src/HOL/Library/Nat_Bijection.thy
author paulson <lp15@cam.ac.uk>
Mon Feb 22 14:37:56 2016 +0000 (2016-02-22)
changeset 62379 340738057c8c
parent 62046 2c9f68fbf047
child 63625 1e7c5bbea36d
permissions -rw-r--r--
An assortment of useful lemmas about sums, norm, etc. Also: norm_conv_dist [symmetric] is now a simprule!
wenzelm@41959
     1
(*  Title:      HOL/Library/Nat_Bijection.thy
huffman@35700
     2
    Author:     Brian Huffman
huffman@35700
     3
    Author:     Florian Haftmann
huffman@35700
     4
    Author:     Stefan Richter
huffman@35700
     5
    Author:     Tobias Nipkow
huffman@35700
     6
    Author:     Alexander Krauss
huffman@35700
     7
*)
huffman@35700
     8
wenzelm@60500
     9
section \<open>Bijections between natural numbers and other types\<close>
huffman@35700
    10
huffman@35700
    11
theory Nat_Bijection
haftmann@58770
    12
imports Main
huffman@35700
    13
begin
huffman@35700
    14
wenzelm@60500
    15
subsection \<open>Type @{typ "nat \<times> nat"}\<close>
huffman@35700
    16
huffman@35700
    17
text "Triangle numbers: 0, 1, 3, 6, 10, 15, ..."
huffman@35700
    18
wenzelm@62046
    19
definition triangle :: "nat \<Rightarrow> nat"
wenzelm@62046
    20
  where "triangle n = (n * Suc n) div 2"
huffman@35700
    21
huffman@35700
    22
lemma triangle_0 [simp]: "triangle 0 = 0"
huffman@35700
    23
unfolding triangle_def by simp
huffman@35700
    24
huffman@35700
    25
lemma triangle_Suc [simp]: "triangle (Suc n) = triangle n + Suc n"
huffman@35700
    26
unfolding triangle_def by simp
huffman@35700
    27
wenzelm@62046
    28
definition prod_encode :: "nat \<times> nat \<Rightarrow> nat"
wenzelm@62046
    29
  where "prod_encode = (\<lambda>(m, n). triangle (m + n) + m)"
huffman@35700
    30
wenzelm@60500
    31
text \<open>In this auxiliary function, @{term "triangle k + m"} is an invariant.\<close>
huffman@35700
    32
wenzelm@62046
    33
fun prod_decode_aux :: "nat \<Rightarrow> nat \<Rightarrow> nat \<times> nat"
huffman@35700
    34
where
huffman@35700
    35
  "prod_decode_aux k m =
huffman@35700
    36
    (if m \<le> k then (m, k - m) else prod_decode_aux (Suc k) (m - Suc k))"
huffman@35700
    37
huffman@35700
    38
declare prod_decode_aux.simps [simp del]
huffman@35700
    39
wenzelm@62046
    40
definition prod_decode :: "nat \<Rightarrow> nat \<times> nat"
wenzelm@62046
    41
  where "prod_decode = prod_decode_aux 0"
huffman@35700
    42
huffman@35700
    43
lemma prod_encode_prod_decode_aux:
huffman@35700
    44
  "prod_encode (prod_decode_aux k m) = triangle k + m"
huffman@35700
    45
apply (induct k m rule: prod_decode_aux.induct)
huffman@35700
    46
apply (subst prod_decode_aux.simps)
huffman@35700
    47
apply (simp add: prod_encode_def)
huffman@35700
    48
done
huffman@35700
    49
huffman@35700
    50
lemma prod_decode_inverse [simp]: "prod_encode (prod_decode n) = n"
huffman@35700
    51
unfolding prod_decode_def by (simp add: prod_encode_prod_decode_aux)
huffman@35700
    52
wenzelm@62046
    53
lemma prod_decode_triangle_add: "prod_decode (triangle k + m) = prod_decode_aux k m"
huffman@35700
    54
apply (induct k arbitrary: m)
huffman@35700
    55
apply (simp add: prod_decode_def)
haftmann@57512
    56
apply (simp only: triangle_Suc add.assoc)
huffman@35700
    57
apply (subst prod_decode_aux.simps, simp)
huffman@35700
    58
done
huffman@35700
    59
huffman@35700
    60
lemma prod_encode_inverse [simp]: "prod_decode (prod_encode x) = x"
huffman@35700
    61
unfolding prod_encode_def
huffman@35700
    62
apply (induct x)
huffman@35700
    63
apply (simp add: prod_decode_triangle_add)
huffman@35700
    64
apply (subst prod_decode_aux.simps, simp)
huffman@35700
    65
done
huffman@35700
    66
huffman@35700
    67
lemma inj_prod_encode: "inj_on prod_encode A"
huffman@35700
    68
by (rule inj_on_inverseI, rule prod_encode_inverse)
huffman@35700
    69
huffman@35700
    70
lemma inj_prod_decode: "inj_on prod_decode A"
huffman@35700
    71
by (rule inj_on_inverseI, rule prod_decode_inverse)
huffman@35700
    72
huffman@35700
    73
lemma surj_prod_encode: "surj prod_encode"
huffman@35700
    74
by (rule surjI, rule prod_decode_inverse)
huffman@35700
    75
huffman@35700
    76
lemma surj_prod_decode: "surj prod_decode"
huffman@35700
    77
by (rule surjI, rule prod_encode_inverse)
huffman@35700
    78
huffman@35700
    79
lemma bij_prod_encode: "bij prod_encode"
huffman@35700
    80
by (rule bijI [OF inj_prod_encode surj_prod_encode])
huffman@35700
    81
huffman@35700
    82
lemma bij_prod_decode: "bij prod_decode"
huffman@35700
    83
by (rule bijI [OF inj_prod_decode surj_prod_decode])
huffman@35700
    84
huffman@35700
    85
lemma prod_encode_eq: "prod_encode x = prod_encode y \<longleftrightarrow> x = y"
huffman@35700
    86
by (rule inj_prod_encode [THEN inj_eq])
huffman@35700
    87
huffman@35700
    88
lemma prod_decode_eq: "prod_decode x = prod_decode y \<longleftrightarrow> x = y"
huffman@35700
    89
by (rule inj_prod_decode [THEN inj_eq])
huffman@35700
    90
wenzelm@62046
    91
wenzelm@60500
    92
text \<open>Ordering properties\<close>
huffman@35700
    93
huffman@35700
    94
lemma le_prod_encode_1: "a \<le> prod_encode (a, b)"
huffman@35700
    95
unfolding prod_encode_def by simp
huffman@35700
    96
huffman@35700
    97
lemma le_prod_encode_2: "b \<le> prod_encode (a, b)"
huffman@35700
    98
unfolding prod_encode_def by (induct b, simp_all)
huffman@35700
    99
huffman@35700
   100
wenzelm@60500
   101
subsection \<open>Type @{typ "nat + nat"}\<close>
huffman@35700
   102
wenzelm@62046
   103
definition sum_encode :: "nat + nat \<Rightarrow> nat"
huffman@35700
   104
where
huffman@35700
   105
  "sum_encode x = (case x of Inl a \<Rightarrow> 2 * a | Inr b \<Rightarrow> Suc (2 * b))"
huffman@35700
   106
wenzelm@62046
   107
definition sum_decode :: "nat \<Rightarrow> nat + nat"
huffman@35700
   108
where
huffman@35700
   109
  "sum_decode n = (if even n then Inl (n div 2) else Inr (n div 2))"
huffman@35700
   110
huffman@35700
   111
lemma sum_encode_inverse [simp]: "sum_decode (sum_encode x) = x"
huffman@35700
   112
unfolding sum_decode_def sum_encode_def
huffman@35700
   113
by (induct x) simp_all
huffman@35700
   114
huffman@35700
   115
lemma sum_decode_inverse [simp]: "sum_encode (sum_decode n) = n"
haftmann@58834
   116
  by (simp add: even_two_times_div_two sum_decode_def sum_encode_def)
huffman@35700
   117
huffman@35700
   118
lemma inj_sum_encode: "inj_on sum_encode A"
huffman@35700
   119
by (rule inj_on_inverseI, rule sum_encode_inverse)
huffman@35700
   120
huffman@35700
   121
lemma inj_sum_decode: "inj_on sum_decode A"
huffman@35700
   122
by (rule inj_on_inverseI, rule sum_decode_inverse)
huffman@35700
   123
huffman@35700
   124
lemma surj_sum_encode: "surj sum_encode"
huffman@35700
   125
by (rule surjI, rule sum_decode_inverse)
huffman@35700
   126
huffman@35700
   127
lemma surj_sum_decode: "surj sum_decode"
huffman@35700
   128
by (rule surjI, rule sum_encode_inverse)
huffman@35700
   129
huffman@35700
   130
lemma bij_sum_encode: "bij sum_encode"
huffman@35700
   131
by (rule bijI [OF inj_sum_encode surj_sum_encode])
huffman@35700
   132
huffman@35700
   133
lemma bij_sum_decode: "bij sum_decode"
huffman@35700
   134
by (rule bijI [OF inj_sum_decode surj_sum_decode])
huffman@35700
   135
huffman@35700
   136
lemma sum_encode_eq: "sum_encode x = sum_encode y \<longleftrightarrow> x = y"
huffman@35700
   137
by (rule inj_sum_encode [THEN inj_eq])
huffman@35700
   138
huffman@35700
   139
lemma sum_decode_eq: "sum_decode x = sum_decode y \<longleftrightarrow> x = y"
huffman@35700
   140
by (rule inj_sum_decode [THEN inj_eq])
huffman@35700
   141
huffman@35700
   142
wenzelm@60500
   143
subsection \<open>Type @{typ "int"}\<close>
huffman@35700
   144
wenzelm@62046
   145
definition int_encode :: "int \<Rightarrow> nat"
huffman@35700
   146
where
huffman@35700
   147
  "int_encode i = sum_encode (if 0 \<le> i then Inl (nat i) else Inr (nat (- i - 1)))"
huffman@35700
   148
wenzelm@62046
   149
definition int_decode :: "nat \<Rightarrow> int"
huffman@35700
   150
where
huffman@35700
   151
  "int_decode n = (case sum_decode n of Inl a \<Rightarrow> int a | Inr b \<Rightarrow> - int b - 1)"
huffman@35700
   152
huffman@35700
   153
lemma int_encode_inverse [simp]: "int_decode (int_encode x) = x"
huffman@35700
   154
unfolding int_decode_def int_encode_def by simp
huffman@35700
   155
huffman@35700
   156
lemma int_decode_inverse [simp]: "int_encode (int_decode n) = n"
huffman@35700
   157
unfolding int_decode_def int_encode_def using sum_decode_inverse [of n]
huffman@35700
   158
by (cases "sum_decode n", simp_all)
huffman@35700
   159
huffman@35700
   160
lemma inj_int_encode: "inj_on int_encode A"
huffman@35700
   161
by (rule inj_on_inverseI, rule int_encode_inverse)
huffman@35700
   162
huffman@35700
   163
lemma inj_int_decode: "inj_on int_decode A"
huffman@35700
   164
by (rule inj_on_inverseI, rule int_decode_inverse)
huffman@35700
   165
huffman@35700
   166
lemma surj_int_encode: "surj int_encode"
huffman@35700
   167
by (rule surjI, rule int_decode_inverse)
huffman@35700
   168
huffman@35700
   169
lemma surj_int_decode: "surj int_decode"
huffman@35700
   170
by (rule surjI, rule int_encode_inverse)
huffman@35700
   171
huffman@35700
   172
lemma bij_int_encode: "bij int_encode"
huffman@35700
   173
by (rule bijI [OF inj_int_encode surj_int_encode])
huffman@35700
   174
huffman@35700
   175
lemma bij_int_decode: "bij int_decode"
huffman@35700
   176
by (rule bijI [OF inj_int_decode surj_int_decode])
huffman@35700
   177
huffman@35700
   178
lemma int_encode_eq: "int_encode x = int_encode y \<longleftrightarrow> x = y"
huffman@35700
   179
by (rule inj_int_encode [THEN inj_eq])
huffman@35700
   180
huffman@35700
   181
lemma int_decode_eq: "int_decode x = int_decode y \<longleftrightarrow> x = y"
huffman@35700
   182
by (rule inj_int_decode [THEN inj_eq])
huffman@35700
   183
huffman@35700
   184
wenzelm@60500
   185
subsection \<open>Type @{typ "nat list"}\<close>
huffman@35700
   186
wenzelm@62046
   187
fun list_encode :: "nat list \<Rightarrow> nat"
huffman@35700
   188
where
huffman@35700
   189
  "list_encode [] = 0"
huffman@35700
   190
| "list_encode (x # xs) = Suc (prod_encode (x, list_encode xs))"
huffman@35700
   191
wenzelm@62046
   192
function list_decode :: "nat \<Rightarrow> nat list"
huffman@35700
   193
where
huffman@35700
   194
  "list_decode 0 = []"
huffman@35700
   195
| "list_decode (Suc n) = (case prod_decode n of (x, y) \<Rightarrow> x # list_decode y)"
huffman@35700
   196
by pat_completeness auto
huffman@35700
   197
huffman@35700
   198
termination list_decode
huffman@35700
   199
apply (relation "measure id", simp_all)
huffman@35700
   200
apply (drule arg_cong [where f="prod_encode"])
haftmann@37591
   201
apply (drule sym)
huffman@35700
   202
apply (simp add: le_imp_less_Suc le_prod_encode_2)
huffman@35700
   203
done
huffman@35700
   204
huffman@35700
   205
lemma list_encode_inverse [simp]: "list_decode (list_encode x) = x"
huffman@35700
   206
by (induct x rule: list_encode.induct) simp_all
huffman@35700
   207
huffman@35700
   208
lemma list_decode_inverse [simp]: "list_encode (list_decode n) = n"
huffman@35700
   209
apply (induct n rule: list_decode.induct, simp)
huffman@35700
   210
apply (simp split: prod.split)
huffman@35700
   211
apply (simp add: prod_decode_eq [symmetric])
huffman@35700
   212
done
huffman@35700
   213
huffman@35700
   214
lemma inj_list_encode: "inj_on list_encode A"
huffman@35700
   215
by (rule inj_on_inverseI, rule list_encode_inverse)
huffman@35700
   216
huffman@35700
   217
lemma inj_list_decode: "inj_on list_decode A"
huffman@35700
   218
by (rule inj_on_inverseI, rule list_decode_inverse)
huffman@35700
   219
huffman@35700
   220
lemma surj_list_encode: "surj list_encode"
huffman@35700
   221
by (rule surjI, rule list_decode_inverse)
huffman@35700
   222
huffman@35700
   223
lemma surj_list_decode: "surj list_decode"
huffman@35700
   224
by (rule surjI, rule list_encode_inverse)
huffman@35700
   225
huffman@35700
   226
lemma bij_list_encode: "bij list_encode"
huffman@35700
   227
by (rule bijI [OF inj_list_encode surj_list_encode])
huffman@35700
   228
huffman@35700
   229
lemma bij_list_decode: "bij list_decode"
huffman@35700
   230
by (rule bijI [OF inj_list_decode surj_list_decode])
huffman@35700
   231
huffman@35700
   232
lemma list_encode_eq: "list_encode x = list_encode y \<longleftrightarrow> x = y"
huffman@35700
   233
by (rule inj_list_encode [THEN inj_eq])
huffman@35700
   234
huffman@35700
   235
lemma list_decode_eq: "list_decode x = list_decode y \<longleftrightarrow> x = y"
huffman@35700
   236
by (rule inj_list_decode [THEN inj_eq])
huffman@35700
   237
huffman@35700
   238
wenzelm@60500
   239
subsection \<open>Finite sets of naturals\<close>
huffman@35700
   240
wenzelm@60500
   241
subsubsection \<open>Preliminaries\<close>
huffman@35700
   242
huffman@35700
   243
lemma finite_vimage_Suc_iff: "finite (Suc -` F) \<longleftrightarrow> finite F"
huffman@35700
   244
apply (safe intro!: finite_vimageI inj_Suc)
huffman@35700
   245
apply (rule finite_subset [where B="insert 0 (Suc ` Suc -` F)"])
huffman@35700
   246
apply (rule subsetI, case_tac x, simp, simp)
huffman@35700
   247
apply (rule finite_insert [THEN iffD2])
huffman@35700
   248
apply (erule finite_imageI)
huffman@35700
   249
done
huffman@35700
   250
huffman@35700
   251
lemma vimage_Suc_insert_0: "Suc -` insert 0 A = Suc -` A"
huffman@35700
   252
by auto
huffman@35700
   253
huffman@35700
   254
lemma vimage_Suc_insert_Suc:
huffman@35700
   255
  "Suc -` insert (Suc n) A = insert n (Suc -` A)"
huffman@35700
   256
by auto
huffman@35700
   257
huffman@35700
   258
lemma div2_even_ext_nat:
haftmann@58834
   259
  fixes x y :: nat
haftmann@58834
   260
  assumes "x div 2 = y div 2"
haftmann@58834
   261
  and "even x \<longleftrightarrow> even y"
haftmann@58834
   262
  shows "x = y"
haftmann@58834
   263
proof -
wenzelm@60500
   264
  from \<open>even x \<longleftrightarrow> even y\<close> have "x mod 2 = y mod 2"
haftmann@58834
   265
    by (simp only: even_iff_mod_2_eq_zero) auto
haftmann@58834
   266
  with assms have "x div 2 * 2 + x mod 2 = y div 2 * 2 + y mod 2"
haftmann@58834
   267
    by simp
haftmann@58834
   268
  then show ?thesis
haftmann@58834
   269
    by simp
haftmann@58834
   270
qed
huffman@35700
   271
haftmann@58710
   272
wenzelm@60500
   273
subsubsection \<open>From sets to naturals\<close>
huffman@35700
   274
wenzelm@62046
   275
definition set_encode :: "nat set \<Rightarrow> nat"
wenzelm@62046
   276
  where "set_encode = setsum (op ^ 2)"
huffman@35700
   277
huffman@35700
   278
lemma set_encode_empty [simp]: "set_encode {} = 0"
huffman@35700
   279
by (simp add: set_encode_def)
huffman@35700
   280
lp15@59506
   281
lemma set_encode_inf: "~ finite A \<Longrightarrow> set_encode A = 0"
lp15@59506
   282
  by (simp add: set_encode_def)
lp15@59506
   283
huffman@35700
   284
lemma set_encode_insert [simp]:
huffman@35700
   285
  "\<lbrakk>finite A; n \<notin> A\<rbrakk> \<Longrightarrow> set_encode (insert n A) = 2^n + set_encode A"
huffman@35700
   286
by (simp add: set_encode_def)
huffman@35700
   287
huffman@35700
   288
lemma even_set_encode_iff: "finite A \<Longrightarrow> even (set_encode A) \<longleftrightarrow> 0 \<notin> A"
huffman@35700
   289
unfolding set_encode_def by (induct set: finite, auto)
huffman@35700
   290
huffman@35700
   291
lemma set_encode_vimage_Suc: "set_encode (Suc -` A) = set_encode A div 2"
huffman@35700
   292
apply (cases "finite A")
huffman@35700
   293
apply (erule finite_induct, simp)
huffman@35700
   294
apply (case_tac x)
haftmann@58710
   295
apply (simp add: even_set_encode_iff vimage_Suc_insert_0)
haftmann@57512
   296
apply (simp add: finite_vimageI add.commute vimage_Suc_insert_Suc)
huffman@35700
   297
apply (simp add: set_encode_def finite_vimage_Suc_iff)
huffman@35700
   298
done
huffman@35700
   299
huffman@35700
   300
lemmas set_encode_div_2 = set_encode_vimage_Suc [symmetric]
huffman@35700
   301
wenzelm@62046
   302
wenzelm@60500
   303
subsubsection \<open>From naturals to sets\<close>
huffman@35700
   304
wenzelm@62046
   305
definition set_decode :: "nat \<Rightarrow> nat set"
wenzelm@62046
   306
  where "set_decode x = {n. odd (x div 2 ^ n)}"
huffman@35700
   307
huffman@35700
   308
lemma set_decode_0 [simp]: "0 \<in> set_decode x \<longleftrightarrow> odd x"
huffman@35700
   309
by (simp add: set_decode_def)
huffman@35700
   310
huffman@35700
   311
lemma set_decode_Suc [simp]:
huffman@35700
   312
  "Suc n \<in> set_decode x \<longleftrightarrow> n \<in> set_decode (x div 2)"
huffman@35700
   313
by (simp add: set_decode_def div_mult2_eq)
huffman@35700
   314
huffman@35700
   315
lemma set_decode_zero [simp]: "set_decode 0 = {}"
huffman@35700
   316
by (simp add: set_decode_def)
huffman@35700
   317
huffman@35700
   318
lemma set_decode_div_2: "set_decode (x div 2) = Suc -` set_decode x"
huffman@35700
   319
by auto
huffman@35700
   320
huffman@35700
   321
lemma set_decode_plus_power_2:
huffman@35700
   322
  "n \<notin> set_decode z \<Longrightarrow> set_decode (2 ^ n + z) = insert n (set_decode z)"
haftmann@60352
   323
proof (induct n arbitrary: z)
haftmann@60352
   324
  case 0 show ?case
haftmann@60352
   325
  proof (rule set_eqI)
haftmann@60352
   326
    fix q show "q \<in> set_decode (2 ^ 0 + z) \<longleftrightarrow> q \<in> insert 0 (set_decode z)"
haftmann@60352
   327
      by (induct q) (insert 0, simp_all)
haftmann@60352
   328
  qed
haftmann@60352
   329
next
haftmann@60352
   330
  case (Suc n) show ?case
haftmann@60352
   331
  proof (rule set_eqI)
haftmann@60352
   332
    fix q show "q \<in> set_decode (2 ^ Suc n + z) \<longleftrightarrow> q \<in> insert (Suc n) (set_decode z)"
haftmann@60352
   333
      by (induct q) (insert Suc, simp_all)
haftmann@60352
   334
  qed
haftmann@60352
   335
qed
huffman@35700
   336
huffman@35700
   337
lemma finite_set_decode [simp]: "finite (set_decode n)"
huffman@35700
   338
apply (induct n rule: nat_less_induct)
huffman@35700
   339
apply (case_tac "n = 0", simp)
huffman@35700
   340
apply (drule_tac x="n div 2" in spec, simp)
huffman@35700
   341
apply (simp add: set_decode_div_2)
huffman@35700
   342
apply (simp add: finite_vimage_Suc_iff)
huffman@35700
   343
done
huffman@35700
   344
wenzelm@62046
   345
wenzelm@60500
   346
subsubsection \<open>Proof of isomorphism\<close>
huffman@35700
   347
huffman@35700
   348
lemma set_decode_inverse [simp]: "set_encode (set_decode n) = n"
huffman@35700
   349
apply (induct n rule: nat_less_induct)
huffman@35700
   350
apply (case_tac "n = 0", simp)
huffman@35700
   351
apply (drule_tac x="n div 2" in spec, simp)
huffman@35700
   352
apply (simp add: set_decode_div_2 set_encode_vimage_Suc)
huffman@35700
   353
apply (erule div2_even_ext_nat)
huffman@35700
   354
apply (simp add: even_set_encode_iff)
huffman@35700
   355
done
huffman@35700
   356
huffman@35700
   357
lemma set_encode_inverse [simp]: "finite A \<Longrightarrow> set_decode (set_encode A) = A"
huffman@35700
   358
apply (erule finite_induct, simp_all)
huffman@35700
   359
apply (simp add: set_decode_plus_power_2)
huffman@35700
   360
done
huffman@35700
   361
huffman@35700
   362
lemma inj_on_set_encode: "inj_on set_encode (Collect finite)"
huffman@35700
   363
by (rule inj_on_inverseI [where g="set_decode"], simp)
huffman@35700
   364
huffman@35700
   365
lemma set_encode_eq:
huffman@35700
   366
  "\<lbrakk>finite A; finite B\<rbrakk> \<Longrightarrow> set_encode A = set_encode B \<longleftrightarrow> A = B"
huffman@35700
   367
by (rule iffI, simp add: inj_onD [OF inj_on_set_encode], simp)
huffman@35700
   368
wenzelm@62046
   369
lemma subset_decode_imp_le:
wenzelm@62046
   370
  assumes "set_decode m \<subseteq> set_decode n"
wenzelm@62046
   371
  shows "m \<le> n"
paulson@51414
   372
proof -
paulson@51414
   373
  have "n = m + set_encode (set_decode n - set_decode m)"
paulson@51414
   374
  proof -
paulson@51414
   375
    obtain A B where "m = set_encode A" "finite A" 
paulson@51414
   376
                     "n = set_encode B" "finite B"
paulson@51414
   377
      by (metis finite_set_decode set_decode_inverse)
paulson@51414
   378
  thus ?thesis using assms
paulson@51414
   379
    apply auto
haftmann@57512
   380
    apply (simp add: set_encode_def add.commute setsum.subset_diff)
paulson@51414
   381
    done
paulson@51414
   382
  qed
paulson@51414
   383
  thus ?thesis
paulson@51414
   384
    by (metis le_add1)
paulson@51414
   385
qed
paulson@51414
   386
huffman@35700
   387
end