src/HOL/Probability/Probability_Mass_Function.thy
author eberlm
Tue May 17 17:05:35 2016 +0200 (2016-05-17)
changeset 63099 af0e964aad7b
parent 63092 a949b2a5f51d
child 63101 65f1d7829463
permissions -rw-r--r--
Moved material from AFP/Randomised_Social_Choice to distribution
     1 (*  Title:      HOL/Probability/Probability_Mass_Function.thy
     2     Author:     Johannes Hölzl, TU München
     3     Author:     Andreas Lochbihler, ETH Zurich
     4 *)
     5 
     6 section \<open> Probability mass function \<close>
     7 
     8 theory Probability_Mass_Function
     9 imports
    10   Giry_Monad
    11   "~~/src/HOL/Library/Multiset"
    12 begin
    13 
    14 lemma AE_emeasure_singleton:
    15   assumes x: "emeasure M {x} \<noteq> 0" and ae: "AE x in M. P x" shows "P x"
    16 proof -
    17   from x have x_M: "{x} \<in> sets M"
    18     by (auto intro: emeasure_notin_sets)
    19   from ae obtain N where N: "{x\<in>space M. \<not> P x} \<subseteq> N" "emeasure M N = 0" "N \<in> sets M"
    20     by (auto elim: AE_E)
    21   { assume "\<not> P x"
    22     with x_M[THEN sets.sets_into_space] N have "emeasure M {x} \<le> emeasure M N"
    23       by (intro emeasure_mono) auto
    24     with x N have False
    25       by (auto simp:) }
    26   then show "P x" by auto
    27 qed
    28 
    29 lemma AE_measure_singleton: "measure M {x} \<noteq> 0 \<Longrightarrow> AE x in M. P x \<Longrightarrow> P x"
    30   by (metis AE_emeasure_singleton measure_def emeasure_empty measure_empty)
    31 
    32 lemma (in finite_measure) AE_support_countable:
    33   assumes [simp]: "sets M = UNIV"
    34   shows "(AE x in M. measure M {x} \<noteq> 0) \<longleftrightarrow> (\<exists>S. countable S \<and> (AE x in M. x \<in> S))"
    35 proof
    36   assume "\<exists>S. countable S \<and> (AE x in M. x \<in> S)"
    37   then obtain S where S[intro]: "countable S" and ae: "AE x in M. x \<in> S"
    38     by auto
    39   then have "emeasure M (\<Union>x\<in>{x\<in>S. emeasure M {x} \<noteq> 0}. {x}) =
    40     (\<integral>\<^sup>+ x. emeasure M {x} * indicator {x\<in>S. emeasure M {x} \<noteq> 0} x \<partial>count_space UNIV)"
    41     by (subst emeasure_UN_countable)
    42        (auto simp: disjoint_family_on_def nn_integral_restrict_space[symmetric] restrict_count_space)
    43   also have "\<dots> = (\<integral>\<^sup>+ x. emeasure M {x} * indicator S x \<partial>count_space UNIV)"
    44     by (auto intro!: nn_integral_cong split: split_indicator)
    45   also have "\<dots> = emeasure M (\<Union>x\<in>S. {x})"
    46     by (subst emeasure_UN_countable)
    47        (auto simp: disjoint_family_on_def nn_integral_restrict_space[symmetric] restrict_count_space)
    48   also have "\<dots> = emeasure M (space M)"
    49     using ae by (intro emeasure_eq_AE) auto
    50   finally have "emeasure M {x \<in> space M. x\<in>S \<and> emeasure M {x} \<noteq> 0} = emeasure M (space M)"
    51     by (simp add: emeasure_single_in_space cong: rev_conj_cong)
    52   with finite_measure_compl[of "{x \<in> space M. x\<in>S \<and> emeasure M {x} \<noteq> 0}"]
    53   have "AE x in M. x \<in> S \<and> emeasure M {x} \<noteq> 0"
    54     by (intro AE_I[OF order_refl]) (auto simp: emeasure_eq_measure measure_nonneg set_diff_eq cong: conj_cong)
    55   then show "AE x in M. measure M {x} \<noteq> 0"
    56     by (auto simp: emeasure_eq_measure)
    57 qed (auto intro!: exI[of _ "{x. measure M {x} \<noteq> 0}"] countable_support)
    58 
    59 subsection \<open> PMF as measure \<close>
    60 
    61 typedef 'a pmf = "{M :: 'a measure. prob_space M \<and> sets M = UNIV \<and> (AE x in M. measure M {x} \<noteq> 0)}"
    62   morphisms measure_pmf Abs_pmf
    63   by (intro exI[of _ "uniform_measure (count_space UNIV) {undefined}"])
    64      (auto intro!: prob_space_uniform_measure AE_uniform_measureI)
    65 
    66 declare [[coercion measure_pmf]]
    67 
    68 lemma prob_space_measure_pmf: "prob_space (measure_pmf p)"
    69   using pmf.measure_pmf[of p] by auto
    70 
    71 interpretation measure_pmf: prob_space "measure_pmf M" for M
    72   by (rule prob_space_measure_pmf)
    73 
    74 interpretation measure_pmf: subprob_space "measure_pmf M" for M
    75   by (rule prob_space_imp_subprob_space) unfold_locales
    76 
    77 lemma subprob_space_measure_pmf: "subprob_space (measure_pmf x)"
    78   by unfold_locales
    79 
    80 locale pmf_as_measure
    81 begin
    82 
    83 setup_lifting type_definition_pmf
    84 
    85 end
    86 
    87 context
    88 begin
    89 
    90 interpretation pmf_as_measure .
    91 
    92 lemma sets_measure_pmf[simp]: "sets (measure_pmf p) = UNIV"
    93   by transfer blast
    94 
    95 lemma sets_measure_pmf_count_space[measurable_cong]:
    96   "sets (measure_pmf M) = sets (count_space UNIV)"
    97   by simp
    98 
    99 lemma space_measure_pmf[simp]: "space (measure_pmf p) = UNIV"
   100   using sets_eq_imp_space_eq[of "measure_pmf p" "count_space UNIV"] by simp
   101 
   102 lemma measure_pmf_UNIV [simp]: "measure (measure_pmf p) UNIV = 1"
   103 using measure_pmf.prob_space[of p] by simp
   104 
   105 lemma measure_pmf_in_subprob_algebra[measurable (raw)]: "measure_pmf x \<in> space (subprob_algebra (count_space UNIV))"
   106   by (simp add: space_subprob_algebra subprob_space_measure_pmf)
   107 
   108 lemma measurable_pmf_measure1[simp]: "measurable (M :: 'a pmf) N = UNIV \<rightarrow> space N"
   109   by (auto simp: measurable_def)
   110 
   111 lemma measurable_pmf_measure2[simp]: "measurable N (M :: 'a pmf) = measurable N (count_space UNIV)"
   112   by (intro measurable_cong_sets) simp_all
   113 
   114 lemma measurable_pair_restrict_pmf2:
   115   assumes "countable A"
   116   assumes [measurable]: "\<And>y. y \<in> A \<Longrightarrow> (\<lambda>x. f (x, y)) \<in> measurable M L"
   117   shows "f \<in> measurable (M \<Otimes>\<^sub>M restrict_space (measure_pmf N) A) L" (is "f \<in> measurable ?M _")
   118 proof -
   119   have [measurable_cong]: "sets (restrict_space (count_space UNIV) A) = sets (count_space A)"
   120     by (simp add: restrict_count_space)
   121 
   122   show ?thesis
   123     by (intro measurable_compose_countable'[where f="\<lambda>a b. f (fst b, a)" and g=snd and I=A,
   124                                             unfolded prod.collapse] assms)
   125         measurable
   126 qed
   127 
   128 lemma measurable_pair_restrict_pmf1:
   129   assumes "countable A"
   130   assumes [measurable]: "\<And>x. x \<in> A \<Longrightarrow> (\<lambda>y. f (x, y)) \<in> measurable N L"
   131   shows "f \<in> measurable (restrict_space (measure_pmf M) A \<Otimes>\<^sub>M N) L"
   132 proof -
   133   have [measurable_cong]: "sets (restrict_space (count_space UNIV) A) = sets (count_space A)"
   134     by (simp add: restrict_count_space)
   135 
   136   show ?thesis
   137     by (intro measurable_compose_countable'[where f="\<lambda>a b. f (a, snd b)" and g=fst and I=A,
   138                                             unfolded prod.collapse] assms)
   139         measurable
   140 qed
   141 
   142 lift_definition pmf :: "'a pmf \<Rightarrow> 'a \<Rightarrow> real" is "\<lambda>M x. measure M {x}" .
   143 
   144 lift_definition set_pmf :: "'a pmf \<Rightarrow> 'a set" is "\<lambda>M. {x. measure M {x} \<noteq> 0}" .
   145 declare [[coercion set_pmf]]
   146 
   147 lemma AE_measure_pmf: "AE x in (M::'a pmf). x \<in> M"
   148   by transfer simp
   149 
   150 lemma emeasure_pmf_single_eq_zero_iff:
   151   fixes M :: "'a pmf"
   152   shows "emeasure M {y} = 0 \<longleftrightarrow> y \<notin> M"
   153   unfolding set_pmf.rep_eq by (simp add: measure_pmf.emeasure_eq_measure)
   154 
   155 lemma AE_measure_pmf_iff: "(AE x in measure_pmf M. P x) \<longleftrightarrow> (\<forall>y\<in>M. P y)"
   156   using AE_measure_singleton[of M] AE_measure_pmf[of M]
   157   by (auto simp: set_pmf.rep_eq)
   158 
   159 lemma AE_pmfI: "(\<And>y. y \<in> set_pmf M \<Longrightarrow> P y) \<Longrightarrow> almost_everywhere (measure_pmf M) P"
   160 by(simp add: AE_measure_pmf_iff)
   161 
   162 lemma countable_set_pmf [simp]: "countable (set_pmf p)"
   163   by transfer (metis prob_space.finite_measure finite_measure.countable_support)
   164 
   165 lemma pmf_positive: "x \<in> set_pmf p \<Longrightarrow> 0 < pmf p x"
   166   by transfer (simp add: less_le)
   167 
   168 lemma pmf_nonneg[simp]: "0 \<le> pmf p x"
   169   by transfer simp
   170   
   171 lemma pmf_not_neg [simp]: "\<not>pmf p x < 0"
   172   by (simp add: not_less pmf_nonneg)
   173 
   174 lemma pmf_pos [simp]: "pmf p x \<noteq> 0 \<Longrightarrow> pmf p x > 0"
   175   using pmf_nonneg[of p x] by linarith
   176 
   177 lemma pmf_le_1: "pmf p x \<le> 1"
   178   by (simp add: pmf.rep_eq)
   179 
   180 lemma set_pmf_not_empty: "set_pmf M \<noteq> {}"
   181   using AE_measure_pmf[of M] by (intro notI) simp
   182 
   183 lemma set_pmf_iff: "x \<in> set_pmf M \<longleftrightarrow> pmf M x \<noteq> 0"
   184   by transfer simp
   185 
   186 lemma pmf_positive_iff: "0 < pmf p x \<longleftrightarrow> x \<in> set_pmf p"
   187   unfolding less_le by (simp add: set_pmf_iff)
   188 
   189 lemma set_pmf_eq: "set_pmf M = {x. pmf M x \<noteq> 0}"
   190   by (auto simp: set_pmf_iff)
   191 
   192 lemma set_pmf_eq': "set_pmf p = {x. pmf p x > 0}"
   193 proof safe
   194   fix x assume "x \<in> set_pmf p"
   195   hence "pmf p x \<noteq> 0" by (auto simp: set_pmf_eq)
   196   with pmf_nonneg[of p x] show "pmf p x > 0" by simp
   197 qed (auto simp: set_pmf_eq)
   198 
   199 lemma emeasure_pmf_single:
   200   fixes M :: "'a pmf"
   201   shows "emeasure M {x} = pmf M x"
   202   by transfer (simp add: finite_measure.emeasure_eq_measure[OF prob_space.finite_measure])
   203 
   204 lemma measure_pmf_single: "measure (measure_pmf M) {x} = pmf M x"
   205   using emeasure_pmf_single[of M x] by(simp add: measure_pmf.emeasure_eq_measure pmf_nonneg measure_nonneg)
   206 
   207 lemma emeasure_measure_pmf_finite: "finite S \<Longrightarrow> emeasure (measure_pmf M) S = (\<Sum>s\<in>S. pmf M s)"
   208   by (subst emeasure_eq_setsum_singleton) (auto simp: emeasure_pmf_single pmf_nonneg)
   209 
   210 lemma measure_measure_pmf_finite: "finite S \<Longrightarrow> measure (measure_pmf M) S = setsum (pmf M) S"
   211   using emeasure_measure_pmf_finite[of S M]
   212   by (simp add: measure_pmf.emeasure_eq_measure measure_nonneg setsum_nonneg pmf_nonneg)
   213 
   214 lemma setsum_pmf_eq_1:
   215   assumes "finite A" "set_pmf p \<subseteq> A"
   216   shows   "(\<Sum>x\<in>A. pmf p x) = 1"
   217 proof -
   218   have "(\<Sum>x\<in>A. pmf p x) = measure_pmf.prob p A"
   219     by (simp add: measure_measure_pmf_finite assms)
   220   also from assms have "\<dots> = 1"
   221     by (subst measure_pmf.prob_eq_1) (auto simp: AE_measure_pmf_iff)
   222   finally show ?thesis .
   223 qed
   224 
   225 lemma nn_integral_measure_pmf_support:
   226   fixes f :: "'a \<Rightarrow> ennreal"
   227   assumes f: "finite A" and nn: "\<And>x. x \<in> A \<Longrightarrow> 0 \<le> f x" "\<And>x. x \<in> set_pmf M \<Longrightarrow> x \<notin> A \<Longrightarrow> f x = 0"
   228   shows "(\<integral>\<^sup>+x. f x \<partial>measure_pmf M) = (\<Sum>x\<in>A. f x * pmf M x)"
   229 proof -
   230   have "(\<integral>\<^sup>+x. f x \<partial>M) = (\<integral>\<^sup>+x. f x * indicator A x \<partial>M)"
   231     using nn by (intro nn_integral_cong_AE) (auto simp: AE_measure_pmf_iff split: split_indicator)
   232   also have "\<dots> = (\<Sum>x\<in>A. f x * emeasure M {x})"
   233     using assms by (intro nn_integral_indicator_finite) auto
   234   finally show ?thesis
   235     by (simp add: emeasure_measure_pmf_finite)
   236 qed
   237 
   238 lemma nn_integral_measure_pmf_finite:
   239   fixes f :: "'a \<Rightarrow> ennreal"
   240   assumes f: "finite (set_pmf M)" and nn: "\<And>x. x \<in> set_pmf M \<Longrightarrow> 0 \<le> f x"
   241   shows "(\<integral>\<^sup>+x. f x \<partial>measure_pmf M) = (\<Sum>x\<in>set_pmf M. f x * pmf M x)"
   242   using assms by (intro nn_integral_measure_pmf_support) auto
   243 
   244 lemma integrable_measure_pmf_finite:
   245   fixes f :: "'a \<Rightarrow> 'b::{banach, second_countable_topology}"
   246   shows "finite (set_pmf M) \<Longrightarrow> integrable M f"
   247   by (auto intro!: integrableI_bounded simp: nn_integral_measure_pmf_finite ennreal_mult_less_top)
   248 
   249 lemma integral_measure_pmf:
   250   assumes [simp]: "finite A" and "\<And>a. a \<in> set_pmf M \<Longrightarrow> f a \<noteq> 0 \<Longrightarrow> a \<in> A"
   251   shows "(\<integral>x. f x \<partial>measure_pmf M) = (\<Sum>a\<in>A. f a * pmf M a)"
   252 proof -
   253   have "(\<integral>x. f x \<partial>measure_pmf M) = (\<integral>x. f x * indicator A x \<partial>measure_pmf M)"
   254     using assms(2) by (intro integral_cong_AE) (auto split: split_indicator simp: AE_measure_pmf_iff)
   255   also have "\<dots> = (\<Sum>a\<in>A. f a * pmf M a)"
   256     by (subst integral_indicator_finite_real)
   257        (auto simp: measure_def emeasure_measure_pmf_finite pmf_nonneg)
   258   finally show ?thesis .
   259 qed
   260 
   261 lemma integrable_pmf: "integrable (count_space X) (pmf M)"
   262 proof -
   263   have " (\<integral>\<^sup>+ x. pmf M x \<partial>count_space X) = (\<integral>\<^sup>+ x. pmf M x \<partial>count_space (M \<inter> X))"
   264     by (auto simp add: nn_integral_count_space_indicator set_pmf_iff intro!: nn_integral_cong split: split_indicator)
   265   then have "integrable (count_space X) (pmf M) = integrable (count_space (M \<inter> X)) (pmf M)"
   266     by (simp add: integrable_iff_bounded pmf_nonneg)
   267   then show ?thesis
   268     by (simp add: pmf.rep_eq measure_pmf.integrable_measure disjoint_family_on_def)
   269 qed
   270 
   271 lemma integral_pmf: "(\<integral>x. pmf M x \<partial>count_space X) = measure M X"
   272 proof -
   273   have "(\<integral>x. pmf M x \<partial>count_space X) = (\<integral>\<^sup>+x. pmf M x \<partial>count_space X)"
   274     by (simp add: pmf_nonneg integrable_pmf nn_integral_eq_integral)
   275   also have "\<dots> = (\<integral>\<^sup>+x. emeasure M {x} \<partial>count_space (X \<inter> M))"
   276     by (auto intro!: nn_integral_cong_AE split: split_indicator
   277              simp: pmf.rep_eq measure_pmf.emeasure_eq_measure nn_integral_count_space_indicator
   278                    AE_count_space set_pmf_iff)
   279   also have "\<dots> = emeasure M (X \<inter> M)"
   280     by (rule emeasure_countable_singleton[symmetric]) (auto intro: countable_set_pmf)
   281   also have "\<dots> = emeasure M X"
   282     by (auto intro!: emeasure_eq_AE simp: AE_measure_pmf_iff)
   283   finally show ?thesis
   284     by (simp add: measure_pmf.emeasure_eq_measure measure_nonneg integral_nonneg pmf_nonneg)
   285 qed
   286 
   287 lemma integral_pmf_restrict:
   288   "(f::'a \<Rightarrow> 'b::{banach, second_countable_topology}) \<in> borel_measurable (count_space UNIV) \<Longrightarrow>
   289     (\<integral>x. f x \<partial>measure_pmf M) = (\<integral>x. f x \<partial>restrict_space M M)"
   290   by (auto intro!: integral_cong_AE simp add: integral_restrict_space AE_measure_pmf_iff)
   291 
   292 lemma emeasure_pmf: "emeasure (M::'a pmf) M = 1"
   293 proof -
   294   have "emeasure (M::'a pmf) M = emeasure (M::'a pmf) (space M)"
   295     by (intro emeasure_eq_AE) (simp_all add: AE_measure_pmf)
   296   then show ?thesis
   297     using measure_pmf.emeasure_space_1 by simp
   298 qed
   299 
   300 lemma emeasure_pmf_UNIV [simp]: "emeasure (measure_pmf M) UNIV = 1"
   301 using measure_pmf.emeasure_space_1[of M] by simp
   302 
   303 lemma in_null_sets_measure_pmfI:
   304   "A \<inter> set_pmf p = {} \<Longrightarrow> A \<in> null_sets (measure_pmf p)"
   305 using emeasure_eq_0_AE[where ?P="\<lambda>x. x \<in> A" and M="measure_pmf p"]
   306 by(auto simp add: null_sets_def AE_measure_pmf_iff)
   307 
   308 lemma measure_subprob: "measure_pmf M \<in> space (subprob_algebra (count_space UNIV))"
   309   by (simp add: space_subprob_algebra subprob_space_measure_pmf)
   310 
   311 subsection \<open> Monad Interpretation \<close>
   312 
   313 lemma measurable_measure_pmf[measurable]:
   314   "(\<lambda>x. measure_pmf (M x)) \<in> measurable (count_space UNIV) (subprob_algebra (count_space UNIV))"
   315   by (auto simp: space_subprob_algebra intro!: prob_space_imp_subprob_space) unfold_locales
   316 
   317 lemma bind_measure_pmf_cong:
   318   assumes "\<And>x. A x \<in> space (subprob_algebra N)" "\<And>x. B x \<in> space (subprob_algebra N)"
   319   assumes "\<And>i. i \<in> set_pmf x \<Longrightarrow> A i = B i"
   320   shows "bind (measure_pmf x) A = bind (measure_pmf x) B"
   321 proof (rule measure_eqI)
   322   show "sets (measure_pmf x \<bind> A) = sets (measure_pmf x \<bind> B)"
   323     using assms by (subst (1 2) sets_bind) (auto simp: space_subprob_algebra)
   324 next
   325   fix X assume "X \<in> sets (measure_pmf x \<bind> A)"
   326   then have X: "X \<in> sets N"
   327     using assms by (subst (asm) sets_bind) (auto simp: space_subprob_algebra)
   328   show "emeasure (measure_pmf x \<bind> A) X = emeasure (measure_pmf x \<bind> B) X"
   329     using assms
   330     by (subst (1 2) emeasure_bind[where N=N, OF _ _ X])
   331        (auto intro!: nn_integral_cong_AE simp: AE_measure_pmf_iff)
   332 qed
   333 
   334 lift_definition bind_pmf :: "'a pmf \<Rightarrow> ('a \<Rightarrow> 'b pmf ) \<Rightarrow> 'b pmf" is bind
   335 proof (clarify, intro conjI)
   336   fix f :: "'a measure" and g :: "'a \<Rightarrow> 'b measure"
   337   assume "prob_space f"
   338   then interpret f: prob_space f .
   339   assume "sets f = UNIV" and ae_f: "AE x in f. measure f {x} \<noteq> 0"
   340   then have s_f[simp]: "sets f = sets (count_space UNIV)"
   341     by simp
   342   assume g: "\<And>x. prob_space (g x) \<and> sets (g x) = UNIV \<and> (AE y in g x. measure (g x) {y} \<noteq> 0)"
   343   then have g: "\<And>x. prob_space (g x)" and s_g[simp]: "\<And>x. sets (g x) = sets (count_space UNIV)"
   344     and ae_g: "\<And>x. AE y in g x. measure (g x) {y} \<noteq> 0"
   345     by auto
   346 
   347   have [measurable]: "g \<in> measurable f (subprob_algebra (count_space UNIV))"
   348     by (auto simp: measurable_def space_subprob_algebra prob_space_imp_subprob_space g)
   349 
   350   show "prob_space (f \<bind> g)"
   351     using g by (intro f.prob_space_bind[where S="count_space UNIV"]) auto
   352   then interpret fg: prob_space "f \<bind> g" .
   353   show [simp]: "sets (f \<bind> g) = UNIV"
   354     using sets_eq_imp_space_eq[OF s_f]
   355     by (subst sets_bind[where N="count_space UNIV"]) auto
   356   show "AE x in f \<bind> g. measure (f \<bind> g) {x} \<noteq> 0"
   357     apply (simp add: fg.prob_eq_0 AE_bind[where B="count_space UNIV"])
   358     using ae_f
   359     apply eventually_elim
   360     using ae_g
   361     apply eventually_elim
   362     apply (auto dest: AE_measure_singleton)
   363     done
   364 qed
   365 
   366 adhoc_overloading Monad_Syntax.bind bind_pmf
   367 
   368 lemma ennreal_pmf_bind: "pmf (bind_pmf N f) i = (\<integral>\<^sup>+x. pmf (f x) i \<partial>measure_pmf N)"
   369   unfolding pmf.rep_eq bind_pmf.rep_eq
   370   by (auto simp: measure_pmf.measure_bind[where N="count_space UNIV"] measure_subprob measure_nonneg
   371            intro!: nn_integral_eq_integral[symmetric] measure_pmf.integrable_const_bound[where B=1])
   372 
   373 lemma pmf_bind: "pmf (bind_pmf N f) i = (\<integral>x. pmf (f x) i \<partial>measure_pmf N)"
   374   using ennreal_pmf_bind[of N f i]
   375   by (subst (asm) nn_integral_eq_integral)
   376      (auto simp: pmf_nonneg pmf_le_1 pmf_nonneg integral_nonneg
   377            intro!: nn_integral_eq_integral[symmetric] measure_pmf.integrable_const_bound[where B=1])
   378 
   379 lemma bind_pmf_const[simp]: "bind_pmf M (\<lambda>x. c) = c"
   380   by transfer (simp add: bind_const' prob_space_imp_subprob_space)
   381 
   382 lemma set_bind_pmf[simp]: "set_pmf (bind_pmf M N) = (\<Union>M\<in>set_pmf M. set_pmf (N M))"
   383 proof -
   384   have "set_pmf (bind_pmf M N) = {x. ennreal (pmf (bind_pmf M N) x) \<noteq> 0}"
   385     by (simp add: set_pmf_eq pmf_nonneg)
   386   also have "\<dots> = (\<Union>M\<in>set_pmf M. set_pmf (N M))"
   387     unfolding ennreal_pmf_bind
   388     by (subst nn_integral_0_iff_AE) (auto simp: AE_measure_pmf_iff pmf_nonneg set_pmf_eq)
   389   finally show ?thesis .
   390 qed
   391 
   392 lemma bind_pmf_cong [fundef_cong]:
   393   assumes "p = q"
   394   shows "(\<And>x. x \<in> set_pmf q \<Longrightarrow> f x = g x) \<Longrightarrow> bind_pmf p f = bind_pmf q g"
   395   unfolding \<open>p = q\<close>[symmetric] measure_pmf_inject[symmetric] bind_pmf.rep_eq
   396   by (auto simp: AE_measure_pmf_iff Pi_iff space_subprob_algebra subprob_space_measure_pmf
   397                  sets_bind[where N="count_space UNIV"] emeasure_bind[where N="count_space UNIV"]
   398            intro!: nn_integral_cong_AE measure_eqI)
   399 
   400 lemma bind_pmf_cong_simp:
   401   "p = q \<Longrightarrow> (\<And>x. x \<in> set_pmf q =simp=> f x = g x) \<Longrightarrow> bind_pmf p f = bind_pmf q g"
   402   by (simp add: simp_implies_def cong: bind_pmf_cong)
   403 
   404 lemma measure_pmf_bind: "measure_pmf (bind_pmf M f) = (measure_pmf M \<bind> (\<lambda>x. measure_pmf (f x)))"
   405   by transfer simp
   406 
   407 lemma nn_integral_bind_pmf[simp]: "(\<integral>\<^sup>+x. f x \<partial>bind_pmf M N) = (\<integral>\<^sup>+x. \<integral>\<^sup>+y. f y \<partial>N x \<partial>M)"
   408   using measurable_measure_pmf[of N]
   409   unfolding measure_pmf_bind
   410   apply (intro nn_integral_bind[where B="count_space UNIV"])
   411   apply auto
   412   done
   413 
   414 lemma emeasure_bind_pmf[simp]: "emeasure (bind_pmf M N) X = (\<integral>\<^sup>+x. emeasure (N x) X \<partial>M)"
   415   using measurable_measure_pmf[of N]
   416   unfolding measure_pmf_bind
   417   by (subst emeasure_bind[where N="count_space UNIV"]) auto
   418 
   419 lift_definition return_pmf :: "'a \<Rightarrow> 'a pmf" is "return (count_space UNIV)"
   420   by (auto intro!: prob_space_return simp: AE_return measure_return)
   421 
   422 lemma bind_return_pmf: "bind_pmf (return_pmf x) f = f x"
   423   by transfer
   424      (auto intro!: prob_space_imp_subprob_space bind_return[where N="count_space UNIV"]
   425            simp: space_subprob_algebra)
   426 
   427 lemma set_return_pmf[simp]: "set_pmf (return_pmf x) = {x}"
   428   by transfer (auto simp add: measure_return split: split_indicator)
   429 
   430 lemma bind_return_pmf': "bind_pmf N return_pmf = N"
   431 proof (transfer, clarify)
   432   fix N :: "'a measure" assume "sets N = UNIV" then show "N \<bind> return (count_space UNIV) = N"
   433     by (subst return_sets_cong[where N=N]) (simp_all add: bind_return')
   434 qed
   435 
   436 lemma bind_assoc_pmf: "bind_pmf (bind_pmf A B) C = bind_pmf A (\<lambda>x. bind_pmf (B x) C)"
   437   by transfer
   438      (auto intro!: bind_assoc[where N="count_space UNIV" and R="count_space UNIV"]
   439            simp: measurable_def space_subprob_algebra prob_space_imp_subprob_space)
   440 
   441 definition "map_pmf f M = bind_pmf M (\<lambda>x. return_pmf (f x))"
   442 
   443 lemma map_bind_pmf: "map_pmf f (bind_pmf M g) = bind_pmf M (\<lambda>x. map_pmf f (g x))"
   444   by (simp add: map_pmf_def bind_assoc_pmf)
   445 
   446 lemma bind_map_pmf: "bind_pmf (map_pmf f M) g = bind_pmf M (\<lambda>x. g (f x))"
   447   by (simp add: map_pmf_def bind_assoc_pmf bind_return_pmf)
   448 
   449 lemma map_pmf_transfer[transfer_rule]:
   450   "rel_fun op = (rel_fun cr_pmf cr_pmf) (\<lambda>f M. distr M (count_space UNIV) f) map_pmf"
   451 proof -
   452   have "rel_fun op = (rel_fun pmf_as_measure.cr_pmf pmf_as_measure.cr_pmf)
   453      (\<lambda>f M. M \<bind> (return (count_space UNIV) o f)) map_pmf"
   454     unfolding map_pmf_def[abs_def] comp_def by transfer_prover
   455   then show ?thesis
   456     by (force simp: rel_fun_def cr_pmf_def bind_return_distr)
   457 qed
   458 
   459 lemma map_pmf_rep_eq:
   460   "measure_pmf (map_pmf f M) = distr (measure_pmf M) (count_space UNIV) f"
   461   unfolding map_pmf_def bind_pmf.rep_eq comp_def return_pmf.rep_eq
   462   using bind_return_distr[of M f "count_space UNIV"] by (simp add: comp_def)
   463 
   464 lemma map_pmf_id[simp]: "map_pmf id = id"
   465   by (rule, transfer) (auto simp: emeasure_distr measurable_def intro!: measure_eqI)
   466 
   467 lemma map_pmf_ident[simp]: "map_pmf (\<lambda>x. x) = (\<lambda>x. x)"
   468   using map_pmf_id unfolding id_def .
   469 
   470 lemma map_pmf_compose: "map_pmf (f \<circ> g) = map_pmf f \<circ> map_pmf g"
   471   by (rule, transfer) (simp add: distr_distr[symmetric, where N="count_space UNIV"] measurable_def)
   472 
   473 lemma map_pmf_comp: "map_pmf f (map_pmf g M) = map_pmf (\<lambda>x. f (g x)) M"
   474   using map_pmf_compose[of f g] by (simp add: comp_def)
   475 
   476 lemma map_pmf_cong: "p = q \<Longrightarrow> (\<And>x. x \<in> set_pmf q \<Longrightarrow> f x = g x) \<Longrightarrow> map_pmf f p = map_pmf g q"
   477   unfolding map_pmf_def by (rule bind_pmf_cong) auto
   478 
   479 lemma pmf_set_map: "set_pmf \<circ> map_pmf f = op ` f \<circ> set_pmf"
   480   by (auto simp add: comp_def fun_eq_iff map_pmf_def)
   481 
   482 lemma set_map_pmf[simp]: "set_pmf (map_pmf f M) = f`set_pmf M"
   483   using pmf_set_map[of f] by (auto simp: comp_def fun_eq_iff)
   484 
   485 lemma emeasure_map_pmf[simp]: "emeasure (map_pmf f M) X = emeasure M (f -` X)"
   486   unfolding map_pmf_rep_eq by (subst emeasure_distr) auto
   487 
   488 lemma measure_map_pmf[simp]: "measure (map_pmf f M) X = measure M (f -` X)"
   489 using emeasure_map_pmf[of f M X] by(simp add: measure_pmf.emeasure_eq_measure measure_nonneg)
   490 
   491 lemma nn_integral_map_pmf[simp]: "(\<integral>\<^sup>+x. f x \<partial>map_pmf g M) = (\<integral>\<^sup>+x. f (g x) \<partial>M)"
   492   unfolding map_pmf_rep_eq by (intro nn_integral_distr) auto
   493 
   494 lemma ennreal_pmf_map: "pmf (map_pmf f p) x = (\<integral>\<^sup>+ y. indicator (f -` {x}) y \<partial>measure_pmf p)"
   495 proof (transfer fixing: f x)
   496   fix p :: "'b measure"
   497   presume "prob_space p"
   498   then interpret prob_space p .
   499   presume "sets p = UNIV"
   500   then show "ennreal (measure (distr p (count_space UNIV) f) {x}) = integral\<^sup>N p (indicator (f -` {x}))"
   501     by(simp add: measure_distr measurable_def emeasure_eq_measure)
   502 qed simp_all
   503 
   504 lemma pmf_map: "pmf (map_pmf f p) x = measure p (f -` {x})"
   505 proof (transfer fixing: f x)
   506   fix p :: "'b measure"
   507   presume "prob_space p"
   508   then interpret prob_space p .
   509   presume "sets p = UNIV"
   510   then show "measure (distr p (count_space UNIV) f) {x} = measure p (f -` {x})"
   511     by(simp add: measure_distr measurable_def emeasure_eq_measure)
   512 qed simp_all
   513 
   514 lemma nn_integral_pmf: "(\<integral>\<^sup>+ x. pmf p x \<partial>count_space A) = emeasure (measure_pmf p) A"
   515 proof -
   516   have "(\<integral>\<^sup>+ x. pmf p x \<partial>count_space A) = (\<integral>\<^sup>+ x. pmf p x \<partial>count_space (A \<inter> set_pmf p))"
   517     by(auto simp add: nn_integral_count_space_indicator indicator_def set_pmf_iff intro: nn_integral_cong)
   518   also have "\<dots> = emeasure (measure_pmf p) (\<Union>x\<in>A \<inter> set_pmf p. {x})"
   519     by(subst emeasure_UN_countable)(auto simp add: emeasure_pmf_single disjoint_family_on_def)
   520   also have "\<dots> = emeasure (measure_pmf p) ((\<Union>x\<in>A \<inter> set_pmf p. {x}) \<union> {x. x \<in> A \<and> x \<notin> set_pmf p})"
   521     by(rule emeasure_Un_null_set[symmetric])(auto intro: in_null_sets_measure_pmfI)
   522   also have "\<dots> = emeasure (measure_pmf p) A"
   523     by(auto intro: arg_cong2[where f=emeasure])
   524   finally show ?thesis .
   525 qed
   526 
   527 lemma integral_map_pmf[simp]:
   528   fixes f :: "'a \<Rightarrow> 'b::{banach, second_countable_topology}"
   529   shows "integral\<^sup>L (map_pmf g p) f = integral\<^sup>L p (\<lambda>x. f (g x))"
   530   by (simp add: integral_distr map_pmf_rep_eq)
   531 
   532 lemma map_return_pmf [simp]: "map_pmf f (return_pmf x) = return_pmf (f x)"
   533   by transfer (simp add: distr_return)
   534 
   535 lemma map_pmf_const[simp]: "map_pmf (\<lambda>_. c) M = return_pmf c"
   536   by transfer (auto simp: prob_space.distr_const)
   537 
   538 lemma pmf_return [simp]: "pmf (return_pmf x) y = indicator {y} x"
   539   by transfer (simp add: measure_return)
   540 
   541 lemma nn_integral_return_pmf[simp]: "0 \<le> f x \<Longrightarrow> (\<integral>\<^sup>+x. f x \<partial>return_pmf x) = f x"
   542   unfolding return_pmf.rep_eq by (intro nn_integral_return) auto
   543 
   544 lemma emeasure_return_pmf[simp]: "emeasure (return_pmf x) X = indicator X x"
   545   unfolding return_pmf.rep_eq by (intro emeasure_return) auto
   546 
   547 lemma measure_return_pmf [simp]: "measure_pmf.prob (return_pmf x) A = indicator A x"
   548 proof -
   549   have "ennreal (measure_pmf.prob (return_pmf x) A) = 
   550           emeasure (measure_pmf (return_pmf x)) A"
   551     by (simp add: measure_pmf.emeasure_eq_measure)
   552   also have "\<dots> = ennreal (indicator A x)" by (simp add: ennreal_indicator)
   553   finally show ?thesis by simp
   554 qed
   555 
   556 lemma return_pmf_inj[simp]: "return_pmf x = return_pmf y \<longleftrightarrow> x = y"
   557   by (metis insertI1 set_return_pmf singletonD)
   558 
   559 lemma map_pmf_eq_return_pmf_iff:
   560   "map_pmf f p = return_pmf x \<longleftrightarrow> (\<forall>y \<in> set_pmf p. f y = x)"
   561 proof
   562   assume "map_pmf f p = return_pmf x"
   563   then have "set_pmf (map_pmf f p) = set_pmf (return_pmf x)" by simp
   564   then show "\<forall>y \<in> set_pmf p. f y = x" by auto
   565 next
   566   assume "\<forall>y \<in> set_pmf p. f y = x"
   567   then show "map_pmf f p = return_pmf x"
   568     unfolding map_pmf_const[symmetric, of _ p] by (intro map_pmf_cong) auto
   569 qed
   570 
   571 definition "pair_pmf A B = bind_pmf A (\<lambda>x. bind_pmf B (\<lambda>y. return_pmf (x, y)))"
   572 
   573 lemma pmf_pair: "pmf (pair_pmf M N) (a, b) = pmf M a * pmf N b"
   574   unfolding pair_pmf_def pmf_bind pmf_return
   575   apply (subst integral_measure_pmf[where A="{b}"])
   576   apply (auto simp: indicator_eq_0_iff)
   577   apply (subst integral_measure_pmf[where A="{a}"])
   578   apply (auto simp: indicator_eq_0_iff setsum_nonneg_eq_0_iff pmf_nonneg)
   579   done
   580 
   581 lemma set_pair_pmf[simp]: "set_pmf (pair_pmf A B) = set_pmf A \<times> set_pmf B"
   582   unfolding pair_pmf_def set_bind_pmf set_return_pmf by auto
   583 
   584 lemma measure_pmf_in_subprob_space[measurable (raw)]:
   585   "measure_pmf M \<in> space (subprob_algebra (count_space UNIV))"
   586   by (simp add: space_subprob_algebra) intro_locales
   587 
   588 lemma nn_integral_pair_pmf': "(\<integral>\<^sup>+x. f x \<partial>pair_pmf A B) = (\<integral>\<^sup>+a. \<integral>\<^sup>+b. f (a, b) \<partial>B \<partial>A)"
   589 proof -
   590   have "(\<integral>\<^sup>+x. f x \<partial>pair_pmf A B) = (\<integral>\<^sup>+x. f x * indicator (A \<times> B) x \<partial>pair_pmf A B)"
   591     by (auto simp: AE_measure_pmf_iff intro!: nn_integral_cong_AE)
   592   also have "\<dots> = (\<integral>\<^sup>+a. \<integral>\<^sup>+b. f (a, b) * indicator (A \<times> B) (a, b) \<partial>B \<partial>A)"
   593     by (simp add: pair_pmf_def)
   594   also have "\<dots> = (\<integral>\<^sup>+a. \<integral>\<^sup>+b. f (a, b) \<partial>B \<partial>A)"
   595     by (auto intro!: nn_integral_cong_AE simp: AE_measure_pmf_iff)
   596   finally show ?thesis .
   597 qed
   598 
   599 lemma bind_pair_pmf:
   600   assumes M[measurable]: "M \<in> measurable (count_space UNIV \<Otimes>\<^sub>M count_space UNIV) (subprob_algebra N)"
   601   shows "measure_pmf (pair_pmf A B) \<bind> M = (measure_pmf A \<bind> (\<lambda>x. measure_pmf B \<bind> (\<lambda>y. M (x, y))))"
   602     (is "?L = ?R")
   603 proof (rule measure_eqI)
   604   have M'[measurable]: "M \<in> measurable (pair_pmf A B) (subprob_algebra N)"
   605     using M[THEN measurable_space] by (simp_all add: space_pair_measure)
   606 
   607   note measurable_bind[where N="count_space UNIV", measurable]
   608   note measure_pmf_in_subprob_space[simp]
   609 
   610   have sets_eq_N: "sets ?L = N"
   611     by (subst sets_bind[OF sets_kernel[OF M']]) auto
   612   show "sets ?L = sets ?R"
   613     using measurable_space[OF M]
   614     by (simp add: sets_eq_N space_pair_measure space_subprob_algebra)
   615   fix X assume "X \<in> sets ?L"
   616   then have X[measurable]: "X \<in> sets N"
   617     unfolding sets_eq_N .
   618   then show "emeasure ?L X = emeasure ?R X"
   619     apply (simp add: emeasure_bind[OF _ M' X])
   620     apply (simp add: nn_integral_bind[where B="count_space UNIV"] pair_pmf_def measure_pmf_bind[of A]
   621                      nn_integral_measure_pmf_finite)
   622     apply (subst emeasure_bind[OF _ _ X])
   623     apply measurable
   624     apply (subst emeasure_bind[OF _ _ X])
   625     apply measurable
   626     done
   627 qed
   628 
   629 lemma map_fst_pair_pmf: "map_pmf fst (pair_pmf A B) = A"
   630   by (simp add: pair_pmf_def map_pmf_def bind_assoc_pmf bind_return_pmf bind_return_pmf')
   631 
   632 lemma map_snd_pair_pmf: "map_pmf snd (pair_pmf A B) = B"
   633   by (simp add: pair_pmf_def map_pmf_def bind_assoc_pmf bind_return_pmf bind_return_pmf')
   634 
   635 lemma nn_integral_pmf':
   636   "inj_on f A \<Longrightarrow> (\<integral>\<^sup>+x. pmf p (f x) \<partial>count_space A) = emeasure p (f ` A)"
   637   by (subst nn_integral_bij_count_space[where g=f and B="f`A"])
   638      (auto simp: bij_betw_def nn_integral_pmf)
   639 
   640 lemma pmf_le_0_iff[simp]: "pmf M p \<le> 0 \<longleftrightarrow> pmf M p = 0"
   641   using pmf_nonneg[of M p] by arith
   642 
   643 lemma min_pmf_0[simp]: "min (pmf M p) 0 = 0" "min 0 (pmf M p) = 0"
   644   using pmf_nonneg[of M p] by arith+
   645 
   646 lemma pmf_eq_0_set_pmf: "pmf M p = 0 \<longleftrightarrow> p \<notin> set_pmf M"
   647   unfolding set_pmf_iff by simp
   648 
   649 lemma pmf_map_inj: "inj_on f (set_pmf M) \<Longrightarrow> x \<in> set_pmf M \<Longrightarrow> pmf (map_pmf f M) (f x) = pmf M x"
   650   by (auto simp: pmf.rep_eq map_pmf_rep_eq measure_distr AE_measure_pmf_iff inj_onD
   651            intro!: measure_pmf.finite_measure_eq_AE)
   652 
   653 lemma pmf_map_inj': "inj f \<Longrightarrow> pmf (map_pmf f M) (f x) = pmf M x"
   654 apply(cases "x \<in> set_pmf M")
   655  apply(simp add: pmf_map_inj[OF subset_inj_on])
   656 apply(simp add: pmf_eq_0_set_pmf[symmetric])
   657 apply(auto simp add: pmf_eq_0_set_pmf dest: injD)
   658 done
   659 
   660 lemma pmf_map_outside: "x \<notin> f ` set_pmf M \<Longrightarrow> pmf (map_pmf f M) x = 0"
   661 unfolding pmf_eq_0_set_pmf by simp
   662 
   663 subsection \<open> PMFs as function \<close>
   664 
   665 context
   666   fixes f :: "'a \<Rightarrow> real"
   667   assumes nonneg: "\<And>x. 0 \<le> f x"
   668   assumes prob: "(\<integral>\<^sup>+x. f x \<partial>count_space UNIV) = 1"
   669 begin
   670 
   671 lift_definition embed_pmf :: "'a pmf" is "density (count_space UNIV) (ennreal \<circ> f)"
   672 proof (intro conjI)
   673   have *[simp]: "\<And>x y. ennreal (f y) * indicator {x} y = ennreal (f x) * indicator {x} y"
   674     by (simp split: split_indicator)
   675   show "AE x in density (count_space UNIV) (ennreal \<circ> f).
   676     measure (density (count_space UNIV) (ennreal \<circ> f)) {x} \<noteq> 0"
   677     by (simp add: AE_density nonneg measure_def emeasure_density max_def)
   678   show "prob_space (density (count_space UNIV) (ennreal \<circ> f))"
   679     by standard (simp add: emeasure_density prob)
   680 qed simp
   681 
   682 lemma pmf_embed_pmf: "pmf embed_pmf x = f x"
   683 proof transfer
   684   have *[simp]: "\<And>x y. ennreal (f y) * indicator {x} y = ennreal (f x) * indicator {x} y"
   685     by (simp split: split_indicator)
   686   fix x show "measure (density (count_space UNIV) (ennreal \<circ> f)) {x} = f x"
   687     by transfer (simp add: measure_def emeasure_density nonneg max_def)
   688 qed
   689 
   690 lemma set_embed_pmf: "set_pmf embed_pmf = {x. f x \<noteq> 0}"
   691 by(auto simp add: set_pmf_eq pmf_embed_pmf)
   692 
   693 end
   694 
   695 lemma embed_pmf_transfer:
   696   "rel_fun (eq_onp (\<lambda>f. (\<forall>x. 0 \<le> f x) \<and> (\<integral>\<^sup>+x. ennreal (f x) \<partial>count_space UNIV) = 1)) pmf_as_measure.cr_pmf (\<lambda>f. density (count_space UNIV) (ennreal \<circ> f)) embed_pmf"
   697   by (auto simp: rel_fun_def eq_onp_def embed_pmf.transfer)
   698 
   699 lemma measure_pmf_eq_density: "measure_pmf p = density (count_space UNIV) (pmf p)"
   700 proof (transfer, elim conjE)
   701   fix M :: "'a measure" assume [simp]: "sets M = UNIV" and ae: "AE x in M. measure M {x} \<noteq> 0"
   702   assume "prob_space M" then interpret prob_space M .
   703   show "M = density (count_space UNIV) (\<lambda>x. ennreal (measure M {x}))"
   704   proof (rule measure_eqI)
   705     fix A :: "'a set"
   706     have "(\<integral>\<^sup>+ x. ennreal (measure M {x}) * indicator A x \<partial>count_space UNIV) =
   707       (\<integral>\<^sup>+ x. emeasure M {x} * indicator (A \<inter> {x. measure M {x} \<noteq> 0}) x \<partial>count_space UNIV)"
   708       by (auto intro!: nn_integral_cong simp: emeasure_eq_measure split: split_indicator)
   709     also have "\<dots> = (\<integral>\<^sup>+ x. emeasure M {x} \<partial>count_space (A \<inter> {x. measure M {x} \<noteq> 0}))"
   710       by (subst nn_integral_restrict_space[symmetric]) (auto simp: restrict_count_space)
   711     also have "\<dots> = emeasure M (\<Union>x\<in>(A \<inter> {x. measure M {x} \<noteq> 0}). {x})"
   712       by (intro emeasure_UN_countable[symmetric] countable_Int2 countable_support)
   713          (auto simp: disjoint_family_on_def)
   714     also have "\<dots> = emeasure M A"
   715       using ae by (intro emeasure_eq_AE) auto
   716     finally show " emeasure M A = emeasure (density (count_space UNIV) (\<lambda>x. ennreal (measure M {x}))) A"
   717       using emeasure_space_1 by (simp add: emeasure_density)
   718   qed simp
   719 qed
   720 
   721 lemma td_pmf_embed_pmf:
   722   "type_definition pmf embed_pmf {f::'a \<Rightarrow> real. (\<forall>x. 0 \<le> f x) \<and> (\<integral>\<^sup>+x. ennreal (f x) \<partial>count_space UNIV) = 1}"
   723   unfolding type_definition_def
   724 proof safe
   725   fix p :: "'a pmf"
   726   have "(\<integral>\<^sup>+ x. 1 \<partial>measure_pmf p) = 1"
   727     using measure_pmf.emeasure_space_1[of p] by simp
   728   then show *: "(\<integral>\<^sup>+ x. ennreal (pmf p x) \<partial>count_space UNIV) = 1"
   729     by (simp add: measure_pmf_eq_density nn_integral_density pmf_nonneg del: nn_integral_const)
   730 
   731   show "embed_pmf (pmf p) = p"
   732     by (intro measure_pmf_inject[THEN iffD1])
   733        (simp add: * embed_pmf.rep_eq pmf_nonneg measure_pmf_eq_density[of p] comp_def)
   734 next
   735   fix f :: "'a \<Rightarrow> real" assume "\<forall>x. 0 \<le> f x" "(\<integral>\<^sup>+x. f x \<partial>count_space UNIV) = 1"
   736   then show "pmf (embed_pmf f) = f"
   737     by (auto intro!: pmf_embed_pmf)
   738 qed (rule pmf_nonneg)
   739 
   740 end
   741 
   742 lemma nn_integral_measure_pmf: "(\<integral>\<^sup>+ x. f x \<partial>measure_pmf p) = \<integral>\<^sup>+ x. ennreal (pmf p x) * f x \<partial>count_space UNIV"
   743 by(simp add: measure_pmf_eq_density nn_integral_density pmf_nonneg)
   744 
   745 locale pmf_as_function
   746 begin
   747 
   748 setup_lifting td_pmf_embed_pmf
   749 
   750 lemma set_pmf_transfer[transfer_rule]:
   751   assumes "bi_total A"
   752   shows "rel_fun (pcr_pmf A) (rel_set A) (\<lambda>f. {x. f x \<noteq> 0}) set_pmf"
   753   using \<open>bi_total A\<close>
   754   by (auto simp: pcr_pmf_def cr_pmf_def rel_fun_def rel_set_def bi_total_def Bex_def set_pmf_iff)
   755      metis+
   756 
   757 end
   758 
   759 context
   760 begin
   761 
   762 interpretation pmf_as_function .
   763 
   764 lemma pmf_eqI: "(\<And>i. pmf M i = pmf N i) \<Longrightarrow> M = N"
   765   by transfer auto
   766 
   767 lemma pmf_eq_iff: "M = N \<longleftrightarrow> (\<forall>i. pmf M i = pmf N i)"
   768   by (auto intro: pmf_eqI)
   769 
   770 lemma pmf_neq_exists_less:
   771   assumes "M \<noteq> N"
   772   shows   "\<exists>x. pmf M x < pmf N x"
   773 proof (rule ccontr)
   774   assume "\<not>(\<exists>x. pmf M x < pmf N x)"
   775   hence ge: "pmf M x \<ge> pmf N x" for x by (auto simp: not_less)
   776   from assms obtain x where "pmf M x \<noteq> pmf N x" by (auto simp: pmf_eq_iff)
   777   with ge[of x] have gt: "pmf M x > pmf N x" by simp
   778   have "1 = measure (measure_pmf M) UNIV" by simp
   779   also have "\<dots> = measure (measure_pmf N) {x} + measure (measure_pmf N) (UNIV - {x})"
   780     by (subst measure_pmf.finite_measure_Union [symmetric]) simp_all
   781   also from gt have "measure (measure_pmf N) {x} < measure (measure_pmf M) {x}" 
   782     by (simp add: measure_pmf_single)
   783   also have "measure (measure_pmf N) (UNIV - {x}) \<le> measure (measure_pmf M) (UNIV - {x})"
   784     by (subst (1 2) integral_pmf [symmetric]) 
   785        (intro integral_mono integrable_pmf, simp_all add: ge)
   786   also have "measure (measure_pmf M) {x} + \<dots> = 1"
   787     by (subst measure_pmf.finite_measure_Union [symmetric]) simp_all
   788   finally show False by simp_all
   789 qed
   790 
   791 lemma bind_commute_pmf: "bind_pmf A (\<lambda>x. bind_pmf B (C x)) = bind_pmf B (\<lambda>y. bind_pmf A (\<lambda>x. C x y))"
   792   unfolding pmf_eq_iff pmf_bind
   793 proof
   794   fix i
   795   interpret B: prob_space "restrict_space B B"
   796     by (intro prob_space_restrict_space measure_pmf.emeasure_eq_1_AE)
   797        (auto simp: AE_measure_pmf_iff)
   798   interpret A: prob_space "restrict_space A A"
   799     by (intro prob_space_restrict_space measure_pmf.emeasure_eq_1_AE)
   800        (auto simp: AE_measure_pmf_iff)
   801 
   802   interpret AB: pair_prob_space "restrict_space A A" "restrict_space B B"
   803     by unfold_locales
   804 
   805   have "(\<integral> x. \<integral> y. pmf (C x y) i \<partial>B \<partial>A) = (\<integral> x. (\<integral> y. pmf (C x y) i \<partial>restrict_space B B) \<partial>A)"
   806     by (rule integral_cong) (auto intro!: integral_pmf_restrict)
   807   also have "\<dots> = (\<integral> x. (\<integral> y. pmf (C x y) i \<partial>restrict_space B B) \<partial>restrict_space A A)"
   808     by (intro integral_pmf_restrict B.borel_measurable_lebesgue_integral measurable_pair_restrict_pmf2
   809               countable_set_pmf borel_measurable_count_space)
   810   also have "\<dots> = (\<integral> y. \<integral> x. pmf (C x y) i \<partial>restrict_space A A \<partial>restrict_space B B)"
   811     by (rule AB.Fubini_integral[symmetric])
   812        (auto intro!: AB.integrable_const_bound[where B=1] measurable_pair_restrict_pmf2
   813              simp: pmf_nonneg pmf_le_1 measurable_restrict_space1)
   814   also have "\<dots> = (\<integral> y. \<integral> x. pmf (C x y) i \<partial>restrict_space A A \<partial>B)"
   815     by (intro integral_pmf_restrict[symmetric] A.borel_measurable_lebesgue_integral measurable_pair_restrict_pmf2
   816               countable_set_pmf borel_measurable_count_space)
   817   also have "\<dots> = (\<integral> y. \<integral> x. pmf (C x y) i \<partial>A \<partial>B)"
   818     by (rule integral_cong) (auto intro!: integral_pmf_restrict[symmetric])
   819   finally show "(\<integral> x. \<integral> y. pmf (C x y) i \<partial>B \<partial>A) = (\<integral> y. \<integral> x. pmf (C x y) i \<partial>A \<partial>B)" .
   820 qed
   821 
   822 lemma pair_map_pmf1: "pair_pmf (map_pmf f A) B = map_pmf (apfst f) (pair_pmf A B)"
   823 proof (safe intro!: pmf_eqI)
   824   fix a :: "'a" and b :: "'b"
   825   have [simp]: "\<And>c d. indicator (apfst f -` {(a, b)}) (c, d) = indicator (f -` {a}) c * (indicator {b} d::ennreal)"
   826     by (auto split: split_indicator)
   827 
   828   have "ennreal (pmf (pair_pmf (map_pmf f A) B) (a, b)) =
   829          ennreal (pmf (map_pmf (apfst f) (pair_pmf A B)) (a, b))"
   830     unfolding pmf_pair ennreal_pmf_map
   831     by (simp add: nn_integral_pair_pmf' max_def emeasure_pmf_single nn_integral_multc pmf_nonneg
   832                   emeasure_map_pmf[symmetric] ennreal_mult del: emeasure_map_pmf)
   833   then show "pmf (pair_pmf (map_pmf f A) B) (a, b) = pmf (map_pmf (apfst f) (pair_pmf A B)) (a, b)"
   834     by (simp add: pmf_nonneg)
   835 qed
   836 
   837 lemma pair_map_pmf2: "pair_pmf A (map_pmf f B) = map_pmf (apsnd f) (pair_pmf A B)"
   838 proof (safe intro!: pmf_eqI)
   839   fix a :: "'a" and b :: "'b"
   840   have [simp]: "\<And>c d. indicator (apsnd f -` {(a, b)}) (c, d) = indicator {a} c * (indicator (f -` {b}) d::ennreal)"
   841     by (auto split: split_indicator)
   842 
   843   have "ennreal (pmf (pair_pmf A (map_pmf f B)) (a, b)) =
   844          ennreal (pmf (map_pmf (apsnd f) (pair_pmf A B)) (a, b))"
   845     unfolding pmf_pair ennreal_pmf_map
   846     by (simp add: nn_integral_pair_pmf' max_def emeasure_pmf_single nn_integral_cmult nn_integral_multc pmf_nonneg
   847                   emeasure_map_pmf[symmetric] ennreal_mult del: emeasure_map_pmf)
   848   then show "pmf (pair_pmf A (map_pmf f B)) (a, b) = pmf (map_pmf (apsnd f) (pair_pmf A B)) (a, b)"
   849     by (simp add: pmf_nonneg)
   850 qed
   851 
   852 lemma map_pair: "map_pmf (\<lambda>(a, b). (f a, g b)) (pair_pmf A B) = pair_pmf (map_pmf f A) (map_pmf g B)"
   853   by (simp add: pair_map_pmf2 pair_map_pmf1 map_pmf_comp split_beta')
   854 
   855 end
   856 
   857 lemma pair_return_pmf1: "pair_pmf (return_pmf x) y = map_pmf (Pair x) y"
   858 by(simp add: pair_pmf_def bind_return_pmf map_pmf_def)
   859 
   860 lemma pair_return_pmf2: "pair_pmf x (return_pmf y) = map_pmf (\<lambda>x. (x, y)) x"
   861 by(simp add: pair_pmf_def bind_return_pmf map_pmf_def)
   862 
   863 lemma pair_pair_pmf: "pair_pmf (pair_pmf u v) w = map_pmf (\<lambda>(x, (y, z)). ((x, y), z)) (pair_pmf u (pair_pmf v w))"
   864 by(simp add: pair_pmf_def bind_return_pmf map_pmf_def bind_assoc_pmf)
   865 
   866 lemma pair_commute_pmf: "pair_pmf x y = map_pmf (\<lambda>(x, y). (y, x)) (pair_pmf y x)"
   867 unfolding pair_pmf_def by(subst bind_commute_pmf)(simp add: map_pmf_def bind_assoc_pmf bind_return_pmf)
   868 
   869 lemma set_pmf_subset_singleton: "set_pmf p \<subseteq> {x} \<longleftrightarrow> p = return_pmf x"
   870 proof(intro iffI pmf_eqI)
   871   fix i
   872   assume x: "set_pmf p \<subseteq> {x}"
   873   hence *: "set_pmf p = {x}" using set_pmf_not_empty[of p] by auto
   874   have "ennreal (pmf p x) = \<integral>\<^sup>+ i. indicator {x} i \<partial>p" by(simp add: emeasure_pmf_single)
   875   also have "\<dots> = \<integral>\<^sup>+ i. 1 \<partial>p" by(rule nn_integral_cong_AE)(simp add: AE_measure_pmf_iff * )
   876   also have "\<dots> = 1" by simp
   877   finally show "pmf p i = pmf (return_pmf x) i" using x
   878     by(auto split: split_indicator simp add: pmf_eq_0_set_pmf)
   879 qed auto
   880 
   881 lemma bind_eq_return_pmf:
   882   "bind_pmf p f = return_pmf x \<longleftrightarrow> (\<forall>y\<in>set_pmf p. f y = return_pmf x)"
   883   (is "?lhs \<longleftrightarrow> ?rhs")
   884 proof(intro iffI strip)
   885   fix y
   886   assume y: "y \<in> set_pmf p"
   887   assume "?lhs"
   888   hence "set_pmf (bind_pmf p f) = {x}" by simp
   889   hence "(\<Union>y\<in>set_pmf p. set_pmf (f y)) = {x}" by simp
   890   hence "set_pmf (f y) \<subseteq> {x}" using y by auto
   891   thus "f y = return_pmf x" by(simp add: set_pmf_subset_singleton)
   892 next
   893   assume *: ?rhs
   894   show ?lhs
   895   proof(rule pmf_eqI)
   896     fix i
   897     have "ennreal (pmf (bind_pmf p f) i) = \<integral>\<^sup>+ y. ennreal (pmf (f y) i) \<partial>p"
   898       by (simp add: ennreal_pmf_bind)
   899     also have "\<dots> = \<integral>\<^sup>+ y. ennreal (pmf (return_pmf x) i) \<partial>p"
   900       by(rule nn_integral_cong_AE)(simp add: AE_measure_pmf_iff * )
   901     also have "\<dots> = ennreal (pmf (return_pmf x) i)"
   902       by simp
   903     finally show "pmf (bind_pmf p f) i = pmf (return_pmf x) i"
   904       by (simp add: pmf_nonneg)
   905   qed
   906 qed
   907 
   908 lemma pmf_False_conv_True: "pmf p False = 1 - pmf p True"
   909 proof -
   910   have "pmf p False + pmf p True = measure p {False} + measure p {True}"
   911     by(simp add: measure_pmf_single)
   912   also have "\<dots> = measure p ({False} \<union> {True})"
   913     by(subst measure_pmf.finite_measure_Union) simp_all
   914   also have "{False} \<union> {True} = space p" by auto
   915   finally show ?thesis by simp
   916 qed
   917 
   918 lemma pmf_True_conv_False: "pmf p True = 1 - pmf p False"
   919 by(simp add: pmf_False_conv_True)
   920 
   921 subsection \<open> Conditional Probabilities \<close>
   922 
   923 lemma measure_pmf_zero_iff: "measure (measure_pmf p) s = 0 \<longleftrightarrow> set_pmf p \<inter> s = {}"
   924   by (subst measure_pmf.prob_eq_0) (auto simp: AE_measure_pmf_iff)
   925 
   926 context
   927   fixes p :: "'a pmf" and s :: "'a set"
   928   assumes not_empty: "set_pmf p \<inter> s \<noteq> {}"
   929 begin
   930 
   931 interpretation pmf_as_measure .
   932 
   933 lemma emeasure_measure_pmf_not_zero: "emeasure (measure_pmf p) s \<noteq> 0"
   934 proof
   935   assume "emeasure (measure_pmf p) s = 0"
   936   then have "AE x in measure_pmf p. x \<notin> s"
   937     by (rule AE_I[rotated]) auto
   938   with not_empty show False
   939     by (auto simp: AE_measure_pmf_iff)
   940 qed
   941 
   942 lemma measure_measure_pmf_not_zero: "measure (measure_pmf p) s \<noteq> 0"
   943   using emeasure_measure_pmf_not_zero by (simp add: measure_pmf.emeasure_eq_measure measure_nonneg)
   944 
   945 lift_definition cond_pmf :: "'a pmf" is
   946   "uniform_measure (measure_pmf p) s"
   947 proof (intro conjI)
   948   show "prob_space (uniform_measure (measure_pmf p) s)"
   949     by (intro prob_space_uniform_measure) (auto simp: emeasure_measure_pmf_not_zero)
   950   show "AE x in uniform_measure (measure_pmf p) s. measure (uniform_measure (measure_pmf p) s) {x} \<noteq> 0"
   951     by (simp add: emeasure_measure_pmf_not_zero measure_measure_pmf_not_zero AE_uniform_measure
   952                   AE_measure_pmf_iff set_pmf.rep_eq less_top[symmetric])
   953 qed simp
   954 
   955 lemma pmf_cond: "pmf cond_pmf x = (if x \<in> s then pmf p x / measure p s else 0)"
   956   by transfer (simp add: emeasure_measure_pmf_not_zero pmf.rep_eq)
   957 
   958 lemma set_cond_pmf[simp]: "set_pmf cond_pmf = set_pmf p \<inter> s"
   959   by (auto simp add: set_pmf_iff pmf_cond measure_measure_pmf_not_zero split: if_split_asm)
   960 
   961 end
   962 
   963 lemma measure_pmf_posI: "x \<in> set_pmf p \<Longrightarrow> x \<in> A \<Longrightarrow> measure_pmf.prob p A > 0"
   964   using measure_measure_pmf_not_zero[of p A] by (subst zero_less_measure_iff) blast
   965 
   966 lemma cond_map_pmf:
   967   assumes "set_pmf p \<inter> f -` s \<noteq> {}"
   968   shows "cond_pmf (map_pmf f p) s = map_pmf f (cond_pmf p (f -` s))"
   969 proof -
   970   have *: "set_pmf (map_pmf f p) \<inter> s \<noteq> {}"
   971     using assms by auto
   972   { fix x
   973     have "ennreal (pmf (map_pmf f (cond_pmf p (f -` s))) x) =
   974       emeasure p (f -` s \<inter> f -` {x}) / emeasure p (f -` s)"
   975       unfolding ennreal_pmf_map cond_pmf.rep_eq[OF assms] by (simp add: nn_integral_uniform_measure)
   976     also have "f -` s \<inter> f -` {x} = (if x \<in> s then f -` {x} else {})"
   977       by auto
   978     also have "emeasure p (if x \<in> s then f -` {x} else {}) / emeasure p (f -` s) =
   979       ennreal (pmf (cond_pmf (map_pmf f p) s) x)"
   980       using measure_measure_pmf_not_zero[OF *]
   981       by (simp add: pmf_cond[OF *] ennreal_pmf_map measure_pmf.emeasure_eq_measure
   982                     divide_ennreal pmf_nonneg measure_nonneg zero_less_measure_iff pmf_map)
   983     finally have "ennreal (pmf (cond_pmf (map_pmf f p) s) x) = ennreal (pmf (map_pmf f (cond_pmf p (f -` s))) x)"
   984       by simp }
   985   then show ?thesis
   986     by (intro pmf_eqI) (simp add: pmf_nonneg)
   987 qed
   988 
   989 lemma bind_cond_pmf_cancel:
   990   assumes [simp]: "\<And>x. x \<in> set_pmf p \<Longrightarrow> set_pmf q \<inter> {y. R x y} \<noteq> {}"
   991   assumes [simp]: "\<And>y. y \<in> set_pmf q \<Longrightarrow> set_pmf p \<inter> {x. R x y} \<noteq> {}"
   992   assumes [simp]: "\<And>x y. x \<in> set_pmf p \<Longrightarrow> y \<in> set_pmf q \<Longrightarrow> R x y \<Longrightarrow> measure q {y. R x y} = measure p {x. R x y}"
   993   shows "bind_pmf p (\<lambda>x. cond_pmf q {y. R x y}) = q"
   994 proof (rule pmf_eqI)
   995   fix i
   996   have "ennreal (pmf (bind_pmf p (\<lambda>x. cond_pmf q {y. R x y})) i) =
   997     (\<integral>\<^sup>+x. ennreal (pmf q i / measure p {x. R x i}) * ennreal (indicator {x. R x i} x) \<partial>p)"
   998     by (auto simp add: ennreal_pmf_bind AE_measure_pmf_iff pmf_cond pmf_eq_0_set_pmf pmf_nonneg measure_nonneg
   999              intro!: nn_integral_cong_AE)
  1000   also have "\<dots> = (pmf q i * measure p {x. R x i}) / measure p {x. R x i}"
  1001     by (simp add: pmf_nonneg measure_nonneg zero_ennreal_def[symmetric] ennreal_indicator
  1002                   nn_integral_cmult measure_pmf.emeasure_eq_measure ennreal_mult[symmetric])
  1003   also have "\<dots> = pmf q i"
  1004     by (cases "pmf q i = 0")
  1005        (simp_all add: pmf_eq_0_set_pmf measure_measure_pmf_not_zero pmf_nonneg)
  1006   finally show "pmf (bind_pmf p (\<lambda>x. cond_pmf q {y. R x y})) i = pmf q i"
  1007     by (simp add: pmf_nonneg)
  1008 qed
  1009 
  1010 subsection \<open> Relator \<close>
  1011 
  1012 inductive rel_pmf :: "('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> 'a pmf \<Rightarrow> 'b pmf \<Rightarrow> bool"
  1013 for R p q
  1014 where
  1015   "\<lbrakk> \<And>x y. (x, y) \<in> set_pmf pq \<Longrightarrow> R x y;
  1016      map_pmf fst pq = p; map_pmf snd pq = q \<rbrakk>
  1017   \<Longrightarrow> rel_pmf R p q"
  1018 
  1019 lemma rel_pmfI:
  1020   assumes R: "rel_set R (set_pmf p) (set_pmf q)"
  1021   assumes eq: "\<And>x y. x \<in> set_pmf p \<Longrightarrow> y \<in> set_pmf q \<Longrightarrow> R x y \<Longrightarrow>
  1022     measure p {x. R x y} = measure q {y. R x y}"
  1023   shows "rel_pmf R p q"
  1024 proof
  1025   let ?pq = "bind_pmf p (\<lambda>x. bind_pmf (cond_pmf q {y. R x y}) (\<lambda>y. return_pmf (x, y)))"
  1026   have "\<And>x. x \<in> set_pmf p \<Longrightarrow> set_pmf q \<inter> {y. R x y} \<noteq> {}"
  1027     using R by (auto simp: rel_set_def)
  1028   then show "\<And>x y. (x, y) \<in> set_pmf ?pq \<Longrightarrow> R x y"
  1029     by auto
  1030   show "map_pmf fst ?pq = p"
  1031     by (simp add: map_bind_pmf bind_return_pmf')
  1032 
  1033   show "map_pmf snd ?pq = q"
  1034     using R eq
  1035     apply (simp add: bind_cond_pmf_cancel map_bind_pmf bind_return_pmf')
  1036     apply (rule bind_cond_pmf_cancel)
  1037     apply (auto simp: rel_set_def)
  1038     done
  1039 qed
  1040 
  1041 lemma rel_pmf_imp_rel_set: "rel_pmf R p q \<Longrightarrow> rel_set R (set_pmf p) (set_pmf q)"
  1042   by (force simp add: rel_pmf.simps rel_set_def)
  1043 
  1044 lemma rel_pmfD_measure:
  1045   assumes rel_R: "rel_pmf R p q" and R: "\<And>a b. R a b \<Longrightarrow> R a y \<longleftrightarrow> R x b"
  1046   assumes "x \<in> set_pmf p" "y \<in> set_pmf q"
  1047   shows "measure p {x. R x y} = measure q {y. R x y}"
  1048 proof -
  1049   from rel_R obtain pq where pq: "\<And>x y. (x, y) \<in> set_pmf pq \<Longrightarrow> R x y"
  1050     and eq: "p = map_pmf fst pq" "q = map_pmf snd pq"
  1051     by (auto elim: rel_pmf.cases)
  1052   have "measure p {x. R x y} = measure pq {x. R (fst x) y}"
  1053     by (simp add: eq map_pmf_rep_eq measure_distr)
  1054   also have "\<dots> = measure pq {y. R x (snd y)}"
  1055     by (intro measure_pmf.finite_measure_eq_AE)
  1056        (auto simp: AE_measure_pmf_iff R dest!: pq)
  1057   also have "\<dots> = measure q {y. R x y}"
  1058     by (simp add: eq map_pmf_rep_eq measure_distr)
  1059   finally show "measure p {x. R x y} = measure q {y. R x y}" .
  1060 qed
  1061 
  1062 lemma rel_pmf_measureD:
  1063   assumes "rel_pmf R p q"
  1064   shows "measure (measure_pmf p) A \<le> measure (measure_pmf q) {y. \<exists>x\<in>A. R x y}" (is "?lhs \<le> ?rhs")
  1065 using assms
  1066 proof cases
  1067   fix pq
  1068   assume R: "\<And>x y. (x, y) \<in> set_pmf pq \<Longrightarrow> R x y"
  1069     and p[symmetric]: "map_pmf fst pq = p"
  1070     and q[symmetric]: "map_pmf snd pq = q"
  1071   have "?lhs = measure (measure_pmf pq) (fst -` A)" by(simp add: p)
  1072   also have "\<dots> \<le> measure (measure_pmf pq) {y. \<exists>x\<in>A. R x (snd y)}"
  1073     by(rule measure_pmf.finite_measure_mono_AE)(auto 4 3 simp add: AE_measure_pmf_iff dest: R)
  1074   also have "\<dots> = ?rhs" by(simp add: q)
  1075   finally show ?thesis .
  1076 qed
  1077 
  1078 lemma rel_pmf_iff_measure:
  1079   assumes "symp R" "transp R"
  1080   shows "rel_pmf R p q \<longleftrightarrow>
  1081     rel_set R (set_pmf p) (set_pmf q) \<and>
  1082     (\<forall>x\<in>set_pmf p. \<forall>y\<in>set_pmf q. R x y \<longrightarrow> measure p {x. R x y} = measure q {y. R x y})"
  1083   by (safe intro!: rel_pmf_imp_rel_set rel_pmfI)
  1084      (auto intro!: rel_pmfD_measure dest: sympD[OF \<open>symp R\<close>] transpD[OF \<open>transp R\<close>])
  1085 
  1086 lemma quotient_rel_set_disjoint:
  1087   "equivp R \<Longrightarrow> C \<in> UNIV // {(x, y). R x y} \<Longrightarrow> rel_set R A B \<Longrightarrow> A \<inter> C = {} \<longleftrightarrow> B \<inter> C = {}"
  1088   using in_quotient_imp_closed[of UNIV "{(x, y). R x y}" C]
  1089   by (auto 0 0 simp: equivp_equiv rel_set_def set_eq_iff elim: equivpE)
  1090      (blast dest: equivp_symp)+
  1091 
  1092 lemma quotientD: "equiv X R \<Longrightarrow> A \<in> X // R \<Longrightarrow> x \<in> A \<Longrightarrow> A = R `` {x}"
  1093   by (metis Image_singleton_iff equiv_class_eq_iff quotientE)
  1094 
  1095 lemma rel_pmf_iff_equivp:
  1096   assumes "equivp R"
  1097   shows "rel_pmf R p q \<longleftrightarrow> (\<forall>C\<in>UNIV // {(x, y). R x y}. measure p C = measure q C)"
  1098     (is "_ \<longleftrightarrow>   (\<forall>C\<in>_//?R. _)")
  1099 proof (subst rel_pmf_iff_measure, safe)
  1100   show "symp R" "transp R"
  1101     using assms by (auto simp: equivp_reflp_symp_transp)
  1102 next
  1103   fix C assume C: "C \<in> UNIV // ?R" and R: "rel_set R (set_pmf p) (set_pmf q)"
  1104   assume eq: "\<forall>x\<in>set_pmf p. \<forall>y\<in>set_pmf q. R x y \<longrightarrow> measure p {x. R x y} = measure q {y. R x y}"
  1105 
  1106   show "measure p C = measure q C"
  1107   proof cases
  1108     assume "p \<inter> C = {}"
  1109     moreover then have "q \<inter> C = {}"
  1110       using quotient_rel_set_disjoint[OF assms C R] by simp
  1111     ultimately show ?thesis
  1112       unfolding measure_pmf_zero_iff[symmetric] by simp
  1113   next
  1114     assume "p \<inter> C \<noteq> {}"
  1115     moreover then have "q \<inter> C \<noteq> {}"
  1116       using quotient_rel_set_disjoint[OF assms C R] by simp
  1117     ultimately obtain x y where in_set: "x \<in> set_pmf p" "y \<in> set_pmf q" and in_C: "x \<in> C" "y \<in> C"
  1118       by auto
  1119     then have "R x y"
  1120       using in_quotient_imp_in_rel[of UNIV ?R C x y] C assms
  1121       by (simp add: equivp_equiv)
  1122     with in_set eq have "measure p {x. R x y} = measure q {y. R x y}"
  1123       by auto
  1124     moreover have "{y. R x y} = C"
  1125       using assms \<open>x \<in> C\<close> C quotientD[of UNIV ?R C x] by (simp add: equivp_equiv)
  1126     moreover have "{x. R x y} = C"
  1127       using assms \<open>y \<in> C\<close> C quotientD[of UNIV "?R" C y] sympD[of R]
  1128       by (auto simp add: equivp_equiv elim: equivpE)
  1129     ultimately show ?thesis
  1130       by auto
  1131   qed
  1132 next
  1133   assume eq: "\<forall>C\<in>UNIV // ?R. measure p C = measure q C"
  1134   show "rel_set R (set_pmf p) (set_pmf q)"
  1135     unfolding rel_set_def
  1136   proof safe
  1137     fix x assume x: "x \<in> set_pmf p"
  1138     have "{y. R x y} \<in> UNIV // ?R"
  1139       by (auto simp: quotient_def)
  1140     with eq have *: "measure q {y. R x y} = measure p {y. R x y}"
  1141       by auto
  1142     have "measure q {y. R x y} \<noteq> 0"
  1143       using x assms unfolding * by (auto simp: measure_pmf_zero_iff set_eq_iff dest: equivp_reflp)
  1144     then show "\<exists>y\<in>set_pmf q. R x y"
  1145       unfolding measure_pmf_zero_iff by auto
  1146   next
  1147     fix y assume y: "y \<in> set_pmf q"
  1148     have "{x. R x y} \<in> UNIV // ?R"
  1149       using assms by (auto simp: quotient_def dest: equivp_symp)
  1150     with eq have *: "measure p {x. R x y} = measure q {x. R x y}"
  1151       by auto
  1152     have "measure p {x. R x y} \<noteq> 0"
  1153       using y assms unfolding * by (auto simp: measure_pmf_zero_iff set_eq_iff dest: equivp_reflp)
  1154     then show "\<exists>x\<in>set_pmf p. R x y"
  1155       unfolding measure_pmf_zero_iff by auto
  1156   qed
  1157 
  1158   fix x y assume "x \<in> set_pmf p" "y \<in> set_pmf q" "R x y"
  1159   have "{y. R x y} \<in> UNIV // ?R" "{x. R x y} = {y. R x y}"
  1160     using assms \<open>R x y\<close> by (auto simp: quotient_def dest: equivp_symp equivp_transp)
  1161   with eq show "measure p {x. R x y} = measure q {y. R x y}"
  1162     by auto
  1163 qed
  1164 
  1165 bnf pmf: "'a pmf" map: map_pmf sets: set_pmf bd : "natLeq" rel: rel_pmf
  1166 proof -
  1167   show "map_pmf id = id" by (rule map_pmf_id)
  1168   show "\<And>f g. map_pmf (f \<circ> g) = map_pmf f \<circ> map_pmf g" by (rule map_pmf_compose)
  1169   show "\<And>f g::'a \<Rightarrow> 'b. \<And>p. (\<And>x. x \<in> set_pmf p \<Longrightarrow> f x = g x) \<Longrightarrow> map_pmf f p = map_pmf g p"
  1170     by (intro map_pmf_cong refl)
  1171 
  1172   show "\<And>f::'a \<Rightarrow> 'b. set_pmf \<circ> map_pmf f = op ` f \<circ> set_pmf"
  1173     by (rule pmf_set_map)
  1174 
  1175   show "(card_of (set_pmf p), natLeq) \<in> ordLeq" for p :: "'s pmf"
  1176   proof -
  1177     have "(card_of (set_pmf p), card_of (UNIV :: nat set)) \<in> ordLeq"
  1178       by (rule card_of_ordLeqI[where f="to_nat_on (set_pmf p)"])
  1179          (auto intro: countable_set_pmf)
  1180     also have "(card_of (UNIV :: nat set), natLeq) \<in> ordLeq"
  1181       by (metis Field_natLeq card_of_least natLeq_Well_order)
  1182     finally show ?thesis .
  1183   qed
  1184 
  1185   show "\<And>R. rel_pmf R = (\<lambda>x y. \<exists>z. set_pmf z \<subseteq> {(x, y). R x y} \<and>
  1186     map_pmf fst z = x \<and> map_pmf snd z = y)"
  1187      by (auto simp add: fun_eq_iff rel_pmf.simps)
  1188 
  1189   show "rel_pmf R OO rel_pmf S \<le> rel_pmf (R OO S)"
  1190     for R :: "'a \<Rightarrow> 'b \<Rightarrow> bool" and S :: "'b \<Rightarrow> 'c \<Rightarrow> bool"
  1191   proof -
  1192     { fix p q r
  1193       assume pq: "rel_pmf R p q"
  1194         and qr:"rel_pmf S q r"
  1195       from pq obtain pq where pq: "\<And>x y. (x, y) \<in> set_pmf pq \<Longrightarrow> R x y"
  1196         and p: "p = map_pmf fst pq" and q: "q = map_pmf snd pq" by cases auto
  1197       from qr obtain qr where qr: "\<And>y z. (y, z) \<in> set_pmf qr \<Longrightarrow> S y z"
  1198         and q': "q = map_pmf fst qr" and r: "r = map_pmf snd qr" by cases auto
  1199 
  1200       define pr where "pr =
  1201         bind_pmf pq (\<lambda>xy. bind_pmf (cond_pmf qr {yz. fst yz = snd xy})
  1202           (\<lambda>yz. return_pmf (fst xy, snd yz)))"
  1203       have pr_welldefined: "\<And>y. y \<in> q \<Longrightarrow> qr \<inter> {yz. fst yz = y} \<noteq> {}"
  1204         by (force simp: q')
  1205 
  1206       have "rel_pmf (R OO S) p r"
  1207       proof (rule rel_pmf.intros)
  1208         fix x z assume "(x, z) \<in> pr"
  1209         then have "\<exists>y. (x, y) \<in> pq \<and> (y, z) \<in> qr"
  1210           by (auto simp: q pr_welldefined pr_def split_beta)
  1211         with pq qr show "(R OO S) x z"
  1212           by blast
  1213       next
  1214         have "map_pmf snd pr = map_pmf snd (bind_pmf q (\<lambda>y. cond_pmf qr {yz. fst yz = y}))"
  1215           by (simp add: pr_def q split_beta bind_map_pmf map_pmf_def[symmetric] map_bind_pmf map_pmf_comp)
  1216         then show "map_pmf snd pr = r"
  1217           unfolding r q' bind_map_pmf by (subst (asm) bind_cond_pmf_cancel) (auto simp: eq_commute)
  1218       qed (simp add: pr_def map_bind_pmf split_beta map_pmf_def[symmetric] p map_pmf_comp)
  1219     }
  1220     then show ?thesis
  1221       by(auto simp add: le_fun_def)
  1222   qed
  1223 qed (fact natLeq_card_order natLeq_cinfinite)+
  1224 
  1225 lemma map_pmf_idI: "(\<And>x. x \<in> set_pmf p \<Longrightarrow> f x = x) \<Longrightarrow> map_pmf f p = p"
  1226 by(simp cong: pmf.map_cong)
  1227 
  1228 lemma rel_pmf_conj[simp]:
  1229   "rel_pmf (\<lambda>x y. P \<and> Q x y) x y \<longleftrightarrow> P \<and> rel_pmf Q x y"
  1230   "rel_pmf (\<lambda>x y. Q x y \<and> P) x y \<longleftrightarrow> P \<and> rel_pmf Q x y"
  1231   using set_pmf_not_empty by (fastforce simp: pmf.in_rel subset_eq)+
  1232 
  1233 lemma rel_pmf_top[simp]: "rel_pmf top = top"
  1234   by (auto simp: pmf.in_rel[abs_def] fun_eq_iff map_fst_pair_pmf map_snd_pair_pmf
  1235            intro: exI[of _ "pair_pmf x y" for x y])
  1236 
  1237 lemma rel_pmf_return_pmf1: "rel_pmf R (return_pmf x) M \<longleftrightarrow> (\<forall>a\<in>M. R x a)"
  1238 proof safe
  1239   fix a assume "a \<in> M" "rel_pmf R (return_pmf x) M"
  1240   then obtain pq where *: "\<And>a b. (a, b) \<in> set_pmf pq \<Longrightarrow> R a b"
  1241     and eq: "return_pmf x = map_pmf fst pq" "M = map_pmf snd pq"
  1242     by (force elim: rel_pmf.cases)
  1243   moreover have "set_pmf (return_pmf x) = {x}"
  1244     by simp
  1245   with \<open>a \<in> M\<close> have "(x, a) \<in> pq"
  1246     by (force simp: eq)
  1247   with * show "R x a"
  1248     by auto
  1249 qed (auto intro!: rel_pmf.intros[where pq="pair_pmf (return_pmf x) M"]
  1250           simp: map_fst_pair_pmf map_snd_pair_pmf)
  1251 
  1252 lemma rel_pmf_return_pmf2: "rel_pmf R M (return_pmf x) \<longleftrightarrow> (\<forall>a\<in>M. R a x)"
  1253   by (subst pmf.rel_flip[symmetric]) (simp add: rel_pmf_return_pmf1)
  1254 
  1255 lemma rel_return_pmf[simp]: "rel_pmf R (return_pmf x1) (return_pmf x2) = R x1 x2"
  1256   unfolding rel_pmf_return_pmf2 set_return_pmf by simp
  1257 
  1258 lemma rel_pmf_False[simp]: "rel_pmf (\<lambda>x y. False) x y = False"
  1259   unfolding pmf.in_rel fun_eq_iff using set_pmf_not_empty by fastforce
  1260 
  1261 lemma rel_pmf_rel_prod:
  1262   "rel_pmf (rel_prod R S) (pair_pmf A A') (pair_pmf B B') \<longleftrightarrow> rel_pmf R A B \<and> rel_pmf S A' B'"
  1263 proof safe
  1264   assume "rel_pmf (rel_prod R S) (pair_pmf A A') (pair_pmf B B')"
  1265   then obtain pq where pq: "\<And>a b c d. ((a, c), (b, d)) \<in> set_pmf pq \<Longrightarrow> R a b \<and> S c d"
  1266     and eq: "map_pmf fst pq = pair_pmf A A'" "map_pmf snd pq = pair_pmf B B'"
  1267     by (force elim: rel_pmf.cases)
  1268   show "rel_pmf R A B"
  1269   proof (rule rel_pmf.intros)
  1270     let ?f = "\<lambda>(a, b). (fst a, fst b)"
  1271     have [simp]: "(\<lambda>x. fst (?f x)) = fst o fst" "(\<lambda>x. snd (?f x)) = fst o snd"
  1272       by auto
  1273 
  1274     show "map_pmf fst (map_pmf ?f pq) = A"
  1275       by (simp add: map_pmf_comp pmf.map_comp[symmetric] eq map_fst_pair_pmf)
  1276     show "map_pmf snd (map_pmf ?f pq) = B"
  1277       by (simp add: map_pmf_comp pmf.map_comp[symmetric] eq map_fst_pair_pmf)
  1278 
  1279     fix a b assume "(a, b) \<in> set_pmf (map_pmf ?f pq)"
  1280     then obtain c d where "((a, c), (b, d)) \<in> set_pmf pq"
  1281       by auto
  1282     from pq[OF this] show "R a b" ..
  1283   qed
  1284   show "rel_pmf S A' B'"
  1285   proof (rule rel_pmf.intros)
  1286     let ?f = "\<lambda>(a, b). (snd a, snd b)"
  1287     have [simp]: "(\<lambda>x. fst (?f x)) = snd o fst" "(\<lambda>x. snd (?f x)) = snd o snd"
  1288       by auto
  1289 
  1290     show "map_pmf fst (map_pmf ?f pq) = A'"
  1291       by (simp add: map_pmf_comp pmf.map_comp[symmetric] eq map_snd_pair_pmf)
  1292     show "map_pmf snd (map_pmf ?f pq) = B'"
  1293       by (simp add: map_pmf_comp pmf.map_comp[symmetric] eq map_snd_pair_pmf)
  1294 
  1295     fix c d assume "(c, d) \<in> set_pmf (map_pmf ?f pq)"
  1296     then obtain a b where "((a, c), (b, d)) \<in> set_pmf pq"
  1297       by auto
  1298     from pq[OF this] show "S c d" ..
  1299   qed
  1300 next
  1301   assume "rel_pmf R A B" "rel_pmf S A' B'"
  1302   then obtain Rpq Spq
  1303     where Rpq: "\<And>a b. (a, b) \<in> set_pmf Rpq \<Longrightarrow> R a b"
  1304         "map_pmf fst Rpq = A" "map_pmf snd Rpq = B"
  1305       and Spq: "\<And>a b. (a, b) \<in> set_pmf Spq \<Longrightarrow> S a b"
  1306         "map_pmf fst Spq = A'" "map_pmf snd Spq = B'"
  1307     by (force elim: rel_pmf.cases)
  1308 
  1309   let ?f = "(\<lambda>((a, c), (b, d)). ((a, b), (c, d)))"
  1310   let ?pq = "map_pmf ?f (pair_pmf Rpq Spq)"
  1311   have [simp]: "(\<lambda>x. fst (?f x)) = (\<lambda>(a, b). (fst a, fst b))" "(\<lambda>x. snd (?f x)) = (\<lambda>(a, b). (snd a, snd b))"
  1312     by auto
  1313 
  1314   show "rel_pmf (rel_prod R S) (pair_pmf A A') (pair_pmf B B')"
  1315     by (rule rel_pmf.intros[where pq="?pq"])
  1316        (auto simp: map_snd_pair_pmf map_fst_pair_pmf map_pmf_comp Rpq Spq
  1317                    map_pair)
  1318 qed
  1319 
  1320 lemma rel_pmf_reflI:
  1321   assumes "\<And>x. x \<in> set_pmf p \<Longrightarrow> P x x"
  1322   shows "rel_pmf P p p"
  1323   by (rule rel_pmf.intros[where pq="map_pmf (\<lambda>x. (x, x)) p"])
  1324      (auto simp add: pmf.map_comp o_def assms)
  1325 
  1326 lemma rel_pmf_bij_betw:
  1327   assumes f: "bij_betw f (set_pmf p) (set_pmf q)"
  1328   and eq: "\<And>x. x \<in> set_pmf p \<Longrightarrow> pmf p x = pmf q (f x)"
  1329   shows "rel_pmf (\<lambda>x y. f x = y) p q"
  1330 proof(rule rel_pmf.intros)
  1331   let ?pq = "map_pmf (\<lambda>x. (x, f x)) p"
  1332   show "map_pmf fst ?pq = p" by(simp add: pmf.map_comp o_def)
  1333 
  1334   have "map_pmf f p = q"
  1335   proof(rule pmf_eqI)
  1336     fix i
  1337     show "pmf (map_pmf f p) i = pmf q i"
  1338     proof(cases "i \<in> set_pmf q")
  1339       case True
  1340       with f obtain j where "i = f j" "j \<in> set_pmf p"
  1341         by(auto simp add: bij_betw_def image_iff)
  1342       thus ?thesis using f by(simp add: bij_betw_def pmf_map_inj eq)
  1343     next
  1344       case False thus ?thesis
  1345         by(subst pmf_map_outside)(auto simp add: set_pmf_iff eq[symmetric])
  1346     qed
  1347   qed
  1348   then show "map_pmf snd ?pq = q" by(simp add: pmf.map_comp o_def)
  1349 qed auto
  1350 
  1351 context
  1352 begin
  1353 
  1354 interpretation pmf_as_measure .
  1355 
  1356 definition "join_pmf M = bind_pmf M (\<lambda>x. x)"
  1357 
  1358 lemma bind_eq_join_pmf: "bind_pmf M f = join_pmf (map_pmf f M)"
  1359   unfolding join_pmf_def bind_map_pmf ..
  1360 
  1361 lemma join_eq_bind_pmf: "join_pmf M = bind_pmf M id"
  1362   by (simp add: join_pmf_def id_def)
  1363 
  1364 lemma pmf_join: "pmf (join_pmf N) i = (\<integral>M. pmf M i \<partial>measure_pmf N)"
  1365   unfolding join_pmf_def pmf_bind ..
  1366 
  1367 lemma ennreal_pmf_join: "ennreal (pmf (join_pmf N) i) = (\<integral>\<^sup>+M. pmf M i \<partial>measure_pmf N)"
  1368   unfolding join_pmf_def ennreal_pmf_bind ..
  1369 
  1370 lemma set_pmf_join_pmf[simp]: "set_pmf (join_pmf f) = (\<Union>p\<in>set_pmf f. set_pmf p)"
  1371   by (simp add: join_pmf_def)
  1372 
  1373 lemma join_return_pmf: "join_pmf (return_pmf M) = M"
  1374   by (simp add: integral_return pmf_eq_iff pmf_join return_pmf.rep_eq)
  1375 
  1376 lemma map_join_pmf: "map_pmf f (join_pmf AA) = join_pmf (map_pmf (map_pmf f) AA)"
  1377   by (simp add: join_pmf_def map_pmf_def bind_assoc_pmf bind_return_pmf)
  1378 
  1379 lemma join_map_return_pmf: "join_pmf (map_pmf return_pmf A) = A"
  1380   by (simp add: join_pmf_def map_pmf_def bind_assoc_pmf bind_return_pmf bind_return_pmf')
  1381 
  1382 end
  1383 
  1384 lemma rel_pmf_joinI:
  1385   assumes "rel_pmf (rel_pmf P) p q"
  1386   shows "rel_pmf P (join_pmf p) (join_pmf q)"
  1387 proof -
  1388   from assms obtain pq where p: "p = map_pmf fst pq"
  1389     and q: "q = map_pmf snd pq"
  1390     and P: "\<And>x y. (x, y) \<in> set_pmf pq \<Longrightarrow> rel_pmf P x y"
  1391     by cases auto
  1392   from P obtain PQ
  1393     where PQ: "\<And>x y a b. \<lbrakk> (x, y) \<in> set_pmf pq; (a, b) \<in> set_pmf (PQ x y) \<rbrakk> \<Longrightarrow> P a b"
  1394     and x: "\<And>x y. (x, y) \<in> set_pmf pq \<Longrightarrow> map_pmf fst (PQ x y) = x"
  1395     and y: "\<And>x y. (x, y) \<in> set_pmf pq \<Longrightarrow> map_pmf snd (PQ x y) = y"
  1396     by(metis rel_pmf.simps)
  1397 
  1398   let ?r = "bind_pmf pq (\<lambda>(x, y). PQ x y)"
  1399   have "\<And>a b. (a, b) \<in> set_pmf ?r \<Longrightarrow> P a b" by (auto intro: PQ)
  1400   moreover have "map_pmf fst ?r = join_pmf p" "map_pmf snd ?r = join_pmf q"
  1401     by (simp_all add: p q x y join_pmf_def map_bind_pmf bind_map_pmf split_def cong: bind_pmf_cong)
  1402   ultimately show ?thesis ..
  1403 qed
  1404 
  1405 lemma rel_pmf_bindI:
  1406   assumes pq: "rel_pmf R p q"
  1407   and fg: "\<And>x y. R x y \<Longrightarrow> rel_pmf P (f x) (g y)"
  1408   shows "rel_pmf P (bind_pmf p f) (bind_pmf q g)"
  1409   unfolding bind_eq_join_pmf
  1410   by (rule rel_pmf_joinI)
  1411      (auto simp add: pmf.rel_map intro: pmf.rel_mono[THEN le_funD, THEN le_funD, THEN le_boolD, THEN mp, OF _ pq] fg)
  1412 
  1413 text \<open>
  1414   Proof that @{const rel_pmf} preserves orders.
  1415   Antisymmetry proof follows Thm. 1 in N. Saheb-Djahromi, Cpo's of measures for nondeterminism,
  1416   Theoretical Computer Science 12(1):19--37, 1980,
  1417   @{url "http://dx.doi.org/10.1016/0304-3975(80)90003-1"}
  1418 \<close>
  1419 
  1420 lemma
  1421   assumes *: "rel_pmf R p q"
  1422   and refl: "reflp R" and trans: "transp R"
  1423   shows measure_Ici: "measure p {y. R x y} \<le> measure q {y. R x y}" (is ?thesis1)
  1424   and measure_Ioi: "measure p {y. R x y \<and> \<not> R y x} \<le> measure q {y. R x y \<and> \<not> R y x}" (is ?thesis2)
  1425 proof -
  1426   from * obtain pq
  1427     where pq: "\<And>x y. (x, y) \<in> set_pmf pq \<Longrightarrow> R x y"
  1428     and p: "p = map_pmf fst pq"
  1429     and q: "q = map_pmf snd pq"
  1430     by cases auto
  1431   show ?thesis1 ?thesis2 unfolding p q map_pmf_rep_eq using refl trans
  1432     by(auto 4 3 simp add: measure_distr reflpD AE_measure_pmf_iff intro!: measure_pmf.finite_measure_mono_AE dest!: pq elim: transpE)
  1433 qed
  1434 
  1435 lemma rel_pmf_inf:
  1436   fixes p q :: "'a pmf"
  1437   assumes 1: "rel_pmf R p q"
  1438   assumes 2: "rel_pmf R q p"
  1439   and refl: "reflp R" and trans: "transp R"
  1440   shows "rel_pmf (inf R R\<inverse>\<inverse>) p q"
  1441 proof (subst rel_pmf_iff_equivp, safe)
  1442   show "equivp (inf R R\<inverse>\<inverse>)"
  1443     using trans refl by (auto simp: equivp_reflp_symp_transp intro: sympI transpI reflpI dest: transpD reflpD)
  1444 
  1445   fix C assume "C \<in> UNIV // {(x, y). inf R R\<inverse>\<inverse> x y}"
  1446   then obtain x where C: "C = {y. R x y \<and> R y x}"
  1447     by (auto elim: quotientE)
  1448 
  1449   let ?R = "\<lambda>x y. R x y \<and> R y x"
  1450   let ?\<mu>R = "\<lambda>y. measure q {x. ?R x y}"
  1451   have "measure p {y. ?R x y} = measure p ({y. R x y} - {y. R x y \<and> \<not> R y x})"
  1452     by(auto intro!: arg_cong[where f="measure p"])
  1453   also have "\<dots> = measure p {y. R x y} - measure p {y. R x y \<and> \<not> R y x}"
  1454     by (rule measure_pmf.finite_measure_Diff) auto
  1455   also have "measure p {y. R x y \<and> \<not> R y x} = measure q {y. R x y \<and> \<not> R y x}"
  1456     using 1 2 refl trans by(auto intro!: Orderings.antisym measure_Ioi)
  1457   also have "measure p {y. R x y} = measure q {y. R x y}"
  1458     using 1 2 refl trans by(auto intro!: Orderings.antisym measure_Ici)
  1459   also have "measure q {y. R x y} - measure q {y. R x y \<and> \<not> R y x} =
  1460     measure q ({y. R x y} - {y. R x y \<and> \<not> R y x})"
  1461     by(rule measure_pmf.finite_measure_Diff[symmetric]) auto
  1462   also have "\<dots> = ?\<mu>R x"
  1463     by(auto intro!: arg_cong[where f="measure q"])
  1464   finally show "measure p C = measure q C"
  1465     by (simp add: C conj_commute)
  1466 qed
  1467 
  1468 lemma rel_pmf_antisym:
  1469   fixes p q :: "'a pmf"
  1470   assumes 1: "rel_pmf R p q"
  1471   assumes 2: "rel_pmf R q p"
  1472   and refl: "reflp R" and trans: "transp R" and antisym: "antisymP R"
  1473   shows "p = q"
  1474 proof -
  1475   from 1 2 refl trans have "rel_pmf (inf R R\<inverse>\<inverse>) p q" by(rule rel_pmf_inf)
  1476   also have "inf R R\<inverse>\<inverse> = op ="
  1477     using refl antisym by (auto intro!: ext simp add: reflpD dest: antisymD)
  1478   finally show ?thesis unfolding pmf.rel_eq .
  1479 qed
  1480 
  1481 lemma reflp_rel_pmf: "reflp R \<Longrightarrow> reflp (rel_pmf R)"
  1482 by(blast intro: reflpI rel_pmf_reflI reflpD)
  1483 
  1484 lemma antisymP_rel_pmf:
  1485   "\<lbrakk> reflp R; transp R; antisymP R \<rbrakk>
  1486   \<Longrightarrow> antisymP (rel_pmf R)"
  1487 by(rule antisymI)(blast intro: rel_pmf_antisym)
  1488 
  1489 lemma transp_rel_pmf:
  1490   assumes "transp R"
  1491   shows "transp (rel_pmf R)"
  1492 proof (rule transpI)
  1493   fix x y z
  1494   assume "rel_pmf R x y" and "rel_pmf R y z"
  1495   hence "rel_pmf (R OO R) x z" by (simp add: pmf.rel_compp relcompp.relcompI)
  1496   thus "rel_pmf R x z"
  1497     using assms by (metis (no_types) pmf.rel_mono rev_predicate2D transp_relcompp_less_eq)
  1498 qed
  1499 
  1500 subsection \<open> Distributions \<close>
  1501 
  1502 context
  1503 begin
  1504 
  1505 interpretation pmf_as_function .
  1506 
  1507 subsubsection \<open> Bernoulli Distribution \<close>
  1508 
  1509 lift_definition bernoulli_pmf :: "real \<Rightarrow> bool pmf" is
  1510   "\<lambda>p b. ((\<lambda>p. if b then p else 1 - p) \<circ> min 1 \<circ> max 0) p"
  1511   by (auto simp: nn_integral_count_space_finite[where A="{False, True}"] UNIV_bool
  1512            split: split_max split_min)
  1513 
  1514 lemma pmf_bernoulli_True[simp]: "0 \<le> p \<Longrightarrow> p \<le> 1 \<Longrightarrow> pmf (bernoulli_pmf p) True = p"
  1515   by transfer simp
  1516 
  1517 lemma pmf_bernoulli_False[simp]: "0 \<le> p \<Longrightarrow> p \<le> 1 \<Longrightarrow> pmf (bernoulli_pmf p) False = 1 - p"
  1518   by transfer simp
  1519 
  1520 lemma set_pmf_bernoulli[simp]: "0 < p \<Longrightarrow> p < 1 \<Longrightarrow> set_pmf (bernoulli_pmf p) = UNIV"
  1521   by (auto simp add: set_pmf_iff UNIV_bool)
  1522 
  1523 lemma nn_integral_bernoulli_pmf[simp]:
  1524   assumes [simp]: "0 \<le> p" "p \<le> 1" "\<And>x. 0 \<le> f x"
  1525   shows "(\<integral>\<^sup>+x. f x \<partial>bernoulli_pmf p) = f True * p + f False * (1 - p)"
  1526   by (subst nn_integral_measure_pmf_support[of UNIV])
  1527      (auto simp: UNIV_bool field_simps)
  1528 
  1529 lemma integral_bernoulli_pmf[simp]:
  1530   assumes [simp]: "0 \<le> p" "p \<le> 1"
  1531   shows "(\<integral>x. f x \<partial>bernoulli_pmf p) = f True * p + f False * (1 - p)"
  1532   by (subst integral_measure_pmf[of UNIV]) (auto simp: UNIV_bool)
  1533 
  1534 lemma pmf_bernoulli_half [simp]: "pmf (bernoulli_pmf (1 / 2)) x = 1 / 2"
  1535 by(cases x) simp_all
  1536 
  1537 lemma measure_pmf_bernoulli_half: "measure_pmf (bernoulli_pmf (1 / 2)) = uniform_count_measure UNIV"
  1538   by (rule measure_eqI)
  1539      (simp_all add: nn_integral_pmf[symmetric] emeasure_uniform_count_measure ennreal_divide_numeral[symmetric]
  1540                     nn_integral_count_space_finite sets_uniform_count_measure divide_ennreal_def mult_ac
  1541                     ennreal_of_nat_eq_real_of_nat)
  1542 
  1543 subsubsection \<open> Geometric Distribution \<close>
  1544 
  1545 context
  1546   fixes p :: real assumes p[arith]: "0 < p" "p \<le> 1"
  1547 begin
  1548 
  1549 lift_definition geometric_pmf :: "nat pmf" is "\<lambda>n. (1 - p)^n * p"
  1550 proof
  1551   have "(\<Sum>i. ennreal (p * (1 - p) ^ i)) = ennreal (p * (1 / (1 - (1 - p))))"
  1552     by (intro suminf_ennreal_eq sums_mult geometric_sums) auto
  1553   then show "(\<integral>\<^sup>+ x. ennreal ((1 - p)^x * p) \<partial>count_space UNIV) = 1"
  1554     by (simp add: nn_integral_count_space_nat field_simps)
  1555 qed simp
  1556 
  1557 lemma pmf_geometric[simp]: "pmf geometric_pmf n = (1 - p)^n * p"
  1558   by transfer rule
  1559 
  1560 end
  1561 
  1562 lemma set_pmf_geometric: "0 < p \<Longrightarrow> p < 1 \<Longrightarrow> set_pmf (geometric_pmf p) = UNIV"
  1563   by (auto simp: set_pmf_iff)
  1564 
  1565 subsubsection \<open> Uniform Multiset Distribution \<close>
  1566 
  1567 context
  1568   fixes M :: "'a multiset" assumes M_not_empty: "M \<noteq> {#}"
  1569 begin
  1570 
  1571 lift_definition pmf_of_multiset :: "'a pmf" is "\<lambda>x. count M x / size M"
  1572 proof
  1573   show "(\<integral>\<^sup>+ x. ennreal (real (count M x) / real (size M)) \<partial>count_space UNIV) = 1"
  1574     using M_not_empty
  1575     by (simp add: zero_less_divide_iff nn_integral_count_space nonempty_has_size
  1576                   setsum_divide_distrib[symmetric])
  1577        (auto simp: size_multiset_overloaded_eq intro!: setsum.cong)
  1578 qed simp
  1579 
  1580 lemma pmf_of_multiset[simp]: "pmf pmf_of_multiset x = count M x / size M"
  1581   by transfer rule
  1582 
  1583 lemma set_pmf_of_multiset[simp]: "set_pmf pmf_of_multiset = set_mset M"
  1584   by (auto simp: set_pmf_iff)
  1585 
  1586 end
  1587 
  1588 subsubsection \<open> Uniform Distribution \<close>
  1589 
  1590 context
  1591   fixes S :: "'a set" assumes S_not_empty: "S \<noteq> {}" and S_finite: "finite S"
  1592 begin
  1593 
  1594 lift_definition pmf_of_set :: "'a pmf" is "\<lambda>x. indicator S x / card S"
  1595 proof
  1596   show "(\<integral>\<^sup>+ x. ennreal (indicator S x / real (card S)) \<partial>count_space UNIV) = 1"
  1597     using S_not_empty S_finite
  1598     by (subst nn_integral_count_space'[of S])
  1599        (auto simp: ennreal_of_nat_eq_real_of_nat ennreal_mult[symmetric])
  1600 qed simp
  1601 
  1602 lemma pmf_of_set[simp]: "pmf pmf_of_set x = indicator S x / card S"
  1603   by transfer rule
  1604 
  1605 lemma set_pmf_of_set[simp]: "set_pmf pmf_of_set = S"
  1606   using S_finite S_not_empty by (auto simp: set_pmf_iff)
  1607 
  1608 lemma emeasure_pmf_of_set_space[simp]: "emeasure pmf_of_set S = 1"
  1609   by (rule measure_pmf.emeasure_eq_1_AE) (auto simp: AE_measure_pmf_iff)
  1610 
  1611 lemma nn_integral_pmf_of_set: "nn_integral (measure_pmf pmf_of_set) f = setsum f S / card S"
  1612   by (subst nn_integral_measure_pmf_finite)
  1613      (simp_all add: setsum_left_distrib[symmetric] card_gt_0_iff S_not_empty S_finite divide_ennreal_def
  1614                 divide_ennreal[symmetric] ennreal_of_nat_eq_real_of_nat[symmetric] ennreal_times_divide)
  1615 
  1616 lemma integral_pmf_of_set: "integral\<^sup>L (measure_pmf pmf_of_set) f = setsum f S / card S"
  1617   by (subst integral_measure_pmf[of S]) (auto simp: S_finite setsum_divide_distrib)
  1618 
  1619 lemma emeasure_pmf_of_set: "emeasure (measure_pmf pmf_of_set) A = card (S \<inter> A) / card S"
  1620   by (subst nn_integral_indicator[symmetric], simp)
  1621      (simp add: S_finite S_not_empty card_gt_0_iff indicator_def setsum.If_cases divide_ennreal
  1622                 ennreal_of_nat_eq_real_of_nat nn_integral_pmf_of_set)
  1623 
  1624 lemma measure_pmf_of_set: "measure (measure_pmf pmf_of_set) A = card (S \<inter> A) / card S"
  1625   using emeasure_pmf_of_set[of A]
  1626   by (simp add: measure_nonneg measure_pmf.emeasure_eq_measure)
  1627 
  1628 end
  1629 
  1630 lemma map_pmf_of_set:
  1631   assumes "finite A" "A \<noteq> {}"
  1632   shows   "map_pmf f (pmf_of_set A) = pmf_of_multiset (image_mset f (mset_set A))" 
  1633     (is "?lhs = ?rhs")
  1634 proof (intro pmf_eqI)
  1635   fix x
  1636   from assms have "ennreal (pmf ?lhs x) = ennreal (pmf ?rhs x)"
  1637     by (subst ennreal_pmf_map)
  1638        (simp_all add: emeasure_pmf_of_set mset_set_empty_iff count_image_mset Int_commute)
  1639   thus "pmf ?lhs x = pmf ?rhs x" by simp
  1640 qed
  1641 
  1642 lemma pmf_bind_pmf_of_set:
  1643   assumes "A \<noteq> {}" "finite A"
  1644   shows   "pmf (bind_pmf (pmf_of_set A) f) x = 
  1645              (\<Sum>xa\<in>A. pmf (f xa) x) / real_of_nat (card A)" (is "?lhs = ?rhs")
  1646 proof -
  1647   from assms have "card A > 0" by auto
  1648   with assms have "ennreal ?lhs = ennreal ?rhs"
  1649     by (subst ennreal_pmf_bind) 
  1650        (simp_all add: nn_integral_pmf_of_set max_def pmf_nonneg divide_ennreal [symmetric] 
  1651         setsum_nonneg ennreal_of_nat_eq_real_of_nat)
  1652   thus ?thesis by (subst (asm) ennreal_inj) (auto intro!: setsum_nonneg divide_nonneg_nonneg)
  1653 qed
  1654 
  1655 lemma pmf_of_set_singleton: "pmf_of_set {x} = return_pmf x"
  1656 by(rule pmf_eqI)(simp add: indicator_def)
  1657 
  1658 lemma map_pmf_of_set_inj:
  1659   assumes f: "inj_on f A"
  1660   and [simp]: "A \<noteq> {}" "finite A"
  1661   shows "map_pmf f (pmf_of_set A) = pmf_of_set (f ` A)" (is "?lhs = ?rhs")
  1662 proof(rule pmf_eqI)
  1663   fix i
  1664   show "pmf ?lhs i = pmf ?rhs i"
  1665   proof(cases "i \<in> f ` A")
  1666     case True
  1667     then obtain i' where "i = f i'" "i' \<in> A" by auto
  1668     thus ?thesis using f by(simp add: card_image pmf_map_inj)
  1669   next
  1670     case False
  1671     hence "pmf ?lhs i = 0" by(simp add: pmf_eq_0_set_pmf set_map_pmf)
  1672     moreover have "pmf ?rhs i = 0" using False by simp
  1673     ultimately show ?thesis by simp
  1674   qed
  1675 qed
  1676 
  1677 text \<open>
  1678   Choosing an element uniformly at random from the union of a disjoint family 
  1679   of finite non-empty sets with the same size is the same as first choosing a set 
  1680   from the family uniformly at random and then choosing an element from the chosen set 
  1681   uniformly at random.  
  1682 \<close>
  1683 lemma pmf_of_set_UN:
  1684   assumes "finite (UNION A f)" "A \<noteq> {}" "\<And>x. x \<in> A \<Longrightarrow> f x \<noteq> {}"
  1685           "\<And>x. x \<in> A \<Longrightarrow> card (f x) = n" "disjoint_family_on f A"
  1686   shows   "pmf_of_set (UNION A f) = do {x \<leftarrow> pmf_of_set A; pmf_of_set (f x)}"
  1687             (is "?lhs = ?rhs")
  1688 proof (intro pmf_eqI)
  1689   fix x
  1690   from assms have [simp]: "finite A"
  1691     using infinite_disjoint_family_imp_infinite_UNION[of A f] by blast
  1692   from assms have "ereal (pmf (pmf_of_set (UNION A f)) x) =
  1693     ereal (indicator (\<Union>x\<in>A. f x) x / real (card (\<Union>x\<in>A. f x)))"
  1694     by (subst pmf_of_set) auto
  1695   also from assms have "card (\<Union>x\<in>A. f x) = card A * n"
  1696     by (subst card_UN_disjoint) (auto simp: disjoint_family_on_def)
  1697   also from assms 
  1698     have "indicator (\<Union>x\<in>A. f x) x / real \<dots> = 
  1699               indicator (\<Union>x\<in>A. f x) x / (n * real (card A))"
  1700       by (simp add: setsum_divide_distrib [symmetric] mult_ac)
  1701   also from assms have "indicator (\<Union>x\<in>A. f x) x = (\<Sum>y\<in>A. indicator (f y) x)"
  1702     by (intro indicator_UN_disjoint) simp_all
  1703   also from assms have "ereal ((\<Sum>y\<in>A. indicator (f y) x) / (real n * real (card A))) =
  1704                           ereal (pmf ?rhs x)"
  1705     by (subst pmf_bind_pmf_of_set) (simp_all add: setsum_divide_distrib)
  1706   finally show "pmf ?lhs x = pmf ?rhs x" by simp
  1707 qed
  1708 
  1709 lemma bernoulli_pmf_half_conv_pmf_of_set: "bernoulli_pmf (1 / 2) = pmf_of_set UNIV"
  1710   by (rule pmf_eqI) simp_all
  1711 
  1712 subsubsection \<open> Poisson Distribution \<close>
  1713 
  1714 context
  1715   fixes rate :: real assumes rate_pos: "0 < rate"
  1716 begin
  1717 
  1718 lift_definition poisson_pmf :: "nat pmf" is "\<lambda>k. rate ^ k / fact k * exp (-rate)"
  1719 proof  (* by Manuel Eberl *)
  1720   have summable: "summable (\<lambda>x::nat. rate ^ x / fact x)" using summable_exp
  1721     by (simp add: field_simps divide_inverse [symmetric])
  1722   have "(\<integral>\<^sup>+(x::nat). rate ^ x / fact x * exp (-rate) \<partial>count_space UNIV) =
  1723           exp (-rate) * (\<integral>\<^sup>+(x::nat). rate ^ x / fact x \<partial>count_space UNIV)"
  1724     by (simp add: field_simps nn_integral_cmult[symmetric] ennreal_mult'[symmetric])
  1725   also from rate_pos have "(\<integral>\<^sup>+(x::nat). rate ^ x / fact x \<partial>count_space UNIV) = (\<Sum>x. rate ^ x / fact x)"
  1726     by (simp_all add: nn_integral_count_space_nat suminf_ennreal summable ennreal_suminf_neq_top)
  1727   also have "... = exp rate" unfolding exp_def
  1728     by (simp add: field_simps divide_inverse [symmetric])
  1729   also have "ennreal (exp (-rate)) * ennreal (exp rate) = 1"
  1730     by (simp add: mult_exp_exp ennreal_mult[symmetric])
  1731   finally show "(\<integral>\<^sup>+ x. ennreal (rate ^ x / (fact x) * exp (- rate)) \<partial>count_space UNIV) = 1" .
  1732 qed (simp add: rate_pos[THEN less_imp_le])
  1733 
  1734 lemma pmf_poisson[simp]: "pmf poisson_pmf k = rate ^ k / fact k * exp (-rate)"
  1735   by transfer rule
  1736 
  1737 lemma set_pmf_poisson[simp]: "set_pmf poisson_pmf = UNIV"
  1738   using rate_pos by (auto simp: set_pmf_iff)
  1739 
  1740 end
  1741 
  1742 subsubsection \<open> Binomial Distribution \<close>
  1743 
  1744 context
  1745   fixes n :: nat and p :: real assumes p_nonneg: "0 \<le> p" and p_le_1: "p \<le> 1"
  1746 begin
  1747 
  1748 lift_definition binomial_pmf :: "nat pmf" is "\<lambda>k. (n choose k) * p^k * (1 - p)^(n - k)"
  1749 proof
  1750   have "(\<integral>\<^sup>+k. ennreal (real (n choose k) * p ^ k * (1 - p) ^ (n - k)) \<partial>count_space UNIV) =
  1751     ennreal (\<Sum>k\<le>n. real (n choose k) * p ^ k * (1 - p) ^ (n - k))"
  1752     using p_le_1 p_nonneg by (subst nn_integral_count_space') auto
  1753   also have "(\<Sum>k\<le>n. real (n choose k) * p ^ k * (1 - p) ^ (n - k)) = (p + (1 - p)) ^ n"
  1754     by (subst binomial_ring) (simp add: atLeast0AtMost)
  1755   finally show "(\<integral>\<^sup>+ x. ennreal (real (n choose x) * p ^ x * (1 - p) ^ (n - x)) \<partial>count_space UNIV) = 1"
  1756     by simp
  1757 qed (insert p_nonneg p_le_1, simp)
  1758 
  1759 lemma pmf_binomial[simp]: "pmf binomial_pmf k = (n choose k) * p^k * (1 - p)^(n - k)"
  1760   by transfer rule
  1761 
  1762 lemma set_pmf_binomial_eq: "set_pmf binomial_pmf = (if p = 0 then {0} else if p = 1 then {n} else {.. n})"
  1763   using p_nonneg p_le_1 unfolding set_eq_iff set_pmf_iff pmf_binomial by (auto simp: set_pmf_iff)
  1764 
  1765 end
  1766 
  1767 end
  1768 
  1769 lemma set_pmf_binomial_0[simp]: "set_pmf (binomial_pmf n 0) = {0}"
  1770   by (simp add: set_pmf_binomial_eq)
  1771 
  1772 lemma set_pmf_binomial_1[simp]: "set_pmf (binomial_pmf n 1) = {n}"
  1773   by (simp add: set_pmf_binomial_eq)
  1774 
  1775 lemma set_pmf_binomial[simp]: "0 < p \<Longrightarrow> p < 1 \<Longrightarrow> set_pmf (binomial_pmf n p) = {..n}"
  1776   by (simp add: set_pmf_binomial_eq)
  1777 
  1778 context begin interpretation lifting_syntax .
  1779 
  1780 lemma bind_pmf_parametric [transfer_rule]:
  1781   "(rel_pmf A ===> (A ===> rel_pmf B) ===> rel_pmf B) bind_pmf bind_pmf"
  1782 by(blast intro: rel_pmf_bindI dest: rel_funD)
  1783 
  1784 lemma return_pmf_parametric [transfer_rule]: "(A ===> rel_pmf A) return_pmf return_pmf"
  1785 by(rule rel_funI) simp
  1786 
  1787 end
  1788 
  1789 
  1790 subsection \<open>PMFs from assiciation lists\<close>
  1791 
  1792 definition pmf_of_list ::" ('a \<times> real) list \<Rightarrow> 'a pmf" where 
  1793   "pmf_of_list xs = embed_pmf (\<lambda>x. listsum (map snd (filter (\<lambda>z. fst z = x) xs)))"
  1794 
  1795 definition pmf_of_list_wf where
  1796   "pmf_of_list_wf xs \<longleftrightarrow> (\<forall>x\<in>set (map snd xs) . x \<ge> 0) \<and> listsum (map snd xs) = 1"
  1797 
  1798 lemma pmf_of_list_wfI:
  1799   "(\<And>x. x \<in> set (map snd xs) \<Longrightarrow> x \<ge> 0) \<Longrightarrow> listsum (map snd xs) = 1 \<Longrightarrow> pmf_of_list_wf xs"
  1800   unfolding pmf_of_list_wf_def by simp
  1801 
  1802 context
  1803 begin
  1804 
  1805 private lemma pmf_of_list_aux:
  1806   assumes "\<And>x. x \<in> set (map snd xs) \<Longrightarrow> x \<ge> 0"
  1807   assumes "listsum (map snd xs) = 1"
  1808   shows "(\<integral>\<^sup>+ x. ennreal (listsum (map snd [z\<leftarrow>xs . fst z = x])) \<partial>count_space UNIV) = 1"
  1809 proof -
  1810   have "(\<integral>\<^sup>+ x. ennreal (listsum (map snd (filter (\<lambda>z. fst z = x) xs))) \<partial>count_space UNIV) =
  1811             (\<integral>\<^sup>+ x. ennreal (listsum (map (\<lambda>(x',p). indicator {x'} x * p) xs)) \<partial>count_space UNIV)"
  1812     by (intro nn_integral_cong ennreal_cong, subst listsum_map_filter) (auto intro: listsum_cong)
  1813   also have "\<dots> = (\<Sum>(x',p)\<leftarrow>xs. (\<integral>\<^sup>+ x. ennreal (indicator {x'} x * p) \<partial>count_space UNIV))"
  1814     using assms(1)
  1815   proof (induction xs)
  1816     case (Cons x xs)
  1817     from Cons.prems have "snd x \<ge> 0" by simp
  1818     moreover have "b \<ge> 0" if "(a,b) \<in> set xs" for a b
  1819       using Cons.prems[of b] that by force
  1820     ultimately have "(\<integral>\<^sup>+ y. ennreal (\<Sum>(x', p)\<leftarrow>x # xs. indicator {x'} y * p) \<partial>count_space UNIV) = 
  1821             (\<integral>\<^sup>+ y. ennreal (indicator {fst x} y * snd x) + 
  1822             ennreal (\<Sum>(x', p)\<leftarrow>xs. indicator {x'} y * p) \<partial>count_space UNIV)"
  1823       by (intro nn_integral_cong, subst ennreal_plus [symmetric]) 
  1824          (auto simp: case_prod_unfold indicator_def intro!: listsum_nonneg)
  1825     also have "\<dots> = (\<integral>\<^sup>+ y. ennreal (indicator {fst x} y * snd x) \<partial>count_space UNIV) + 
  1826                       (\<integral>\<^sup>+ y. ennreal (\<Sum>(x', p)\<leftarrow>xs. indicator {x'} y * p) \<partial>count_space UNIV)"
  1827       by (intro nn_integral_add)
  1828          (force intro!: listsum_nonneg AE_I2 intro: Cons simp: indicator_def)+
  1829     also have "(\<integral>\<^sup>+ y. ennreal (\<Sum>(x', p)\<leftarrow>xs. indicator {x'} y * p) \<partial>count_space UNIV) =
  1830                (\<Sum>(x', p)\<leftarrow>xs. (\<integral>\<^sup>+ y. ennreal (indicator {x'} y * p) \<partial>count_space UNIV))"
  1831       using Cons(1) by (intro Cons) simp_all
  1832     finally show ?case by (simp add: case_prod_unfold)
  1833   qed simp
  1834   also have "\<dots> = (\<Sum>(x',p)\<leftarrow>xs. ennreal p * (\<integral>\<^sup>+ x. indicator {x'} x \<partial>count_space UNIV))"
  1835     using assms(1)
  1836     by (intro listsum_cong, simp only: case_prod_unfold, subst nn_integral_cmult [symmetric])
  1837        (auto intro!: assms(1) simp: max_def times_ereal.simps [symmetric] mult_ac ereal_indicator
  1838              simp del: times_ereal.simps)+
  1839   also from assms have "\<dots> = listsum (map snd xs)" by (simp add: case_prod_unfold listsum_ennreal)
  1840   also have "\<dots> = 1" using assms(2) by simp
  1841   finally show ?thesis .
  1842 qed
  1843 
  1844 lemma pmf_pmf_of_list:
  1845   assumes "pmf_of_list_wf xs"
  1846   shows   "pmf (pmf_of_list xs) x = listsum (map snd (filter (\<lambda>z. fst z = x) xs))"
  1847   using assms pmf_of_list_aux[of xs] unfolding pmf_of_list_def pmf_of_list_wf_def
  1848   by (subst pmf_embed_pmf) (auto intro!: listsum_nonneg)
  1849 
  1850 end
  1851 
  1852 lemma set_pmf_of_list:
  1853   assumes "pmf_of_list_wf xs"
  1854   shows   "set_pmf (pmf_of_list xs) \<subseteq> set (map fst xs)"
  1855 proof clarify
  1856   fix x assume A: "x \<in> set_pmf (pmf_of_list xs)"
  1857   show "x \<in> set (map fst xs)"
  1858   proof (rule ccontr)
  1859     assume "x \<notin> set (map fst xs)"
  1860     hence "[z\<leftarrow>xs . fst z = x] = []" by (auto simp: filter_empty_conv)
  1861     with A assms show False by (simp add: pmf_pmf_of_list set_pmf_eq)
  1862   qed
  1863 qed
  1864 
  1865 lemma finite_set_pmf_of_list:
  1866   assumes "pmf_of_list_wf xs"
  1867   shows   "finite (set_pmf (pmf_of_list xs))"
  1868   using assms by (rule finite_subset[OF set_pmf_of_list]) simp_all
  1869 
  1870 lemma emeasure_Int_set_pmf:
  1871   "emeasure (measure_pmf p) (A \<inter> set_pmf p) = emeasure (measure_pmf p) A"
  1872   by (rule emeasure_eq_AE) (auto simp: AE_measure_pmf_iff)
  1873 
  1874 lemma measure_Int_set_pmf:
  1875   "measure (measure_pmf p) (A \<inter> set_pmf p) = measure (measure_pmf p) A"
  1876   using emeasure_Int_set_pmf[of p A] by (simp add: Sigma_Algebra.measure_def)
  1877 
  1878 lemma emeasure_pmf_of_list:
  1879   assumes "pmf_of_list_wf xs"
  1880   shows   "emeasure (pmf_of_list xs) A = ennreal (listsum (map snd (filter (\<lambda>x. fst x \<in> A) xs)))"
  1881 proof -
  1882   have "emeasure (pmf_of_list xs) A = nn_integral (measure_pmf (pmf_of_list xs)) (indicator A)"
  1883     by simp
  1884   also from assms 
  1885     have "\<dots> = (\<Sum>x\<in>set_pmf (pmf_of_list xs) \<inter> A. ennreal (listsum (map snd [z\<leftarrow>xs . fst z = x])))"
  1886     by (subst nn_integral_measure_pmf_finite) (simp_all add: finite_set_pmf_of_list pmf_pmf_of_list)
  1887   also from assms 
  1888     have "\<dots> = ennreal (\<Sum>x\<in>set_pmf (pmf_of_list xs) \<inter> A. listsum (map snd [z\<leftarrow>xs . fst z = x]))"
  1889     by (subst setsum_ennreal) (auto simp: pmf_of_list_wf_def intro!: listsum_nonneg)
  1890   also have "\<dots> = ennreal (\<Sum>x\<in>set_pmf (pmf_of_list xs) \<inter> A. 
  1891       indicator A x * pmf (pmf_of_list xs) x)" (is "_ = ennreal ?S")
  1892     using assms by (intro ennreal_cong setsum.cong) (auto simp: pmf_pmf_of_list)
  1893   also have "?S = (\<Sum>x\<in>set_pmf (pmf_of_list xs). indicator A x * pmf (pmf_of_list xs) x)"
  1894     using assms by (intro setsum.mono_neutral_left set_pmf_of_list finite_set_pmf_of_list) auto
  1895   also have "\<dots> = (\<Sum>x\<in>set (map fst xs). indicator A x * pmf (pmf_of_list xs) x)"
  1896     using assms by (intro setsum.mono_neutral_left set_pmf_of_list) (auto simp: set_pmf_eq)
  1897   also have "\<dots> = (\<Sum>x\<in>set (map fst xs). indicator A x * 
  1898                       listsum (map snd (filter (\<lambda>z. fst z = x) xs)))"
  1899     using assms by (simp add: pmf_pmf_of_list)
  1900   also have "\<dots> = (\<Sum>x\<in>set (map fst xs). listsum (map snd (filter (\<lambda>z. fst z = x \<and> x \<in> A) xs)))"
  1901     by (intro setsum.cong) (auto simp: indicator_def)
  1902   also have "\<dots> = (\<Sum>x\<in>set (map fst xs). (\<Sum>xa = 0..<length xs.
  1903                      if fst (xs ! xa) = x \<and> x \<in> A then snd (xs ! xa) else 0))"
  1904     by (intro setsum.cong refl, subst listsum_map_filter, subst listsum_setsum_nth) simp
  1905   also have "\<dots> = (\<Sum>xa = 0..<length xs. (\<Sum>x\<in>set (map fst xs). 
  1906                      if fst (xs ! xa) = x \<and> x \<in> A then snd (xs ! xa) else 0))"
  1907     by (rule setsum.commute)
  1908   also have "\<dots> = (\<Sum>xa = 0..<length xs. if fst (xs ! xa) \<in> A then 
  1909                      (\<Sum>x\<in>set (map fst xs). if x = fst (xs ! xa) then snd (xs ! xa) else 0) else 0)"
  1910     by (auto intro!: setsum.cong setsum.neutral)
  1911   also have "\<dots> = (\<Sum>xa = 0..<length xs. if fst (xs ! xa) \<in> A then snd (xs ! xa) else 0)"
  1912     by (intro setsum.cong refl) (simp_all add: setsum.delta)
  1913   also have "\<dots> = listsum (map snd (filter (\<lambda>x. fst x \<in> A) xs))"
  1914     by (subst listsum_map_filter, subst listsum_setsum_nth) simp_all
  1915   finally show ?thesis . 
  1916 qed
  1917 
  1918 lemma measure_pmf_of_list:
  1919   assumes "pmf_of_list_wf xs"
  1920   shows   "measure (pmf_of_list xs) A = listsum (map snd (filter (\<lambda>x. fst x \<in> A) xs))"
  1921   using assms unfolding pmf_of_list_wf_def Sigma_Algebra.measure_def
  1922   by (subst emeasure_pmf_of_list [OF assms], subst enn2real_ennreal) (auto intro!: listsum_nonneg)
  1923 
  1924 end