src/HOL/Probability/Probability_Mass_Function.thy
author hoelzl
Tue Mar 10 11:56:32 2015 +0100 (2015-03-10)
changeset 59665 37adca7fd48f
parent 59664 224741ede5ae
child 59667 651ea265d568
permissions -rw-r--r--
add set_pmf lemmas to simpset
     1 (*  Title:      HOL/Probability/Probability_Mass_Function.thy
     2     Author:     Johannes Hölzl, TU München 
     3     Author:     Andreas Lochbihler, ETH Zurich
     4 *)
     5 
     6 section \<open> Probability mass function \<close>
     7 
     8 theory Probability_Mass_Function
     9 imports
    10   Giry_Monad
    11   "~~/src/HOL/Number_Theory/Binomial"
    12   "~~/src/HOL/Library/Multiset"
    13 begin
    14 
    15 lemma AE_emeasure_singleton:
    16   assumes x: "emeasure M {x} \<noteq> 0" and ae: "AE x in M. P x" shows "P x"
    17 proof -
    18   from x have x_M: "{x} \<in> sets M"
    19     by (auto intro: emeasure_notin_sets)
    20   from ae obtain N where N: "{x\<in>space M. \<not> P x} \<subseteq> N" "emeasure M N = 0" "N \<in> sets M"
    21     by (auto elim: AE_E)
    22   { assume "\<not> P x"
    23     with x_M[THEN sets.sets_into_space] N have "emeasure M {x} \<le> emeasure M N"
    24       by (intro emeasure_mono) auto
    25     with x N have False
    26       by (auto simp: emeasure_le_0_iff) }
    27   then show "P x" by auto
    28 qed
    29 
    30 lemma AE_measure_singleton: "measure M {x} \<noteq> 0 \<Longrightarrow> AE x in M. P x \<Longrightarrow> P x"
    31   by (metis AE_emeasure_singleton measure_def emeasure_empty measure_empty)
    32 
    33 lemma ereal_divide': "b \<noteq> 0 \<Longrightarrow> ereal (a / b) = ereal a / ereal b"
    34   using ereal_divide[of a b] by simp
    35 
    36 lemma (in finite_measure) countable_support:
    37   "countable {x. measure M {x} \<noteq> 0}"
    38 proof cases
    39   assume "measure M (space M) = 0"
    40   with bounded_measure measure_le_0_iff have "{x. measure M {x} \<noteq> 0} = {}"
    41     by auto
    42   then show ?thesis
    43     by simp
    44 next
    45   let ?M = "measure M (space M)" and ?m = "\<lambda>x. measure M {x}"
    46   assume "?M \<noteq> 0"
    47   then have *: "{x. ?m x \<noteq> 0} = (\<Union>n. {x. ?M / Suc n < ?m x})"
    48     using reals_Archimedean[of "?m x / ?M" for x]
    49     by (auto simp: field_simps not_le[symmetric] measure_nonneg divide_le_0_iff measure_le_0_iff)
    50   have **: "\<And>n. finite {x. ?M / Suc n < ?m x}"
    51   proof (rule ccontr)
    52     fix n assume "infinite {x. ?M / Suc n < ?m x}" (is "infinite ?X")
    53     then obtain X where "finite X" "card X = Suc (Suc n)" "X \<subseteq> ?X"
    54       by (metis infinite_arbitrarily_large)
    55     from this(3) have *: "\<And>x. x \<in> X \<Longrightarrow> ?M / Suc n \<le> ?m x" 
    56       by auto
    57     { fix x assume "x \<in> X"
    58       from `?M \<noteq> 0` *[OF this] have "?m x \<noteq> 0" by (auto simp: field_simps measure_le_0_iff)
    59       then have "{x} \<in> sets M" by (auto dest: measure_notin_sets) }
    60     note singleton_sets = this
    61     have "?M < (\<Sum>x\<in>X. ?M / Suc n)"
    62       using `?M \<noteq> 0` 
    63       by (simp add: `card X = Suc (Suc n)` real_eq_of_nat[symmetric] real_of_nat_Suc field_simps less_le measure_nonneg)
    64     also have "\<dots> \<le> (\<Sum>x\<in>X. ?m x)"
    65       by (rule setsum_mono) fact
    66     also have "\<dots> = measure M (\<Union>x\<in>X. {x})"
    67       using singleton_sets `finite X`
    68       by (intro finite_measure_finite_Union[symmetric]) (auto simp: disjoint_family_on_def)
    69     finally have "?M < measure M (\<Union>x\<in>X. {x})" .
    70     moreover have "measure M (\<Union>x\<in>X. {x}) \<le> ?M"
    71       using singleton_sets[THEN sets.sets_into_space] by (intro finite_measure_mono) auto
    72     ultimately show False by simp
    73   qed
    74   show ?thesis
    75     unfolding * by (intro countable_UN countableI_type countable_finite[OF **])
    76 qed
    77 
    78 lemma (in finite_measure) AE_support_countable:
    79   assumes [simp]: "sets M = UNIV"
    80   shows "(AE x in M. measure M {x} \<noteq> 0) \<longleftrightarrow> (\<exists>S. countable S \<and> (AE x in M. x \<in> S))"
    81 proof
    82   assume "\<exists>S. countable S \<and> (AE x in M. x \<in> S)"
    83   then obtain S where S[intro]: "countable S" and ae: "AE x in M. x \<in> S"
    84     by auto
    85   then have "emeasure M (\<Union>x\<in>{x\<in>S. emeasure M {x} \<noteq> 0}. {x}) = 
    86     (\<integral>\<^sup>+ x. emeasure M {x} * indicator {x\<in>S. emeasure M {x} \<noteq> 0} x \<partial>count_space UNIV)"
    87     by (subst emeasure_UN_countable)
    88        (auto simp: disjoint_family_on_def nn_integral_restrict_space[symmetric] restrict_count_space)
    89   also have "\<dots> = (\<integral>\<^sup>+ x. emeasure M {x} * indicator S x \<partial>count_space UNIV)"
    90     by (auto intro!: nn_integral_cong split: split_indicator)
    91   also have "\<dots> = emeasure M (\<Union>x\<in>S. {x})"
    92     by (subst emeasure_UN_countable)
    93        (auto simp: disjoint_family_on_def nn_integral_restrict_space[symmetric] restrict_count_space)
    94   also have "\<dots> = emeasure M (space M)"
    95     using ae by (intro emeasure_eq_AE) auto
    96   finally have "emeasure M {x \<in> space M. x\<in>S \<and> emeasure M {x} \<noteq> 0} = emeasure M (space M)"
    97     by (simp add: emeasure_single_in_space cong: rev_conj_cong)
    98   with finite_measure_compl[of "{x \<in> space M. x\<in>S \<and> emeasure M {x} \<noteq> 0}"]
    99   have "AE x in M. x \<in> S \<and> emeasure M {x} \<noteq> 0"
   100     by (intro AE_I[OF order_refl]) (auto simp: emeasure_eq_measure set_diff_eq cong: conj_cong)
   101   then show "AE x in M. measure M {x} \<noteq> 0"
   102     by (auto simp: emeasure_eq_measure)
   103 qed (auto intro!: exI[of _ "{x. measure M {x} \<noteq> 0}"] countable_support)
   104 
   105 subsection \<open> PMF as measure \<close>
   106 
   107 typedef 'a pmf = "{M :: 'a measure. prob_space M \<and> sets M = UNIV \<and> (AE x in M. measure M {x} \<noteq> 0)}"
   108   morphisms measure_pmf Abs_pmf
   109   by (intro exI[of _ "uniform_measure (count_space UNIV) {undefined}"])
   110      (auto intro!: prob_space_uniform_measure AE_uniform_measureI)
   111 
   112 declare [[coercion measure_pmf]]
   113 
   114 lemma prob_space_measure_pmf: "prob_space (measure_pmf p)"
   115   using pmf.measure_pmf[of p] by auto
   116 
   117 interpretation measure_pmf!: prob_space "measure_pmf M" for M
   118   by (rule prob_space_measure_pmf)
   119 
   120 interpretation measure_pmf!: subprob_space "measure_pmf M" for M
   121   by (rule prob_space_imp_subprob_space) unfold_locales
   122 
   123 lemma subprob_space_measure_pmf: "subprob_space (measure_pmf x)"
   124   by unfold_locales
   125 
   126 locale pmf_as_measure
   127 begin
   128 
   129 setup_lifting type_definition_pmf
   130 
   131 end
   132 
   133 context
   134 begin
   135 
   136 interpretation pmf_as_measure .
   137 
   138 lemma sets_measure_pmf[simp]: "sets (measure_pmf p) = UNIV"
   139   by transfer blast 
   140 
   141 lemma sets_measure_pmf_count_space[measurable_cong]:
   142   "sets (measure_pmf M) = sets (count_space UNIV)"
   143   by simp
   144 
   145 lemma space_measure_pmf[simp]: "space (measure_pmf p) = UNIV"
   146   using sets_eq_imp_space_eq[of "measure_pmf p" "count_space UNIV"] by simp
   147 
   148 lemma measure_pmf_in_subprob_algebra[measurable (raw)]: "measure_pmf x \<in> space (subprob_algebra (count_space UNIV))"
   149   by (simp add: space_subprob_algebra subprob_space_measure_pmf)
   150 
   151 lemma measurable_pmf_measure1[simp]: "measurable (M :: 'a pmf) N = UNIV \<rightarrow> space N"
   152   by (auto simp: measurable_def)
   153 
   154 lemma measurable_pmf_measure2[simp]: "measurable N (M :: 'a pmf) = measurable N (count_space UNIV)"
   155   by (intro measurable_cong_sets) simp_all
   156 
   157 lemma measurable_pair_restrict_pmf2:
   158   assumes "countable A"
   159   assumes [measurable]: "\<And>y. y \<in> A \<Longrightarrow> (\<lambda>x. f (x, y)) \<in> measurable M L"
   160   shows "f \<in> measurable (M \<Otimes>\<^sub>M restrict_space (measure_pmf N) A) L" (is "f \<in> measurable ?M _")
   161 proof -
   162   have [measurable_cong]: "sets (restrict_space (count_space UNIV) A) = sets (count_space A)"
   163     by (simp add: restrict_count_space)
   164 
   165   show ?thesis
   166     by (intro measurable_compose_countable'[where f="\<lambda>a b. f (fst b, a)" and g=snd and I=A,
   167                                             unfolded pair_collapse] assms)
   168         measurable
   169 qed
   170 
   171 lemma measurable_pair_restrict_pmf1:
   172   assumes "countable A"
   173   assumes [measurable]: "\<And>x. x \<in> A \<Longrightarrow> (\<lambda>y. f (x, y)) \<in> measurable N L"
   174   shows "f \<in> measurable (restrict_space (measure_pmf M) A \<Otimes>\<^sub>M N) L"
   175 proof -
   176   have [measurable_cong]: "sets (restrict_space (count_space UNIV) A) = sets (count_space A)"
   177     by (simp add: restrict_count_space)
   178 
   179   show ?thesis
   180     by (intro measurable_compose_countable'[where f="\<lambda>a b. f (a, snd b)" and g=fst and I=A,
   181                                             unfolded pair_collapse] assms)
   182         measurable
   183 qed
   184 
   185 lift_definition pmf :: "'a pmf \<Rightarrow> 'a \<Rightarrow> real" is "\<lambda>M x. measure M {x}" .
   186 
   187 lift_definition set_pmf :: "'a pmf \<Rightarrow> 'a set" is "\<lambda>M. {x. measure M {x} \<noteq> 0}" .
   188 declare [[coercion set_pmf]]
   189 
   190 lemma AE_measure_pmf: "AE x in (M::'a pmf). x \<in> M"
   191   by transfer simp
   192 
   193 lemma emeasure_pmf_single_eq_zero_iff:
   194   fixes M :: "'a pmf"
   195   shows "emeasure M {y} = 0 \<longleftrightarrow> y \<notin> M"
   196   by transfer (simp add: finite_measure.emeasure_eq_measure[OF prob_space.finite_measure])
   197 
   198 lemma AE_measure_pmf_iff: "(AE x in measure_pmf M. P x) \<longleftrightarrow> (\<forall>y\<in>M. P y)"
   199   using AE_measure_singleton[of M] AE_measure_pmf[of M]
   200   by (auto simp: set_pmf.rep_eq)
   201 
   202 lemma countable_set_pmf [simp]: "countable (set_pmf p)"
   203   by transfer (metis prob_space.finite_measure finite_measure.countable_support)
   204 
   205 lemma pmf_positive: "x \<in> set_pmf p \<Longrightarrow> 0 < pmf p x"
   206   by transfer (simp add: less_le measure_nonneg)
   207 
   208 lemma pmf_nonneg: "0 \<le> pmf p x"
   209   by transfer (simp add: measure_nonneg)
   210 
   211 lemma pmf_le_1: "pmf p x \<le> 1"
   212   by (simp add: pmf.rep_eq)
   213 
   214 lemma set_pmf_not_empty: "set_pmf M \<noteq> {}"
   215   using AE_measure_pmf[of M] by (intro notI) simp
   216 
   217 lemma set_pmf_iff: "x \<in> set_pmf M \<longleftrightarrow> pmf M x \<noteq> 0"
   218   by transfer simp
   219 
   220 lemma set_pmf_eq: "set_pmf M = {x. pmf M x \<noteq> 0}"
   221   by (auto simp: set_pmf_iff)
   222 
   223 lemma emeasure_pmf_single:
   224   fixes M :: "'a pmf"
   225   shows "emeasure M {x} = pmf M x"
   226   by transfer (simp add: finite_measure.emeasure_eq_measure[OF prob_space.finite_measure])
   227 
   228 lemma emeasure_measure_pmf_finite: "finite S \<Longrightarrow> emeasure (measure_pmf M) S = (\<Sum>s\<in>S. pmf M s)"
   229   by (subst emeasure_eq_setsum_singleton) (auto simp: emeasure_pmf_single)
   230 
   231 lemma measure_measure_pmf_finite: "finite S \<Longrightarrow> measure (measure_pmf M) S = setsum (pmf M) S"
   232   using emeasure_measure_pmf_finite[of S M] by(simp add: measure_pmf.emeasure_eq_measure)
   233 
   234 lemma nn_integral_measure_pmf_support:
   235   fixes f :: "'a \<Rightarrow> ereal"
   236   assumes f: "finite A" and nn: "\<And>x. x \<in> A \<Longrightarrow> 0 \<le> f x" "\<And>x. x \<in> set_pmf M \<Longrightarrow> x \<notin> A \<Longrightarrow> f x = 0"
   237   shows "(\<integral>\<^sup>+x. f x \<partial>measure_pmf M) = (\<Sum>x\<in>A. f x * pmf M x)"
   238 proof -
   239   have "(\<integral>\<^sup>+x. f x \<partial>M) = (\<integral>\<^sup>+x. f x * indicator A x \<partial>M)"
   240     using nn by (intro nn_integral_cong_AE) (auto simp: AE_measure_pmf_iff split: split_indicator)
   241   also have "\<dots> = (\<Sum>x\<in>A. f x * emeasure M {x})"
   242     using assms by (intro nn_integral_indicator_finite) auto
   243   finally show ?thesis
   244     by (simp add: emeasure_measure_pmf_finite)
   245 qed
   246 
   247 lemma nn_integral_measure_pmf_finite:
   248   fixes f :: "'a \<Rightarrow> ereal"
   249   assumes f: "finite (set_pmf M)" and nn: "\<And>x. x \<in> set_pmf M \<Longrightarrow> 0 \<le> f x"
   250   shows "(\<integral>\<^sup>+x. f x \<partial>measure_pmf M) = (\<Sum>x\<in>set_pmf M. f x * pmf M x)"
   251   using assms by (intro nn_integral_measure_pmf_support) auto
   252 lemma integrable_measure_pmf_finite:
   253   fixes f :: "'a \<Rightarrow> 'b::{banach, second_countable_topology}"
   254   shows "finite (set_pmf M) \<Longrightarrow> integrable M f"
   255   by (auto intro!: integrableI_bounded simp: nn_integral_measure_pmf_finite)
   256 
   257 lemma integral_measure_pmf:
   258   assumes [simp]: "finite A" and "\<And>a. a \<in> set_pmf M \<Longrightarrow> f a \<noteq> 0 \<Longrightarrow> a \<in> A"
   259   shows "(\<integral>x. f x \<partial>measure_pmf M) = (\<Sum>a\<in>A. f a * pmf M a)"
   260 proof -
   261   have "(\<integral>x. f x \<partial>measure_pmf M) = (\<integral>x. f x * indicator A x \<partial>measure_pmf M)"
   262     using assms(2) by (intro integral_cong_AE) (auto split: split_indicator simp: AE_measure_pmf_iff)
   263   also have "\<dots> = (\<Sum>a\<in>A. f a * pmf M a)"
   264     by (subst integral_indicator_finite_real) (auto simp: measure_def emeasure_measure_pmf_finite)
   265   finally show ?thesis .
   266 qed
   267 
   268 lemma integrable_pmf: "integrable (count_space X) (pmf M)"
   269 proof -
   270   have " (\<integral>\<^sup>+ x. pmf M x \<partial>count_space X) = (\<integral>\<^sup>+ x. pmf M x \<partial>count_space (M \<inter> X))"
   271     by (auto simp add: nn_integral_count_space_indicator set_pmf_iff intro!: nn_integral_cong split: split_indicator)
   272   then have "integrable (count_space X) (pmf M) = integrable (count_space (M \<inter> X)) (pmf M)"
   273     by (simp add: integrable_iff_bounded pmf_nonneg)
   274   then show ?thesis
   275     by (simp add: pmf.rep_eq measure_pmf.integrable_measure disjoint_family_on_def)
   276 qed
   277 
   278 lemma integral_pmf: "(\<integral>x. pmf M x \<partial>count_space X) = measure M X"
   279 proof -
   280   have "(\<integral>x. pmf M x \<partial>count_space X) = (\<integral>\<^sup>+x. pmf M x \<partial>count_space X)"
   281     by (simp add: pmf_nonneg integrable_pmf nn_integral_eq_integral)
   282   also have "\<dots> = (\<integral>\<^sup>+x. emeasure M {x} \<partial>count_space (X \<inter> M))"
   283     by (auto intro!: nn_integral_cong_AE split: split_indicator
   284              simp: pmf.rep_eq measure_pmf.emeasure_eq_measure nn_integral_count_space_indicator
   285                    AE_count_space set_pmf_iff)
   286   also have "\<dots> = emeasure M (X \<inter> M)"
   287     by (rule emeasure_countable_singleton[symmetric]) (auto intro: countable_set_pmf)
   288   also have "\<dots> = emeasure M X"
   289     by (auto intro!: emeasure_eq_AE simp: AE_measure_pmf_iff)
   290   finally show ?thesis
   291     by (simp add: measure_pmf.emeasure_eq_measure)
   292 qed
   293 
   294 lemma integral_pmf_restrict:
   295   "(f::'a \<Rightarrow> 'b::{banach, second_countable_topology}) \<in> borel_measurable (count_space UNIV) \<Longrightarrow>
   296     (\<integral>x. f x \<partial>measure_pmf M) = (\<integral>x. f x \<partial>restrict_space M M)"
   297   by (auto intro!: integral_cong_AE simp add: integral_restrict_space AE_measure_pmf_iff)
   298 
   299 lemma emeasure_pmf: "emeasure (M::'a pmf) M = 1"
   300 proof -
   301   have "emeasure (M::'a pmf) M = emeasure (M::'a pmf) (space M)"
   302     by (intro emeasure_eq_AE) (simp_all add: AE_measure_pmf)
   303   then show ?thesis
   304     using measure_pmf.emeasure_space_1 by simp
   305 qed
   306 
   307 lemma emeasure_pmf_UNIV [simp]: "emeasure (measure_pmf M) UNIV = 1"
   308 using measure_pmf.emeasure_space_1[of M] by simp
   309 
   310 lemma in_null_sets_measure_pmfI:
   311   "A \<inter> set_pmf p = {} \<Longrightarrow> A \<in> null_sets (measure_pmf p)"
   312 using emeasure_eq_0_AE[where ?P="\<lambda>x. x \<in> A" and M="measure_pmf p"]
   313 by(auto simp add: null_sets_def AE_measure_pmf_iff)
   314 
   315 lemma measure_subprob: "measure_pmf M \<in> space (subprob_algebra (count_space UNIV))"
   316   by (simp add: space_subprob_algebra subprob_space_measure_pmf)
   317 
   318 subsection \<open> Monad Interpretation \<close>
   319 
   320 lemma measurable_measure_pmf[measurable]:
   321   "(\<lambda>x. measure_pmf (M x)) \<in> measurable (count_space UNIV) (subprob_algebra (count_space UNIV))"
   322   by (auto simp: space_subprob_algebra intro!: prob_space_imp_subprob_space) unfold_locales
   323 
   324 lemma bind_measure_pmf_cong:
   325   assumes "\<And>x. A x \<in> space (subprob_algebra N)" "\<And>x. B x \<in> space (subprob_algebra N)"
   326   assumes "\<And>i. i \<in> set_pmf x \<Longrightarrow> A i = B i"
   327   shows "bind (measure_pmf x) A = bind (measure_pmf x) B"
   328 proof (rule measure_eqI)
   329   show "sets (measure_pmf x \<guillemotright>= A) = sets (measure_pmf x \<guillemotright>= B)"
   330     using assms by (subst (1 2) sets_bind) (auto simp: space_subprob_algebra)
   331 next
   332   fix X assume "X \<in> sets (measure_pmf x \<guillemotright>= A)"
   333   then have X: "X \<in> sets N"
   334     using assms by (subst (asm) sets_bind) (auto simp: space_subprob_algebra)
   335   show "emeasure (measure_pmf x \<guillemotright>= A) X = emeasure (measure_pmf x \<guillemotright>= B) X"
   336     using assms
   337     by (subst (1 2) emeasure_bind[where N=N, OF _ _ X])
   338        (auto intro!: nn_integral_cong_AE simp: AE_measure_pmf_iff)
   339 qed
   340 
   341 lift_definition bind_pmf :: "'a pmf \<Rightarrow> ('a \<Rightarrow> 'b pmf ) \<Rightarrow> 'b pmf" is bind
   342 proof (clarify, intro conjI)
   343   fix f :: "'a measure" and g :: "'a \<Rightarrow> 'b measure"
   344   assume "prob_space f"
   345   then interpret f: prob_space f .
   346   assume "sets f = UNIV" and ae_f: "AE x in f. measure f {x} \<noteq> 0"
   347   then have s_f[simp]: "sets f = sets (count_space UNIV)"
   348     by simp
   349   assume g: "\<And>x. prob_space (g x) \<and> sets (g x) = UNIV \<and> (AE y in g x. measure (g x) {y} \<noteq> 0)"
   350   then have g: "\<And>x. prob_space (g x)" and s_g[simp]: "\<And>x. sets (g x) = sets (count_space UNIV)"
   351     and ae_g: "\<And>x. AE y in g x. measure (g x) {y} \<noteq> 0"
   352     by auto
   353 
   354   have [measurable]: "g \<in> measurable f (subprob_algebra (count_space UNIV))"
   355     by (auto simp: measurable_def space_subprob_algebra prob_space_imp_subprob_space g)
   356     
   357   show "prob_space (f \<guillemotright>= g)"
   358     using g by (intro f.prob_space_bind[where S="count_space UNIV"]) auto
   359   then interpret fg: prob_space "f \<guillemotright>= g" . 
   360   show [simp]: "sets (f \<guillemotright>= g) = UNIV"
   361     using sets_eq_imp_space_eq[OF s_f]
   362     by (subst sets_bind[where N="count_space UNIV"]) auto
   363   show "AE x in f \<guillemotright>= g. measure (f \<guillemotright>= g) {x} \<noteq> 0"
   364     apply (simp add: fg.prob_eq_0 AE_bind[where B="count_space UNIV"])
   365     using ae_f
   366     apply eventually_elim
   367     using ae_g
   368     apply eventually_elim
   369     apply (auto dest: AE_measure_singleton)
   370     done
   371 qed
   372 
   373 lemma ereal_pmf_bind: "pmf (bind_pmf N f) i = (\<integral>\<^sup>+x. pmf (f x) i \<partial>measure_pmf N)"
   374   unfolding pmf.rep_eq bind_pmf.rep_eq
   375   by (auto simp: measure_pmf.measure_bind[where N="count_space UNIV"] measure_subprob measure_nonneg
   376            intro!: nn_integral_eq_integral[symmetric] measure_pmf.integrable_const_bound[where B=1])
   377 
   378 lemma pmf_bind: "pmf (bind_pmf N f) i = (\<integral>x. pmf (f x) i \<partial>measure_pmf N)"
   379   using ereal_pmf_bind[of N f i]
   380   by (subst (asm) nn_integral_eq_integral)
   381      (auto simp: pmf_nonneg pmf_le_1
   382            intro!: nn_integral_eq_integral[symmetric] measure_pmf.integrable_const_bound[where B=1])
   383 
   384 lemma bind_pmf_const[simp]: "bind_pmf M (\<lambda>x. c) = c"
   385   by transfer (simp add: bind_const' prob_space_imp_subprob_space)
   386 
   387 lemma set_bind_pmf[simp]: "set_pmf (bind_pmf M N) = (\<Union>M\<in>set_pmf M. set_pmf (N M))"
   388   unfolding set_pmf_eq ereal_eq_0(1)[symmetric] ereal_pmf_bind  
   389   by (auto simp add: nn_integral_0_iff_AE AE_measure_pmf_iff set_pmf_eq not_le less_le pmf_nonneg)
   390 
   391 lemma bind_pmf_cong:
   392   assumes "p = q"
   393   shows "(\<And>x. x \<in> set_pmf q \<Longrightarrow> f x = g x) \<Longrightarrow> bind_pmf p f = bind_pmf q g"
   394   unfolding `p = q`[symmetric] measure_pmf_inject[symmetric] bind_pmf.rep_eq
   395   by (auto simp: AE_measure_pmf_iff Pi_iff space_subprob_algebra subprob_space_measure_pmf
   396                  sets_bind[where N="count_space UNIV"] emeasure_bind[where N="count_space UNIV"]
   397            intro!: nn_integral_cong_AE measure_eqI)
   398 
   399 lemma bind_pmf_cong_simp:
   400   "p = q \<Longrightarrow> (\<And>x. x \<in> set_pmf q =simp=> f x = g x) \<Longrightarrow> bind_pmf p f = bind_pmf q g"
   401   by (simp add: simp_implies_def cong: bind_pmf_cong)
   402 
   403 lemma measure_pmf_bind: "measure_pmf (bind_pmf M f) = (measure_pmf M \<guillemotright>= (\<lambda>x. measure_pmf (f x)))"
   404   by transfer simp
   405 
   406 lemma nn_integral_bind_pmf[simp]: "(\<integral>\<^sup>+x. f x \<partial>bind_pmf M N) = (\<integral>\<^sup>+x. \<integral>\<^sup>+y. f y \<partial>N x \<partial>M)"
   407   using measurable_measure_pmf[of N]
   408   unfolding measure_pmf_bind
   409   apply (subst (1 3) nn_integral_max_0[symmetric])
   410   apply (intro nn_integral_bind[where B="count_space UNIV"])
   411   apply auto
   412   done
   413 
   414 lemma emeasure_bind_pmf[simp]: "emeasure (bind_pmf M N) X = (\<integral>\<^sup>+x. emeasure (N x) X \<partial>M)"
   415   using measurable_measure_pmf[of N]
   416   unfolding measure_pmf_bind
   417   by (subst emeasure_bind[where N="count_space UNIV"]) auto
   418                                 
   419 lift_definition return_pmf :: "'a \<Rightarrow> 'a pmf" is "return (count_space UNIV)"
   420   by (auto intro!: prob_space_return simp: AE_return measure_return)
   421 
   422 lemma bind_return_pmf: "bind_pmf (return_pmf x) f = f x"
   423   by transfer
   424      (auto intro!: prob_space_imp_subprob_space bind_return[where N="count_space UNIV"]
   425            simp: space_subprob_algebra)
   426 
   427 lemma set_return_pmf[simp]: "set_pmf (return_pmf x) = {x}"
   428   by transfer (auto simp add: measure_return split: split_indicator)
   429 
   430 lemma bind_return_pmf': "bind_pmf N return_pmf = N"
   431 proof (transfer, clarify)
   432   fix N :: "'a measure" assume "sets N = UNIV" then show "N \<guillemotright>= return (count_space UNIV) = N"
   433     by (subst return_sets_cong[where N=N]) (simp_all add: bind_return')
   434 qed
   435 
   436 lemma bind_assoc_pmf: "bind_pmf (bind_pmf A B) C = bind_pmf A (\<lambda>x. bind_pmf (B x) C)"
   437   by transfer
   438      (auto intro!: bind_assoc[where N="count_space UNIV" and R="count_space UNIV"]
   439            simp: measurable_def space_subprob_algebra prob_space_imp_subprob_space)
   440 
   441 definition "map_pmf f M = bind_pmf M (\<lambda>x. return_pmf (f x))"
   442 
   443 lemma map_bind_pmf: "map_pmf f (bind_pmf M g) = bind_pmf M (\<lambda>x. map_pmf f (g x))"
   444   by (simp add: map_pmf_def bind_assoc_pmf)
   445 
   446 lemma bind_map_pmf: "bind_pmf (map_pmf f M) g = bind_pmf M (\<lambda>x. g (f x))"
   447   by (simp add: map_pmf_def bind_assoc_pmf bind_return_pmf)
   448 
   449 lemma map_pmf_transfer[transfer_rule]:
   450   "rel_fun op = (rel_fun cr_pmf cr_pmf) (\<lambda>f M. distr M (count_space UNIV) f) map_pmf"
   451 proof -
   452   have "rel_fun op = (rel_fun pmf_as_measure.cr_pmf pmf_as_measure.cr_pmf)
   453      (\<lambda>f M. M \<guillemotright>= (return (count_space UNIV) o f)) map_pmf"
   454     unfolding map_pmf_def[abs_def] comp_def by transfer_prover 
   455   then show ?thesis
   456     by (force simp: rel_fun_def cr_pmf_def bind_return_distr)
   457 qed
   458 
   459 lemma map_pmf_rep_eq:
   460   "measure_pmf (map_pmf f M) = distr (measure_pmf M) (count_space UNIV) f"
   461   unfolding map_pmf_def bind_pmf.rep_eq comp_def return_pmf.rep_eq
   462   using bind_return_distr[of M f "count_space UNIV"] by (simp add: comp_def)
   463 
   464 lemma map_pmf_id[simp]: "map_pmf id = id"
   465   by (rule, transfer) (auto simp: emeasure_distr measurable_def intro!: measure_eqI)
   466 
   467 lemma map_pmf_ident[simp]: "map_pmf (\<lambda>x. x) = (\<lambda>x. x)"
   468   using map_pmf_id unfolding id_def .
   469 
   470 lemma map_pmf_compose: "map_pmf (f \<circ> g) = map_pmf f \<circ> map_pmf g"
   471   by (rule, transfer) (simp add: distr_distr[symmetric, where N="count_space UNIV"] measurable_def) 
   472 
   473 lemma map_pmf_comp: "map_pmf f (map_pmf g M) = map_pmf (\<lambda>x. f (g x)) M"
   474   using map_pmf_compose[of f g] by (simp add: comp_def)
   475 
   476 lemma map_pmf_cong: "p = q \<Longrightarrow> (\<And>x. x \<in> set_pmf q \<Longrightarrow> f x = g x) \<Longrightarrow> map_pmf f p = map_pmf g q"
   477   unfolding map_pmf_def by (rule bind_pmf_cong) auto
   478 
   479 lemma pmf_set_map: "set_pmf \<circ> map_pmf f = op ` f \<circ> set_pmf"
   480   by (auto simp add: comp_def fun_eq_iff map_pmf_def)
   481 
   482 lemma set_map_pmf[simp]: "set_pmf (map_pmf f M) = f`set_pmf M"
   483   using pmf_set_map[of f] by (auto simp: comp_def fun_eq_iff)
   484 
   485 lemma emeasure_map_pmf[simp]: "emeasure (map_pmf f M) X = emeasure M (f -` X)"
   486   unfolding map_pmf_rep_eq by (subst emeasure_distr) auto
   487 
   488 lemma nn_integral_map_pmf[simp]: "(\<integral>\<^sup>+x. f x \<partial>map_pmf g M) = (\<integral>\<^sup>+x. f (g x) \<partial>M)"
   489   unfolding map_pmf_rep_eq by (intro nn_integral_distr) auto
   490 
   491 lemma ereal_pmf_map: "pmf (map_pmf f p) x = (\<integral>\<^sup>+ y. indicator (f -` {x}) y \<partial>measure_pmf p)"
   492 proof (transfer fixing: f x)
   493   fix p :: "'b measure"
   494   presume "prob_space p"
   495   then interpret prob_space p .
   496   presume "sets p = UNIV"
   497   then show "ereal (measure (distr p (count_space UNIV) f) {x}) = integral\<^sup>N p (indicator (f -` {x}))"
   498     by(simp add: measure_distr measurable_def emeasure_eq_measure)
   499 qed simp_all
   500 
   501 lemma nn_integral_pmf: "(\<integral>\<^sup>+ x. pmf p x \<partial>count_space A) = emeasure (measure_pmf p) A"
   502 proof -
   503   have "(\<integral>\<^sup>+ x. pmf p x \<partial>count_space A) = (\<integral>\<^sup>+ x. pmf p x \<partial>count_space (A \<inter> set_pmf p))"
   504     by(auto simp add: nn_integral_count_space_indicator indicator_def set_pmf_iff intro: nn_integral_cong)
   505   also have "\<dots> = emeasure (measure_pmf p) (\<Union>x\<in>A \<inter> set_pmf p. {x})"
   506     by(subst emeasure_UN_countable)(auto simp add: emeasure_pmf_single disjoint_family_on_def)
   507   also have "\<dots> = emeasure (measure_pmf p) ((\<Union>x\<in>A \<inter> set_pmf p. {x}) \<union> {x. x \<in> A \<and> x \<notin> set_pmf p})"
   508     by(rule emeasure_Un_null_set[symmetric])(auto intro: in_null_sets_measure_pmfI)
   509   also have "\<dots> = emeasure (measure_pmf p) A"
   510     by(auto intro: arg_cong2[where f=emeasure])
   511   finally show ?thesis .
   512 qed
   513 
   514 lemma map_return_pmf: "map_pmf f (return_pmf x) = return_pmf (f x)"
   515   by transfer (simp add: distr_return)
   516 
   517 lemma map_pmf_const[simp]: "map_pmf (\<lambda>_. c) M = return_pmf c"
   518   by transfer (auto simp: prob_space.distr_const)
   519 
   520 lemma pmf_return: "pmf (return_pmf x) y = indicator {y} x"
   521   by transfer (simp add: measure_return)
   522 
   523 lemma nn_integral_return_pmf[simp]: "0 \<le> f x \<Longrightarrow> (\<integral>\<^sup>+x. f x \<partial>return_pmf x) = f x"
   524   unfolding return_pmf.rep_eq by (intro nn_integral_return) auto
   525 
   526 lemma emeasure_return_pmf[simp]: "emeasure (return_pmf x) X = indicator X x"
   527   unfolding return_pmf.rep_eq by (intro emeasure_return) auto
   528 
   529 lemma return_pmf_inj[simp]: "return_pmf x = return_pmf y \<longleftrightarrow> x = y"
   530   by (metis insertI1 set_return_pmf singletonD)
   531 
   532 lemma map_pmf_eq_return_pmf_iff:
   533   "map_pmf f p = return_pmf x \<longleftrightarrow> (\<forall>y \<in> set_pmf p. f y = x)"
   534 proof
   535   assume "map_pmf f p = return_pmf x"
   536   then have "set_pmf (map_pmf f p) = set_pmf (return_pmf x)" by simp
   537   then show "\<forall>y \<in> set_pmf p. f y = x" by auto
   538 next
   539   assume "\<forall>y \<in> set_pmf p. f y = x"
   540   then show "map_pmf f p = return_pmf x"
   541     unfolding map_pmf_const[symmetric, of _ p] by (intro map_pmf_cong) auto
   542 qed
   543 
   544 definition "pair_pmf A B = bind_pmf A (\<lambda>x. bind_pmf B (\<lambda>y. return_pmf (x, y)))"
   545 
   546 lemma pmf_pair: "pmf (pair_pmf M N) (a, b) = pmf M a * pmf N b"
   547   unfolding pair_pmf_def pmf_bind pmf_return
   548   apply (subst integral_measure_pmf[where A="{b}"])
   549   apply (auto simp: indicator_eq_0_iff)
   550   apply (subst integral_measure_pmf[where A="{a}"])
   551   apply (auto simp: indicator_eq_0_iff setsum_nonneg_eq_0_iff pmf_nonneg)
   552   done
   553 
   554 lemma set_pair_pmf[simp]: "set_pmf (pair_pmf A B) = set_pmf A \<times> set_pmf B"
   555   unfolding pair_pmf_def set_bind_pmf set_return_pmf by auto
   556 
   557 lemma measure_pmf_in_subprob_space[measurable (raw)]:
   558   "measure_pmf M \<in> space (subprob_algebra (count_space UNIV))"
   559   by (simp add: space_subprob_algebra) intro_locales
   560 
   561 lemma nn_integral_pair_pmf': "(\<integral>\<^sup>+x. f x \<partial>pair_pmf A B) = (\<integral>\<^sup>+a. \<integral>\<^sup>+b. f (a, b) \<partial>B \<partial>A)"
   562 proof -
   563   have "(\<integral>\<^sup>+x. f x \<partial>pair_pmf A B) = (\<integral>\<^sup>+x. max 0 (f x) * indicator (A \<times> B) x \<partial>pair_pmf A B)"
   564     by (subst nn_integral_max_0[symmetric])
   565        (auto simp: AE_measure_pmf_iff intro!: nn_integral_cong_AE)
   566   also have "\<dots> = (\<integral>\<^sup>+a. \<integral>\<^sup>+b. max 0 (f (a, b)) * indicator (A \<times> B) (a, b) \<partial>B \<partial>A)"
   567     by (simp add: pair_pmf_def)
   568   also have "\<dots> = (\<integral>\<^sup>+a. \<integral>\<^sup>+b. max 0 (f (a, b)) \<partial>B \<partial>A)"
   569     by (auto intro!: nn_integral_cong_AE simp: AE_measure_pmf_iff)
   570   finally show ?thesis
   571     unfolding nn_integral_max_0 .
   572 qed
   573 
   574 lemma bind_pair_pmf:
   575   assumes M[measurable]: "M \<in> measurable (count_space UNIV \<Otimes>\<^sub>M count_space UNIV) (subprob_algebra N)"
   576   shows "measure_pmf (pair_pmf A B) \<guillemotright>= M = (measure_pmf A \<guillemotright>= (\<lambda>x. measure_pmf B \<guillemotright>= (\<lambda>y. M (x, y))))"
   577     (is "?L = ?R")
   578 proof (rule measure_eqI)
   579   have M'[measurable]: "M \<in> measurable (pair_pmf A B) (subprob_algebra N)"
   580     using M[THEN measurable_space] by (simp_all add: space_pair_measure)
   581 
   582   note measurable_bind[where N="count_space UNIV", measurable]
   583   note measure_pmf_in_subprob_space[simp]
   584 
   585   have sets_eq_N: "sets ?L = N"
   586     by (subst sets_bind[OF sets_kernel[OF M']]) auto
   587   show "sets ?L = sets ?R"
   588     using measurable_space[OF M]
   589     by (simp add: sets_eq_N space_pair_measure space_subprob_algebra)
   590   fix X assume "X \<in> sets ?L"
   591   then have X[measurable]: "X \<in> sets N"
   592     unfolding sets_eq_N .
   593   then show "emeasure ?L X = emeasure ?R X"
   594     apply (simp add: emeasure_bind[OF _ M' X])
   595     apply (simp add: nn_integral_bind[where B="count_space UNIV"] pair_pmf_def measure_pmf_bind[of A]
   596                      nn_integral_measure_pmf_finite emeasure_nonneg pmf_return one_ereal_def[symmetric])
   597     apply (subst emeasure_bind[OF _ _ X])
   598     apply measurable
   599     apply (subst emeasure_bind[OF _ _ X])
   600     apply measurable
   601     done
   602 qed
   603 
   604 lemma map_fst_pair_pmf: "map_pmf fst (pair_pmf A B) = A"
   605   by (simp add: pair_pmf_def map_pmf_def bind_assoc_pmf bind_return_pmf bind_return_pmf')
   606 
   607 lemma map_snd_pair_pmf: "map_pmf snd (pair_pmf A B) = B"
   608   by (simp add: pair_pmf_def map_pmf_def bind_assoc_pmf bind_return_pmf bind_return_pmf')
   609 
   610 lemma nn_integral_pmf':
   611   "inj_on f A \<Longrightarrow> (\<integral>\<^sup>+x. pmf p (f x) \<partial>count_space A) = emeasure p (f ` A)"
   612   by (subst nn_integral_bij_count_space[where g=f and B="f`A"])
   613      (auto simp: bij_betw_def nn_integral_pmf)
   614 
   615 lemma pmf_le_0_iff[simp]: "pmf M p \<le> 0 \<longleftrightarrow> pmf M p = 0"
   616   using pmf_nonneg[of M p] by simp
   617 
   618 lemma min_pmf_0[simp]: "min (pmf M p) 0 = 0" "min 0 (pmf M p) = 0"
   619   using pmf_nonneg[of M p] by simp_all
   620 
   621 lemma pmf_eq_0_set_pmf: "pmf M p = 0 \<longleftrightarrow> p \<notin> set_pmf M"
   622   unfolding set_pmf_iff by simp
   623 
   624 lemma pmf_map_inj: "inj_on f (set_pmf M) \<Longrightarrow> x \<in> set_pmf M \<Longrightarrow> pmf (map_pmf f M) (f x) = pmf M x"
   625   by (auto simp: pmf.rep_eq map_pmf_rep_eq measure_distr AE_measure_pmf_iff inj_onD
   626            intro!: measure_pmf.finite_measure_eq_AE)
   627 
   628 subsection \<open> PMFs as function \<close>
   629 
   630 context
   631   fixes f :: "'a \<Rightarrow> real"
   632   assumes nonneg: "\<And>x. 0 \<le> f x"
   633   assumes prob: "(\<integral>\<^sup>+x. f x \<partial>count_space UNIV) = 1"
   634 begin
   635 
   636 lift_definition embed_pmf :: "'a pmf" is "density (count_space UNIV) (ereal \<circ> f)"
   637 proof (intro conjI)
   638   have *[simp]: "\<And>x y. ereal (f y) * indicator {x} y = ereal (f x) * indicator {x} y"
   639     by (simp split: split_indicator)
   640   show "AE x in density (count_space UNIV) (ereal \<circ> f).
   641     measure (density (count_space UNIV) (ereal \<circ> f)) {x} \<noteq> 0"
   642     by (simp add: AE_density nonneg measure_def emeasure_density max_def)
   643   show "prob_space (density (count_space UNIV) (ereal \<circ> f))"
   644     by default (simp add: emeasure_density prob)
   645 qed simp
   646 
   647 lemma pmf_embed_pmf: "pmf embed_pmf x = f x"
   648 proof transfer
   649   have *[simp]: "\<And>x y. ereal (f y) * indicator {x} y = ereal (f x) * indicator {x} y"
   650     by (simp split: split_indicator)
   651   fix x show "measure (density (count_space UNIV) (ereal \<circ> f)) {x} = f x"
   652     by transfer (simp add: measure_def emeasure_density nonneg max_def)
   653 qed
   654 
   655 end
   656 
   657 lemma embed_pmf_transfer:
   658   "rel_fun (eq_onp (\<lambda>f. (\<forall>x. 0 \<le> f x) \<and> (\<integral>\<^sup>+x. ereal (f x) \<partial>count_space UNIV) = 1)) pmf_as_measure.cr_pmf (\<lambda>f. density (count_space UNIV) (ereal \<circ> f)) embed_pmf"
   659   by (auto simp: rel_fun_def eq_onp_def embed_pmf.transfer)
   660 
   661 lemma measure_pmf_eq_density: "measure_pmf p = density (count_space UNIV) (pmf p)"
   662 proof (transfer, elim conjE)
   663   fix M :: "'a measure" assume [simp]: "sets M = UNIV" and ae: "AE x in M. measure M {x} \<noteq> 0"
   664   assume "prob_space M" then interpret prob_space M .
   665   show "M = density (count_space UNIV) (\<lambda>x. ereal (measure M {x}))"
   666   proof (rule measure_eqI)
   667     fix A :: "'a set"
   668     have "(\<integral>\<^sup>+ x. ereal (measure M {x}) * indicator A x \<partial>count_space UNIV) = 
   669       (\<integral>\<^sup>+ x. emeasure M {x} * indicator (A \<inter> {x. measure M {x} \<noteq> 0}) x \<partial>count_space UNIV)"
   670       by (auto intro!: nn_integral_cong simp: emeasure_eq_measure split: split_indicator)
   671     also have "\<dots> = (\<integral>\<^sup>+ x. emeasure M {x} \<partial>count_space (A \<inter> {x. measure M {x} \<noteq> 0}))"
   672       by (subst nn_integral_restrict_space[symmetric]) (auto simp: restrict_count_space)
   673     also have "\<dots> = emeasure M (\<Union>x\<in>(A \<inter> {x. measure M {x} \<noteq> 0}). {x})"
   674       by (intro emeasure_UN_countable[symmetric] countable_Int2 countable_support)
   675          (auto simp: disjoint_family_on_def)
   676     also have "\<dots> = emeasure M A"
   677       using ae by (intro emeasure_eq_AE) auto
   678     finally show " emeasure M A = emeasure (density (count_space UNIV) (\<lambda>x. ereal (measure M {x}))) A"
   679       using emeasure_space_1 by (simp add: emeasure_density)
   680   qed simp
   681 qed
   682 
   683 lemma td_pmf_embed_pmf:
   684   "type_definition pmf embed_pmf {f::'a \<Rightarrow> real. (\<forall>x. 0 \<le> f x) \<and> (\<integral>\<^sup>+x. ereal (f x) \<partial>count_space UNIV) = 1}"
   685   unfolding type_definition_def
   686 proof safe
   687   fix p :: "'a pmf"
   688   have "(\<integral>\<^sup>+ x. 1 \<partial>measure_pmf p) = 1"
   689     using measure_pmf.emeasure_space_1[of p] by simp
   690   then show *: "(\<integral>\<^sup>+ x. ereal (pmf p x) \<partial>count_space UNIV) = 1"
   691     by (simp add: measure_pmf_eq_density nn_integral_density pmf_nonneg del: nn_integral_const)
   692 
   693   show "embed_pmf (pmf p) = p"
   694     by (intro measure_pmf_inject[THEN iffD1])
   695        (simp add: * embed_pmf.rep_eq pmf_nonneg measure_pmf_eq_density[of p] comp_def)
   696 next
   697   fix f :: "'a \<Rightarrow> real" assume "\<forall>x. 0 \<le> f x" "(\<integral>\<^sup>+x. f x \<partial>count_space UNIV) = 1"
   698   then show "pmf (embed_pmf f) = f"
   699     by (auto intro!: pmf_embed_pmf)
   700 qed (rule pmf_nonneg)
   701 
   702 end
   703 
   704 locale pmf_as_function
   705 begin
   706 
   707 setup_lifting td_pmf_embed_pmf
   708 
   709 lemma set_pmf_transfer[transfer_rule]: 
   710   assumes "bi_total A"
   711   shows "rel_fun (pcr_pmf A) (rel_set A) (\<lambda>f. {x. f x \<noteq> 0}) set_pmf"  
   712   using `bi_total A`
   713   by (auto simp: pcr_pmf_def cr_pmf_def rel_fun_def rel_set_def bi_total_def Bex_def set_pmf_iff)
   714      metis+
   715 
   716 end
   717 
   718 context
   719 begin
   720 
   721 interpretation pmf_as_function .
   722 
   723 lemma pmf_eqI: "(\<And>i. pmf M i = pmf N i) \<Longrightarrow> M = N"
   724   by transfer auto
   725 
   726 lemma pmf_eq_iff: "M = N \<longleftrightarrow> (\<forall>i. pmf M i = pmf N i)"
   727   by (auto intro: pmf_eqI)
   728 
   729 lemma bind_commute_pmf: "bind_pmf A (\<lambda>x. bind_pmf B (C x)) = bind_pmf B (\<lambda>y. bind_pmf A (\<lambda>x. C x y))"
   730   unfolding pmf_eq_iff pmf_bind
   731 proof
   732   fix i
   733   interpret B: prob_space "restrict_space B B"
   734     by (intro prob_space_restrict_space measure_pmf.emeasure_eq_1_AE)
   735        (auto simp: AE_measure_pmf_iff)
   736   interpret A: prob_space "restrict_space A A"
   737     by (intro prob_space_restrict_space measure_pmf.emeasure_eq_1_AE)
   738        (auto simp: AE_measure_pmf_iff)
   739 
   740   interpret AB: pair_prob_space "restrict_space A A" "restrict_space B B"
   741     by unfold_locales
   742 
   743   have "(\<integral> x. \<integral> y. pmf (C x y) i \<partial>B \<partial>A) = (\<integral> x. (\<integral> y. pmf (C x y) i \<partial>restrict_space B B) \<partial>A)"
   744     by (rule integral_cong) (auto intro!: integral_pmf_restrict)
   745   also have "\<dots> = (\<integral> x. (\<integral> y. pmf (C x y) i \<partial>restrict_space B B) \<partial>restrict_space A A)"
   746     by (intro integral_pmf_restrict B.borel_measurable_lebesgue_integral measurable_pair_restrict_pmf2
   747               countable_set_pmf borel_measurable_count_space)
   748   also have "\<dots> = (\<integral> y. \<integral> x. pmf (C x y) i \<partial>restrict_space A A \<partial>restrict_space B B)"
   749     by (rule AB.Fubini_integral[symmetric])
   750        (auto intro!: AB.integrable_const_bound[where B=1] measurable_pair_restrict_pmf2
   751              simp: pmf_nonneg pmf_le_1 measurable_restrict_space1)
   752   also have "\<dots> = (\<integral> y. \<integral> x. pmf (C x y) i \<partial>restrict_space A A \<partial>B)"
   753     by (intro integral_pmf_restrict[symmetric] A.borel_measurable_lebesgue_integral measurable_pair_restrict_pmf2
   754               countable_set_pmf borel_measurable_count_space)
   755   also have "\<dots> = (\<integral> y. \<integral> x. pmf (C x y) i \<partial>A \<partial>B)"
   756     by (rule integral_cong) (auto intro!: integral_pmf_restrict[symmetric])
   757   finally show "(\<integral> x. \<integral> y. pmf (C x y) i \<partial>B \<partial>A) = (\<integral> y. \<integral> x. pmf (C x y) i \<partial>A \<partial>B)" .
   758 qed
   759 
   760 lemma pair_map_pmf1: "pair_pmf (map_pmf f A) B = map_pmf (apfst f) (pair_pmf A B)"
   761 proof (safe intro!: pmf_eqI)
   762   fix a :: "'a" and b :: "'b"
   763   have [simp]: "\<And>c d. indicator (apfst f -` {(a, b)}) (c, d) = indicator (f -` {a}) c * (indicator {b} d::ereal)"
   764     by (auto split: split_indicator)
   765 
   766   have "ereal (pmf (pair_pmf (map_pmf f A) B) (a, b)) =
   767          ereal (pmf (map_pmf (apfst f) (pair_pmf A B)) (a, b))"
   768     unfolding pmf_pair ereal_pmf_map
   769     by (simp add: nn_integral_pair_pmf' max_def emeasure_pmf_single nn_integral_multc pmf_nonneg
   770                   emeasure_map_pmf[symmetric] del: emeasure_map_pmf)
   771   then show "pmf (pair_pmf (map_pmf f A) B) (a, b) = pmf (map_pmf (apfst f) (pair_pmf A B)) (a, b)"
   772     by simp
   773 qed
   774 
   775 lemma pair_map_pmf2: "pair_pmf A (map_pmf f B) = map_pmf (apsnd f) (pair_pmf A B)"
   776 proof (safe intro!: pmf_eqI)
   777   fix a :: "'a" and b :: "'b"
   778   have [simp]: "\<And>c d. indicator (apsnd f -` {(a, b)}) (c, d) = indicator {a} c * (indicator (f -` {b}) d::ereal)"
   779     by (auto split: split_indicator)
   780 
   781   have "ereal (pmf (pair_pmf A (map_pmf f B)) (a, b)) =
   782          ereal (pmf (map_pmf (apsnd f) (pair_pmf A B)) (a, b))"
   783     unfolding pmf_pair ereal_pmf_map
   784     by (simp add: nn_integral_pair_pmf' max_def emeasure_pmf_single nn_integral_cmult nn_integral_multc pmf_nonneg
   785                   emeasure_map_pmf[symmetric] del: emeasure_map_pmf)
   786   then show "pmf (pair_pmf A (map_pmf f B)) (a, b) = pmf (map_pmf (apsnd f) (pair_pmf A B)) (a, b)"
   787     by simp
   788 qed
   789 
   790 lemma map_pair: "map_pmf (\<lambda>(a, b). (f a, g b)) (pair_pmf A B) = pair_pmf (map_pmf f A) (map_pmf g B)"
   791   by (simp add: pair_map_pmf2 pair_map_pmf1 map_pmf_comp split_beta')
   792 
   793 end
   794 
   795 subsection \<open> Conditional Probabilities \<close>
   796 
   797 context
   798   fixes p :: "'a pmf" and s :: "'a set"
   799   assumes not_empty: "set_pmf p \<inter> s \<noteq> {}"
   800 begin
   801 
   802 interpretation pmf_as_measure .
   803 
   804 lemma emeasure_measure_pmf_not_zero: "emeasure (measure_pmf p) s \<noteq> 0"
   805 proof
   806   assume "emeasure (measure_pmf p) s = 0"
   807   then have "AE x in measure_pmf p. x \<notin> s"
   808     by (rule AE_I[rotated]) auto
   809   with not_empty show False
   810     by (auto simp: AE_measure_pmf_iff)
   811 qed
   812 
   813 lemma measure_measure_pmf_not_zero: "measure (measure_pmf p) s \<noteq> 0"
   814   using emeasure_measure_pmf_not_zero unfolding measure_pmf.emeasure_eq_measure by simp
   815 
   816 lift_definition cond_pmf :: "'a pmf" is
   817   "uniform_measure (measure_pmf p) s"
   818 proof (intro conjI)
   819   show "prob_space (uniform_measure (measure_pmf p) s)"
   820     by (intro prob_space_uniform_measure) (auto simp: emeasure_measure_pmf_not_zero)
   821   show "AE x in uniform_measure (measure_pmf p) s. measure (uniform_measure (measure_pmf p) s) {x} \<noteq> 0"
   822     by (simp add: emeasure_measure_pmf_not_zero measure_measure_pmf_not_zero AE_uniform_measure
   823                   AE_measure_pmf_iff set_pmf.rep_eq)
   824 qed simp
   825 
   826 lemma pmf_cond: "pmf cond_pmf x = (if x \<in> s then pmf p x / measure p s else 0)"
   827   by transfer (simp add: emeasure_measure_pmf_not_zero pmf.rep_eq)
   828 
   829 lemma set_cond_pmf[simp]: "set_pmf cond_pmf = set_pmf p \<inter> s"
   830   by (auto simp add: set_pmf_iff pmf_cond measure_measure_pmf_not_zero split: split_if_asm)
   831 
   832 end
   833 
   834 lemma cond_map_pmf:
   835   assumes "set_pmf p \<inter> f -` s \<noteq> {}"
   836   shows "cond_pmf (map_pmf f p) s = map_pmf f (cond_pmf p (f -` s))"
   837 proof -
   838   have *: "set_pmf (map_pmf f p) \<inter> s \<noteq> {}"
   839     using assms by auto
   840   { fix x
   841     have "ereal (pmf (map_pmf f (cond_pmf p (f -` s))) x) =
   842       emeasure p (f -` s \<inter> f -` {x}) / emeasure p (f -` s)"
   843       unfolding ereal_pmf_map cond_pmf.rep_eq[OF assms] by (simp add: nn_integral_uniform_measure)
   844     also have "f -` s \<inter> f -` {x} = (if x \<in> s then f -` {x} else {})"
   845       by auto
   846     also have "emeasure p (if x \<in> s then f -` {x} else {}) / emeasure p (f -` s) =
   847       ereal (pmf (cond_pmf (map_pmf f p) s) x)"
   848       using measure_measure_pmf_not_zero[OF *]
   849       by (simp add: pmf_cond[OF *] ereal_divide' ereal_pmf_map measure_pmf.emeasure_eq_measure[symmetric]
   850                del: ereal_divide)
   851     finally have "ereal (pmf (cond_pmf (map_pmf f p) s) x) = ereal (pmf (map_pmf f (cond_pmf p (f -` s))) x)"
   852       by simp }
   853   then show ?thesis
   854     by (intro pmf_eqI) simp
   855 qed
   856 
   857 lemma bind_cond_pmf_cancel:
   858   assumes in_S: "\<And>x. x \<in> set_pmf p \<Longrightarrow> x \<in> S x" "\<And>x. x \<in> set_pmf q \<Longrightarrow> x \<in> S x"
   859   assumes S_eq: "\<And>x y. x \<in> S y \<Longrightarrow> S x = S y"
   860   and same: "\<And>x. measure (measure_pmf p) (S x) = measure (measure_pmf q) (S x)"
   861   shows "bind_pmf p (\<lambda>x. cond_pmf q (S x)) = q" (is "?lhs = _")
   862 proof (rule pmf_eqI)
   863   { fix x
   864     assume "x \<in> set_pmf p"
   865     hence "set_pmf p \<inter> (S x) \<noteq> {}" using in_S by auto
   866     hence "measure (measure_pmf p) (S x) \<noteq> 0"
   867       by(auto simp add: measure_pmf.prob_eq_0 AE_measure_pmf_iff)
   868     with same have "measure (measure_pmf q) (S x) \<noteq> 0" by simp
   869     hence "set_pmf q \<inter> S x \<noteq> {}"
   870       by(auto simp add: measure_pmf.prob_eq_0 AE_measure_pmf_iff) }
   871   note [simp] = this
   872 
   873   fix z
   874   have pmf_q_z: "z \<notin> S z \<Longrightarrow> pmf q z = 0"
   875     by(erule contrapos_np)(simp add: pmf_eq_0_set_pmf in_S)
   876 
   877   have "ereal (pmf ?lhs z) = \<integral>\<^sup>+ x. ereal (pmf (cond_pmf q (S x)) z) \<partial>measure_pmf p"
   878     by(simp add: ereal_pmf_bind)
   879   also have "\<dots> = \<integral>\<^sup>+ x. ereal (pmf q z / measure p (S z)) * indicator (S z) x \<partial>measure_pmf p"
   880     by(rule nn_integral_cong_AE)(auto simp add: AE_measure_pmf_iff pmf_cond same pmf_q_z in_S dest!: S_eq split: split_indicator)
   881   also have "\<dots> = pmf q z" using pmf_nonneg[of q z]
   882     by (subst nn_integral_cmult)(auto simp add: measure_nonneg measure_pmf.emeasure_eq_measure same measure_pmf.prob_eq_0 AE_measure_pmf_iff pmf_eq_0_set_pmf in_S)
   883   finally show "pmf ?lhs z = pmf q z" by simp
   884 qed
   885 
   886 subsection \<open> Relator \<close>
   887 
   888 inductive rel_pmf :: "('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> 'a pmf \<Rightarrow> 'b pmf \<Rightarrow> bool"
   889 for R p q
   890 where
   891   "\<lbrakk> \<And>x y. (x, y) \<in> set_pmf pq \<Longrightarrow> R x y; 
   892      map_pmf fst pq = p; map_pmf snd pq = q \<rbrakk>
   893   \<Longrightarrow> rel_pmf R p q"
   894 
   895 bnf pmf: "'a pmf" map: map_pmf sets: set_pmf bd : "natLeq" rel: rel_pmf
   896 proof -
   897   show "map_pmf id = id" by (rule map_pmf_id)
   898   show "\<And>f g. map_pmf (f \<circ> g) = map_pmf f \<circ> map_pmf g" by (rule map_pmf_compose) 
   899   show "\<And>f g::'a \<Rightarrow> 'b. \<And>p. (\<And>x. x \<in> set_pmf p \<Longrightarrow> f x = g x) \<Longrightarrow> map_pmf f p = map_pmf g p"
   900     by (intro map_pmf_cong refl)
   901 
   902   show "\<And>f::'a \<Rightarrow> 'b. set_pmf \<circ> map_pmf f = op ` f \<circ> set_pmf"
   903     by (rule pmf_set_map)
   904 
   905   { fix p :: "'s pmf"
   906     have "(card_of (set_pmf p), card_of (UNIV :: nat set)) \<in> ordLeq"
   907       by (rule card_of_ordLeqI[where f="to_nat_on (set_pmf p)"])
   908          (auto intro: countable_set_pmf)
   909     also have "(card_of (UNIV :: nat set), natLeq) \<in> ordLeq"
   910       by (metis Field_natLeq card_of_least natLeq_Well_order)
   911     finally show "(card_of (set_pmf p), natLeq) \<in> ordLeq" . }
   912 
   913   show "\<And>R. rel_pmf R =
   914          (BNF_Def.Grp {x. set_pmf x \<subseteq> {(x, y). R x y}} (map_pmf fst))\<inverse>\<inverse> OO
   915          BNF_Def.Grp {x. set_pmf x \<subseteq> {(x, y). R x y}} (map_pmf snd)"
   916      by (auto simp add: fun_eq_iff BNF_Def.Grp_def OO_def rel_pmf.simps)
   917 
   918   { fix p :: "'a pmf" and f :: "'a \<Rightarrow> 'b" and g x
   919     assume p: "\<And>z. z \<in> set_pmf p \<Longrightarrow> f z = g z"
   920       and x: "x \<in> set_pmf p"
   921     thus "f x = g x" by simp }
   922 
   923   fix R :: "'a => 'b \<Rightarrow> bool" and S :: "'b \<Rightarrow> 'c \<Rightarrow> bool"
   924   { fix p q r
   925     assume pq: "rel_pmf R p q"
   926       and qr:"rel_pmf S q r"
   927     from pq obtain pq where pq: "\<And>x y. (x, y) \<in> set_pmf pq \<Longrightarrow> R x y"
   928       and p: "p = map_pmf fst pq" and q: "q = map_pmf snd pq" by cases auto
   929     from qr obtain qr where qr: "\<And>y z. (y, z) \<in> set_pmf qr \<Longrightarrow> S y z"
   930       and q': "q = map_pmf fst qr" and r: "r = map_pmf snd qr" by cases auto
   931 
   932     def pr \<equiv> "bind_pmf pq (\<lambda>(x, y). bind_pmf (cond_pmf qr {(y', z). y' = y}) (\<lambda>(y', z). return_pmf (x, z)))"
   933     have pr_welldefined: "\<And>y. y \<in> q \<Longrightarrow> qr \<inter> {(y', z). y' = y} \<noteq> {}"
   934       by (force simp: q')
   935 
   936     have "rel_pmf (R OO S) p r"
   937     proof (rule rel_pmf.intros)
   938       fix x z assume "(x, z) \<in> pr"
   939       then have "\<exists>y. (x, y) \<in> pq \<and> (y, z) \<in> qr"
   940         by (auto simp: q pr_welldefined pr_def split_beta)
   941       with pq qr show "(R OO S) x z"
   942         by blast
   943     next
   944       have "map_pmf snd pr = map_pmf snd (bind_pmf q (\<lambda>y. cond_pmf qr {(y', z). y' = y}))"
   945         by (simp add: pr_def q split_beta bind_map_pmf map_pmf_def[symmetric] map_bind_pmf map_return_pmf)
   946       then show "map_pmf snd pr = r"
   947         unfolding r q' bind_map_pmf by (subst (asm) bind_cond_pmf_cancel) auto
   948     qed (simp add: pr_def map_bind_pmf split_beta map_return_pmf map_pmf_def[symmetric] p) }
   949   then show "rel_pmf R OO rel_pmf S \<le> rel_pmf (R OO S)"
   950     by(auto simp add: le_fun_def)
   951 qed (fact natLeq_card_order natLeq_cinfinite)+
   952 
   953 lemma rel_pmf_conj[simp]:
   954   "rel_pmf (\<lambda>x y. P \<and> Q x y) x y \<longleftrightarrow> P \<and> rel_pmf Q x y"
   955   "rel_pmf (\<lambda>x y. Q x y \<and> P) x y \<longleftrightarrow> P \<and> rel_pmf Q x y"
   956   using set_pmf_not_empty by (fastforce simp: pmf.in_rel subset_eq)+
   957 
   958 lemma rel_pmf_top[simp]: "rel_pmf top = top"
   959   by (auto simp: pmf.in_rel[abs_def] fun_eq_iff map_fst_pair_pmf map_snd_pair_pmf
   960            intro: exI[of _ "pair_pmf x y" for x y])
   961 
   962 lemma rel_pmf_return_pmf1: "rel_pmf R (return_pmf x) M \<longleftrightarrow> (\<forall>a\<in>M. R x a)"
   963 proof safe
   964   fix a assume "a \<in> M" "rel_pmf R (return_pmf x) M"
   965   then obtain pq where *: "\<And>a b. (a, b) \<in> set_pmf pq \<Longrightarrow> R a b"
   966     and eq: "return_pmf x = map_pmf fst pq" "M = map_pmf snd pq"
   967     by (force elim: rel_pmf.cases)
   968   moreover have "set_pmf (return_pmf x) = {x}"
   969     by simp
   970   with `a \<in> M` have "(x, a) \<in> pq"
   971     by (force simp: eq)
   972   with * show "R x a"
   973     by auto
   974 qed (auto intro!: rel_pmf.intros[where pq="pair_pmf (return_pmf x) M"]
   975           simp: map_fst_pair_pmf map_snd_pair_pmf)
   976 
   977 lemma rel_pmf_return_pmf2: "rel_pmf R M (return_pmf x) \<longleftrightarrow> (\<forall>a\<in>M. R a x)"
   978   by (subst pmf.rel_flip[symmetric]) (simp add: rel_pmf_return_pmf1)
   979 
   980 lemma rel_return_pmf[simp]: "rel_pmf R (return_pmf x1) (return_pmf x2) = R x1 x2"
   981   unfolding rel_pmf_return_pmf2 set_return_pmf by simp
   982 
   983 lemma rel_pmf_False[simp]: "rel_pmf (\<lambda>x y. False) x y = False"
   984   unfolding pmf.in_rel fun_eq_iff using set_pmf_not_empty by fastforce
   985 
   986 lemma rel_pmf_rel_prod:
   987   "rel_pmf (rel_prod R S) (pair_pmf A A') (pair_pmf B B') \<longleftrightarrow> rel_pmf R A B \<and> rel_pmf S A' B'"
   988 proof safe
   989   assume "rel_pmf (rel_prod R S) (pair_pmf A A') (pair_pmf B B')"
   990   then obtain pq where pq: "\<And>a b c d. ((a, c), (b, d)) \<in> set_pmf pq \<Longrightarrow> R a b \<and> S c d"
   991     and eq: "map_pmf fst pq = pair_pmf A A'" "map_pmf snd pq = pair_pmf B B'"
   992     by (force elim: rel_pmf.cases)
   993   show "rel_pmf R A B"
   994   proof (rule rel_pmf.intros)
   995     let ?f = "\<lambda>(a, b). (fst a, fst b)"
   996     have [simp]: "(\<lambda>x. fst (?f x)) = fst o fst" "(\<lambda>x. snd (?f x)) = fst o snd"
   997       by auto
   998 
   999     show "map_pmf fst (map_pmf ?f pq) = A"
  1000       by (simp add: map_pmf_comp pmf.map_comp[symmetric] eq map_fst_pair_pmf)
  1001     show "map_pmf snd (map_pmf ?f pq) = B"
  1002       by (simp add: map_pmf_comp pmf.map_comp[symmetric] eq map_fst_pair_pmf)
  1003 
  1004     fix a b assume "(a, b) \<in> set_pmf (map_pmf ?f pq)"
  1005     then obtain c d where "((a, c), (b, d)) \<in> set_pmf pq"
  1006       by auto
  1007     from pq[OF this] show "R a b" ..
  1008   qed
  1009   show "rel_pmf S A' B'"
  1010   proof (rule rel_pmf.intros)
  1011     let ?f = "\<lambda>(a, b). (snd a, snd b)"
  1012     have [simp]: "(\<lambda>x. fst (?f x)) = snd o fst" "(\<lambda>x. snd (?f x)) = snd o snd"
  1013       by auto
  1014 
  1015     show "map_pmf fst (map_pmf ?f pq) = A'"
  1016       by (simp add: map_pmf_comp pmf.map_comp[symmetric] eq map_snd_pair_pmf)
  1017     show "map_pmf snd (map_pmf ?f pq) = B'"
  1018       by (simp add: map_pmf_comp pmf.map_comp[symmetric] eq map_snd_pair_pmf)
  1019 
  1020     fix c d assume "(c, d) \<in> set_pmf (map_pmf ?f pq)"
  1021     then obtain a b where "((a, c), (b, d)) \<in> set_pmf pq"
  1022       by auto
  1023     from pq[OF this] show "S c d" ..
  1024   qed
  1025 next
  1026   assume "rel_pmf R A B" "rel_pmf S A' B'"
  1027   then obtain Rpq Spq
  1028     where Rpq: "\<And>a b. (a, b) \<in> set_pmf Rpq \<Longrightarrow> R a b"
  1029         "map_pmf fst Rpq = A" "map_pmf snd Rpq = B"
  1030       and Spq: "\<And>a b. (a, b) \<in> set_pmf Spq \<Longrightarrow> S a b"
  1031         "map_pmf fst Spq = A'" "map_pmf snd Spq = B'"
  1032     by (force elim: rel_pmf.cases)
  1033 
  1034   let ?f = "(\<lambda>((a, c), (b, d)). ((a, b), (c, d)))"
  1035   let ?pq = "map_pmf ?f (pair_pmf Rpq Spq)"
  1036   have [simp]: "(\<lambda>x. fst (?f x)) = (\<lambda>(a, b). (fst a, fst b))" "(\<lambda>x. snd (?f x)) = (\<lambda>(a, b). (snd a, snd b))"
  1037     by auto
  1038 
  1039   show "rel_pmf (rel_prod R S) (pair_pmf A A') (pair_pmf B B')"
  1040     by (rule rel_pmf.intros[where pq="?pq"])
  1041        (auto simp: map_snd_pair_pmf map_fst_pair_pmf map_pmf_comp Rpq Spq
  1042                    map_pair)
  1043 qed
  1044 
  1045 lemma rel_pmf_reflI: 
  1046   assumes "\<And>x. x \<in> set_pmf p \<Longrightarrow> P x x"
  1047   shows "rel_pmf P p p"
  1048   by (rule rel_pmf.intros[where pq="map_pmf (\<lambda>x. (x, x)) p"])
  1049      (auto simp add: pmf.map_comp o_def assms)
  1050 
  1051 context
  1052 begin
  1053 
  1054 interpretation pmf_as_measure .
  1055 
  1056 definition "join_pmf M = bind_pmf M (\<lambda>x. x)"
  1057 
  1058 lemma bind_eq_join_pmf: "bind_pmf M f = join_pmf (map_pmf f M)"
  1059   unfolding join_pmf_def bind_map_pmf ..
  1060 
  1061 lemma join_eq_bind_pmf: "join_pmf M = bind_pmf M id"
  1062   by (simp add: join_pmf_def id_def)
  1063 
  1064 lemma pmf_join: "pmf (join_pmf N) i = (\<integral>M. pmf M i \<partial>measure_pmf N)"
  1065   unfolding join_pmf_def pmf_bind ..
  1066 
  1067 lemma ereal_pmf_join: "ereal (pmf (join_pmf N) i) = (\<integral>\<^sup>+M. pmf M i \<partial>measure_pmf N)"
  1068   unfolding join_pmf_def ereal_pmf_bind ..
  1069 
  1070 lemma set_pmf_join_pmf[simp]: "set_pmf (join_pmf f) = (\<Union>p\<in>set_pmf f. set_pmf p)"
  1071   by (simp add: join_pmf_def)
  1072 
  1073 lemma join_return_pmf: "join_pmf (return_pmf M) = M"
  1074   by (simp add: integral_return pmf_eq_iff pmf_join return_pmf.rep_eq)
  1075 
  1076 lemma map_join_pmf: "map_pmf f (join_pmf AA) = join_pmf (map_pmf (map_pmf f) AA)"
  1077   by (simp add: join_pmf_def map_pmf_def bind_assoc_pmf bind_return_pmf)
  1078 
  1079 lemma join_map_return_pmf: "join_pmf (map_pmf return_pmf A) = A"
  1080   by (simp add: join_pmf_def map_pmf_def bind_assoc_pmf bind_return_pmf bind_return_pmf')
  1081 
  1082 end
  1083 
  1084 lemma rel_pmf_joinI:
  1085   assumes "rel_pmf (rel_pmf P) p q"
  1086   shows "rel_pmf P (join_pmf p) (join_pmf q)"
  1087 proof -
  1088   from assms obtain pq where p: "p = map_pmf fst pq"
  1089     and q: "q = map_pmf snd pq"
  1090     and P: "\<And>x y. (x, y) \<in> set_pmf pq \<Longrightarrow> rel_pmf P x y"
  1091     by cases auto
  1092   from P obtain PQ 
  1093     where PQ: "\<And>x y a b. \<lbrakk> (x, y) \<in> set_pmf pq; (a, b) \<in> set_pmf (PQ x y) \<rbrakk> \<Longrightarrow> P a b"
  1094     and x: "\<And>x y. (x, y) \<in> set_pmf pq \<Longrightarrow> map_pmf fst (PQ x y) = x"
  1095     and y: "\<And>x y. (x, y) \<in> set_pmf pq \<Longrightarrow> map_pmf snd (PQ x y) = y"
  1096     by(metis rel_pmf.simps)
  1097 
  1098   let ?r = "bind_pmf pq (\<lambda>(x, y). PQ x y)"
  1099   have "\<And>a b. (a, b) \<in> set_pmf ?r \<Longrightarrow> P a b" by (auto intro: PQ)
  1100   moreover have "map_pmf fst ?r = join_pmf p" "map_pmf snd ?r = join_pmf q"
  1101     by (simp_all add: p q x y join_pmf_def map_bind_pmf bind_map_pmf split_def cong: bind_pmf_cong)
  1102   ultimately show ?thesis ..
  1103 qed
  1104 
  1105 lemma rel_pmf_bindI:
  1106   assumes pq: "rel_pmf R p q"
  1107   and fg: "\<And>x y. R x y \<Longrightarrow> rel_pmf P (f x) (g y)"
  1108   shows "rel_pmf P (bind_pmf p f) (bind_pmf q g)"
  1109   unfolding bind_eq_join_pmf
  1110   by (rule rel_pmf_joinI)
  1111      (auto simp add: pmf.rel_map intro: pmf.rel_mono[THEN le_funD, THEN le_funD, THEN le_boolD, THEN mp, OF _ pq] fg)
  1112 
  1113 text {*
  1114   Proof that @{const rel_pmf} preserves orders.
  1115   Antisymmetry proof follows Thm. 1 in N. Saheb-Djahromi, Cpo's of measures for nondeterminism, 
  1116   Theoretical Computer Science 12(1):19--37, 1980, 
  1117   @{url "http://dx.doi.org/10.1016/0304-3975(80)90003-1"}
  1118 *}
  1119 
  1120 lemma 
  1121   assumes *: "rel_pmf R p q"
  1122   and refl: "reflp R" and trans: "transp R"
  1123   shows measure_Ici: "measure p {y. R x y} \<le> measure q {y. R x y}" (is ?thesis1)
  1124   and measure_Ioi: "measure p {y. R x y \<and> \<not> R y x} \<le> measure q {y. R x y \<and> \<not> R y x}" (is ?thesis2)
  1125 proof -
  1126   from * obtain pq
  1127     where pq: "\<And>x y. (x, y) \<in> set_pmf pq \<Longrightarrow> R x y"
  1128     and p: "p = map_pmf fst pq"
  1129     and q: "q = map_pmf snd pq"
  1130     by cases auto
  1131   show ?thesis1 ?thesis2 unfolding p q map_pmf_rep_eq using refl trans
  1132     by(auto 4 3 simp add: measure_distr reflpD AE_measure_pmf_iff intro!: measure_pmf.finite_measure_mono_AE dest!: pq elim: transpE)
  1133 qed
  1134 
  1135 lemma rel_pmf_inf:
  1136   fixes p q :: "'a pmf"
  1137   assumes 1: "rel_pmf R p q"
  1138   assumes 2: "rel_pmf R q p"
  1139   and refl: "reflp R" and trans: "transp R"
  1140   shows "rel_pmf (inf R R\<inverse>\<inverse>) p q"
  1141 proof
  1142   let ?E = "\<lambda>x. {y. R x y \<and> R y x}"
  1143   let ?\<mu>E = "\<lambda>x. measure q (?E x)"
  1144   { fix x
  1145     have "measure p (?E x) = measure p ({y. R x y} - {y. R x y \<and> \<not> R y x})"
  1146       by(auto intro!: arg_cong[where f="measure p"])
  1147     also have "\<dots> = measure p {y. R x y} - measure p {y. R x y \<and> \<not> R y x}"
  1148       by (rule measure_pmf.finite_measure_Diff) auto
  1149     also have "measure p {y. R x y \<and> \<not> R y x} = measure q {y. R x y \<and> \<not> R y x}"
  1150       using 1 2 refl trans by(auto intro!: Orderings.antisym measure_Ioi)
  1151     also have "measure p {y. R x y} = measure q {y. R x y}"
  1152       using 1 2 refl trans by(auto intro!: Orderings.antisym measure_Ici)
  1153     also have "measure q {y. R x y} - measure q {y. R x y \<and> ~ R y x} =
  1154       measure q ({y. R x y} - {y. R x y \<and> \<not> R y x})"
  1155       by(rule measure_pmf.finite_measure_Diff[symmetric]) auto
  1156     also have "\<dots> = ?\<mu>E x"
  1157       by(auto intro!: arg_cong[where f="measure q"])
  1158     also note calculation }
  1159   note eq = this
  1160 
  1161   def pq \<equiv> "bind_pmf p (\<lambda>x. bind_pmf (cond_pmf q (?E x)) (\<lambda>y. return_pmf (x, y)))"
  1162 
  1163   show "map_pmf fst pq = p"
  1164     by(simp add: pq_def map_bind_pmf map_return_pmf bind_return_pmf')
  1165 
  1166   show "map_pmf snd pq = q"
  1167     unfolding pq_def map_bind_pmf map_return_pmf bind_return_pmf' snd_conv
  1168     by(subst bind_cond_pmf_cancel)(auto simp add: reflpD[OF \<open>reflp R\<close>] eq  intro: transpD[OF \<open>transp R\<close>])
  1169 
  1170   fix x y
  1171   assume "(x, y) \<in> set_pmf pq"
  1172   moreover
  1173   { assume "x \<in> set_pmf p"
  1174     hence "measure (measure_pmf p) (?E x) \<noteq> 0"
  1175       by (auto simp add: measure_pmf.prob_eq_0 AE_measure_pmf_iff intro: reflpD[OF \<open>reflp R\<close>])
  1176     hence "measure (measure_pmf q) (?E x) \<noteq> 0" using eq by simp
  1177     hence "set_pmf q \<inter> {y. R x y \<and> R y x} \<noteq> {}" 
  1178       by (auto simp add: measure_pmf.prob_eq_0 AE_measure_pmf_iff) }
  1179   ultimately show "inf R R\<inverse>\<inverse> x y"
  1180     by (auto simp add: pq_def)
  1181 qed
  1182 
  1183 lemma rel_pmf_antisym:
  1184   fixes p q :: "'a pmf"
  1185   assumes 1: "rel_pmf R p q"
  1186   assumes 2: "rel_pmf R q p"
  1187   and refl: "reflp R" and trans: "transp R" and antisym: "antisymP R"
  1188   shows "p = q"
  1189 proof -
  1190   from 1 2 refl trans have "rel_pmf (inf R R\<inverse>\<inverse>) p q" by(rule rel_pmf_inf)
  1191   also have "inf R R\<inverse>\<inverse> = op ="
  1192     using refl antisym by (auto intro!: ext simp add: reflpD dest: antisymD)
  1193   finally show ?thesis unfolding pmf.rel_eq .
  1194 qed
  1195 
  1196 lemma reflp_rel_pmf: "reflp R \<Longrightarrow> reflp (rel_pmf R)"
  1197 by(blast intro: reflpI rel_pmf_reflI reflpD)
  1198 
  1199 lemma antisymP_rel_pmf:
  1200   "\<lbrakk> reflp R; transp R; antisymP R \<rbrakk>
  1201   \<Longrightarrow> antisymP (rel_pmf R)"
  1202 by(rule antisymI)(blast intro: rel_pmf_antisym)
  1203 
  1204 lemma transp_rel_pmf:
  1205   assumes "transp R"
  1206   shows "transp (rel_pmf R)"
  1207 proof (rule transpI)
  1208   fix x y z
  1209   assume "rel_pmf R x y" and "rel_pmf R y z"
  1210   hence "rel_pmf (R OO R) x z" by (simp add: pmf.rel_compp relcompp.relcompI)
  1211   thus "rel_pmf R x z"
  1212     using assms by (metis (no_types) pmf.rel_mono rev_predicate2D transp_relcompp_less_eq)
  1213 qed
  1214 
  1215 subsection \<open> Distributions \<close>
  1216 
  1217 context
  1218 begin
  1219 
  1220 interpretation pmf_as_function .
  1221 
  1222 subsubsection \<open> Bernoulli Distribution \<close>
  1223 
  1224 lift_definition bernoulli_pmf :: "real \<Rightarrow> bool pmf" is
  1225   "\<lambda>p b. ((\<lambda>p. if b then p else 1 - p) \<circ> min 1 \<circ> max 0) p"
  1226   by (auto simp: nn_integral_count_space_finite[where A="{False, True}"] UNIV_bool
  1227            split: split_max split_min)
  1228 
  1229 lemma pmf_bernoulli_True[simp]: "0 \<le> p \<Longrightarrow> p \<le> 1 \<Longrightarrow> pmf (bernoulli_pmf p) True = p"
  1230   by transfer simp
  1231 
  1232 lemma pmf_bernoulli_False[simp]: "0 \<le> p \<Longrightarrow> p \<le> 1 \<Longrightarrow> pmf (bernoulli_pmf p) False = 1 - p"
  1233   by transfer simp
  1234 
  1235 lemma set_pmf_bernoulli: "0 < p \<Longrightarrow> p < 1 \<Longrightarrow> set_pmf (bernoulli_pmf p) = UNIV"
  1236   by (auto simp add: set_pmf_iff UNIV_bool)
  1237 
  1238 lemma nn_integral_bernoulli_pmf[simp]: 
  1239   assumes [simp]: "0 \<le> p" "p \<le> 1" "\<And>x. 0 \<le> f x"
  1240   shows "(\<integral>\<^sup>+x. f x \<partial>bernoulli_pmf p) = f True * p + f False * (1 - p)"
  1241   by (subst nn_integral_measure_pmf_support[of UNIV])
  1242      (auto simp: UNIV_bool field_simps)
  1243 
  1244 lemma integral_bernoulli_pmf[simp]: 
  1245   assumes [simp]: "0 \<le> p" "p \<le> 1"
  1246   shows "(\<integral>x. f x \<partial>bernoulli_pmf p) = f True * p + f False * (1 - p)"
  1247   by (subst integral_measure_pmf[of UNIV]) (auto simp: UNIV_bool)
  1248 
  1249 lemma pmf_bernoulli_half [simp]: "pmf (bernoulli_pmf (1 / 2)) x = 1 / 2"
  1250 by(cases x) simp_all
  1251 
  1252 lemma measure_pmf_bernoulli_half: "measure_pmf (bernoulli_pmf (1 / 2)) = uniform_count_measure UNIV"
  1253 by(rule measure_eqI)(simp_all add: nn_integral_pmf[symmetric] emeasure_uniform_count_measure nn_integral_count_space_finite sets_uniform_count_measure)
  1254 
  1255 subsubsection \<open> Geometric Distribution \<close>
  1256 
  1257 lift_definition geometric_pmf :: "nat pmf" is "\<lambda>n. 1 / 2^Suc n"
  1258 proof
  1259   note geometric_sums[of "1 / 2"]
  1260   note sums_mult[OF this, of "1 / 2"]
  1261   from sums_suminf_ereal[OF this]
  1262   show "(\<integral>\<^sup>+ x. ereal (1 / 2 ^ Suc x) \<partial>count_space UNIV) = 1"
  1263     by (simp add: nn_integral_count_space_nat field_simps)
  1264 qed simp
  1265 
  1266 lemma pmf_geometric[simp]: "pmf geometric_pmf n = 1 / 2^Suc n"
  1267   by transfer rule
  1268 
  1269 lemma set_pmf_geometric[simp]: "set_pmf geometric_pmf = UNIV"
  1270   by (auto simp: set_pmf_iff)
  1271 
  1272 subsubsection \<open> Uniform Multiset Distribution \<close>
  1273 
  1274 context
  1275   fixes M :: "'a multiset" assumes M_not_empty: "M \<noteq> {#}"
  1276 begin
  1277 
  1278 lift_definition pmf_of_multiset :: "'a pmf" is "\<lambda>x. count M x / size M"
  1279 proof
  1280   show "(\<integral>\<^sup>+ x. ereal (real (count M x) / real (size M)) \<partial>count_space UNIV) = 1"  
  1281     using M_not_empty
  1282     by (simp add: zero_less_divide_iff nn_integral_count_space nonempty_has_size
  1283                   setsum_divide_distrib[symmetric])
  1284        (auto simp: size_multiset_overloaded_eq intro!: setsum.cong)
  1285 qed simp
  1286 
  1287 lemma pmf_of_multiset[simp]: "pmf pmf_of_multiset x = count M x / size M"
  1288   by transfer rule
  1289 
  1290 lemma set_pmf_of_multiset[simp]: "set_pmf pmf_of_multiset = set_of M"
  1291   by (auto simp: set_pmf_iff)
  1292 
  1293 end
  1294 
  1295 subsubsection \<open> Uniform Distribution \<close>
  1296 
  1297 context
  1298   fixes S :: "'a set" assumes S_not_empty: "S \<noteq> {}" and S_finite: "finite S"
  1299 begin
  1300 
  1301 lift_definition pmf_of_set :: "'a pmf" is "\<lambda>x. indicator S x / card S"
  1302 proof
  1303   show "(\<integral>\<^sup>+ x. ereal (indicator S x / real (card S)) \<partial>count_space UNIV) = 1"  
  1304     using S_not_empty S_finite by (subst nn_integral_count_space'[of S]) auto
  1305 qed simp
  1306 
  1307 lemma pmf_of_set[simp]: "pmf pmf_of_set x = indicator S x / card S"
  1308   by transfer rule
  1309 
  1310 lemma set_pmf_of_set[simp]: "set_pmf pmf_of_set = S"
  1311   using S_finite S_not_empty by (auto simp: set_pmf_iff)
  1312 
  1313 lemma emeasure_pmf_of_set[simp]: "emeasure pmf_of_set S = 1"
  1314   by (rule measure_pmf.emeasure_eq_1_AE) (auto simp: AE_measure_pmf_iff)
  1315 
  1316 end
  1317 
  1318 subsubsection \<open> Poisson Distribution \<close>
  1319 
  1320 context
  1321   fixes rate :: real assumes rate_pos: "0 < rate"
  1322 begin
  1323 
  1324 lift_definition poisson_pmf :: "nat pmf" is "\<lambda>k. rate ^ k / fact k * exp (-rate)"
  1325 proof
  1326   (* Proof by Manuel Eberl *)
  1327 
  1328   have summable: "summable (\<lambda>x::nat. rate ^ x / fact x)" using summable_exp
  1329     by (simp add: field_simps divide_inverse [symmetric])
  1330   have "(\<integral>\<^sup>+(x::nat). rate ^ x / fact x * exp (-rate) \<partial>count_space UNIV) =
  1331           exp (-rate) * (\<integral>\<^sup>+(x::nat). rate ^ x / fact x \<partial>count_space UNIV)"
  1332     by (simp add: field_simps nn_integral_cmult[symmetric])
  1333   also from rate_pos have "(\<integral>\<^sup>+(x::nat). rate ^ x / fact x \<partial>count_space UNIV) = (\<Sum>x. rate ^ x / fact x)"
  1334     by (simp_all add: nn_integral_count_space_nat suminf_ereal summable suminf_ereal_finite)
  1335   also have "... = exp rate" unfolding exp_def
  1336     by (simp add: field_simps divide_inverse [symmetric] transfer_int_nat_factorial)
  1337   also have "ereal (exp (-rate)) * ereal (exp rate) = 1"
  1338     by (simp add: mult_exp_exp)
  1339   finally show "(\<integral>\<^sup>+ x. ereal (rate ^ x / real (fact x) * exp (- rate)) \<partial>count_space UNIV) = 1" .
  1340 qed (simp add: rate_pos[THEN less_imp_le])
  1341 
  1342 lemma pmf_poisson[simp]: "pmf poisson_pmf k = rate ^ k / fact k * exp (-rate)"
  1343   by transfer rule
  1344 
  1345 lemma set_pmf_poisson[simp]: "set_pmf poisson_pmf = UNIV"
  1346   using rate_pos by (auto simp: set_pmf_iff)
  1347 
  1348 end
  1349 
  1350 subsubsection \<open> Binomial Distribution \<close>
  1351 
  1352 context
  1353   fixes n :: nat and p :: real assumes p_nonneg: "0 \<le> p" and p_le_1: "p \<le> 1"
  1354 begin
  1355 
  1356 lift_definition binomial_pmf :: "nat pmf" is "\<lambda>k. (n choose k) * p^k * (1 - p)^(n - k)"
  1357 proof
  1358   have "(\<integral>\<^sup>+k. ereal (real (n choose k) * p ^ k * (1 - p) ^ (n - k)) \<partial>count_space UNIV) =
  1359     ereal (\<Sum>k\<le>n. real (n choose k) * p ^ k * (1 - p) ^ (n - k))"
  1360     using p_le_1 p_nonneg by (subst nn_integral_count_space') auto
  1361   also have "(\<Sum>k\<le>n. real (n choose k) * p ^ k * (1 - p) ^ (n - k)) = (p + (1 - p)) ^ n"
  1362     by (subst binomial_ring) (simp add: atLeast0AtMost real_of_nat_def)
  1363   finally show "(\<integral>\<^sup>+ x. ereal (real (n choose x) * p ^ x * (1 - p) ^ (n - x)) \<partial>count_space UNIV) = 1"
  1364     by simp
  1365 qed (insert p_nonneg p_le_1, simp)
  1366 
  1367 lemma pmf_binomial[simp]: "pmf binomial_pmf k = (n choose k) * p^k * (1 - p)^(n - k)"
  1368   by transfer rule
  1369 
  1370 lemma set_pmf_binomial_eq: "set_pmf binomial_pmf = (if p = 0 then {0} else if p = 1 then {n} else {.. n})"
  1371   using p_nonneg p_le_1 unfolding set_eq_iff set_pmf_iff pmf_binomial by (auto simp: set_pmf_iff)
  1372 
  1373 end
  1374 
  1375 end
  1376 
  1377 lemma set_pmf_binomial_0[simp]: "set_pmf (binomial_pmf n 0) = {0}"
  1378   by (simp add: set_pmf_binomial_eq)
  1379 
  1380 lemma set_pmf_binomial_1[simp]: "set_pmf (binomial_pmf n 1) = {n}"
  1381   by (simp add: set_pmf_binomial_eq)
  1382 
  1383 lemma set_pmf_binomial[simp]: "0 < p \<Longrightarrow> p < 1 \<Longrightarrow> set_pmf (binomial_pmf n p) = {..n}"
  1384   by (simp add: set_pmf_binomial_eq)
  1385 
  1386 end