src/ZF/func.thy
 author wenzelm Sat Nov 04 19:17:19 2017 +0100 (21 months ago) changeset 67006 b1278ed3cd46 parent 63901 4ce989e962e0 child 69587 53982d5ec0bb permissions -rw-r--r--
prefer main entry points of HOL;
```     1 (*  Title:      ZF/func.thy
```
```     2     Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
```
```     3     Copyright   1991  University of Cambridge
```
```     4 *)
```
```     5
```
```     6 section\<open>Functions, Function Spaces, Lambda-Abstraction\<close>
```
```     7
```
```     8 theory func imports equalities Sum begin
```
```     9
```
```    10 subsection\<open>The Pi Operator: Dependent Function Space\<close>
```
```    11
```
```    12 lemma subset_Sigma_imp_relation: "r \<subseteq> Sigma(A,B) ==> relation(r)"
```
```    13 by (simp add: relation_def, blast)
```
```    14
```
```    15 lemma relation_converse_converse [simp]:
```
```    16      "relation(r) ==> converse(converse(r)) = r"
```
```    17 by (simp add: relation_def, blast)
```
```    18
```
```    19 lemma relation_restrict [simp]:  "relation(restrict(r,A))"
```
```    20 by (simp add: restrict_def relation_def, blast)
```
```    21
```
```    22 lemma Pi_iff:
```
```    23     "f \<in> Pi(A,B) \<longleftrightarrow> function(f) & f<=Sigma(A,B) & A<=domain(f)"
```
```    24 by (unfold Pi_def, blast)
```
```    25
```
```    26 (*For upward compatibility with the former definition*)
```
```    27 lemma Pi_iff_old:
```
```    28     "f \<in> Pi(A,B) \<longleftrightarrow> f<=Sigma(A,B) & (\<forall>x\<in>A. \<exists>!y. <x,y>: f)"
```
```    29 by (unfold Pi_def function_def, blast)
```
```    30
```
```    31 lemma fun_is_function: "f \<in> Pi(A,B) ==> function(f)"
```
```    32 by (simp only: Pi_iff)
```
```    33
```
```    34 lemma function_imp_Pi:
```
```    35      "[|function(f); relation(f)|] ==> f \<in> domain(f) -> range(f)"
```
```    36 by (simp add: Pi_iff relation_def, blast)
```
```    37
```
```    38 lemma functionI:
```
```    39      "[| !!x y y'. [| <x,y>:r; <x,y'>:r |] ==> y=y' |] ==> function(r)"
```
```    40 by (simp add: function_def, blast)
```
```    41
```
```    42 (*Functions are relations*)
```
```    43 lemma fun_is_rel: "f \<in> Pi(A,B) ==> f \<subseteq> Sigma(A,B)"
```
```    44 by (unfold Pi_def, blast)
```
```    45
```
```    46 lemma Pi_cong:
```
```    47     "[| A=A';  !!x. x \<in> A' ==> B(x)=B'(x) |] ==> Pi(A,B) = Pi(A',B')"
```
```    48 by (simp add: Pi_def cong add: Sigma_cong)
```
```    49
```
```    50 (*Sigma_cong, Pi_cong NOT given to Addcongs: they cause
```
```    51   flex-flex pairs and the "Check your prover" error.  Most
```
```    52   Sigmas and Pis are abbreviated as * or -> *)
```
```    53
```
```    54 (*Weakening one function type to another; see also Pi_type*)
```
```    55 lemma fun_weaken_type: "[| f \<in> A->B;  B<=D |] ==> f \<in> A->D"
```
```    56 by (unfold Pi_def, best)
```
```    57
```
```    58 subsection\<open>Function Application\<close>
```
```    59
```
```    60 lemma apply_equality2: "[| <a,b>: f;  <a,c>: f;  f \<in> Pi(A,B) |] ==> b=c"
```
```    61 by (unfold Pi_def function_def, blast)
```
```    62
```
```    63 lemma function_apply_equality: "[| <a,b>: f;  function(f) |] ==> f`a = b"
```
```    64 by (unfold apply_def function_def, blast)
```
```    65
```
```    66 lemma apply_equality: "[| <a,b>: f;  f \<in> Pi(A,B) |] ==> f`a = b"
```
```    67 apply (unfold Pi_def)
```
```    68 apply (blast intro: function_apply_equality)
```
```    69 done
```
```    70
```
```    71 (*Applying a function outside its domain yields 0*)
```
```    72 lemma apply_0: "a \<notin> domain(f) ==> f`a = 0"
```
```    73 by (unfold apply_def, blast)
```
```    74
```
```    75 lemma Pi_memberD: "[| f \<in> Pi(A,B);  c \<in> f |] ==> \<exists>x\<in>A.  c = <x,f`x>"
```
```    76 apply (frule fun_is_rel)
```
```    77 apply (blast dest: apply_equality)
```
```    78 done
```
```    79
```
```    80 lemma function_apply_Pair: "[| function(f);  a \<in> domain(f)|] ==> <a,f`a>: f"
```
```    81 apply (simp add: function_def, clarify)
```
```    82 apply (subgoal_tac "f`a = y", blast)
```
```    83 apply (simp add: apply_def, blast)
```
```    84 done
```
```    85
```
```    86 lemma apply_Pair: "[| f \<in> Pi(A,B);  a \<in> A |] ==> <a,f`a>: f"
```
```    87 apply (simp add: Pi_iff)
```
```    88 apply (blast intro: function_apply_Pair)
```
```    89 done
```
```    90
```
```    91 (*Conclusion is flexible -- use rule_tac or else apply_funtype below!*)
```
```    92 lemma apply_type [TC]: "[| f \<in> Pi(A,B);  a \<in> A |] ==> f`a \<in> B(a)"
```
```    93 by (blast intro: apply_Pair dest: fun_is_rel)
```
```    94
```
```    95 (*This version is acceptable to the simplifier*)
```
```    96 lemma apply_funtype: "[| f \<in> A->B;  a \<in> A |] ==> f`a \<in> B"
```
```    97 by (blast dest: apply_type)
```
```    98
```
```    99 lemma apply_iff: "f \<in> Pi(A,B) ==> <a,b>: f \<longleftrightarrow> a \<in> A & f`a = b"
```
```   100 apply (frule fun_is_rel)
```
```   101 apply (blast intro!: apply_Pair apply_equality)
```
```   102 done
```
```   103
```
```   104 (*Refining one Pi type to another*)
```
```   105 lemma Pi_type: "[| f \<in> Pi(A,C);  !!x. x \<in> A ==> f`x \<in> B(x) |] ==> f \<in> Pi(A,B)"
```
```   106 apply (simp only: Pi_iff)
```
```   107 apply (blast dest: function_apply_equality)
```
```   108 done
```
```   109
```
```   110 (*Such functions arise in non-standard datatypes, ZF/ex/Ntree for instance*)
```
```   111 lemma Pi_Collect_iff:
```
```   112      "(f \<in> Pi(A, %x. {y \<in> B(x). P(x,y)}))
```
```   113       \<longleftrightarrow>  f \<in> Pi(A,B) & (\<forall>x\<in>A. P(x, f`x))"
```
```   114 by (blast intro: Pi_type dest: apply_type)
```
```   115
```
```   116 lemma Pi_weaken_type:
```
```   117         "[| f \<in> Pi(A,B);  !!x. x \<in> A ==> B(x)<=C(x) |] ==> f \<in> Pi(A,C)"
```
```   118 by (blast intro: Pi_type dest: apply_type)
```
```   119
```
```   120
```
```   121 (** Elimination of membership in a function **)
```
```   122
```
```   123 lemma domain_type: "[| <a,b> \<in> f;  f \<in> Pi(A,B) |] ==> a \<in> A"
```
```   124 by (blast dest: fun_is_rel)
```
```   125
```
```   126 lemma range_type: "[| <a,b> \<in> f;  f \<in> Pi(A,B) |] ==> b \<in> B(a)"
```
```   127 by (blast dest: fun_is_rel)
```
```   128
```
```   129 lemma Pair_mem_PiD: "[| <a,b>: f;  f \<in> Pi(A,B) |] ==> a \<in> A & b \<in> B(a) & f`a = b"
```
```   130 by (blast intro: domain_type range_type apply_equality)
```
```   131
```
```   132 subsection\<open>Lambda Abstraction\<close>
```
```   133
```
```   134 lemma lamI: "a \<in> A ==> <a,b(a)> \<in> (\<lambda>x\<in>A. b(x))"
```
```   135 apply (unfold lam_def)
```
```   136 apply (erule RepFunI)
```
```   137 done
```
```   138
```
```   139 lemma lamE:
```
```   140     "[| p: (\<lambda>x\<in>A. b(x));  !!x.[| x \<in> A; p=<x,b(x)> |] ==> P
```
```   141      |] ==>  P"
```
```   142 by (simp add: lam_def, blast)
```
```   143
```
```   144 lemma lamD: "[| <a,c>: (\<lambda>x\<in>A. b(x)) |] ==> c = b(a)"
```
```   145 by (simp add: lam_def)
```
```   146
```
```   147 lemma lam_type [TC]:
```
```   148     "[| !!x. x \<in> A ==> b(x): B(x) |] ==> (\<lambda>x\<in>A. b(x)) \<in> Pi(A,B)"
```
```   149 by (simp add: lam_def Pi_def function_def, blast)
```
```   150
```
```   151 lemma lam_funtype: "(\<lambda>x\<in>A. b(x)) \<in> A -> {b(x). x \<in> A}"
```
```   152 by (blast intro: lam_type)
```
```   153
```
```   154 lemma function_lam: "function (\<lambda>x\<in>A. b(x))"
```
```   155 by (simp add: function_def lam_def)
```
```   156
```
```   157 lemma relation_lam: "relation (\<lambda>x\<in>A. b(x))"
```
```   158 by (simp add: relation_def lam_def)
```
```   159
```
```   160 lemma beta_if [simp]: "(\<lambda>x\<in>A. b(x)) ` a = (if a \<in> A then b(a) else 0)"
```
```   161 by (simp add: apply_def lam_def, blast)
```
```   162
```
```   163 lemma beta: "a \<in> A ==> (\<lambda>x\<in>A. b(x)) ` a = b(a)"
```
```   164 by (simp add: apply_def lam_def, blast)
```
```   165
```
```   166 lemma lam_empty [simp]: "(\<lambda>x\<in>0. b(x)) = 0"
```
```   167 by (simp add: lam_def)
```
```   168
```
```   169 lemma domain_lam [simp]: "domain(Lambda(A,b)) = A"
```
```   170 by (simp add: lam_def, blast)
```
```   171
```
```   172 (*congruence rule for lambda abstraction*)
```
```   173 lemma lam_cong [cong]:
```
```   174     "[| A=A';  !!x. x \<in> A' ==> b(x)=b'(x) |] ==> Lambda(A,b) = Lambda(A',b')"
```
```   175 by (simp only: lam_def cong add: RepFun_cong)
```
```   176
```
```   177 lemma lam_theI:
```
```   178     "(!!x. x \<in> A ==> \<exists>!y. Q(x,y)) ==> \<exists>f. \<forall>x\<in>A. Q(x, f`x)"
```
```   179 apply (rule_tac x = "\<lambda>x\<in>A. THE y. Q (x,y)" in exI)
```
```   180 apply simp
```
```   181 apply (blast intro: theI)
```
```   182 done
```
```   183
```
```   184 lemma lam_eqE: "[| (\<lambda>x\<in>A. f(x)) = (\<lambda>x\<in>A. g(x));  a \<in> A |] ==> f(a)=g(a)"
```
```   185 by (fast intro!: lamI elim: equalityE lamE)
```
```   186
```
```   187
```
```   188 (*Empty function spaces*)
```
```   189 lemma Pi_empty1 [simp]: "Pi(0,A) = {0}"
```
```   190 by (unfold Pi_def function_def, blast)
```
```   191
```
```   192 (*The singleton function*)
```
```   193 lemma singleton_fun [simp]: "{<a,b>} \<in> {a} -> {b}"
```
```   194 by (unfold Pi_def function_def, blast)
```
```   195
```
```   196 lemma Pi_empty2 [simp]: "(A->0) = (if A=0 then {0} else 0)"
```
```   197 by (unfold Pi_def function_def, force)
```
```   198
```
```   199 lemma  fun_space_empty_iff [iff]: "(A->X)=0 \<longleftrightarrow> X=0 & (A \<noteq> 0)"
```
```   200 apply auto
```
```   201 apply (fast intro!: equals0I intro: lam_type)
```
```   202 done
```
```   203
```
```   204
```
```   205 subsection\<open>Extensionality\<close>
```
```   206
```
```   207 (*Semi-extensionality!*)
```
```   208
```
```   209 lemma fun_subset:
```
```   210     "[| f \<in> Pi(A,B);  g \<in> Pi(C,D);  A<=C;
```
```   211         !!x. x \<in> A ==> f`x = g`x       |] ==> f<=g"
```
```   212 by (force dest: Pi_memberD intro: apply_Pair)
```
```   213
```
```   214 lemma fun_extension:
```
```   215     "[| f \<in> Pi(A,B);  g \<in> Pi(A,D);
```
```   216         !!x. x \<in> A ==> f`x = g`x       |] ==> f=g"
```
```   217 by (blast del: subsetI intro: subset_refl sym fun_subset)
```
```   218
```
```   219 lemma eta [simp]: "f \<in> Pi(A,B) ==> (\<lambda>x\<in>A. f`x) = f"
```
```   220 apply (rule fun_extension)
```
```   221 apply (auto simp add: lam_type apply_type beta)
```
```   222 done
```
```   223
```
```   224 lemma fun_extension_iff:
```
```   225      "[| f \<in> Pi(A,B); g \<in> Pi(A,C) |] ==> (\<forall>a\<in>A. f`a = g`a) \<longleftrightarrow> f=g"
```
```   226 by (blast intro: fun_extension)
```
```   227
```
```   228 (*thm by Mark Staples, proof by lcp*)
```
```   229 lemma fun_subset_eq: "[| f \<in> Pi(A,B); g \<in> Pi(A,C) |] ==> f \<subseteq> g \<longleftrightarrow> (f = g)"
```
```   230 by (blast dest: apply_Pair
```
```   231           intro: fun_extension apply_equality [symmetric])
```
```   232
```
```   233
```
```   234 (*Every element of Pi(A,B) may be expressed as a lambda abstraction!*)
```
```   235 lemma Pi_lamE:
```
```   236   assumes major: "f \<in> Pi(A,B)"
```
```   237       and minor: "!!b. [| \<forall>x\<in>A. b(x):B(x);  f = (\<lambda>x\<in>A. b(x)) |] ==> P"
```
```   238   shows "P"
```
```   239 apply (rule minor)
```
```   240 apply (rule_tac [2] eta [symmetric])
```
```   241 apply (blast intro: major apply_type)+
```
```   242 done
```
```   243
```
```   244
```
```   245 subsection\<open>Images of Functions\<close>
```
```   246
```
```   247 lemma image_lam: "C \<subseteq> A ==> (\<lambda>x\<in>A. b(x)) `` C = {b(x). x \<in> C}"
```
```   248 by (unfold lam_def, blast)
```
```   249
```
```   250 lemma Repfun_function_if:
```
```   251      "function(f)
```
```   252       ==> {f`x. x \<in> C} = (if C \<subseteq> domain(f) then f``C else cons(0,f``C))"
```
```   253 apply simp
```
```   254 apply (intro conjI impI)
```
```   255  apply (blast dest: function_apply_equality intro: function_apply_Pair)
```
```   256 apply (rule equalityI)
```
```   257  apply (blast intro!: function_apply_Pair apply_0)
```
```   258 apply (blast dest: function_apply_equality intro: apply_0 [symmetric])
```
```   259 done
```
```   260
```
```   261 (*For this lemma and the next, the right-hand side could equivalently
```
```   262   be written \<Union>x\<in>C. {f`x} *)
```
```   263 lemma image_function:
```
```   264      "[| function(f);  C \<subseteq> domain(f) |] ==> f``C = {f`x. x \<in> C}"
```
```   265 by (simp add: Repfun_function_if)
```
```   266
```
```   267 lemma image_fun: "[| f \<in> Pi(A,B);  C \<subseteq> A |] ==> f``C = {f`x. x \<in> C}"
```
```   268 apply (simp add: Pi_iff)
```
```   269 apply (blast intro: image_function)
```
```   270 done
```
```   271
```
```   272 lemma image_eq_UN:
```
```   273   assumes f: "f \<in> Pi(A,B)" "C \<subseteq> A" shows "f``C = (\<Union>x\<in>C. {f ` x})"
```
```   274 by (auto simp add: image_fun [OF f])
```
```   275
```
```   276 lemma Pi_image_cons:
```
```   277      "[| f \<in> Pi(A,B);  x \<in> A |] ==> f `` cons(x,y) = cons(f`x, f``y)"
```
```   278 by (blast dest: apply_equality apply_Pair)
```
```   279
```
```   280
```
```   281 subsection\<open>Properties of @{term "restrict(f,A)"}\<close>
```
```   282
```
```   283 lemma restrict_subset: "restrict(f,A) \<subseteq> f"
```
```   284 by (unfold restrict_def, blast)
```
```   285
```
```   286 lemma function_restrictI:
```
```   287     "function(f) ==> function(restrict(f,A))"
```
```   288 by (unfold restrict_def function_def, blast)
```
```   289
```
```   290 lemma restrict_type2: "[| f \<in> Pi(C,B);  A<=C |] ==> restrict(f,A) \<in> Pi(A,B)"
```
```   291 by (simp add: Pi_iff function_def restrict_def, blast)
```
```   292
```
```   293 lemma restrict: "restrict(f,A) ` a = (if a \<in> A then f`a else 0)"
```
```   294 by (simp add: apply_def restrict_def, blast)
```
```   295
```
```   296 lemma restrict_empty [simp]: "restrict(f,0) = 0"
```
```   297 by (unfold restrict_def, simp)
```
```   298
```
```   299 lemma restrict_iff: "z \<in> restrict(r,A) \<longleftrightarrow> z \<in> r & (\<exists>x\<in>A. \<exists>y. z = \<langle>x, y\<rangle>)"
```
```   300 by (simp add: restrict_def)
```
```   301
```
```   302 lemma restrict_restrict [simp]:
```
```   303      "restrict(restrict(r,A),B) = restrict(r, A \<inter> B)"
```
```   304 by (unfold restrict_def, blast)
```
```   305
```
```   306 lemma domain_restrict [simp]: "domain(restrict(f,C)) = domain(f) \<inter> C"
```
```   307 apply (unfold restrict_def)
```
```   308 apply (auto simp add: domain_def)
```
```   309 done
```
```   310
```
```   311 lemma restrict_idem: "f \<subseteq> Sigma(A,B) ==> restrict(f,A) = f"
```
```   312 by (simp add: restrict_def, blast)
```
```   313
```
```   314
```
```   315 (*converse probably holds too*)
```
```   316 lemma domain_restrict_idem:
```
```   317      "[| domain(r) \<subseteq> A; relation(r) |] ==> restrict(r,A) = r"
```
```   318 by (simp add: restrict_def relation_def, blast)
```
```   319
```
```   320 lemma domain_restrict_lam [simp]: "domain(restrict(Lambda(A,f),C)) = A \<inter> C"
```
```   321 apply (unfold restrict_def lam_def)
```
```   322 apply (rule equalityI)
```
```   323 apply (auto simp add: domain_iff)
```
```   324 done
```
```   325
```
```   326 lemma restrict_if [simp]: "restrict(f,A) ` a = (if a \<in> A then f`a else 0)"
```
```   327 by (simp add: restrict apply_0)
```
```   328
```
```   329 lemma restrict_lam_eq:
```
```   330     "A<=C ==> restrict(\<lambda>x\<in>C. b(x), A) = (\<lambda>x\<in>A. b(x))"
```
```   331 by (unfold restrict_def lam_def, auto)
```
```   332
```
```   333 lemma fun_cons_restrict_eq:
```
```   334      "f \<in> cons(a, b) -> B ==> f = cons(<a, f ` a>, restrict(f, b))"
```
```   335 apply (rule equalityI)
```
```   336  prefer 2 apply (blast intro: apply_Pair restrict_subset [THEN subsetD])
```
```   337 apply (auto dest!: Pi_memberD simp add: restrict_def lam_def)
```
```   338 done
```
```   339
```
```   340
```
```   341 subsection\<open>Unions of Functions\<close>
```
```   342
```
```   343 (** The Union of a set of COMPATIBLE functions is a function **)
```
```   344
```
```   345 lemma function_Union:
```
```   346     "[| \<forall>x\<in>S. function(x);
```
```   347         \<forall>x\<in>S. \<forall>y\<in>S. x<=y | y<=x  |]
```
```   348      ==> function(\<Union>(S))"
```
```   349 by (unfold function_def, blast)
```
```   350
```
```   351 lemma fun_Union:
```
```   352     "[| \<forall>f\<in>S. \<exists>C D. f \<in> C->D;
```
```   353              \<forall>f\<in>S. \<forall>y\<in>S. f<=y | y<=f  |] ==>
```
```   354           \<Union>(S) \<in> domain(\<Union>(S)) -> range(\<Union>(S))"
```
```   355 apply (unfold Pi_def)
```
```   356 apply (blast intro!: rel_Union function_Union)
```
```   357 done
```
```   358
```
```   359 lemma gen_relation_Union [rule_format]:
```
```   360      "\<forall>f\<in>F. relation(f) \<Longrightarrow> relation(\<Union>(F))"
```
```   361 by (simp add: relation_def)
```
```   362
```
```   363
```
```   364 (** The Union of 2 disjoint functions is a function **)
```
```   365
```
```   366 lemmas Un_rls = Un_subset_iff SUM_Un_distrib1 prod_Un_distrib2
```
```   367                 subset_trans [OF _ Un_upper1]
```
```   368                 subset_trans [OF _ Un_upper2]
```
```   369
```
```   370 lemma fun_disjoint_Un:
```
```   371      "[| f \<in> A->B;  g \<in> C->D;  A \<inter> C = 0  |]
```
```   372       ==> (f \<union> g) \<in> (A \<union> C) -> (B \<union> D)"
```
```   373 (*Prove the product and domain subgoals using distributive laws*)
```
```   374 apply (simp add: Pi_iff extension Un_rls)
```
```   375 apply (unfold function_def, blast)
```
```   376 done
```
```   377
```
```   378 lemma fun_disjoint_apply1: "a \<notin> domain(g) ==> (f \<union> g)`a = f`a"
```
```   379 by (simp add: apply_def, blast)
```
```   380
```
```   381 lemma fun_disjoint_apply2: "c \<notin> domain(f) ==> (f \<union> g)`c = g`c"
```
```   382 by (simp add: apply_def, blast)
```
```   383
```
```   384 subsection\<open>Domain and Range of a Function or Relation\<close>
```
```   385
```
```   386 lemma domain_of_fun: "f \<in> Pi(A,B) ==> domain(f)=A"
```
```   387 by (unfold Pi_def, blast)
```
```   388
```
```   389 lemma apply_rangeI: "[| f \<in> Pi(A,B);  a \<in> A |] ==> f`a \<in> range(f)"
```
```   390 by (erule apply_Pair [THEN rangeI], assumption)
```
```   391
```
```   392 lemma range_of_fun: "f \<in> Pi(A,B) ==> f \<in> A->range(f)"
```
```   393 by (blast intro: Pi_type apply_rangeI)
```
```   394
```
```   395 subsection\<open>Extensions of Functions\<close>
```
```   396
```
```   397 lemma fun_extend:
```
```   398      "[| f \<in> A->B;  c\<notin>A |] ==> cons(<c,b>,f) \<in> cons(c,A) -> cons(b,B)"
```
```   399 apply (frule singleton_fun [THEN fun_disjoint_Un], blast)
```
```   400 apply (simp add: cons_eq)
```
```   401 done
```
```   402
```
```   403 lemma fun_extend3:
```
```   404      "[| f \<in> A->B;  c\<notin>A;  b \<in> B |] ==> cons(<c,b>,f) \<in> cons(c,A) -> B"
```
```   405 by (blast intro: fun_extend [THEN fun_weaken_type])
```
```   406
```
```   407 lemma extend_apply:
```
```   408      "c \<notin> domain(f) ==> cons(<c,b>,f)`a = (if a=c then b else f`a)"
```
```   409 by (auto simp add: apply_def)
```
```   410
```
```   411 lemma fun_extend_apply [simp]:
```
```   412      "[| f \<in> A->B;  c\<notin>A |] ==> cons(<c,b>,f)`a = (if a=c then b else f`a)"
```
```   413 apply (rule extend_apply)
```
```   414 apply (simp add: Pi_def, blast)
```
```   415 done
```
```   416
```
```   417 lemmas singleton_apply = apply_equality [OF singletonI singleton_fun, simp]
```
```   418
```
```   419 (*For Finite.ML.  Inclusion of right into left is easy*)
```
```   420 lemma cons_fun_eq:
```
```   421      "c \<notin> A ==> cons(c,A) -> B = (\<Union>f \<in> A->B. \<Union>b\<in>B. {cons(<c,b>, f)})"
```
```   422 apply (rule equalityI)
```
```   423 apply (safe elim!: fun_extend3)
```
```   424 (*Inclusion of left into right*)
```
```   425 apply (subgoal_tac "restrict (x, A) \<in> A -> B")
```
```   426  prefer 2 apply (blast intro: restrict_type2)
```
```   427 apply (rule UN_I, assumption)
```
```   428 apply (rule apply_funtype [THEN UN_I])
```
```   429   apply assumption
```
```   430  apply (rule consI1)
```
```   431 apply (simp (no_asm))
```
```   432 apply (rule fun_extension)
```
```   433   apply assumption
```
```   434  apply (blast intro: fun_extend)
```
```   435 apply (erule consE, simp_all)
```
```   436 done
```
```   437
```
```   438 lemma succ_fun_eq: "succ(n) -> B = (\<Union>f \<in> n->B. \<Union>b\<in>B. {cons(<n,b>, f)})"
```
```   439 by (simp add: succ_def mem_not_refl cons_fun_eq)
```
```   440
```
```   441
```
```   442 subsection\<open>Function Updates\<close>
```
```   443
```
```   444 definition
```
```   445   update  :: "[i,i,i] => i"  where
```
```   446    "update(f,a,b) == \<lambda>x\<in>cons(a, domain(f)). if(x=a, b, f`x)"
```
```   447
```
```   448 nonterminal updbinds and updbind
```
```   449
```
```   450 syntax
```
```   451
```
```   452   (* Let expressions *)
```
```   453
```
```   454   "_updbind"    :: "[i, i] => updbind"               ("(2_ :=/ _)")
```
```   455   ""            :: "updbind => updbinds"             ("_")
```
```   456   "_updbinds"   :: "[updbind, updbinds] => updbinds" ("_,/ _")
```
```   457   "_Update"     :: "[i, updbinds] => i"              ("_/'((_)')" [900,0] 900)
```
```   458
```
```   459 translations
```
```   460   "_Update (f, _updbinds(b,bs))"  == "_Update (_Update(f,b), bs)"
```
```   461   "f(x:=y)"                       == "CONST update(f,x,y)"
```
```   462
```
```   463
```
```   464 lemma update_apply [simp]: "f(x:=y) ` z = (if z=x then y else f`z)"
```
```   465 apply (simp add: update_def)
```
```   466 apply (case_tac "z \<in> domain(f)")
```
```   467 apply (simp_all add: apply_0)
```
```   468 done
```
```   469
```
```   470 lemma update_idem: "[| f`x = y;  f \<in> Pi(A,B);  x \<in> A |] ==> f(x:=y) = f"
```
```   471 apply (unfold update_def)
```
```   472 apply (simp add: domain_of_fun cons_absorb)
```
```   473 apply (rule fun_extension)
```
```   474 apply (best intro: apply_type if_type lam_type, assumption, simp)
```
```   475 done
```
```   476
```
```   477
```
```   478 (* [| f \<in> Pi(A, B); x \<in> A |] ==> f(x := f`x) = f *)
```
```   479 declare refl [THEN update_idem, simp]
```
```   480
```
```   481 lemma domain_update [simp]: "domain(f(x:=y)) = cons(x, domain(f))"
```
```   482 by (unfold update_def, simp)
```
```   483
```
```   484 lemma update_type: "[| f \<in> Pi(A,B);  x \<in> A;  y \<in> B(x) |] ==> f(x:=y) \<in> Pi(A, B)"
```
```   485 apply (unfold update_def)
```
```   486 apply (simp add: domain_of_fun cons_absorb apply_funtype lam_type)
```
```   487 done
```
```   488
```
```   489
```
```   490 subsection\<open>Monotonicity Theorems\<close>
```
```   491
```
```   492 subsubsection\<open>Replacement in its Various Forms\<close>
```
```   493
```
```   494 (*Not easy to express monotonicity in P, since any "bigger" predicate
```
```   495   would have to be single-valued*)
```
```   496 lemma Replace_mono: "A<=B ==> Replace(A,P) \<subseteq> Replace(B,P)"
```
```   497 by (blast elim!: ReplaceE)
```
```   498
```
```   499 lemma RepFun_mono: "A<=B ==> {f(x). x \<in> A} \<subseteq> {f(x). x \<in> B}"
```
```   500 by blast
```
```   501
```
```   502 lemma Pow_mono: "A<=B ==> Pow(A) \<subseteq> Pow(B)"
```
```   503 by blast
```
```   504
```
```   505 lemma Union_mono: "A<=B ==> \<Union>(A) \<subseteq> \<Union>(B)"
```
```   506 by blast
```
```   507
```
```   508 lemma UN_mono:
```
```   509     "[| A<=C;  !!x. x \<in> A ==> B(x)<=D(x) |] ==> (\<Union>x\<in>A. B(x)) \<subseteq> (\<Union>x\<in>C. D(x))"
```
```   510 by blast
```
```   511
```
```   512 (*Intersection is ANTI-monotonic.  There are TWO premises! *)
```
```   513 lemma Inter_anti_mono: "[| A<=B;  A\<noteq>0 |] ==> \<Inter>(B) \<subseteq> \<Inter>(A)"
```
```   514 by blast
```
```   515
```
```   516 lemma cons_mono: "C<=D ==> cons(a,C) \<subseteq> cons(a,D)"
```
```   517 by blast
```
```   518
```
```   519 lemma Un_mono: "[| A<=C;  B<=D |] ==> A \<union> B \<subseteq> C \<union> D"
```
```   520 by blast
```
```   521
```
```   522 lemma Int_mono: "[| A<=C;  B<=D |] ==> A \<inter> B \<subseteq> C \<inter> D"
```
```   523 by blast
```
```   524
```
```   525 lemma Diff_mono: "[| A<=C;  D<=B |] ==> A-B \<subseteq> C-D"
```
```   526 by blast
```
```   527
```
```   528 subsubsection\<open>Standard Products, Sums and Function Spaces\<close>
```
```   529
```
```   530 lemma Sigma_mono [rule_format]:
```
```   531      "[| A<=C;  !!x. x \<in> A \<longrightarrow> B(x) \<subseteq> D(x) |] ==> Sigma(A,B) \<subseteq> Sigma(C,D)"
```
```   532 by blast
```
```   533
```
```   534 lemma sum_mono: "[| A<=C;  B<=D |] ==> A+B \<subseteq> C+D"
```
```   535 by (unfold sum_def, blast)
```
```   536
```
```   537 (*Note that B->A and C->A are typically disjoint!*)
```
```   538 lemma Pi_mono: "B<=C ==> A->B \<subseteq> A->C"
```
```   539 by (blast intro: lam_type elim: Pi_lamE)
```
```   540
```
```   541 lemma lam_mono: "A<=B ==> Lambda(A,c) \<subseteq> Lambda(B,c)"
```
```   542 apply (unfold lam_def)
```
```   543 apply (erule RepFun_mono)
```
```   544 done
```
```   545
```
```   546 subsubsection\<open>Converse, Domain, Range, Field\<close>
```
```   547
```
```   548 lemma converse_mono: "r<=s ==> converse(r) \<subseteq> converse(s)"
```
```   549 by blast
```
```   550
```
```   551 lemma domain_mono: "r<=s ==> domain(r)<=domain(s)"
```
```   552 by blast
```
```   553
```
```   554 lemmas domain_rel_subset = subset_trans [OF domain_mono domain_subset]
```
```   555
```
```   556 lemma range_mono: "r<=s ==> range(r)<=range(s)"
```
```   557 by blast
```
```   558
```
```   559 lemmas range_rel_subset = subset_trans [OF range_mono range_subset]
```
```   560
```
```   561 lemma field_mono: "r<=s ==> field(r)<=field(s)"
```
```   562 by blast
```
```   563
```
```   564 lemma field_rel_subset: "r \<subseteq> A*A ==> field(r) \<subseteq> A"
```
```   565 by (erule field_mono [THEN subset_trans], blast)
```
```   566
```
```   567
```
```   568 subsubsection\<open>Images\<close>
```
```   569
```
```   570 lemma image_pair_mono:
```
```   571     "[| !! x y. <x,y>:r ==> <x,y>:s;  A<=B |] ==> r``A \<subseteq> s``B"
```
```   572 by blast
```
```   573
```
```   574 lemma vimage_pair_mono:
```
```   575     "[| !! x y. <x,y>:r ==> <x,y>:s;  A<=B |] ==> r-``A \<subseteq> s-``B"
```
```   576 by blast
```
```   577
```
```   578 lemma image_mono: "[| r<=s;  A<=B |] ==> r``A \<subseteq> s``B"
```
```   579 by blast
```
```   580
```
```   581 lemma vimage_mono: "[| r<=s;  A<=B |] ==> r-``A \<subseteq> s-``B"
```
```   582 by blast
```
```   583
```
```   584 lemma Collect_mono:
```
```   585     "[| A<=B;  !!x. x \<in> A ==> P(x) \<longrightarrow> Q(x) |] ==> Collect(A,P) \<subseteq> Collect(B,Q)"
```
```   586 by blast
```
```   587
```
```   588 (*Used in intr_elim.ML and in individual datatype definitions*)
```
```   589 lemmas basic_monos = subset_refl imp_refl disj_mono conj_mono ex_mono
```
```   590                      Collect_mono Part_mono in_mono
```
```   591
```
```   592 (* Useful with simp; contributed by Clemens Ballarin. *)
```
```   593
```
```   594 lemma bex_image_simp:
```
```   595   "[| f \<in> Pi(X, Y); A \<subseteq> X |]  ==> (\<exists>x\<in>f``A. P(x)) \<longleftrightarrow> (\<exists>x\<in>A. P(f`x))"
```
```   596   apply safe
```
```   597    apply rule
```
```   598     prefer 2 apply assumption
```
```   599    apply (simp add: apply_equality)
```
```   600   apply (blast intro: apply_Pair)
```
```   601   done
```
```   602
```
```   603 lemma ball_image_simp:
```
```   604   "[| f \<in> Pi(X, Y); A \<subseteq> X |]  ==> (\<forall>x\<in>f``A. P(x)) \<longleftrightarrow> (\<forall>x\<in>A. P(f`x))"
```
```   605   apply safe
```
```   606    apply (blast intro: apply_Pair)
```
```   607   apply (drule bspec) apply assumption
```
```   608   apply (simp add: apply_equality)
```
```   609   done
```
```   610
```
```   611 end
```