)
fix i assume i: "i ∈ {P. finite P ∧ P ⊆ M}"
show "(∑n. ?μ i (F n)) = ?μ i (UNION UNIV F)"
proof cases
assume "i ≠ {}" with i ** show ?thesis
apply (intro suminf_emeasure ‹disjoint_family F›)
apply (subst sets_sup_measure_F[OF _ _ sets_eq])
apply auto
done
qed simp
qed
qed
qed
show "positive (sets (Sup_measure' M)) ?S"
by (auto simp: positive_def bot_ennreal[symmetric])
show "X ∈ sets (Sup_measure' M)"
using assms * by auto
qed (rule UN_space_closed)

definition%important Sup_measure :: "'a measure set ⇒ 'a measure"
where
"Sup_measure = Sup_lexord space (Sup_lexord sets Sup_measure'
(λU. sigma (⋃u∈U. space u) (⋃u∈U. sets u))) (λU. sigma (⋃u∈U. space u) {})"

definition%important Inf_measure :: "'a measure set ⇒ 'a measure"
where
"Inf_measure A = Sup {x. ∀a∈A. x ≤ a}"

definition%important inf_measure :: "'a measure ⇒ 'a measure ⇒ 'a measure"
where
"inf_measure a b = Inf {a, b}"

definition%important top_measure :: "'a measure"
where
"top_measure = Inf {}"

instance
proof
note UN_space_closed [simp]
show upper: "x ≤ Sup A" if x: "x ∈ A" for x :: "'a measure" and A
unfolding Sup_measure_def
proof (intro Sup_lexord[where P="λy. x ≤ y"])
assume "⋀a. a ∈ A ⟹ space a ≠ (⋃a∈A. space a)"
from this[OF ‹x ∈ A›] ‹x ∈ A› show "x ≤ sigma (⋃a∈A. space a) {}"
by (intro less_eq_measure.intros) auto
next
fix a S assume "a ∈ A" and a: "space a = (⋃a∈A. space a)" and S: "S = {a' ∈ A. space a' = space a}"
and neq: "⋀aa. aa ∈ S ⟹ sets aa ≠ (⋃a∈S. sets a)"
have sp_a: "space a = (UNION S space)"
using ‹a∈A› by (auto simp: S)
show "x ≤ sigma (UNION S space) (UNION S sets)"
proof cases
assume [simp]: "space x = space a"
have "sets x ⊂ (⋃a∈S. sets a)"
using ‹x∈A› neq[of x] by (auto simp: S)
also have "… ⊆ sigma_sets (⋃x∈S. space x) (⋃x∈S. sets x)"
by (rule sigma_sets_superset_generator)
finally show ?thesis
by (intro less_eq_measure.intros(2)) (simp_all add: sp_a)
next
assume "space x ≠ space a"
moreover have "space x ≤ space a"
unfolding a using ‹x∈A› by auto
ultimately show ?thesis
by (intro less_eq_measure.intros) (simp add: less_le sp_a)
qed
next
fix a b S S' assume "a ∈ A" and a: "space a = (⋃a∈A. space a)" and S: "S = {a' ∈ A. space a' = space a}"
and "b ∈ S" and b: "sets b = (⋃a∈S. sets a)" and S': "S' = {a' ∈ S. sets a' = sets b}"
then have "S' ≠ {}" "space b = space a"
by auto
have sets_eq: "⋀x. x ∈ S' ⟹ sets x = sets b"
by (auto simp: S')
note sets_eq[THEN sets_eq_imp_space_eq, simp]
have *: "sets (Sup_measure' S') = sets b" "space (Sup_measure' S') = space b"
using ‹S' ≠ {}› by (simp_all add: Sup_measure'_def sets_eq)
show "x ≤ Sup_measure' S'"
proof cases
assume "x ∈ S"
with ‹b ∈ S› have "space x = space b"
show ?thesis
proof cases
assume "x ∈ S'"
show "x ≤ Sup_measure' S'"
proof (intro le_measure[THEN iffD2] ballI)
show "sets x = sets (Sup_measure' S')"
using ‹x∈S'› * by (simp add: S')
fix X assume "X ∈ sets x"
show "emeasure x X ≤ emeasure (Sup_measure' S') X"
proof (subst emeasure_Sup_measure'[OF _ ‹X ∈ sets x›])
show "emeasure x X ≤ (SUP P : {P. finite P ∧ P ⊆ S'}. emeasure (sup_measure.F id P) X)"
using ‹x∈S'› by (intro SUP_upper2[where i="{x}"]) auto
qed (insert ‹x∈S'› S', auto)
qed
next
assume "x ∉ S'"
then have "sets x ≠ sets b"
using ‹x∈S› by (auto simp: S')
moreover have "sets x ≤ sets b"
using ‹x∈S› unfolding b by auto
ultimately show ?thesis
using * ‹x ∈ S›
by (intro less_eq_measure.intros(2))
(simp_all add: * ‹space x = space b› less_le)
qed
next
assume "x ∉ S"
with ‹x∈A› ‹x ∉ S› ‹space b = space a› show ?thesis
by (intro less_eq_measure.intros)
(simp_all add: * less_le a SUP_upper S)
qed
qed
show least: "Sup A ≤ x" if x: "⋀z. z ∈ A ⟹ z ≤ x" for x :: "'a measure" and A
unfolding Sup_measure_def
proof (intro Sup_lexord[where P="λy. y ≤ x"])
assume "⋀a. a ∈ A ⟹ space a ≠ (⋃a∈A. space a)"
show "sigma (UNION A space) {} ≤ x"
using x[THEN le_measureD1] by (subst sigma_le_iff) auto
next
fix a S assume "a ∈ A" "space a = (⋃a∈A. space a)" and S: "S = {a' ∈ A. space a' = space a}"
"⋀a. a ∈ S ⟹ sets a ≠ (⋃a∈S. sets a)"
have "UNION S space ⊆ space x"
using S le_measureD1[OF x] by auto
moreover
have "UNION S space = space a"
using ‹a∈A› S by auto
then have "space x = UNION S space ⟹ UNION S sets ⊆ sets x"
using ‹a ∈ A› le_measureD2[OF x] by (auto simp: S)
ultimately show "sigma (UNION S space) (UNION S sets) ≤ x"
by (subst sigma_le_iff) simp_all
next
fix a b S S' assume "a ∈ A" and a: "space a = (⋃a∈A. space a)" and S: "S = {a' ∈ A. space a' = space a}"
and "b ∈ S" and b: "sets b = (⋃a∈S. sets a)" and S': "S' = {a' ∈ S. sets a' = sets b}"
then have "S' ≠ {}" "space b = space a"
by auto
have sets_eq: "⋀x. x ∈ S' ⟹ sets x = sets b"
by (auto simp: S')
note sets_eq[THEN sets_eq_imp_space_eq, simp]
have *: "sets (Sup_measure' S') = sets b" "space (Sup_measure' S') = space b"
using ‹S' ≠ {}› by (simp_all add: Sup_measure'_def sets_eq)
show "Sup_measure' S' ≤ x"
proof cases
assume "space x = space a"
show ?thesis
proof cases
assume **: "sets x = sets b"
show ?thesis
proof (intro le_measure[THEN iffD2] ballI)
show ***: "sets (Sup_measure' S') = sets x"
fix X assume "X ∈ sets (Sup_measure' S')"
show "emeasure (Sup_measure' S') X ≤ emeasure x X"
unfolding ***
proof (subst emeasure_Sup_measure'[OF _ ‹X ∈ sets (Sup_measure' S')›])
show "(SUP P : {P. finite P ∧ P ⊆ S'}. emeasure (sup_measure.F id P) X) ≤ emeasure x X"
proof (safe intro!: SUP_least)
fix P assume P: "finite P" "P ⊆ S'"
show "emeasure (sup_measure.F id P) X ≤ emeasure x X"
proof cases
assume "P = {}" then show ?thesis
by auto
next
assume "P ≠ {}"
from P have "finite P" "P ⊆ A"
unfolding S' S by (simp_all add: subset_eq)
then have "sup_measure.F id P ≤ x"
by (induction P) (auto simp: x)
moreover have "sets (sup_measure.F id P) = sets x"
using ‹finite P› ‹P ≠ {}› ‹P ⊆ S'› ‹sets x = sets b›
by (intro sets_sup_measure_F) (auto simp: S')
ultimately show "emeasure (sup_measure.F id P) X ≤ emeasure x X"
by (rule le_measureD3)
qed
qed
show "m ∈ S' ⟹ sets m = sets (Sup_measure' S')" for m
unfolding * by (simp add: S')
qed fact
qed
next
assume "sets x ≠ sets b"
moreover have "sets b ≤ sets x"
unfolding b S using x[THEN le_measureD2] ‹space x = space a› by auto
ultimately show "Sup_measure' S' ≤ x"
using ‹space x = space a› ‹b ∈ S›
by (intro less_eq_measure.intros(2)) (simp_all add: * S)
qed
next
assume "space x ≠ space a"
then have "space a < space x"
using le_measureD1[OF x[OF ‹a∈A›]] by auto
then show "Sup_measure' S' ≤ x"
by (intro less_eq_measure.intros) (simp add: * ‹space b = space a›)
qed
qed
show "Sup {} = (bot::'a measure)" "Inf {} = (top::'a measure)"
by (auto intro!: antisym least simp: top_measure_def)
show lower: "x ∈ A ⟹ Inf A ≤ x" for x :: "'a measure" and A
unfolding Inf_measure_def by (intro least) auto
show greatest: "(⋀z. z ∈ A ⟹ x ≤ z) ⟹ x ≤ Inf A" for x :: "'a measure" and A
unfolding Inf_measure_def by (intro upper) auto
show "inf x y ≤ x" "inf x y ≤ y" "x ≤ y ⟹ x ≤ z ⟹ x ≤ inf y z" for x y z :: "'a measure"
by (auto simp: inf_measure_def intro!: lower greatest)
qed

end

lemma sets_SUP:
assumes "⋀x. x ∈ I ⟹ sets (M x) = sets N"
shows "I ≠ {} ⟹ sets (SUP i:I. M i) = sets N"
unfolding Sup_measure_def
using assms assms[THEN sets_eq_imp_space_eq]
sets_Sup_measure'[where A=N and M="MI"]
by (intro Sup_lexord1[where P="λx. sets x = sets N"]) auto

lemma emeasure_SUP:
assumes sets: "⋀i. i ∈ I ⟹ sets (M i) = sets N" "X ∈ sets N" "I ≠ {}"
shows "emeasure (SUP i:I. M i) X = (SUP J:{J. J ≠ {} ∧ finite J ∧ J ⊆ I}. emeasure (SUP i:J. M i) X)"
proof -
interpret sup_measure: comm_monoid_set sup "bot :: 'b measure"
by standard (auto intro!: antisym)
have eq: "finite J ⟹ sup_measure.F id J = (SUP i:J. i)" for J :: "'b measure set"
by (induction J rule: finite_induct) auto
have 1: "J ≠ {} ⟹ J ⊆ I ⟹ sets (SUP x:J. M x) = sets N" for J
by (intro sets_SUP sets) (auto )
from ‹I ≠ {}› obtain i where "i∈I" by auto
have "Sup_measure' (MI) X = (SUP P:{P. finite P ∧ P ⊆ MI}. sup_measure.F id P X)"
using sets by (intro emeasure_Sup_measure') auto
also have "Sup_measure' (MI) = (SUP i:I. M i)"
unfolding Sup_measure_def using ‹I ≠ {}› sets sets(1)[THEN sets_eq_imp_space_eq]
by (intro Sup_lexord1[where P="λx. _ = x"]) auto
also have "(SUP P:{P. finite P ∧ P ⊆ MI}. sup_measure.F id P X) =
(SUP J:{J. J ≠ {} ∧ finite J ∧ J ⊆ I}. (SUP i:J. M i) X)"
proof (intro SUP_eq)
fix J assume "J ∈ {P. finite P ∧ P ⊆ MI}"
then obtain J' where J': "J' ⊆ I" "finite J'" and J: "J = MJ'" and "finite J"
using finite_subset_image[of J M I] by auto
show "∃j∈{J. J ≠ {} ∧ finite J ∧ J ⊆ I}. sup_measure.F id J X ≤ (SUP i:j. M i) X"
proof cases
assume "J' = {}" with ‹i ∈ I› show ?thesis
next
assume "J' ≠ {}" with J J' show ?thesis
by (intro bexI[of _ "J'"]) (auto simp add: eq simp del: id_apply)
qed
next
fix J assume J: "J ∈ {P. P ≠ {} ∧ finite P ∧ P ⊆ I}"
show "∃J'∈{J. finite J ∧ J ⊆ MI}. (SUP i:J. M i) X ≤ sup_measure.F id J' X"
using J by (intro bexI[of _ "MJ"]) (auto simp add: eq simp del: id_apply)
qed
finally show ?thesis .
qed

lemma emeasure_SUP_chain:
assumes sets: "⋀i. i ∈ A ⟹ sets (M i) = sets N" "X ∈ sets N"
assumes ch: "Complete_Partial_Order.chain (≤) (M  A)" and "A ≠ {}"
shows "emeasure (SUP i:A. M i) X = (SUP i:A. emeasure (M i) X)"
proof (subst emeasure_SUP[OF sets ‹A ≠ {}›])
show "(SUP J:{J. J ≠ {} ∧ finite J ∧ J ⊆ A}. emeasure (SUPREMUM J M) X) = (SUP i:A. emeasure (M i) X)"
proof (rule SUP_eq)
fix J assume "J ∈ {J. J ≠ {} ∧ finite J ∧ J ⊆ A}"
then have J: "Complete_Partial_Order.chain (≤) (M  J)" "finite J" "J ≠ {}" and "J ⊆ A"
using ch[THEN chain_subset, of "MJ"] by auto
with in_chain_finite[OF J(1)] obtain j where "j ∈ J" "(SUP j:J. M j) = M j"
by auto
with ‹J ⊆ A› show "∃j∈A. emeasure (SUPREMUM J M) X ≤ emeasure (M j) X"
by auto
next
fix j assume "j∈A" then show "∃i∈{J. J ≠ {} ∧ finite J ∧ J ⊆ A}. emeasure (M j) X ≤ emeasure (SUPREMUM i M) X"
by (intro bexI[of _ "{j}"]) auto
qed
qed

subsubsection%unimportant ‹Supremum of a set of $\sigma$-algebras›

lemma space_Sup_eq_UN: "space (Sup M) = (⋃x∈M. space x)"
unfolding Sup_measure_def
apply (intro Sup_lexord[where P="λx. space x = _"])
apply (subst space_Sup_measure'2)
apply auto []
apply (subst space_measure_of[OF UN_space_closed])
apply auto
done

lemma sets_Sup_eq:
assumes *: "⋀m. m ∈ M ⟹ space m = X" and "M ≠ {}"
shows "sets (Sup M) = sigma_sets X (⋃x∈M. sets x)"
unfolding Sup_measure_def
apply (rule Sup_lexord1)
apply fact
apply (rule Sup_lexord)
subgoal premises that for a S
unfolding that(3) that(2)[symmetric]
using that(1)
apply (subst sets_Sup_measure'2)
apply (intro arg_cong2[where f=sigma_sets])
apply (auto simp: *)
done
apply (subst sets_measure_of[OF UN_space_closed])
done

lemma in_sets_Sup: "(⋀m. m ∈ M ⟹ space m = X) ⟹ m ∈ M ⟹ A ∈ sets m ⟹ A ∈ sets (Sup M)"
by (subst sets_Sup_eq[where X=X]) auto

lemma Sup_lexord_rel:
assumes "⋀i. i ∈ I ⟹ k (A i) = k (B i)"
"R (c (A  {a ∈ I. k (B a) = (SUP x:I. k (B x))})) (c (B  {a ∈ I. k (B a) = (SUP x:I. k (B x))}))"
"R (s (AI)) (s (BI))"
shows "R (Sup_lexord k c s (AI)) (Sup_lexord k c s (BI))"
proof -
have "A  {a ∈ I. k (B a) = (SUP x:I. k (B x))} =  {a ∈ A  I. k a = (SUP x:I. k (B x))}"
using assms(1) by auto
moreover have "B  {a ∈ I. k (B a) = (SUP x:I. k (B x))} =  {a ∈ B  I. k a = (SUP x:I. k (B x))}"
by auto
ultimately show ?thesis
using assms by (auto simp: Sup_lexord_def Let_def)
qed

lemma sets_SUP_cong:
assumes eq: "⋀i. i ∈ I ⟹ sets (M i) = sets (N i)" shows "sets (SUP i:I. M i) = sets (SUP i:I. N i)"
unfolding Sup_measure_def
using eq eq[THEN sets_eq_imp_space_eq]
apply (intro Sup_lexord_rel[where R="λx y. sets x = sets y"])
apply simp
apply simp
apply (intro arg_cong2[where f="λx y. sets (sigma x y)"])
apply auto
done

lemma sets_Sup_in_sets:
assumes "M ≠ {}"
assumes "⋀m. m ∈ M ⟹ space m = space N"
assumes "⋀m. m ∈ M ⟹ sets m ⊆ sets N"
shows "sets (Sup M) ⊆ sets N"
proof -
have *: "UNION M space = space N"
using assms by auto
show ?thesis
unfolding * using assms by (subst sets_Sup_eq[of M "space N"]) (auto intro!: sets.sigma_sets_subset)
qed

lemma measurable_Sup1:
assumes m: "m ∈ M" and f: "f ∈ measurable m N"
and const_space: "⋀m n. m ∈ M ⟹ n ∈ M ⟹ space m = space n"
shows "f ∈ measurable (Sup M) N"
proof -
have "space (Sup M) = space m"
using m by (auto simp add: space_Sup_eq_UN dest: const_space)
then show ?thesis
using m f unfolding measurable_def by (auto intro: in_sets_Sup[OF const_space])
qed

lemma measurable_Sup2:
assumes M: "M ≠ {}"
assumes f: "⋀m. m ∈ M ⟹ f ∈ measurable N m"
and const_space: "⋀m n. m ∈ M ⟹ n ∈ M ⟹ space m = space n"
shows "f ∈ measurable N (Sup M)"
proof -
from M obtain m where "m ∈ M" by auto
have space_eq: "⋀n. n ∈ M ⟹ space n = space m"
by (intro const_space ‹m ∈ M›)
have "f ∈ measurable N (sigma (⋃m∈M. space m) (⋃m∈M. sets m))"
proof (rule measurable_measure_of)
show "f ∈ space N → UNION M space"
using measurable_space[OF f] M by auto
qed (auto intro: measurable_sets f dest: sets.sets_into_space)
also have "measurable N (sigma (⋃m∈M. space m) (⋃m∈M. sets m)) = measurable N (Sup M)"
apply (intro measurable_cong_sets refl)
apply (subst sets_Sup_eq[OF space_eq M])
apply simp
apply (subst sets_measure_of[OF UN_space_closed])
done
finally show ?thesis .
qed

lemma measurable_SUP2:
"I ≠ {} ⟹ (⋀i. i ∈ I ⟹ f ∈ measurable N (M i)) ⟹
(⋀i j. i ∈ I ⟹ j ∈ I ⟹ space (M i) = space (M j)) ⟹ f ∈ measurable N (SUP i:I. M i)"
by (auto intro!: measurable_Sup2)

lemma sets_Sup_sigma:
assumes [simp]: "M ≠ {}" and M: "⋀m. m ∈ M ⟹ m ⊆ Pow Ω"
shows "sets (SUP m:M. sigma Ω m) = sets (sigma Ω (⋃M))"
proof -
{ fix a m assume "a ∈ sigma_sets Ω m" "m ∈ M"
then have "a ∈ sigma_sets Ω (⋃M)"
by induction (auto intro: sigma_sets.intros(2-)) }
then show "sets (SUP m:M. sigma Ω m) = sets (sigma Ω (⋃M))"
apply (subst sets_Sup_eq[where X="Ω"])
apply (auto simp add: M) []
apply auto []
apply (simp add: space_measure_of_conv M Union_least)
apply (rule sigma_sets_eqI)
apply auto
done
qed

lemma Sup_sigma:
assumes [simp]: "M ≠ {}" and M: "⋀m. m ∈ M ⟹ m ⊆ Pow Ω"
shows "(SUP m:M. sigma Ω m) = (sigma Ω (⋃M))"
proof (intro antisym SUP_least)
have *: "⋃M ⊆ Pow Ω"
using M by auto
show "sigma Ω (⋃M) ≤ (SUP m:M. sigma Ω m)"
proof (intro less_eq_measure.intros(3))
show "space (sigma Ω (⋃M)) = space (SUP m:M. sigma Ω m)"
"sets (sigma Ω (⋃M)) = sets (SUP m:M. sigma Ω m)"
using sets_Sup_sigma[OF assms] sets_Sup_sigma[OF assms, THEN sets_eq_imp_space_eq]
by auto
fix m assume "m ∈ M" then show "sigma Ω m ≤ sigma Ω (⋃M)"
by (subst sigma_le_iff) (auto simp add: M *)
qed

lemma SUP_sigma_sigma:
"M ≠ {} ⟹ (⋀m. m ∈ M ⟹ f m ⊆ Pow Ω) ⟹ (SUP m:M. sigma Ω (f m)) = sigma Ω (⋃m∈M. f m)"
using Sup_sigma[of "fM" Ω] by auto

lemma sets_vimage_Sup_eq:
assumes *: "M ≠ {}" "f ∈ X → Y" "⋀m. m ∈ M ⟹ space m = Y"
shows "sets (vimage_algebra X f (Sup M)) = sets (SUP m : M. vimage_algebra X f m)"
(is "?IS = ?SI")
proof
show "?IS ⊆ ?SI"
apply (intro sets_image_in_sets measurable_Sup2)
apply`