src/HOL/Library/FuncSet.thy
author nipkow
Tue Sep 22 14:31:22 2015 +0200 (2015-09-22)
changeset 61225 1a690dce8cfc
parent 59425 c5e79df8cc21
child 61359 e985b52c3eb3
permissions -rw-r--r--
tuned references
paulson@13586
     1
(*  Title:      HOL/Library/FuncSet.thy
bulwahn@40631
     2
    Author:     Florian Kammueller and Lawrence C Paulson, Lukas Bulwahn
paulson@13586
     3
*)
paulson@13586
     4
wenzelm@58881
     5
section \<open>Pi and Function Sets\<close>
paulson@13586
     6
nipkow@15131
     7
theory FuncSet
haftmann@30663
     8
imports Hilbert_Choice Main
nipkow@15131
     9
begin
paulson@13586
    10
wenzelm@58783
    11
definition Pi :: "'a set \<Rightarrow> ('a \<Rightarrow> 'b set) \<Rightarrow> ('a \<Rightarrow> 'b) set"
wenzelm@58783
    12
  where "Pi A B = {f. \<forall>x. x \<in> A \<longrightarrow> f x \<in> B x}"
paulson@13586
    13
wenzelm@58783
    14
definition extensional :: "'a set \<Rightarrow> ('a \<Rightarrow> 'b) set"
wenzelm@58783
    15
  where "extensional A = {f. \<forall>x. x \<notin> A \<longrightarrow> f x = undefined}"
paulson@13586
    16
wenzelm@58783
    17
definition "restrict" :: "('a \<Rightarrow> 'b) \<Rightarrow> 'a set \<Rightarrow> 'a \<Rightarrow> 'b"
wenzelm@58783
    18
  where "restrict f A = (\<lambda>x. if x \<in> A then f x else undefined)"
paulson@13586
    19
wenzelm@58783
    20
abbreviation funcset :: "'a set \<Rightarrow> 'b set \<Rightarrow> ('a \<Rightarrow> 'b) set"  (infixr "->" 60)
wenzelm@58783
    21
  where "A -> B \<equiv> Pi A (\<lambda>_. B)"
wenzelm@19536
    22
wenzelm@21210
    23
notation (xsymbols)
wenzelm@19656
    24
  funcset  (infixr "\<rightarrow>" 60)
wenzelm@19536
    25
paulson@13586
    26
syntax
wenzelm@58783
    27
  "_Pi"  :: "pttrn \<Rightarrow> 'a set \<Rightarrow> 'b set \<Rightarrow> ('a \<Rightarrow> 'b) set"  ("(3PI _:_./ _)" 10)
wenzelm@58783
    28
  "_lam" :: "pttrn \<Rightarrow> 'a set \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a \<Rightarrow> 'b)"  ("(3%_:_./ _)" [0,0,3] 3)
paulson@13586
    29
syntax (xsymbols)
wenzelm@58783
    30
  "_Pi" :: "pttrn \<Rightarrow> 'a set \<Rightarrow> 'b set \<Rightarrow> ('a \<Rightarrow> 'b) set"  ("(3\<Pi> _\<in>_./ _)"   10)
wenzelm@58783
    31
  "_lam" :: "pttrn \<Rightarrow> 'a set \<Rightarrow> ('a \<Rightarrow> 'b) \<Rightarrow> ('a \<Rightarrow> 'b)"  ("(3\<lambda>_\<in>_./ _)" [0,0,3] 3)
kleing@14565
    32
syntax (HTML output)
wenzelm@58783
    33
  "_Pi" :: "pttrn \<Rightarrow> 'a set \<Rightarrow> 'b set \<Rightarrow> ('a \<Rightarrow> 'b) set"  ("(3\<Pi> _\<in>_./ _)"   10)
wenzelm@58783
    34
  "_lam" :: "pttrn \<Rightarrow> 'a set \<Rightarrow> ('a \<Rightarrow> 'b) \<Rightarrow> ('a \<Rightarrow> 'b)"  ("(3\<lambda>_\<in>_./ _)" [0,0,3] 3)
paulson@13586
    35
translations
wenzelm@58783
    36
  "\<Pi> x\<in>A. B" \<rightleftharpoons> "CONST Pi A (\<lambda>x. B)"
wenzelm@58783
    37
  "\<lambda>x\<in>A. f" \<rightleftharpoons> "CONST restrict (\<lambda>x. f) A"
paulson@13586
    38
wenzelm@58783
    39
definition "compose" :: "'a set \<Rightarrow> ('b \<Rightarrow> 'c) \<Rightarrow> ('a \<Rightarrow> 'b) \<Rightarrow> ('a \<Rightarrow> 'c)"
wenzelm@58783
    40
  where "compose A g f = (\<lambda>x\<in>A. g (f x))"
paulson@13586
    41
paulson@13586
    42
wenzelm@58783
    43
subsection \<open>Basic Properties of @{term Pi}\<close>
paulson@13586
    44
wenzelm@58783
    45
lemma Pi_I[intro!]: "(\<And>x. x \<in> A \<Longrightarrow> f x \<in> B x) \<Longrightarrow> f \<in> Pi A B"
wenzelm@14706
    46
  by (simp add: Pi_def)
paulson@13586
    47
wenzelm@58783
    48
lemma Pi_I'[simp]: "(\<And>x. x \<in> A \<longrightarrow> f x \<in> B x) \<Longrightarrow> f \<in> Pi A B"
wenzelm@58783
    49
  by (simp add:Pi_def)
nipkow@31731
    50
wenzelm@58783
    51
lemma funcsetI: "(\<And>x. x \<in> A \<Longrightarrow> f x \<in> B) \<Longrightarrow> f \<in> A \<rightarrow> B"
wenzelm@14706
    52
  by (simp add: Pi_def)
paulson@13586
    53
wenzelm@58783
    54
lemma Pi_mem: "f \<in> Pi A B \<Longrightarrow> x \<in> A \<Longrightarrow> f x \<in> B x"
wenzelm@14706
    55
  by (simp add: Pi_def)
paulson@13586
    56
hoelzl@47761
    57
lemma Pi_iff: "f \<in> Pi I X \<longleftrightarrow> (\<forall>i\<in>I. f i \<in> X i)"
hoelzl@47761
    58
  unfolding Pi_def by auto
hoelzl@47761
    59
wenzelm@58783
    60
lemma PiE [elim]: "f \<in> Pi A B \<Longrightarrow> (f x \<in> B x \<Longrightarrow> Q) \<Longrightarrow> (x \<notin> A \<Longrightarrow> Q) \<Longrightarrow> Q"
wenzelm@58783
    61
  by (auto simp: Pi_def)
nipkow@31754
    62
wenzelm@58783
    63
lemma Pi_cong: "(\<And>w. w \<in> A \<Longrightarrow> f w = g w) \<Longrightarrow> f \<in> Pi A B \<longleftrightarrow> g \<in> Pi A B"
hoelzl@38656
    64
  by (auto simp: Pi_def)
hoelzl@38656
    65
haftmann@31769
    66
lemma funcset_id [simp]: "(\<lambda>x. x) \<in> A \<rightarrow> A"
wenzelm@44382
    67
  by auto
haftmann@31769
    68
wenzelm@58783
    69
lemma funcset_mem: "f \<in> A \<rightarrow> B \<Longrightarrow> x \<in> A \<Longrightarrow> f x \<in> B"
wenzelm@14706
    70
  by (simp add: Pi_def)
paulson@13586
    71
wenzelm@58783
    72
lemma funcset_image: "f \<in> A \<rightarrow> B \<Longrightarrow> f ` A \<subseteq> B"
hoelzl@50104
    73
  by auto
hoelzl@50104
    74
hoelzl@50104
    75
lemma image_subset_iff_funcset: "F ` A \<subseteq> B \<longleftrightarrow> F \<in> A \<rightarrow> B"
hoelzl@50104
    76
  by auto
paulson@14762
    77
wenzelm@58783
    78
lemma Pi_eq_empty[simp]: "(\<Pi> x \<in> A. B x) = {} \<longleftrightarrow> (\<exists>x\<in>A. B x = {})"
wenzelm@58783
    79
  apply (simp add: Pi_def)
wenzelm@58783
    80
  apply auto
wenzelm@58783
    81
  txt \<open>Converse direction requires Axiom of Choice to exhibit a function
wenzelm@58783
    82
  picking an element from each non-empty @{term "B x"}\<close>
wenzelm@58783
    83
  apply (drule_tac x = "\<lambda>u. SOME y. y \<in> B u" in spec)
wenzelm@58783
    84
  apply auto
wenzelm@58783
    85
  apply (cut_tac P = "\<lambda>y. y \<in> B x" in some_eq_ex)
wenzelm@58783
    86
  apply auto
wenzelm@58783
    87
  done
paulson@13586
    88
paulson@13593
    89
lemma Pi_empty [simp]: "Pi {} B = UNIV"
wenzelm@58783
    90
  by (simp add: Pi_def)
paulson@13593
    91
hoelzl@50123
    92
lemma Pi_Int: "Pi I E \<inter> Pi I F = (\<Pi> i\<in>I. E i \<inter> F i)"
hoelzl@50123
    93
  by auto
hoelzl@50123
    94
hoelzl@50123
    95
lemma Pi_UN:
hoelzl@50123
    96
  fixes A :: "nat \<Rightarrow> 'i \<Rightarrow> 'a set"
wenzelm@58783
    97
  assumes "finite I"
wenzelm@58783
    98
    and mono: "\<And>i n m. i \<in> I \<Longrightarrow> n \<le> m \<Longrightarrow> A n i \<subseteq> A m i"
hoelzl@50123
    99
  shows "(\<Union>n. Pi I (A n)) = (\<Pi> i\<in>I. \<Union>n. A n i)"
hoelzl@50123
   100
proof (intro set_eqI iffI)
wenzelm@58783
   101
  fix f
wenzelm@58783
   102
  assume "f \<in> (\<Pi> i\<in>I. \<Union>n. A n i)"
wenzelm@58783
   103
  then have "\<forall>i\<in>I. \<exists>n. f i \<in> A n i"
wenzelm@58783
   104
    by auto
wenzelm@58783
   105
  from bchoice[OF this] obtain n where n: "\<And>i. i \<in> I \<Longrightarrow> f i \<in> (A (n i) i)"
wenzelm@58783
   106
    by auto
hoelzl@50123
   107
  obtain k where k: "\<And>i. i \<in> I \<Longrightarrow> n i \<le> k"
wenzelm@58783
   108
    using \<open>finite I\<close> finite_nat_set_iff_bounded_le[of "n`I"] by auto
hoelzl@50123
   109
  have "f \<in> Pi I (A k)"
hoelzl@50123
   110
  proof (intro Pi_I)
wenzelm@58783
   111
    fix i
wenzelm@58783
   112
    assume "i \<in> I"
hoelzl@50123
   113
    from mono[OF this, of "n i" k] k[OF this] n[OF this]
hoelzl@50123
   114
    show "f i \<in> A k i" by auto
hoelzl@50123
   115
  qed
wenzelm@58783
   116
  then show "f \<in> (\<Union>n. Pi I (A n))"
wenzelm@58783
   117
    by auto
hoelzl@50123
   118
qed auto
hoelzl@50123
   119
wenzelm@58783
   120
lemma Pi_UNIV [simp]: "A \<rightarrow> UNIV = UNIV"
wenzelm@58783
   121
  by (simp add: Pi_def)
hoelzl@50123
   122
wenzelm@58783
   123
text \<open>Covariance of Pi-sets in their second argument\<close>
wenzelm@58783
   124
lemma Pi_mono: "(\<And>x. x \<in> A \<Longrightarrow> B x \<subseteq> C x) \<Longrightarrow> Pi A B \<subseteq> Pi A C"
wenzelm@58783
   125
  by auto
paulson@13586
   126
wenzelm@58783
   127
text \<open>Contravariance of Pi-sets in their first argument\<close>
wenzelm@58783
   128
lemma Pi_anti_mono: "A' \<subseteq> A \<Longrightarrow> Pi A B \<subseteq> Pi A' B"
wenzelm@58783
   129
  by auto
paulson@13586
   130
paulson@33271
   131
lemma prod_final:
wenzelm@58783
   132
  assumes 1: "fst \<circ> f \<in> Pi A B"
wenzelm@58783
   133
    and 2: "snd \<circ> f \<in> Pi A C"
paulson@33271
   134
  shows "f \<in> (\<Pi> z \<in> A. B z \<times> C z)"
wenzelm@58783
   135
proof (rule Pi_I)
paulson@33271
   136
  fix z
wenzelm@58783
   137
  assume z: "z \<in> A"
wenzelm@58783
   138
  have "f z = (fst (f z), snd (f z))"
paulson@33271
   139
    by simp
wenzelm@58783
   140
  also have "\<dots> \<in> B z \<times> C z"
wenzelm@58783
   141
    by (metis SigmaI PiE o_apply 1 2 z)
paulson@33271
   142
  finally show "f z \<in> B z \<times> C z" .
paulson@33271
   143
qed
paulson@33271
   144
hoelzl@50123
   145
lemma Pi_split_domain[simp]: "x \<in> Pi (I \<union> J) X \<longleftrightarrow> x \<in> Pi I X \<and> x \<in> Pi J X"
hoelzl@50123
   146
  by (auto simp: Pi_def)
hoelzl@50123
   147
hoelzl@50123
   148
lemma Pi_split_insert_domain[simp]: "x \<in> Pi (insert i I) X \<longleftrightarrow> x \<in> Pi I X \<and> x i \<in> X i"
hoelzl@50123
   149
  by (auto simp: Pi_def)
hoelzl@50123
   150
hoelzl@50123
   151
lemma Pi_cancel_fupd_range[simp]: "i \<notin> I \<Longrightarrow> x \<in> Pi I (B(i := b)) \<longleftrightarrow> x \<in> Pi I B"
hoelzl@50123
   152
  by (auto simp: Pi_def)
hoelzl@50123
   153
hoelzl@50123
   154
lemma Pi_cancel_fupd[simp]: "i \<notin> I \<Longrightarrow> x(i := a) \<in> Pi I B \<longleftrightarrow> x \<in> Pi I B"
hoelzl@50123
   155
  by (auto simp: Pi_def)
hoelzl@50123
   156
hoelzl@50123
   157
lemma Pi_fupd_iff: "i \<in> I \<Longrightarrow> f \<in> Pi I (B(i := A)) \<longleftrightarrow> f \<in> Pi (I - {i}) B \<and> f i \<in> A"
hoelzl@50123
   158
  apply auto
hoelzl@50123
   159
  apply (drule_tac x=x in Pi_mem)
hoelzl@50123
   160
  apply (simp_all split: split_if_asm)
hoelzl@50123
   161
  apply (drule_tac x=i in Pi_mem)
hoelzl@50123
   162
  apply (auto dest!: Pi_mem)
hoelzl@50123
   163
  done
paulson@13586
   164
wenzelm@58783
   165
wenzelm@58783
   166
subsection \<open>Composition With a Restricted Domain: @{term compose}\<close>
paulson@13586
   167
wenzelm@58783
   168
lemma funcset_compose: "f \<in> A \<rightarrow> B \<Longrightarrow> g \<in> B \<rightarrow> C \<Longrightarrow> compose A g f \<in> A \<rightarrow> C"
wenzelm@58783
   169
  by (simp add: Pi_def compose_def restrict_def)
paulson@13586
   170
paulson@13586
   171
lemma compose_assoc:
wenzelm@58783
   172
  assumes "f \<in> A \<rightarrow> B"
wenzelm@58783
   173
    and "g \<in> B \<rightarrow> C"
wenzelm@58783
   174
    and "h \<in> C \<rightarrow> D"
wenzelm@58783
   175
  shows "compose A h (compose A g f) = compose A (compose B h g) f"
wenzelm@58783
   176
  using assms by (simp add: fun_eq_iff Pi_def compose_def restrict_def)
paulson@13586
   177
wenzelm@58783
   178
lemma compose_eq: "x \<in> A \<Longrightarrow> compose A g f x = g (f x)"
wenzelm@58783
   179
  by (simp add: compose_def restrict_def)
paulson@13586
   180
wenzelm@58783
   181
lemma surj_compose: "f ` A = B \<Longrightarrow> g ` B = C \<Longrightarrow> compose A g f ` A = C"
wenzelm@14706
   182
  by (auto simp add: image_def compose_eq)
paulson@13586
   183
paulson@13586
   184
wenzelm@58783
   185
subsection \<open>Bounded Abstraction: @{term restrict}\<close>
paulson@13586
   186
hoelzl@54417
   187
lemma restrict_in_funcset: "(\<And>x. x \<in> A \<Longrightarrow> f x \<in> B) \<Longrightarrow> (\<lambda>x\<in>A. f x) \<in> A \<rightarrow> B"
wenzelm@14706
   188
  by (simp add: Pi_def restrict_def)
paulson@13586
   189
hoelzl@54417
   190
lemma restrictI[intro!]: "(\<And>x. x \<in> A \<Longrightarrow> f x \<in> B x) \<Longrightarrow> (\<lambda>x\<in>A. f x) \<in> Pi A B"
wenzelm@14706
   191
  by (simp add: Pi_def restrict_def)
paulson@13586
   192
hoelzl@54417
   193
lemma restrict_apply[simp]: "(\<lambda>y\<in>A. f y) x = (if x \<in> A then f x else undefined)"
wenzelm@14706
   194
  by (simp add: restrict_def)
paulson@13586
   195
hoelzl@54417
   196
lemma restrict_apply': "x \<in> A \<Longrightarrow> (\<lambda>y\<in>A. f y) x = f x"
hoelzl@54417
   197
  by simp
hoelzl@54417
   198
wenzelm@58783
   199
lemma restrict_ext: "(\<And>x. x \<in> A \<Longrightarrow> f x = g x) \<Longrightarrow> (\<lambda>x\<in>A. f x) = (\<lambda>x\<in>A. g x)"
nipkow@39302
   200
  by (simp add: fun_eq_iff Pi_def restrict_def)
paulson@13586
   201
hoelzl@58606
   202
lemma restrict_UNIV: "restrict f UNIV = f"
hoelzl@58606
   203
  by (simp add: restrict_def)
hoelzl@58606
   204
paulson@14853
   205
lemma inj_on_restrict_eq [simp]: "inj_on (restrict f A) A = inj_on f A"
wenzelm@14706
   206
  by (simp add: inj_on_def restrict_def)
paulson@13586
   207
wenzelm@58783
   208
lemma Id_compose: "f \<in> A \<rightarrow> B \<Longrightarrow> f \<in> extensional A \<Longrightarrow> compose A (\<lambda>y\<in>B. y) f = f"
nipkow@39302
   209
  by (auto simp add: fun_eq_iff compose_def extensional_def Pi_def)
paulson@13586
   210
wenzelm@58783
   211
lemma compose_Id: "g \<in> A \<rightarrow> B \<Longrightarrow> g \<in> extensional A \<Longrightarrow> compose A g (\<lambda>x\<in>A. x) = g"
nipkow@39302
   212
  by (auto simp add: fun_eq_iff compose_def extensional_def Pi_def)
paulson@13586
   213
paulson@14853
   214
lemma image_restrict_eq [simp]: "(restrict f A) ` A = f ` A"
wenzelm@19736
   215
  by (auto simp add: restrict_def)
paulson@13586
   216
hoelzl@50123
   217
lemma restrict_restrict[simp]: "restrict (restrict f A) B = restrict f (A \<inter> B)"
hoelzl@50123
   218
  unfolding restrict_def by (simp add: fun_eq_iff)
hoelzl@50123
   219
hoelzl@50123
   220
lemma restrict_fupd[simp]: "i \<notin> I \<Longrightarrow> restrict (f (i := x)) I = restrict f I"
hoelzl@50123
   221
  by (auto simp: restrict_def)
hoelzl@50123
   222
wenzelm@58783
   223
lemma restrict_upd[simp]: "i \<notin> I \<Longrightarrow> (restrict f I)(i := y) = restrict (f(i := y)) (insert i I)"
hoelzl@50123
   224
  by (auto simp: fun_eq_iff)
hoelzl@50123
   225
hoelzl@50123
   226
lemma restrict_Pi_cancel: "restrict x I \<in> Pi I A \<longleftrightarrow> x \<in> Pi I A"
hoelzl@50123
   227
  by (auto simp: restrict_def Pi_def)
hoelzl@50123
   228
paulson@14745
   229
wenzelm@58783
   230
subsection \<open>Bijections Between Sets\<close>
paulson@14762
   231
wenzelm@58783
   232
text \<open>The definition of @{const bij_betw} is in @{text "Fun.thy"}, but most of
wenzelm@58783
   233
the theorems belong here, or need at least @{term Hilbert_Choice}.\<close>
paulson@14762
   234
nipkow@39595
   235
lemma bij_betwI:
wenzelm@58783
   236
  assumes "f \<in> A \<rightarrow> B"
wenzelm@58783
   237
    and "g \<in> B \<rightarrow> A"
wenzelm@58783
   238
    and g_f: "\<And>x. x\<in>A \<Longrightarrow> g (f x) = x"
wenzelm@58783
   239
    and f_g: "\<And>y. y\<in>B \<Longrightarrow> f (g y) = y"
wenzelm@58783
   240
  shows "bij_betw f A B"
wenzelm@58783
   241
  unfolding bij_betw_def
nipkow@39595
   242
proof
wenzelm@58783
   243
  show "inj_on f A"
wenzelm@58783
   244
    by (metis g_f inj_on_def)
wenzelm@58783
   245
  have "f ` A \<subseteq> B"
wenzelm@58783
   246
    using \<open>f \<in> A \<rightarrow> B\<close> by auto
nipkow@39595
   247
  moreover
wenzelm@58783
   248
  have "B \<subseteq> f ` A"
wenzelm@58783
   249
    by auto (metis Pi_mem \<open>g \<in> B \<rightarrow> A\<close> f_g image_iff)
wenzelm@58783
   250
  ultimately show "f ` A = B"
wenzelm@58783
   251
    by blast
nipkow@39595
   252
qed
nipkow@39595
   253
paulson@14762
   254
lemma bij_betw_imp_funcset: "bij_betw f A B \<Longrightarrow> f \<in> A \<rightarrow> B"
wenzelm@58783
   255
  by (auto simp add: bij_betw_def)
paulson@14762
   256
wenzelm@58783
   257
lemma inj_on_compose: "bij_betw f A B \<Longrightarrow> inj_on g B \<Longrightarrow> inj_on (compose A g f) A"
wenzelm@58783
   258
  by (auto simp add: bij_betw_def inj_on_def compose_eq)
paulson@14853
   259
wenzelm@58783
   260
lemma bij_betw_compose: "bij_betw f A B \<Longrightarrow> bij_betw g B C \<Longrightarrow> bij_betw (compose A g f) A C"
wenzelm@58783
   261
  apply (simp add: bij_betw_def compose_eq inj_on_compose)
wenzelm@58783
   262
  apply (auto simp add: compose_def image_def)
wenzelm@58783
   263
  done
paulson@14762
   264
wenzelm@58783
   265
lemma bij_betw_restrict_eq [simp]: "bij_betw (restrict f A) A B = bij_betw f A B"
wenzelm@58783
   266
  by (simp add: bij_betw_def)
paulson@14853
   267
paulson@14853
   268
wenzelm@58783
   269
subsection \<open>Extensionality\<close>
paulson@14853
   270
hoelzl@50123
   271
lemma extensional_empty[simp]: "extensional {} = {\<lambda>x. undefined}"
hoelzl@50123
   272
  unfolding extensional_def by auto
hoelzl@50123
   273
wenzelm@58783
   274
lemma extensional_arb: "f \<in> extensional A \<Longrightarrow> x \<notin> A \<Longrightarrow> f x = undefined"
wenzelm@58783
   275
  by (simp add: extensional_def)
paulson@14853
   276
paulson@14853
   277
lemma restrict_extensional [simp]: "restrict f A \<in> extensional A"
wenzelm@58783
   278
  by (simp add: restrict_def extensional_def)
paulson@14853
   279
paulson@14853
   280
lemma compose_extensional [simp]: "compose A f g \<in> extensional A"
wenzelm@58783
   281
  by (simp add: compose_def)
paulson@14853
   282
paulson@14853
   283
lemma extensionalityI:
wenzelm@58783
   284
  assumes "f \<in> extensional A"
wenzelm@58783
   285
    and "g \<in> extensional A"
wenzelm@58783
   286
    and "\<And>x. x \<in> A \<Longrightarrow> f x = g x"
wenzelm@58783
   287
  shows "f = g"
wenzelm@58783
   288
  using assms by (force simp add: fun_eq_iff extensional_def)
paulson@14853
   289
nipkow@39595
   290
lemma extensional_restrict:  "f \<in> extensional A \<Longrightarrow> restrict f A = f"
wenzelm@58783
   291
  by (rule extensionalityI[OF restrict_extensional]) auto
nipkow@39595
   292
hoelzl@50123
   293
lemma extensional_subset: "f \<in> extensional A \<Longrightarrow> A \<subseteq> B \<Longrightarrow> f \<in> extensional B"
hoelzl@50123
   294
  unfolding extensional_def by auto
hoelzl@50123
   295
wenzelm@58783
   296
lemma inv_into_funcset: "f ` A = B \<Longrightarrow> (\<lambda>x\<in>B. inv_into A f x) \<in> B \<rightarrow> A"
wenzelm@58783
   297
  by (unfold inv_into_def) (fast intro: someI2)
paulson@14853
   298
wenzelm@58783
   299
lemma compose_inv_into_id: "bij_betw f A B \<Longrightarrow> compose A (\<lambda>y\<in>B. inv_into A f y) f = (\<lambda>x\<in>A. x)"
wenzelm@58783
   300
  apply (simp add: bij_betw_def compose_def)
wenzelm@58783
   301
  apply (rule restrict_ext, auto)
wenzelm@58783
   302
  done
paulson@14853
   303
wenzelm@58783
   304
lemma compose_id_inv_into: "f ` A = B \<Longrightarrow> compose B f (\<lambda>y\<in>B. inv_into A f y) = (\<lambda>x\<in>B. x)"
wenzelm@58783
   305
  apply (simp add: compose_def)
wenzelm@58783
   306
  apply (rule restrict_ext)
wenzelm@58783
   307
  apply (simp add: f_inv_into_f)
wenzelm@58783
   308
  done
paulson@14853
   309
hoelzl@50123
   310
lemma extensional_insert[intro, simp]:
hoelzl@50123
   311
  assumes "a \<in> extensional (insert i I)"
hoelzl@50123
   312
  shows "a(i := b) \<in> extensional (insert i I)"
hoelzl@50123
   313
  using assms unfolding extensional_def by auto
hoelzl@50123
   314
wenzelm@58783
   315
lemma extensional_Int[simp]: "extensional I \<inter> extensional I' = extensional (I \<inter> I')"
hoelzl@50123
   316
  unfolding extensional_def by auto
hoelzl@50123
   317
hoelzl@50123
   318
lemma extensional_UNIV[simp]: "extensional UNIV = UNIV"
hoelzl@50123
   319
  by (auto simp: extensional_def)
hoelzl@50123
   320
hoelzl@50123
   321
lemma restrict_extensional_sub[intro]: "A \<subseteq> B \<Longrightarrow> restrict f A \<in> extensional B"
hoelzl@50123
   322
  unfolding restrict_def extensional_def by auto
hoelzl@50123
   323
hoelzl@50123
   324
lemma extensional_insert_undefined[intro, simp]:
hoelzl@50123
   325
  "a \<in> extensional (insert i I) \<Longrightarrow> a(i := undefined) \<in> extensional I"
hoelzl@50123
   326
  unfolding extensional_def by auto
hoelzl@50123
   327
hoelzl@50123
   328
lemma extensional_insert_cancel[intro, simp]:
hoelzl@50123
   329
  "a \<in> extensional I \<Longrightarrow> a \<in> extensional (insert i I)"
hoelzl@50123
   330
  unfolding extensional_def by auto
hoelzl@50123
   331
paulson@14762
   332
wenzelm@58783
   333
subsection \<open>Cardinality\<close>
paulson@14745
   334
wenzelm@58783
   335
lemma card_inj: "f \<in> A \<rightarrow> B \<Longrightarrow> inj_on f A \<Longrightarrow> finite B \<Longrightarrow> card A \<le> card B"
wenzelm@58783
   336
  by (rule card_inj_on_le) auto
paulson@14745
   337
paulson@14745
   338
lemma card_bij:
wenzelm@58783
   339
  assumes "f \<in> A \<rightarrow> B" "inj_on f A"
wenzelm@58783
   340
    and "g \<in> B \<rightarrow> A" "inj_on g B"
wenzelm@58783
   341
    and "finite A" "finite B"
wenzelm@58783
   342
  shows "card A = card B"
wenzelm@58783
   343
  using assms by (blast intro: card_inj order_antisym)
paulson@14745
   344
wenzelm@58783
   345
wenzelm@58783
   346
subsection \<open>Extensional Function Spaces\<close>
bulwahn@40631
   347
wenzelm@58783
   348
definition PiE :: "'a set \<Rightarrow> ('a \<Rightarrow> 'b set) \<Rightarrow> ('a \<Rightarrow> 'b) set"
wenzelm@58783
   349
  where "PiE S T = Pi S T \<inter> extensional S"
hoelzl@50123
   350
wenzelm@53015
   351
abbreviation "Pi\<^sub>E A B \<equiv> PiE A B"
bulwahn@40631
   352
wenzelm@58783
   353
syntax
wenzelm@58783
   354
  "_PiE" :: "pttrn \<Rightarrow> 'a set \<Rightarrow> 'b set \<Rightarrow> ('a \<Rightarrow> 'b) set"  ("(3PIE _:_./ _)" 10)
wenzelm@58783
   355
syntax (xsymbols)
wenzelm@58783
   356
  "_PiE" :: "pttrn \<Rightarrow> 'a set \<Rightarrow> 'b set \<Rightarrow> ('a \<Rightarrow> 'b) set"  ("(3\<Pi>\<^sub>E _\<in>_./ _)" 10)
wenzelm@58783
   357
syntax (HTML output)
wenzelm@58783
   358
  "_PiE" :: "pttrn \<Rightarrow> 'a set \<Rightarrow> 'b set \<Rightarrow> ('a \<Rightarrow> 'b) set"  ("(3\<Pi>\<^sub>E _\<in>_./ _)" 10)
wenzelm@58783
   359
translations "\<Pi>\<^sub>E x\<in>A. B" \<rightleftharpoons> "CONST Pi\<^sub>E A (\<lambda>x. B)"
hoelzl@50123
   360
wenzelm@58783
   361
abbreviation extensional_funcset :: "'a set \<Rightarrow> 'b set \<Rightarrow> ('a \<Rightarrow> 'b) set" (infixr "->\<^sub>E" 60)
wenzelm@58783
   362
  where "A ->\<^sub>E B \<equiv> (\<Pi>\<^sub>E i\<in>A. B)"
hoelzl@50123
   363
hoelzl@50123
   364
notation (xsymbols)
wenzelm@53015
   365
  extensional_funcset  (infixr "\<rightarrow>\<^sub>E" 60)
bulwahn@40631
   366
wenzelm@58783
   367
lemma extensional_funcset_def: "extensional_funcset S T = (S \<rightarrow> T) \<inter> extensional S"
hoelzl@50123
   368
  by (simp add: PiE_def)
hoelzl@50123
   369
wenzelm@58783
   370
lemma PiE_empty_domain[simp]: "PiE {} T = {\<lambda>x. undefined}"
hoelzl@50123
   371
  unfolding PiE_def by simp
hoelzl@50123
   372
hoelzl@54417
   373
lemma PiE_UNIV_domain: "PiE UNIV T = Pi UNIV T"
hoelzl@54417
   374
  unfolding PiE_def by simp
hoelzl@54417
   375
wenzelm@58783
   376
lemma PiE_empty_range[simp]: "i \<in> I \<Longrightarrow> F i = {} \<Longrightarrow> (\<Pi>\<^sub>E i\<in>I. F i) = {}"
hoelzl@50123
   377
  unfolding PiE_def by auto
bulwahn@40631
   378
wenzelm@58783
   379
lemma PiE_eq_empty_iff: "Pi\<^sub>E I F = {} \<longleftrightarrow> (\<exists>i\<in>I. F i = {})"
hoelzl@50123
   380
proof
wenzelm@53015
   381
  assume "Pi\<^sub>E I F = {}"
hoelzl@50123
   382
  show "\<exists>i\<in>I. F i = {}"
hoelzl@50123
   383
  proof (rule ccontr)
hoelzl@50123
   384
    assume "\<not> ?thesis"
wenzelm@58783
   385
    then have "\<forall>i. \<exists>y. (i \<in> I \<longrightarrow> y \<in> F i) \<and> (i \<notin> I \<longrightarrow> y = undefined)"
wenzelm@58783
   386
      by auto
wenzelm@53381
   387
    from choice[OF this]
wenzelm@53381
   388
    obtain f where " \<forall>x. (x \<in> I \<longrightarrow> f x \<in> F x) \<and> (x \<notin> I \<longrightarrow> f x = undefined)" ..
wenzelm@58783
   389
    then have "f \<in> Pi\<^sub>E I F"
wenzelm@58783
   390
      by (auto simp: extensional_def PiE_def)
wenzelm@58783
   391
    with \<open>Pi\<^sub>E I F = {}\<close> show False
wenzelm@58783
   392
      by auto
hoelzl@50123
   393
  qed
hoelzl@50123
   394
qed (auto simp: PiE_def)
bulwahn@40631
   395
hoelzl@50123
   396
lemma PiE_arb: "f \<in> PiE S T \<Longrightarrow> x \<notin> S \<Longrightarrow> f x = undefined"
hoelzl@50123
   397
  unfolding PiE_def by auto (auto dest!: extensional_arb)
hoelzl@50123
   398
hoelzl@50123
   399
lemma PiE_mem: "f \<in> PiE S T \<Longrightarrow> x \<in> S \<Longrightarrow> f x \<in> T x"
hoelzl@50123
   400
  unfolding PiE_def by auto
bulwahn@40631
   401
hoelzl@50123
   402
lemma PiE_fun_upd: "y \<in> T x \<Longrightarrow> f \<in> PiE S T \<Longrightarrow> f(x := y) \<in> PiE (insert x S) T"
hoelzl@50123
   403
  unfolding PiE_def extensional_def by auto
bulwahn@40631
   404
hoelzl@50123
   405
lemma fun_upd_in_PiE: "x \<notin> S \<Longrightarrow> f \<in> PiE (insert x S) T \<Longrightarrow> f(x := undefined) \<in> PiE S T"
hoelzl@50123
   406
  unfolding PiE_def extensional_def by auto
hoelzl@50123
   407
hoelzl@59425
   408
lemma PiE_insert_eq: "PiE (insert x S) T = (\<lambda>(y, g). g(x := y)) ` (T x \<times> PiE S T)"
bulwahn@40631
   409
proof -
bulwahn@40631
   410
  {
hoelzl@59425
   411
    fix f assume "f \<in> PiE (insert x S) T" "x \<notin> S"
hoelzl@50123
   412
    with assms have "f \<in> (\<lambda>(y, g). g(x := y)) ` (T x \<times> PiE S T)"
hoelzl@50123
   413
      by (auto intro!: image_eqI[where x="(f x, f(x := undefined))"] intro: fun_upd_in_PiE PiE_mem)
bulwahn@40631
   414
  }
hoelzl@59425
   415
  moreover
hoelzl@59425
   416
  {
hoelzl@59425
   417
    fix f assume "f \<in> PiE (insert x S) T" "x \<in> S"
hoelzl@59425
   418
    with assms have "f \<in> (\<lambda>(y, g). g(x := y)) ` (T x \<times> PiE S T)"
hoelzl@59425
   419
      by (auto intro!: image_eqI[where x="(f x, f)"] intro: fun_upd_in_PiE PiE_mem simp: insert_absorb)
hoelzl@59425
   420
  }
hoelzl@59425
   421
  ultimately show ?thesis
wenzelm@58783
   422
    using assms by (auto intro: PiE_fun_upd)
bulwahn@40631
   423
qed
bulwahn@40631
   424
wenzelm@58783
   425
lemma PiE_Int: "Pi\<^sub>E I A \<inter> Pi\<^sub>E I B = Pi\<^sub>E I (\<lambda>x. A x \<inter> B x)"
hoelzl@50123
   426
  by (auto simp: PiE_def)
hoelzl@50123
   427
wenzelm@58783
   428
lemma PiE_cong: "(\<And>i. i\<in>I \<Longrightarrow> A i = B i) \<Longrightarrow> Pi\<^sub>E I A = Pi\<^sub>E I B"
hoelzl@50123
   429
  unfolding PiE_def by (auto simp: Pi_cong)
hoelzl@50123
   430
hoelzl@50123
   431
lemma PiE_E [elim]:
wenzelm@58783
   432
  assumes "f \<in> PiE A B"
wenzelm@58783
   433
  obtains "x \<in> A" and "f x \<in> B x"
wenzelm@58783
   434
    | "x \<notin> A" and "f x = undefined"
wenzelm@58783
   435
  using assms by (auto simp: Pi_def PiE_def extensional_def)
hoelzl@50123
   436
wenzelm@58783
   437
lemma PiE_I[intro!]:
wenzelm@58783
   438
  "(\<And>x. x \<in> A \<Longrightarrow> f x \<in> B x) \<Longrightarrow> (\<And>x. x \<notin> A \<Longrightarrow> f x = undefined) \<Longrightarrow> f \<in> PiE A B"
hoelzl@50123
   439
  by (simp add: PiE_def extensional_def)
hoelzl@50123
   440
hoelzl@50123
   441
lemma PiE_mono: "(\<And>x. x \<in> A \<Longrightarrow> B x \<subseteq> C x) \<Longrightarrow> PiE A B \<subseteq> PiE A C"
hoelzl@50123
   442
  by auto
hoelzl@50123
   443
hoelzl@50123
   444
lemma PiE_iff: "f \<in> PiE I X \<longleftrightarrow> (\<forall>i\<in>I. f i \<in> X i) \<and> f \<in> extensional I"
hoelzl@50123
   445
  by (simp add: PiE_def Pi_iff)
hoelzl@50123
   446
hoelzl@50123
   447
lemma PiE_restrict[simp]:  "f \<in> PiE A B \<Longrightarrow> restrict f A = f"
hoelzl@50123
   448
  by (simp add: extensional_restrict PiE_def)
hoelzl@50123
   449
hoelzl@50123
   450
lemma restrict_PiE[simp]: "restrict f I \<in> PiE I S \<longleftrightarrow> f \<in> Pi I S"
hoelzl@50123
   451
  by (auto simp: PiE_iff)
hoelzl@50123
   452
hoelzl@50123
   453
lemma PiE_eq_subset:
hoelzl@50123
   454
  assumes ne: "\<And>i. i \<in> I \<Longrightarrow> F i \<noteq> {}" "\<And>i. i \<in> I \<Longrightarrow> F' i \<noteq> {}"
wenzelm@58783
   455
    and eq: "Pi\<^sub>E I F = Pi\<^sub>E I F'"
wenzelm@58783
   456
    and "i \<in> I"
hoelzl@50123
   457
  shows "F i \<subseteq> F' i"
hoelzl@50123
   458
proof
wenzelm@58783
   459
  fix x
wenzelm@58783
   460
  assume "x \<in> F i"
wenzelm@58783
   461
  with ne have "\<forall>j. \<exists>y. (j \<in> I \<longrightarrow> y \<in> F j \<and> (i = j \<longrightarrow> x = y)) \<and> (j \<notin> I \<longrightarrow> y = undefined)"
wenzelm@53381
   462
    by auto
wenzelm@53381
   463
  from choice[OF this] obtain f
wenzelm@53381
   464
    where f: " \<forall>j. (j \<in> I \<longrightarrow> f j \<in> F j \<and> (i = j \<longrightarrow> x = f j)) \<and> (j \<notin> I \<longrightarrow> f j = undefined)" ..
wenzelm@58783
   465
  then have "f \<in> Pi\<^sub>E I F"
wenzelm@58783
   466
    by (auto simp: extensional_def PiE_def)
wenzelm@58783
   467
  then have "f \<in> Pi\<^sub>E I F'"
wenzelm@58783
   468
    using assms by simp
wenzelm@58783
   469
  then show "x \<in> F' i"
wenzelm@58783
   470
    using f \<open>i \<in> I\<close> by (auto simp: PiE_def)
hoelzl@50123
   471
qed
hoelzl@50123
   472
hoelzl@50123
   473
lemma PiE_eq_iff_not_empty:
hoelzl@50123
   474
  assumes ne: "\<And>i. i \<in> I \<Longrightarrow> F i \<noteq> {}" "\<And>i. i \<in> I \<Longrightarrow> F' i \<noteq> {}"
wenzelm@53015
   475
  shows "Pi\<^sub>E I F = Pi\<^sub>E I F' \<longleftrightarrow> (\<forall>i\<in>I. F i = F' i)"
hoelzl@50123
   476
proof (intro iffI ballI)
wenzelm@58783
   477
  fix i
wenzelm@58783
   478
  assume eq: "Pi\<^sub>E I F = Pi\<^sub>E I F'"
wenzelm@58783
   479
  assume i: "i \<in> I"
hoelzl@50123
   480
  show "F i = F' i"
hoelzl@50123
   481
    using PiE_eq_subset[of I F F', OF ne eq i]
hoelzl@50123
   482
    using PiE_eq_subset[of I F' F, OF ne(2,1) eq[symmetric] i]
hoelzl@50123
   483
    by auto
hoelzl@50123
   484
qed (auto simp: PiE_def)
hoelzl@50123
   485
hoelzl@50123
   486
lemma PiE_eq_iff:
wenzelm@53015
   487
  "Pi\<^sub>E I F = Pi\<^sub>E I F' \<longleftrightarrow> (\<forall>i\<in>I. F i = F' i) \<or> ((\<exists>i\<in>I. F i = {}) \<and> (\<exists>i\<in>I. F' i = {}))"
hoelzl@50123
   488
proof (intro iffI disjCI)
wenzelm@53015
   489
  assume eq[simp]: "Pi\<^sub>E I F = Pi\<^sub>E I F'"
hoelzl@50123
   490
  assume "\<not> ((\<exists>i\<in>I. F i = {}) \<and> (\<exists>i\<in>I. F' i = {}))"
hoelzl@50123
   491
  then have "(\<forall>i\<in>I. F i \<noteq> {}) \<and> (\<forall>i\<in>I. F' i \<noteq> {})"
hoelzl@50123
   492
    using PiE_eq_empty_iff[of I F] PiE_eq_empty_iff[of I F'] by auto
wenzelm@58783
   493
  with PiE_eq_iff_not_empty[of I F F'] show "\<forall>i\<in>I. F i = F' i"
wenzelm@58783
   494
    by auto
hoelzl@50123
   495
next
hoelzl@50123
   496
  assume "(\<forall>i\<in>I. F i = F' i) \<or> (\<exists>i\<in>I. F i = {}) \<and> (\<exists>i\<in>I. F' i = {})"
wenzelm@53015
   497
  then show "Pi\<^sub>E I F = Pi\<^sub>E I F'"
hoelzl@50123
   498
    using PiE_eq_empty_iff[of I F] PiE_eq_empty_iff[of I F'] by (auto simp: PiE_def)
hoelzl@50123
   499
qed
hoelzl@50123
   500
wenzelm@58783
   501
lemma extensional_funcset_fun_upd_restricts_rangeI:
wenzelm@58783
   502
  "\<forall>y \<in> S. f x \<noteq> f y \<Longrightarrow> f \<in> (insert x S) \<rightarrow>\<^sub>E T \<Longrightarrow> f(x := undefined) \<in> S \<rightarrow>\<^sub>E (T - {f x})"
hoelzl@50123
   503
  unfolding extensional_funcset_def extensional_def
hoelzl@50123
   504
  apply auto
hoelzl@50123
   505
  apply (case_tac "x = xa")
hoelzl@50123
   506
  apply auto
hoelzl@50123
   507
  done
bulwahn@40631
   508
bulwahn@40631
   509
lemma extensional_funcset_fun_upd_extends_rangeI:
wenzelm@53015
   510
  assumes "a \<in> T" "f \<in> S \<rightarrow>\<^sub>E (T - {a})"
wenzelm@58783
   511
  shows "f(x := a) \<in> insert x S \<rightarrow>\<^sub>E  T"
bulwahn@40631
   512
  using assms unfolding extensional_funcset_def extensional_def by auto
bulwahn@40631
   513
wenzelm@58783
   514
wenzelm@58783
   515
subsubsection \<open>Injective Extensional Function Spaces\<close>
bulwahn@40631
   516
bulwahn@40631
   517
lemma extensional_funcset_fun_upd_inj_onI:
wenzelm@58783
   518
  assumes "f \<in> S \<rightarrow>\<^sub>E (T - {a})"
wenzelm@58783
   519
    and "inj_on f S"
bulwahn@40631
   520
  shows "inj_on (f(x := a)) S"
wenzelm@58783
   521
  using assms
wenzelm@58783
   522
  unfolding extensional_funcset_def by (auto intro!: inj_on_fun_updI)
bulwahn@40631
   523
bulwahn@40631
   524
lemma extensional_funcset_extend_domain_inj_on_eq:
bulwahn@40631
   525
  assumes "x \<notin> S"
wenzelm@58783
   526
  shows "{f. f \<in> (insert x S) \<rightarrow>\<^sub>E T \<and> inj_on f (insert x S)} =
wenzelm@58783
   527
    (\<lambda>(y, g). g(x:=y)) ` {(y, g). y \<in> T \<and> g \<in> S \<rightarrow>\<^sub>E (T - {y}) \<and> inj_on g S}"
wenzelm@58783
   528
  using assms
wenzelm@58783
   529
  apply (auto del: PiE_I PiE_E)
wenzelm@58783
   530
  apply (auto intro: extensional_funcset_fun_upd_inj_onI
wenzelm@58783
   531
    extensional_funcset_fun_upd_extends_rangeI del: PiE_I PiE_E)
wenzelm@58783
   532
  apply (auto simp add: image_iff inj_on_def)
wenzelm@58783
   533
  apply (rule_tac x="xa x" in exI)
wenzelm@58783
   534
  apply (auto intro: PiE_mem del: PiE_I PiE_E)
wenzelm@58783
   535
  apply (rule_tac x="xa(x := undefined)" in exI)
wenzelm@58783
   536
  apply (auto intro!: extensional_funcset_fun_upd_restricts_rangeI)
wenzelm@58783
   537
  apply (auto dest!: PiE_mem split: split_if_asm)
wenzelm@58783
   538
  done
bulwahn@40631
   539
bulwahn@40631
   540
lemma extensional_funcset_extend_domain_inj_onI:
bulwahn@40631
   541
  assumes "x \<notin> S"
wenzelm@53015
   542
  shows "inj_on (\<lambda>(y, g). g(x := y)) {(y, g). y \<in> T \<and> g \<in> S \<rightarrow>\<^sub>E (T - {y}) \<and> inj_on g S}"
wenzelm@58783
   543
  using assms
wenzelm@58783
   544
  apply (auto intro!: inj_onI)
wenzelm@58783
   545
  apply (metis fun_upd_same)
wenzelm@58783
   546
  apply (metis assms PiE_arb fun_upd_triv fun_upd_upd)
wenzelm@58783
   547
  done
bulwahn@40631
   548
bulwahn@40631
   549
wenzelm@58783
   550
subsubsection \<open>Cardinality\<close>
wenzelm@58783
   551
wenzelm@58783
   552
lemma finite_PiE: "finite S \<Longrightarrow> (\<And>i. i \<in> S \<Longrightarrow> finite (T i)) \<Longrightarrow> finite (\<Pi>\<^sub>E i \<in> S. T i)"
hoelzl@50123
   553
  by (induct S arbitrary: T rule: finite_induct) (simp_all add: PiE_insert_eq)
hoelzl@50123
   554
wenzelm@53015
   555
lemma inj_combinator: "x \<notin> S \<Longrightarrow> inj_on (\<lambda>(y, g). g(x := y)) (T x \<times> Pi\<^sub>E S T)"
hoelzl@50123
   556
proof (safe intro!: inj_onI ext)
wenzelm@58783
   557
  fix f y g z
wenzelm@58783
   558
  assume "x \<notin> S"
wenzelm@58783
   559
  assume fg: "f \<in> Pi\<^sub>E S T" "g \<in> Pi\<^sub>E S T"
hoelzl@50123
   560
  assume "f(x := y) = g(x := z)"
hoelzl@50123
   561
  then have *: "\<And>i. (f(x := y)) i = (g(x := z)) i"
hoelzl@50123
   562
    unfolding fun_eq_iff by auto
hoelzl@50123
   563
  from this[of x] show "y = z" by simp
wenzelm@58783
   564
  fix i from *[of i] \<open>x \<notin> S\<close> fg show "f i = g i"
hoelzl@50123
   565
    by (auto split: split_if_asm simp: PiE_def extensional_def)
bulwahn@40631
   566
qed
bulwahn@40631
   567
wenzelm@58783
   568
lemma card_PiE: "finite S \<Longrightarrow> card (\<Pi>\<^sub>E i \<in> S. T i) = (\<Prod> i\<in>S. card (T i))"
hoelzl@50123
   569
proof (induct rule: finite_induct)
wenzelm@58783
   570
  case empty
wenzelm@58783
   571
  then show ?case by auto
hoelzl@50123
   572
next
wenzelm@58783
   573
  case (insert x S)
wenzelm@58783
   574
  then show ?case
hoelzl@50123
   575
    by (simp add: PiE_insert_eq inj_combinator card_image card_cartesian_product)
bulwahn@40631
   576
qed
bulwahn@40631
   577
paulson@13586
   578
end