src/HOL/Probability/Probability_Mass_Function.thy
 author nipkow Mon Oct 17 11:46:22 2016 +0200 (2016-10-17) changeset 64267 b9a1486e79be parent 64008 17a20ca86d62 child 64634 5bd30359e46e permissions -rw-r--r--
setsum -> sum
1 (*  Title:      HOL/Probability/Probability_Mass_Function.thy
2     Author:     Johannes Hölzl, TU München
3     Author:     Andreas Lochbihler, ETH Zurich
4 *)
6 section \<open> Probability mass function \<close>
8 theory Probability_Mass_Function
9 imports
11   "~~/src/HOL/Library/Multiset"
12 begin
14 lemma AE_emeasure_singleton:
15   assumes x: "emeasure M {x} \<noteq> 0" and ae: "AE x in M. P x" shows "P x"
16 proof -
17   from x have x_M: "{x} \<in> sets M"
18     by (auto intro: emeasure_notin_sets)
19   from ae obtain N where N: "{x\<in>space M. \<not> P x} \<subseteq> N" "emeasure M N = 0" "N \<in> sets M"
20     by (auto elim: AE_E)
21   { assume "\<not> P x"
22     with x_M[THEN sets.sets_into_space] N have "emeasure M {x} \<le> emeasure M N"
23       by (intro emeasure_mono) auto
24     with x N have False
25       by (auto simp:) }
26   then show "P x" by auto
27 qed
29 lemma AE_measure_singleton: "measure M {x} \<noteq> 0 \<Longrightarrow> AE x in M. P x \<Longrightarrow> P x"
30   by (metis AE_emeasure_singleton measure_def emeasure_empty measure_empty)
32 lemma (in finite_measure) AE_support_countable:
33   assumes [simp]: "sets M = UNIV"
34   shows "(AE x in M. measure M {x} \<noteq> 0) \<longleftrightarrow> (\<exists>S. countable S \<and> (AE x in M. x \<in> S))"
35 proof
36   assume "\<exists>S. countable S \<and> (AE x in M. x \<in> S)"
37   then obtain S where S[intro]: "countable S" and ae: "AE x in M. x \<in> S"
38     by auto
39   then have "emeasure M (\<Union>x\<in>{x\<in>S. emeasure M {x} \<noteq> 0}. {x}) =
40     (\<integral>\<^sup>+ x. emeasure M {x} * indicator {x\<in>S. emeasure M {x} \<noteq> 0} x \<partial>count_space UNIV)"
41     by (subst emeasure_UN_countable)
42        (auto simp: disjoint_family_on_def nn_integral_restrict_space[symmetric] restrict_count_space)
43   also have "\<dots> = (\<integral>\<^sup>+ x. emeasure M {x} * indicator S x \<partial>count_space UNIV)"
44     by (auto intro!: nn_integral_cong split: split_indicator)
45   also have "\<dots> = emeasure M (\<Union>x\<in>S. {x})"
46     by (subst emeasure_UN_countable)
47        (auto simp: disjoint_family_on_def nn_integral_restrict_space[symmetric] restrict_count_space)
48   also have "\<dots> = emeasure M (space M)"
49     using ae by (intro emeasure_eq_AE) auto
50   finally have "emeasure M {x \<in> space M. x\<in>S \<and> emeasure M {x} \<noteq> 0} = emeasure M (space M)"
51     by (simp add: emeasure_single_in_space cong: rev_conj_cong)
52   with finite_measure_compl[of "{x \<in> space M. x\<in>S \<and> emeasure M {x} \<noteq> 0}"]
53   have "AE x in M. x \<in> S \<and> emeasure M {x} \<noteq> 0"
54     by (intro AE_I[OF order_refl]) (auto simp: emeasure_eq_measure measure_nonneg set_diff_eq cong: conj_cong)
55   then show "AE x in M. measure M {x} \<noteq> 0"
56     by (auto simp: emeasure_eq_measure)
57 qed (auto intro!: exI[of _ "{x. measure M {x} \<noteq> 0}"] countable_support)
59 subsection \<open> PMF as measure \<close>
61 typedef 'a pmf = "{M :: 'a measure. prob_space M \<and> sets M = UNIV \<and> (AE x in M. measure M {x} \<noteq> 0)}"
62   morphisms measure_pmf Abs_pmf
63   by (intro exI[of _ "uniform_measure (count_space UNIV) {undefined}"])
64      (auto intro!: prob_space_uniform_measure AE_uniform_measureI)
66 declare [[coercion measure_pmf]]
68 lemma prob_space_measure_pmf: "prob_space (measure_pmf p)"
69   using pmf.measure_pmf[of p] by auto
71 interpretation measure_pmf: prob_space "measure_pmf M" for M
72   by (rule prob_space_measure_pmf)
74 interpretation measure_pmf: subprob_space "measure_pmf M" for M
75   by (rule prob_space_imp_subprob_space) unfold_locales
77 lemma subprob_space_measure_pmf: "subprob_space (measure_pmf x)"
78   by unfold_locales
80 locale pmf_as_measure
81 begin
83 setup_lifting type_definition_pmf
85 end
87 context
88 begin
90 interpretation pmf_as_measure .
92 lemma sets_measure_pmf[simp]: "sets (measure_pmf p) = UNIV"
93   by transfer blast
95 lemma sets_measure_pmf_count_space[measurable_cong]:
96   "sets (measure_pmf M) = sets (count_space UNIV)"
97   by simp
99 lemma space_measure_pmf[simp]: "space (measure_pmf p) = UNIV"
100   using sets_eq_imp_space_eq[of "measure_pmf p" "count_space UNIV"] by simp
102 lemma measure_pmf_UNIV [simp]: "measure (measure_pmf p) UNIV = 1"
103 using measure_pmf.prob_space[of p] by simp
105 lemma measure_pmf_in_subprob_algebra[measurable (raw)]: "measure_pmf x \<in> space (subprob_algebra (count_space UNIV))"
106   by (simp add: space_subprob_algebra subprob_space_measure_pmf)
108 lemma measurable_pmf_measure1[simp]: "measurable (M :: 'a pmf) N = UNIV \<rightarrow> space N"
109   by (auto simp: measurable_def)
111 lemma measurable_pmf_measure2[simp]: "measurable N (M :: 'a pmf) = measurable N (count_space UNIV)"
112   by (intro measurable_cong_sets) simp_all
114 lemma measurable_pair_restrict_pmf2:
115   assumes "countable A"
116   assumes [measurable]: "\<And>y. y \<in> A \<Longrightarrow> (\<lambda>x. f (x, y)) \<in> measurable M L"
117   shows "f \<in> measurable (M \<Otimes>\<^sub>M restrict_space (measure_pmf N) A) L" (is "f \<in> measurable ?M _")
118 proof -
119   have [measurable_cong]: "sets (restrict_space (count_space UNIV) A) = sets (count_space A)"
120     by (simp add: restrict_count_space)
122   show ?thesis
123     by (intro measurable_compose_countable'[where f="\<lambda>a b. f (fst b, a)" and g=snd and I=A,
124                                             unfolded prod.collapse] assms)
125         measurable
126 qed
128 lemma measurable_pair_restrict_pmf1:
129   assumes "countable A"
130   assumes [measurable]: "\<And>x. x \<in> A \<Longrightarrow> (\<lambda>y. f (x, y)) \<in> measurable N L"
131   shows "f \<in> measurable (restrict_space (measure_pmf M) A \<Otimes>\<^sub>M N) L"
132 proof -
133   have [measurable_cong]: "sets (restrict_space (count_space UNIV) A) = sets (count_space A)"
134     by (simp add: restrict_count_space)
136   show ?thesis
137     by (intro measurable_compose_countable'[where f="\<lambda>a b. f (a, snd b)" and g=fst and I=A,
138                                             unfolded prod.collapse] assms)
139         measurable
140 qed
142 lift_definition pmf :: "'a pmf \<Rightarrow> 'a \<Rightarrow> real" is "\<lambda>M x. measure M {x}" .
144 lift_definition set_pmf :: "'a pmf \<Rightarrow> 'a set" is "\<lambda>M. {x. measure M {x} \<noteq> 0}" .
145 declare [[coercion set_pmf]]
147 lemma AE_measure_pmf: "AE x in (M::'a pmf). x \<in> M"
148   by transfer simp
150 lemma emeasure_pmf_single_eq_zero_iff:
151   fixes M :: "'a pmf"
152   shows "emeasure M {y} = 0 \<longleftrightarrow> y \<notin> M"
153   unfolding set_pmf.rep_eq by (simp add: measure_pmf.emeasure_eq_measure)
155 lemma AE_measure_pmf_iff: "(AE x in measure_pmf M. P x) \<longleftrightarrow> (\<forall>y\<in>M. P y)"
156   using AE_measure_singleton[of M] AE_measure_pmf[of M]
157   by (auto simp: set_pmf.rep_eq)
159 lemma AE_pmfI: "(\<And>y. y \<in> set_pmf M \<Longrightarrow> P y) \<Longrightarrow> almost_everywhere (measure_pmf M) P"
160 by(simp add: AE_measure_pmf_iff)
162 lemma countable_set_pmf [simp]: "countable (set_pmf p)"
163   by transfer (metis prob_space.finite_measure finite_measure.countable_support)
165 lemma pmf_positive: "x \<in> set_pmf p \<Longrightarrow> 0 < pmf p x"
166   by transfer (simp add: less_le)
168 lemma pmf_nonneg[simp]: "0 \<le> pmf p x"
169   by transfer simp
171 lemma pmf_not_neg [simp]: "\<not>pmf p x < 0"
172   by (simp add: not_less pmf_nonneg)
174 lemma pmf_pos [simp]: "pmf p x \<noteq> 0 \<Longrightarrow> pmf p x > 0"
175   using pmf_nonneg[of p x] by linarith
177 lemma pmf_le_1: "pmf p x \<le> 1"
178   by (simp add: pmf.rep_eq)
180 lemma set_pmf_not_empty: "set_pmf M \<noteq> {}"
181   using AE_measure_pmf[of M] by (intro notI) simp
183 lemma set_pmf_iff: "x \<in> set_pmf M \<longleftrightarrow> pmf M x \<noteq> 0"
184   by transfer simp
186 lemma pmf_positive_iff: "0 < pmf p x \<longleftrightarrow> x \<in> set_pmf p"
187   unfolding less_le by (simp add: set_pmf_iff)
189 lemma set_pmf_eq: "set_pmf M = {x. pmf M x \<noteq> 0}"
190   by (auto simp: set_pmf_iff)
192 lemma set_pmf_eq': "set_pmf p = {x. pmf p x > 0}"
193 proof safe
194   fix x assume "x \<in> set_pmf p"
195   hence "pmf p x \<noteq> 0" by (auto simp: set_pmf_eq)
196   with pmf_nonneg[of p x] show "pmf p x > 0" by simp
197 qed (auto simp: set_pmf_eq)
199 lemma emeasure_pmf_single:
200   fixes M :: "'a pmf"
201   shows "emeasure M {x} = pmf M x"
202   by transfer (simp add: finite_measure.emeasure_eq_measure[OF prob_space.finite_measure])
204 lemma measure_pmf_single: "measure (measure_pmf M) {x} = pmf M x"
205   using emeasure_pmf_single[of M x] by(simp add: measure_pmf.emeasure_eq_measure pmf_nonneg measure_nonneg)
207 lemma emeasure_measure_pmf_finite: "finite S \<Longrightarrow> emeasure (measure_pmf M) S = (\<Sum>s\<in>S. pmf M s)"
208   by (subst emeasure_eq_sum_singleton) (auto simp: emeasure_pmf_single pmf_nonneg)
210 lemma measure_measure_pmf_finite: "finite S \<Longrightarrow> measure (measure_pmf M) S = sum (pmf M) S"
211   using emeasure_measure_pmf_finite[of S M]
212   by (simp add: measure_pmf.emeasure_eq_measure measure_nonneg sum_nonneg pmf_nonneg)
214 lemma sum_pmf_eq_1:
215   assumes "finite A" "set_pmf p \<subseteq> A"
216   shows   "(\<Sum>x\<in>A. pmf p x) = 1"
217 proof -
218   have "(\<Sum>x\<in>A. pmf p x) = measure_pmf.prob p A"
219     by (simp add: measure_measure_pmf_finite assms)
220   also from assms have "\<dots> = 1"
221     by (subst measure_pmf.prob_eq_1) (auto simp: AE_measure_pmf_iff)
222   finally show ?thesis .
223 qed
225 lemma nn_integral_measure_pmf_support:
226   fixes f :: "'a \<Rightarrow> ennreal"
227   assumes f: "finite A" and nn: "\<And>x. x \<in> A \<Longrightarrow> 0 \<le> f x" "\<And>x. x \<in> set_pmf M \<Longrightarrow> x \<notin> A \<Longrightarrow> f x = 0"
228   shows "(\<integral>\<^sup>+x. f x \<partial>measure_pmf M) = (\<Sum>x\<in>A. f x * pmf M x)"
229 proof -
230   have "(\<integral>\<^sup>+x. f x \<partial>M) = (\<integral>\<^sup>+x. f x * indicator A x \<partial>M)"
231     using nn by (intro nn_integral_cong_AE) (auto simp: AE_measure_pmf_iff split: split_indicator)
232   also have "\<dots> = (\<Sum>x\<in>A. f x * emeasure M {x})"
233     using assms by (intro nn_integral_indicator_finite) auto
234   finally show ?thesis
235     by (simp add: emeasure_measure_pmf_finite)
236 qed
238 lemma nn_integral_measure_pmf_finite:
239   fixes f :: "'a \<Rightarrow> ennreal"
240   assumes f: "finite (set_pmf M)" and nn: "\<And>x. x \<in> set_pmf M \<Longrightarrow> 0 \<le> f x"
241   shows "(\<integral>\<^sup>+x. f x \<partial>measure_pmf M) = (\<Sum>x\<in>set_pmf M. f x * pmf M x)"
242   using assms by (intro nn_integral_measure_pmf_support) auto
244 lemma integrable_measure_pmf_finite:
245   fixes f :: "'a \<Rightarrow> 'b::{banach, second_countable_topology}"
246   shows "finite (set_pmf M) \<Longrightarrow> integrable M f"
247   by (auto intro!: integrableI_bounded simp: nn_integral_measure_pmf_finite ennreal_mult_less_top)
249 lemma integral_measure_pmf_real:
250   assumes [simp]: "finite A" and "\<And>a. a \<in> set_pmf M \<Longrightarrow> f a \<noteq> 0 \<Longrightarrow> a \<in> A"
251   shows "(\<integral>x. f x \<partial>measure_pmf M) = (\<Sum>a\<in>A. f a * pmf M a)"
252 proof -
253   have "(\<integral>x. f x \<partial>measure_pmf M) = (\<integral>x. f x * indicator A x \<partial>measure_pmf M)"
254     using assms(2) by (intro integral_cong_AE) (auto split: split_indicator simp: AE_measure_pmf_iff)
255   also have "\<dots> = (\<Sum>a\<in>A. f a * pmf M a)"
256     by (subst integral_indicator_finite_real)
257        (auto simp: measure_def emeasure_measure_pmf_finite pmf_nonneg)
258   finally show ?thesis .
259 qed
261 lemma integrable_pmf: "integrable (count_space X) (pmf M)"
262 proof -
263   have " (\<integral>\<^sup>+ x. pmf M x \<partial>count_space X) = (\<integral>\<^sup>+ x. pmf M x \<partial>count_space (M \<inter> X))"
264     by (auto simp add: nn_integral_count_space_indicator set_pmf_iff intro!: nn_integral_cong split: split_indicator)
265   then have "integrable (count_space X) (pmf M) = integrable (count_space (M \<inter> X)) (pmf M)"
266     by (simp add: integrable_iff_bounded pmf_nonneg)
267   then show ?thesis
268     by (simp add: pmf.rep_eq measure_pmf.integrable_measure disjoint_family_on_def)
269 qed
271 lemma integral_pmf: "(\<integral>x. pmf M x \<partial>count_space X) = measure M X"
272 proof -
273   have "(\<integral>x. pmf M x \<partial>count_space X) = (\<integral>\<^sup>+x. pmf M x \<partial>count_space X)"
274     by (simp add: pmf_nonneg integrable_pmf nn_integral_eq_integral)
275   also have "\<dots> = (\<integral>\<^sup>+x. emeasure M {x} \<partial>count_space (X \<inter> M))"
276     by (auto intro!: nn_integral_cong_AE split: split_indicator
277              simp: pmf.rep_eq measure_pmf.emeasure_eq_measure nn_integral_count_space_indicator
278                    AE_count_space set_pmf_iff)
279   also have "\<dots> = emeasure M (X \<inter> M)"
280     by (rule emeasure_countable_singleton[symmetric]) (auto intro: countable_set_pmf)
281   also have "\<dots> = emeasure M X"
282     by (auto intro!: emeasure_eq_AE simp: AE_measure_pmf_iff)
283   finally show ?thesis
284     by (simp add: measure_pmf.emeasure_eq_measure measure_nonneg integral_nonneg pmf_nonneg)
285 qed
287 lemma integral_pmf_restrict:
288   "(f::'a \<Rightarrow> 'b::{banach, second_countable_topology}) \<in> borel_measurable (count_space UNIV) \<Longrightarrow>
289     (\<integral>x. f x \<partial>measure_pmf M) = (\<integral>x. f x \<partial>restrict_space M M)"
290   by (auto intro!: integral_cong_AE simp add: integral_restrict_space AE_measure_pmf_iff)
292 lemma emeasure_pmf: "emeasure (M::'a pmf) M = 1"
293 proof -
294   have "emeasure (M::'a pmf) M = emeasure (M::'a pmf) (space M)"
295     by (intro emeasure_eq_AE) (simp_all add: AE_measure_pmf)
296   then show ?thesis
297     using measure_pmf.emeasure_space_1 by simp
298 qed
300 lemma emeasure_pmf_UNIV [simp]: "emeasure (measure_pmf M) UNIV = 1"
301 using measure_pmf.emeasure_space_1[of M] by simp
303 lemma in_null_sets_measure_pmfI:
304   "A \<inter> set_pmf p = {} \<Longrightarrow> A \<in> null_sets (measure_pmf p)"
305 using emeasure_eq_0_AE[where ?P="\<lambda>x. x \<in> A" and M="measure_pmf p"]
306 by(auto simp add: null_sets_def AE_measure_pmf_iff)
308 lemma measure_subprob: "measure_pmf M \<in> space (subprob_algebra (count_space UNIV))"
309   by (simp add: space_subprob_algebra subprob_space_measure_pmf)
311 subsection \<open> Monad Interpretation \<close>
313 lemma measurable_measure_pmf[measurable]:
314   "(\<lambda>x. measure_pmf (M x)) \<in> measurable (count_space UNIV) (subprob_algebra (count_space UNIV))"
315   by (auto simp: space_subprob_algebra intro!: prob_space_imp_subprob_space) unfold_locales
317 lemma bind_measure_pmf_cong:
318   assumes "\<And>x. A x \<in> space (subprob_algebra N)" "\<And>x. B x \<in> space (subprob_algebra N)"
319   assumes "\<And>i. i \<in> set_pmf x \<Longrightarrow> A i = B i"
320   shows "bind (measure_pmf x) A = bind (measure_pmf x) B"
321 proof (rule measure_eqI)
322   show "sets (measure_pmf x \<bind> A) = sets (measure_pmf x \<bind> B)"
323     using assms by (subst (1 2) sets_bind) (auto simp: space_subprob_algebra)
324 next
325   fix X assume "X \<in> sets (measure_pmf x \<bind> A)"
326   then have X: "X \<in> sets N"
327     using assms by (subst (asm) sets_bind) (auto simp: space_subprob_algebra)
328   show "emeasure (measure_pmf x \<bind> A) X = emeasure (measure_pmf x \<bind> B) X"
329     using assms
330     by (subst (1 2) emeasure_bind[where N=N, OF _ _ X])
331        (auto intro!: nn_integral_cong_AE simp: AE_measure_pmf_iff)
332 qed
334 lift_definition bind_pmf :: "'a pmf \<Rightarrow> ('a \<Rightarrow> 'b pmf ) \<Rightarrow> 'b pmf" is bind
335 proof (clarify, intro conjI)
336   fix f :: "'a measure" and g :: "'a \<Rightarrow> 'b measure"
337   assume "prob_space f"
338   then interpret f: prob_space f .
339   assume "sets f = UNIV" and ae_f: "AE x in f. measure f {x} \<noteq> 0"
340   then have s_f[simp]: "sets f = sets (count_space UNIV)"
341     by simp
342   assume g: "\<And>x. prob_space (g x) \<and> sets (g x) = UNIV \<and> (AE y in g x. measure (g x) {y} \<noteq> 0)"
343   then have g: "\<And>x. prob_space (g x)" and s_g[simp]: "\<And>x. sets (g x) = sets (count_space UNIV)"
344     and ae_g: "\<And>x. AE y in g x. measure (g x) {y} \<noteq> 0"
345     by auto
347   have [measurable]: "g \<in> measurable f (subprob_algebra (count_space UNIV))"
348     by (auto simp: measurable_def space_subprob_algebra prob_space_imp_subprob_space g)
350   show "prob_space (f \<bind> g)"
351     using g by (intro f.prob_space_bind[where S="count_space UNIV"]) auto
352   then interpret fg: prob_space "f \<bind> g" .
353   show [simp]: "sets (f \<bind> g) = UNIV"
354     using sets_eq_imp_space_eq[OF s_f]
355     by (subst sets_bind[where N="count_space UNIV"]) auto
356   show "AE x in f \<bind> g. measure (f \<bind> g) {x} \<noteq> 0"
357     apply (simp add: fg.prob_eq_0 AE_bind[where B="count_space UNIV"])
358     using ae_f
359     apply eventually_elim
360     using ae_g
361     apply eventually_elim
362     apply (auto dest: AE_measure_singleton)
363     done
364 qed
368 lemma ennreal_pmf_bind: "pmf (bind_pmf N f) i = (\<integral>\<^sup>+x. pmf (f x) i \<partial>measure_pmf N)"
369   unfolding pmf.rep_eq bind_pmf.rep_eq
370   by (auto simp: measure_pmf.measure_bind[where N="count_space UNIV"] measure_subprob measure_nonneg
371            intro!: nn_integral_eq_integral[symmetric] measure_pmf.integrable_const_bound[where B=1])
373 lemma pmf_bind: "pmf (bind_pmf N f) i = (\<integral>x. pmf (f x) i \<partial>measure_pmf N)"
374   using ennreal_pmf_bind[of N f i]
375   by (subst (asm) nn_integral_eq_integral)
376      (auto simp: pmf_nonneg pmf_le_1 pmf_nonneg integral_nonneg
377            intro!: nn_integral_eq_integral[symmetric] measure_pmf.integrable_const_bound[where B=1])
379 lemma bind_pmf_const[simp]: "bind_pmf M (\<lambda>x. c) = c"
380   by transfer (simp add: bind_const' prob_space_imp_subprob_space)
382 lemma set_bind_pmf[simp]: "set_pmf (bind_pmf M N) = (\<Union>M\<in>set_pmf M. set_pmf (N M))"
383 proof -
384   have "set_pmf (bind_pmf M N) = {x. ennreal (pmf (bind_pmf M N) x) \<noteq> 0}"
385     by (simp add: set_pmf_eq pmf_nonneg)
386   also have "\<dots> = (\<Union>M\<in>set_pmf M. set_pmf (N M))"
387     unfolding ennreal_pmf_bind
388     by (subst nn_integral_0_iff_AE) (auto simp: AE_measure_pmf_iff pmf_nonneg set_pmf_eq)
389   finally show ?thesis .
390 qed
392 lemma bind_pmf_cong [fundef_cong]:
393   assumes "p = q"
394   shows "(\<And>x. x \<in> set_pmf q \<Longrightarrow> f x = g x) \<Longrightarrow> bind_pmf p f = bind_pmf q g"
395   unfolding \<open>p = q\<close>[symmetric] measure_pmf_inject[symmetric] bind_pmf.rep_eq
396   by (auto simp: AE_measure_pmf_iff Pi_iff space_subprob_algebra subprob_space_measure_pmf
397                  sets_bind[where N="count_space UNIV"] emeasure_bind[where N="count_space UNIV"]
398            intro!: nn_integral_cong_AE measure_eqI)
400 lemma bind_pmf_cong_simp:
401   "p = q \<Longrightarrow> (\<And>x. x \<in> set_pmf q =simp=> f x = g x) \<Longrightarrow> bind_pmf p f = bind_pmf q g"
402   by (simp add: simp_implies_def cong: bind_pmf_cong)
404 lemma measure_pmf_bind: "measure_pmf (bind_pmf M f) = (measure_pmf M \<bind> (\<lambda>x. measure_pmf (f x)))"
405   by transfer simp
407 lemma nn_integral_bind_pmf[simp]: "(\<integral>\<^sup>+x. f x \<partial>bind_pmf M N) = (\<integral>\<^sup>+x. \<integral>\<^sup>+y. f y \<partial>N x \<partial>M)"
408   using measurable_measure_pmf[of N]
409   unfolding measure_pmf_bind
410   apply (intro nn_integral_bind[where B="count_space UNIV"])
411   apply auto
412   done
414 lemma emeasure_bind_pmf[simp]: "emeasure (bind_pmf M N) X = (\<integral>\<^sup>+x. emeasure (N x) X \<partial>M)"
415   using measurable_measure_pmf[of N]
416   unfolding measure_pmf_bind
417   by (subst emeasure_bind[where N="count_space UNIV"]) auto
419 lift_definition return_pmf :: "'a \<Rightarrow> 'a pmf" is "return (count_space UNIV)"
420   by (auto intro!: prob_space_return simp: AE_return measure_return)
422 lemma bind_return_pmf: "bind_pmf (return_pmf x) f = f x"
423   by transfer
424      (auto intro!: prob_space_imp_subprob_space bind_return[where N="count_space UNIV"]
425            simp: space_subprob_algebra)
427 lemma set_return_pmf[simp]: "set_pmf (return_pmf x) = {x}"
428   by transfer (auto simp add: measure_return split: split_indicator)
430 lemma bind_return_pmf': "bind_pmf N return_pmf = N"
431 proof (transfer, clarify)
432   fix N :: "'a measure" assume "sets N = UNIV" then show "N \<bind> return (count_space UNIV) = N"
433     by (subst return_sets_cong[where N=N]) (simp_all add: bind_return')
434 qed
436 lemma bind_assoc_pmf: "bind_pmf (bind_pmf A B) C = bind_pmf A (\<lambda>x. bind_pmf (B x) C)"
437   by transfer
438      (auto intro!: bind_assoc[where N="count_space UNIV" and R="count_space UNIV"]
439            simp: measurable_def space_subprob_algebra prob_space_imp_subprob_space)
441 definition "map_pmf f M = bind_pmf M (\<lambda>x. return_pmf (f x))"
443 lemma map_bind_pmf: "map_pmf f (bind_pmf M g) = bind_pmf M (\<lambda>x. map_pmf f (g x))"
444   by (simp add: map_pmf_def bind_assoc_pmf)
446 lemma bind_map_pmf: "bind_pmf (map_pmf f M) g = bind_pmf M (\<lambda>x. g (f x))"
447   by (simp add: map_pmf_def bind_assoc_pmf bind_return_pmf)
449 lemma map_pmf_transfer[transfer_rule]:
450   "rel_fun op = (rel_fun cr_pmf cr_pmf) (\<lambda>f M. distr M (count_space UNIV) f) map_pmf"
451 proof -
452   have "rel_fun op = (rel_fun pmf_as_measure.cr_pmf pmf_as_measure.cr_pmf)
453      (\<lambda>f M. M \<bind> (return (count_space UNIV) o f)) map_pmf"
454     unfolding map_pmf_def[abs_def] comp_def by transfer_prover
455   then show ?thesis
456     by (force simp: rel_fun_def cr_pmf_def bind_return_distr)
457 qed
459 lemma map_pmf_rep_eq:
460   "measure_pmf (map_pmf f M) = distr (measure_pmf M) (count_space UNIV) f"
461   unfolding map_pmf_def bind_pmf.rep_eq comp_def return_pmf.rep_eq
462   using bind_return_distr[of M f "count_space UNIV"] by (simp add: comp_def)
464 lemma map_pmf_id[simp]: "map_pmf id = id"
465   by (rule, transfer) (auto simp: emeasure_distr measurable_def intro!: measure_eqI)
467 lemma map_pmf_ident[simp]: "map_pmf (\<lambda>x. x) = (\<lambda>x. x)"
468   using map_pmf_id unfolding id_def .
470 lemma map_pmf_compose: "map_pmf (f \<circ> g) = map_pmf f \<circ> map_pmf g"
471   by (rule, transfer) (simp add: distr_distr[symmetric, where N="count_space UNIV"] measurable_def)
473 lemma map_pmf_comp: "map_pmf f (map_pmf g M) = map_pmf (\<lambda>x. f (g x)) M"
474   using map_pmf_compose[of f g] by (simp add: comp_def)
476 lemma map_pmf_cong: "p = q \<Longrightarrow> (\<And>x. x \<in> set_pmf q \<Longrightarrow> f x = g x) \<Longrightarrow> map_pmf f p = map_pmf g q"
477   unfolding map_pmf_def by (rule bind_pmf_cong) auto
479 lemma pmf_set_map: "set_pmf \<circ> map_pmf f = op ` f \<circ> set_pmf"
480   by (auto simp add: comp_def fun_eq_iff map_pmf_def)
482 lemma set_map_pmf[simp]: "set_pmf (map_pmf f M) = f`set_pmf M"
483   using pmf_set_map[of f] by (auto simp: comp_def fun_eq_iff)
485 lemma emeasure_map_pmf[simp]: "emeasure (map_pmf f M) X = emeasure M (f -` X)"
486   unfolding map_pmf_rep_eq by (subst emeasure_distr) auto
488 lemma measure_map_pmf[simp]: "measure (map_pmf f M) X = measure M (f -` X)"
489 using emeasure_map_pmf[of f M X] by(simp add: measure_pmf.emeasure_eq_measure measure_nonneg)
491 lemma nn_integral_map_pmf[simp]: "(\<integral>\<^sup>+x. f x \<partial>map_pmf g M) = (\<integral>\<^sup>+x. f (g x) \<partial>M)"
492   unfolding map_pmf_rep_eq by (intro nn_integral_distr) auto
494 lemma ennreal_pmf_map: "pmf (map_pmf f p) x = (\<integral>\<^sup>+ y. indicator (f -` {x}) y \<partial>measure_pmf p)"
495 proof (transfer fixing: f x)
496   fix p :: "'b measure"
497   presume "prob_space p"
498   then interpret prob_space p .
499   presume "sets p = UNIV"
500   then show "ennreal (measure (distr p (count_space UNIV) f) {x}) = integral\<^sup>N p (indicator (f -` {x}))"
501     by(simp add: measure_distr measurable_def emeasure_eq_measure)
502 qed simp_all
504 lemma pmf_map: "pmf (map_pmf f p) x = measure p (f -` {x})"
505 proof (transfer fixing: f x)
506   fix p :: "'b measure"
507   presume "prob_space p"
508   then interpret prob_space p .
509   presume "sets p = UNIV"
510   then show "measure (distr p (count_space UNIV) f) {x} = measure p (f -` {x})"
511     by(simp add: measure_distr measurable_def emeasure_eq_measure)
512 qed simp_all
514 lemma nn_integral_pmf: "(\<integral>\<^sup>+ x. pmf p x \<partial>count_space A) = emeasure (measure_pmf p) A"
515 proof -
516   have "(\<integral>\<^sup>+ x. pmf p x \<partial>count_space A) = (\<integral>\<^sup>+ x. pmf p x \<partial>count_space (A \<inter> set_pmf p))"
517     by(auto simp add: nn_integral_count_space_indicator indicator_def set_pmf_iff intro: nn_integral_cong)
518   also have "\<dots> = emeasure (measure_pmf p) (\<Union>x\<in>A \<inter> set_pmf p. {x})"
519     by(subst emeasure_UN_countable)(auto simp add: emeasure_pmf_single disjoint_family_on_def)
520   also have "\<dots> = emeasure (measure_pmf p) ((\<Union>x\<in>A \<inter> set_pmf p. {x}) \<union> {x. x \<in> A \<and> x \<notin> set_pmf p})"
521     by(rule emeasure_Un_null_set[symmetric])(auto intro: in_null_sets_measure_pmfI)
522   also have "\<dots> = emeasure (measure_pmf p) A"
523     by(auto intro: arg_cong2[where f=emeasure])
524   finally show ?thesis .
525 qed
527 lemma integral_map_pmf[simp]:
528   fixes f :: "'a \<Rightarrow> 'b::{banach, second_countable_topology}"
529   shows "integral\<^sup>L (map_pmf g p) f = integral\<^sup>L p (\<lambda>x. f (g x))"
530   by (simp add: integral_distr map_pmf_rep_eq)
532 lemma map_return_pmf [simp]: "map_pmf f (return_pmf x) = return_pmf (f x)"
533   by transfer (simp add: distr_return)
535 lemma map_pmf_const[simp]: "map_pmf (\<lambda>_. c) M = return_pmf c"
536   by transfer (auto simp: prob_space.distr_const)
538 lemma pmf_return [simp]: "pmf (return_pmf x) y = indicator {y} x"
539   by transfer (simp add: measure_return)
541 lemma nn_integral_return_pmf[simp]: "0 \<le> f x \<Longrightarrow> (\<integral>\<^sup>+x. f x \<partial>return_pmf x) = f x"
542   unfolding return_pmf.rep_eq by (intro nn_integral_return) auto
544 lemma emeasure_return_pmf[simp]: "emeasure (return_pmf x) X = indicator X x"
545   unfolding return_pmf.rep_eq by (intro emeasure_return) auto
547 lemma measure_return_pmf [simp]: "measure_pmf.prob (return_pmf x) A = indicator A x"
548 proof -
549   have "ennreal (measure_pmf.prob (return_pmf x) A) =
550           emeasure (measure_pmf (return_pmf x)) A"
551     by (simp add: measure_pmf.emeasure_eq_measure)
552   also have "\<dots> = ennreal (indicator A x)" by (simp add: ennreal_indicator)
553   finally show ?thesis by simp
554 qed
556 lemma return_pmf_inj[simp]: "return_pmf x = return_pmf y \<longleftrightarrow> x = y"
557   by (metis insertI1 set_return_pmf singletonD)
559 lemma map_pmf_eq_return_pmf_iff:
560   "map_pmf f p = return_pmf x \<longleftrightarrow> (\<forall>y \<in> set_pmf p. f y = x)"
561 proof
562   assume "map_pmf f p = return_pmf x"
563   then have "set_pmf (map_pmf f p) = set_pmf (return_pmf x)" by simp
564   then show "\<forall>y \<in> set_pmf p. f y = x" by auto
565 next
566   assume "\<forall>y \<in> set_pmf p. f y = x"
567   then show "map_pmf f p = return_pmf x"
568     unfolding map_pmf_const[symmetric, of _ p] by (intro map_pmf_cong) auto
569 qed
571 definition "pair_pmf A B = bind_pmf A (\<lambda>x. bind_pmf B (\<lambda>y. return_pmf (x, y)))"
573 lemma pmf_pair: "pmf (pair_pmf M N) (a, b) = pmf M a * pmf N b"
574   unfolding pair_pmf_def pmf_bind pmf_return
575   apply (subst integral_measure_pmf_real[where A="{b}"])
576   apply (auto simp: indicator_eq_0_iff)
577   apply (subst integral_measure_pmf_real[where A="{a}"])
578   apply (auto simp: indicator_eq_0_iff sum_nonneg_eq_0_iff pmf_nonneg)
579   done
581 lemma set_pair_pmf[simp]: "set_pmf (pair_pmf A B) = set_pmf A \<times> set_pmf B"
582   unfolding pair_pmf_def set_bind_pmf set_return_pmf by auto
584 lemma measure_pmf_in_subprob_space[measurable (raw)]:
585   "measure_pmf M \<in> space (subprob_algebra (count_space UNIV))"
586   by (simp add: space_subprob_algebra) intro_locales
588 lemma nn_integral_pair_pmf': "(\<integral>\<^sup>+x. f x \<partial>pair_pmf A B) = (\<integral>\<^sup>+a. \<integral>\<^sup>+b. f (a, b) \<partial>B \<partial>A)"
589 proof -
590   have "(\<integral>\<^sup>+x. f x \<partial>pair_pmf A B) = (\<integral>\<^sup>+x. f x * indicator (A \<times> B) x \<partial>pair_pmf A B)"
591     by (auto simp: AE_measure_pmf_iff intro!: nn_integral_cong_AE)
592   also have "\<dots> = (\<integral>\<^sup>+a. \<integral>\<^sup>+b. f (a, b) * indicator (A \<times> B) (a, b) \<partial>B \<partial>A)"
593     by (simp add: pair_pmf_def)
594   also have "\<dots> = (\<integral>\<^sup>+a. \<integral>\<^sup>+b. f (a, b) \<partial>B \<partial>A)"
595     by (auto intro!: nn_integral_cong_AE simp: AE_measure_pmf_iff)
596   finally show ?thesis .
597 qed
599 lemma bind_pair_pmf:
600   assumes M[measurable]: "M \<in> measurable (count_space UNIV \<Otimes>\<^sub>M count_space UNIV) (subprob_algebra N)"
601   shows "measure_pmf (pair_pmf A B) \<bind> M = (measure_pmf A \<bind> (\<lambda>x. measure_pmf B \<bind> (\<lambda>y. M (x, y))))"
602     (is "?L = ?R")
603 proof (rule measure_eqI)
604   have M'[measurable]: "M \<in> measurable (pair_pmf A B) (subprob_algebra N)"
605     using M[THEN measurable_space] by (simp_all add: space_pair_measure)
607   note measurable_bind[where N="count_space UNIV", measurable]
608   note measure_pmf_in_subprob_space[simp]
610   have sets_eq_N: "sets ?L = N"
611     by (subst sets_bind[OF sets_kernel[OF M']]) auto
612   show "sets ?L = sets ?R"
613     using measurable_space[OF M]
614     by (simp add: sets_eq_N space_pair_measure space_subprob_algebra)
615   fix X assume "X \<in> sets ?L"
616   then have X[measurable]: "X \<in> sets N"
617     unfolding sets_eq_N .
618   then show "emeasure ?L X = emeasure ?R X"
619     apply (simp add: emeasure_bind[OF _ M' X])
620     apply (simp add: nn_integral_bind[where B="count_space UNIV"] pair_pmf_def measure_pmf_bind[of A]
621                      nn_integral_measure_pmf_finite)
622     apply (subst emeasure_bind[OF _ _ X])
623     apply measurable
624     apply (subst emeasure_bind[OF _ _ X])
625     apply measurable
626     done
627 qed
629 lemma map_fst_pair_pmf: "map_pmf fst (pair_pmf A B) = A"
630   by (simp add: pair_pmf_def map_pmf_def bind_assoc_pmf bind_return_pmf bind_return_pmf')
632 lemma map_snd_pair_pmf: "map_pmf snd (pair_pmf A B) = B"
633   by (simp add: pair_pmf_def map_pmf_def bind_assoc_pmf bind_return_pmf bind_return_pmf')
635 lemma nn_integral_pmf':
636   "inj_on f A \<Longrightarrow> (\<integral>\<^sup>+x. pmf p (f x) \<partial>count_space A) = emeasure p (f ` A)"
637   by (subst nn_integral_bij_count_space[where g=f and B="f`A"])
638      (auto simp: bij_betw_def nn_integral_pmf)
640 lemma pmf_le_0_iff[simp]: "pmf M p \<le> 0 \<longleftrightarrow> pmf M p = 0"
641   using pmf_nonneg[of M p] by arith
643 lemma min_pmf_0[simp]: "min (pmf M p) 0 = 0" "min 0 (pmf M p) = 0"
644   using pmf_nonneg[of M p] by arith+
646 lemma pmf_eq_0_set_pmf: "pmf M p = 0 \<longleftrightarrow> p \<notin> set_pmf M"
647   unfolding set_pmf_iff by simp
649 lemma pmf_map_inj: "inj_on f (set_pmf M) \<Longrightarrow> x \<in> set_pmf M \<Longrightarrow> pmf (map_pmf f M) (f x) = pmf M x"
650   by (auto simp: pmf.rep_eq map_pmf_rep_eq measure_distr AE_measure_pmf_iff inj_onD
651            intro!: measure_pmf.finite_measure_eq_AE)
653 lemma pmf_map_inj': "inj f \<Longrightarrow> pmf (map_pmf f M) (f x) = pmf M x"
654 apply(cases "x \<in> set_pmf M")
655  apply(simp add: pmf_map_inj[OF subset_inj_on])
656 apply(simp add: pmf_eq_0_set_pmf[symmetric])
657 apply(auto simp add: pmf_eq_0_set_pmf dest: injD)
658 done
660 lemma pmf_map_outside: "x \<notin> f ` set_pmf M \<Longrightarrow> pmf (map_pmf f M) x = 0"
661   unfolding pmf_eq_0_set_pmf by simp
663 lemma measurable_set_pmf[measurable]: "Measurable.pred (count_space UNIV) (\<lambda>x. x \<in> set_pmf M)"
664   by simp
666 subsection \<open> PMFs as function \<close>
668 context
669   fixes f :: "'a \<Rightarrow> real"
670   assumes nonneg: "\<And>x. 0 \<le> f x"
671   assumes prob: "(\<integral>\<^sup>+x. f x \<partial>count_space UNIV) = 1"
672 begin
674 lift_definition embed_pmf :: "'a pmf" is "density (count_space UNIV) (ennreal \<circ> f)"
675 proof (intro conjI)
676   have *[simp]: "\<And>x y. ennreal (f y) * indicator {x} y = ennreal (f x) * indicator {x} y"
677     by (simp split: split_indicator)
678   show "AE x in density (count_space UNIV) (ennreal \<circ> f).
679     measure (density (count_space UNIV) (ennreal \<circ> f)) {x} \<noteq> 0"
680     by (simp add: AE_density nonneg measure_def emeasure_density max_def)
681   show "prob_space (density (count_space UNIV) (ennreal \<circ> f))"
682     by standard (simp add: emeasure_density prob)
683 qed simp
685 lemma pmf_embed_pmf: "pmf embed_pmf x = f x"
686 proof transfer
687   have *[simp]: "\<And>x y. ennreal (f y) * indicator {x} y = ennreal (f x) * indicator {x} y"
688     by (simp split: split_indicator)
689   fix x show "measure (density (count_space UNIV) (ennreal \<circ> f)) {x} = f x"
690     by transfer (simp add: measure_def emeasure_density nonneg max_def)
691 qed
693 lemma set_embed_pmf: "set_pmf embed_pmf = {x. f x \<noteq> 0}"
694 by(auto simp add: set_pmf_eq pmf_embed_pmf)
696 end
698 lemma embed_pmf_transfer:
699   "rel_fun (eq_onp (\<lambda>f. (\<forall>x. 0 \<le> f x) \<and> (\<integral>\<^sup>+x. ennreal (f x) \<partial>count_space UNIV) = 1)) pmf_as_measure.cr_pmf (\<lambda>f. density (count_space UNIV) (ennreal \<circ> f)) embed_pmf"
700   by (auto simp: rel_fun_def eq_onp_def embed_pmf.transfer)
702 lemma measure_pmf_eq_density: "measure_pmf p = density (count_space UNIV) (pmf p)"
703 proof (transfer, elim conjE)
704   fix M :: "'a measure" assume [simp]: "sets M = UNIV" and ae: "AE x in M. measure M {x} \<noteq> 0"
705   assume "prob_space M" then interpret prob_space M .
706   show "M = density (count_space UNIV) (\<lambda>x. ennreal (measure M {x}))"
707   proof (rule measure_eqI)
708     fix A :: "'a set"
709     have "(\<integral>\<^sup>+ x. ennreal (measure M {x}) * indicator A x \<partial>count_space UNIV) =
710       (\<integral>\<^sup>+ x. emeasure M {x} * indicator (A \<inter> {x. measure M {x} \<noteq> 0}) x \<partial>count_space UNIV)"
711       by (auto intro!: nn_integral_cong simp: emeasure_eq_measure split: split_indicator)
712     also have "\<dots> = (\<integral>\<^sup>+ x. emeasure M {x} \<partial>count_space (A \<inter> {x. measure M {x} \<noteq> 0}))"
713       by (subst nn_integral_restrict_space[symmetric]) (auto simp: restrict_count_space)
714     also have "\<dots> = emeasure M (\<Union>x\<in>(A \<inter> {x. measure M {x} \<noteq> 0}). {x})"
715       by (intro emeasure_UN_countable[symmetric] countable_Int2 countable_support)
716          (auto simp: disjoint_family_on_def)
717     also have "\<dots> = emeasure M A"
718       using ae by (intro emeasure_eq_AE) auto
719     finally show " emeasure M A = emeasure (density (count_space UNIV) (\<lambda>x. ennreal (measure M {x}))) A"
720       using emeasure_space_1 by (simp add: emeasure_density)
721   qed simp
722 qed
724 lemma td_pmf_embed_pmf:
725   "type_definition pmf embed_pmf {f::'a \<Rightarrow> real. (\<forall>x. 0 \<le> f x) \<and> (\<integral>\<^sup>+x. ennreal (f x) \<partial>count_space UNIV) = 1}"
726   unfolding type_definition_def
727 proof safe
728   fix p :: "'a pmf"
729   have "(\<integral>\<^sup>+ x. 1 \<partial>measure_pmf p) = 1"
730     using measure_pmf.emeasure_space_1[of p] by simp
731   then show *: "(\<integral>\<^sup>+ x. ennreal (pmf p x) \<partial>count_space UNIV) = 1"
732     by (simp add: measure_pmf_eq_density nn_integral_density pmf_nonneg del: nn_integral_const)
734   show "embed_pmf (pmf p) = p"
735     by (intro measure_pmf_inject[THEN iffD1])
736        (simp add: * embed_pmf.rep_eq pmf_nonneg measure_pmf_eq_density[of p] comp_def)
737 next
738   fix f :: "'a \<Rightarrow> real" assume "\<forall>x. 0 \<le> f x" "(\<integral>\<^sup>+x. f x \<partial>count_space UNIV) = 1"
739   then show "pmf (embed_pmf f) = f"
740     by (auto intro!: pmf_embed_pmf)
741 qed (rule pmf_nonneg)
743 end
745 lemma nn_integral_measure_pmf: "(\<integral>\<^sup>+ x. f x \<partial>measure_pmf p) = \<integral>\<^sup>+ x. ennreal (pmf p x) * f x \<partial>count_space UNIV"
746 by(simp add: measure_pmf_eq_density nn_integral_density pmf_nonneg)
748 lemma integral_measure_pmf:
749   fixes f :: "'a \<Rightarrow> 'b::{banach, second_countable_topology}"
750   assumes A: "finite A"
751   shows "(\<And>a. a \<in> set_pmf M \<Longrightarrow> f a \<noteq> 0 \<Longrightarrow> a \<in> A) \<Longrightarrow> (LINT x|M. f x) = (\<Sum>a\<in>A. pmf M a *\<^sub>R f a)"
752   unfolding measure_pmf_eq_density
753   apply (simp add: integral_density)
754   apply (subst lebesgue_integral_count_space_finite_support)
755   apply (auto intro!: finite_subset[OF _ \<open>finite A\<close>] sum.mono_neutral_left simp: pmf_eq_0_set_pmf)
756   done
758 lemma continuous_on_LINT_pmf: -- \<open>This is dominated convergence!?\<close>
759   fixes f :: "'i \<Rightarrow> 'a::topological_space \<Rightarrow> 'b::{banach, second_countable_topology}"
760   assumes f: "\<And>i. i \<in> set_pmf M \<Longrightarrow> continuous_on A (f i)"
761     and bnd: "\<And>a i. a \<in> A \<Longrightarrow> i \<in> set_pmf M \<Longrightarrow> norm (f i a) \<le> B"
762   shows "continuous_on A (\<lambda>a. LINT i|M. f i a)"
763 proof cases
764   assume "finite M" with f show ?thesis
765     using integral_measure_pmf[OF \<open>finite M\<close>]
766     by (subst integral_measure_pmf[OF \<open>finite M\<close>])
767        (auto intro!: continuous_on_sum continuous_on_scaleR continuous_on_const)
768 next
769   assume "infinite M"
770   let ?f = "\<lambda>i x. pmf (map_pmf (to_nat_on M) M) i *\<^sub>R f (from_nat_into M i) x"
772   show ?thesis
773   proof (rule uniform_limit_theorem)
774     show "\<forall>\<^sub>F n in sequentially. continuous_on A (\<lambda>a. \<Sum>i<n. ?f i a)"
775       by (intro always_eventually allI continuous_on_sum continuous_on_scaleR continuous_on_const f
776                 from_nat_into set_pmf_not_empty)
777     show "uniform_limit A (\<lambda>n a. \<Sum>i<n. ?f i a) (\<lambda>a. LINT i|M. f i a) sequentially"
778     proof (subst uniform_limit_cong[where g="\<lambda>n a. \<Sum>i<n. ?f i a"])
779       fix a assume "a \<in> A"
780       have 1: "(LINT i|M. f i a) = (LINT i|map_pmf (to_nat_on M) M. f (from_nat_into M i) a)"
781         by (auto intro!: integral_cong_AE AE_pmfI)
782       have 2: "\<dots> = (LINT i|count_space UNIV. pmf (map_pmf (to_nat_on M) M) i *\<^sub>R f (from_nat_into M i) a)"
783         by (simp add: measure_pmf_eq_density integral_density)
784       have "(\<lambda>n. ?f n a) sums (LINT i|M. f i a)"
785         unfolding 1 2
786       proof (intro sums_integral_count_space_nat)
787         have A: "integrable M (\<lambda>i. f i a)"
788           using \<open>a\<in>A\<close> by (auto intro!: measure_pmf.integrable_const_bound AE_pmfI bnd)
789         have "integrable (map_pmf (to_nat_on M) M) (\<lambda>i. f (from_nat_into M i) a)"
790           by (auto simp add: map_pmf_rep_eq integrable_distr_eq intro!: AE_pmfI integrable_cong_AE_imp[OF A])
791         then show "integrable (count_space UNIV) (\<lambda>n. ?f n a)"
792           by (simp add: measure_pmf_eq_density integrable_density)
793       qed
794       then show "(LINT i|M. f i a) = (\<Sum> n. ?f n a)"
795         by (simp add: sums_unique)
796     next
797       show "uniform_limit A (\<lambda>n a. \<Sum>i<n. ?f i a) (\<lambda>a. (\<Sum> n. ?f n a)) sequentially"
798       proof (rule weierstrass_m_test)
799         fix n a assume "a\<in>A"
800         then show "norm (?f n a) \<le> pmf (map_pmf (to_nat_on M) M) n * B"
801           using bnd by (auto intro!: mult_mono simp: from_nat_into set_pmf_not_empty)
802       next
803         have "integrable (map_pmf (to_nat_on M) M) (\<lambda>n. B)"
804           by auto
805         then show "summable (\<lambda>n. pmf (map_pmf (to_nat_on (set_pmf M)) M) n * B)"
806           by (simp add: measure_pmf_eq_density integrable_density integrable_count_space_nat_iff summable_rabs_cancel)
807       qed
808     qed simp
809   qed simp
810 qed
812 lemma continuous_on_LBINT:
813   fixes f :: "real \<Rightarrow> real"
814   assumes f: "\<And>b. a \<le> b \<Longrightarrow> set_integrable lborel {a..b} f"
815   shows "continuous_on UNIV (\<lambda>b. LBINT x:{a..b}. f x)"
816 proof (subst set_borel_integral_eq_integral)
817   { fix b :: real assume "a \<le> b"
818     from f[OF this] have "continuous_on {a..b} (\<lambda>b. integral {a..b} f)"
819       by (intro indefinite_integral_continuous set_borel_integral_eq_integral) }
820   note * = this
822   have "continuous_on (\<Union>b\<in>{a..}. {a <..< b}) (\<lambda>b. integral {a..b} f)"
823   proof (intro continuous_on_open_UN)
824     show "b \<in> {a..} \<Longrightarrow> continuous_on {a<..<b} (\<lambda>b. integral {a..b} f)" for b
825       using *[of b] by (rule continuous_on_subset) auto
826   qed simp
827   also have "(\<Union>b\<in>{a..}. {a <..< b}) = {a <..}"
828     by (auto simp: lt_ex gt_ex less_imp_le) (simp add: Bex_def less_imp_le gt_ex cong: rev_conj_cong)
829   finally have "continuous_on {a+1 ..} (\<lambda>b. integral {a..b} f)"
830     by (rule continuous_on_subset) auto
831   moreover have "continuous_on {a..a+1} (\<lambda>b. integral {a..b} f)"
832     by (rule *) simp
833   moreover
834   have "x \<le> a \<Longrightarrow> {a..x} = (if a = x then {a} else {})" for x
835     by auto
836   then have "continuous_on {..a} (\<lambda>b. integral {a..b} f)"
837     by (subst continuous_on_cong[OF refl, where g="\<lambda>x. 0"]) (auto intro!: continuous_on_const)
838   ultimately have "continuous_on ({..a} \<union> {a..a+1} \<union> {a+1 ..}) (\<lambda>b. integral {a..b} f)"
839     by (intro continuous_on_closed_Un) auto
840   also have "{..a} \<union> {a..a+1} \<union> {a+1 ..} = UNIV"
841     by auto
842   finally show "continuous_on UNIV (\<lambda>b. integral {a..b} f)"
843     by auto
844 next
845   show "set_integrable lborel {a..b} f" for b
846     using f by (cases "a \<le> b") auto
847 qed
849 locale pmf_as_function
850 begin
852 setup_lifting td_pmf_embed_pmf
854 lemma set_pmf_transfer[transfer_rule]:
855   assumes "bi_total A"
856   shows "rel_fun (pcr_pmf A) (rel_set A) (\<lambda>f. {x. f x \<noteq> 0}) set_pmf"
857   using \<open>bi_total A\<close>
858   by (auto simp: pcr_pmf_def cr_pmf_def rel_fun_def rel_set_def bi_total_def Bex_def set_pmf_iff)
859      metis+
861 end
863 context
864 begin
866 interpretation pmf_as_function .
868 lemma pmf_eqI: "(\<And>i. pmf M i = pmf N i) \<Longrightarrow> M = N"
869   by transfer auto
871 lemma pmf_eq_iff: "M = N \<longleftrightarrow> (\<forall>i. pmf M i = pmf N i)"
872   by (auto intro: pmf_eqI)
874 lemma pmf_neq_exists_less:
875   assumes "M \<noteq> N"
876   shows   "\<exists>x. pmf M x < pmf N x"
877 proof (rule ccontr)
878   assume "\<not>(\<exists>x. pmf M x < pmf N x)"
879   hence ge: "pmf M x \<ge> pmf N x" for x by (auto simp: not_less)
880   from assms obtain x where "pmf M x \<noteq> pmf N x" by (auto simp: pmf_eq_iff)
881   with ge[of x] have gt: "pmf M x > pmf N x" by simp
882   have "1 = measure (measure_pmf M) UNIV" by simp
883   also have "\<dots> = measure (measure_pmf N) {x} + measure (measure_pmf N) (UNIV - {x})"
884     by (subst measure_pmf.finite_measure_Union [symmetric]) simp_all
885   also from gt have "measure (measure_pmf N) {x} < measure (measure_pmf M) {x}"
886     by (simp add: measure_pmf_single)
887   also have "measure (measure_pmf N) (UNIV - {x}) \<le> measure (measure_pmf M) (UNIV - {x})"
888     by (subst (1 2) integral_pmf [symmetric])
889        (intro integral_mono integrable_pmf, simp_all add: ge)
890   also have "measure (measure_pmf M) {x} + \<dots> = 1"
891     by (subst measure_pmf.finite_measure_Union [symmetric]) simp_all
892   finally show False by simp_all
893 qed
895 lemma bind_commute_pmf: "bind_pmf A (\<lambda>x. bind_pmf B (C x)) = bind_pmf B (\<lambda>y. bind_pmf A (\<lambda>x. C x y))"
896   unfolding pmf_eq_iff pmf_bind
897 proof
898   fix i
899   interpret B: prob_space "restrict_space B B"
900     by (intro prob_space_restrict_space measure_pmf.emeasure_eq_1_AE)
901        (auto simp: AE_measure_pmf_iff)
902   interpret A: prob_space "restrict_space A A"
903     by (intro prob_space_restrict_space measure_pmf.emeasure_eq_1_AE)
904        (auto simp: AE_measure_pmf_iff)
906   interpret AB: pair_prob_space "restrict_space A A" "restrict_space B B"
907     by unfold_locales
909   have "(\<integral> x. \<integral> y. pmf (C x y) i \<partial>B \<partial>A) = (\<integral> x. (\<integral> y. pmf (C x y) i \<partial>restrict_space B B) \<partial>A)"
910     by (rule Bochner_Integration.integral_cong) (auto intro!: integral_pmf_restrict)
911   also have "\<dots> = (\<integral> x. (\<integral> y. pmf (C x y) i \<partial>restrict_space B B) \<partial>restrict_space A A)"
912     by (intro integral_pmf_restrict B.borel_measurable_lebesgue_integral measurable_pair_restrict_pmf2
913               countable_set_pmf borel_measurable_count_space)
914   also have "\<dots> = (\<integral> y. \<integral> x. pmf (C x y) i \<partial>restrict_space A A \<partial>restrict_space B B)"
915     by (rule AB.Fubini_integral[symmetric])
916        (auto intro!: AB.integrable_const_bound[where B=1] measurable_pair_restrict_pmf2
917              simp: pmf_nonneg pmf_le_1 measurable_restrict_space1)
918   also have "\<dots> = (\<integral> y. \<integral> x. pmf (C x y) i \<partial>restrict_space A A \<partial>B)"
919     by (intro integral_pmf_restrict[symmetric] A.borel_measurable_lebesgue_integral measurable_pair_restrict_pmf2
920               countable_set_pmf borel_measurable_count_space)
921   also have "\<dots> = (\<integral> y. \<integral> x. pmf (C x y) i \<partial>A \<partial>B)"
922     by (rule Bochner_Integration.integral_cong) (auto intro!: integral_pmf_restrict[symmetric])
923   finally show "(\<integral> x. \<integral> y. pmf (C x y) i \<partial>B \<partial>A) = (\<integral> y. \<integral> x. pmf (C x y) i \<partial>A \<partial>B)" .
924 qed
926 lemma pair_map_pmf1: "pair_pmf (map_pmf f A) B = map_pmf (apfst f) (pair_pmf A B)"
927 proof (safe intro!: pmf_eqI)
928   fix a :: "'a" and b :: "'b"
929   have [simp]: "\<And>c d. indicator (apfst f -` {(a, b)}) (c, d) = indicator (f -` {a}) c * (indicator {b} d::ennreal)"
930     by (auto split: split_indicator)
932   have "ennreal (pmf (pair_pmf (map_pmf f A) B) (a, b)) =
933          ennreal (pmf (map_pmf (apfst f) (pair_pmf A B)) (a, b))"
934     unfolding pmf_pair ennreal_pmf_map
935     by (simp add: nn_integral_pair_pmf' max_def emeasure_pmf_single nn_integral_multc pmf_nonneg
936                   emeasure_map_pmf[symmetric] ennreal_mult del: emeasure_map_pmf)
937   then show "pmf (pair_pmf (map_pmf f A) B) (a, b) = pmf (map_pmf (apfst f) (pair_pmf A B)) (a, b)"
938     by (simp add: pmf_nonneg)
939 qed
941 lemma pair_map_pmf2: "pair_pmf A (map_pmf f B) = map_pmf (apsnd f) (pair_pmf A B)"
942 proof (safe intro!: pmf_eqI)
943   fix a :: "'a" and b :: "'b"
944   have [simp]: "\<And>c d. indicator (apsnd f -` {(a, b)}) (c, d) = indicator {a} c * (indicator (f -` {b}) d::ennreal)"
945     by (auto split: split_indicator)
947   have "ennreal (pmf (pair_pmf A (map_pmf f B)) (a, b)) =
948          ennreal (pmf (map_pmf (apsnd f) (pair_pmf A B)) (a, b))"
949     unfolding pmf_pair ennreal_pmf_map
950     by (simp add: nn_integral_pair_pmf' max_def emeasure_pmf_single nn_integral_cmult nn_integral_multc pmf_nonneg
951                   emeasure_map_pmf[symmetric] ennreal_mult del: emeasure_map_pmf)
952   then show "pmf (pair_pmf A (map_pmf f B)) (a, b) = pmf (map_pmf (apsnd f) (pair_pmf A B)) (a, b)"
953     by (simp add: pmf_nonneg)
954 qed
956 lemma map_pair: "map_pmf (\<lambda>(a, b). (f a, g b)) (pair_pmf A B) = pair_pmf (map_pmf f A) (map_pmf g B)"
957   by (simp add: pair_map_pmf2 pair_map_pmf1 map_pmf_comp split_beta')
959 end
961 lemma pair_return_pmf1: "pair_pmf (return_pmf x) y = map_pmf (Pair x) y"
962 by(simp add: pair_pmf_def bind_return_pmf map_pmf_def)
964 lemma pair_return_pmf2: "pair_pmf x (return_pmf y) = map_pmf (\<lambda>x. (x, y)) x"
965 by(simp add: pair_pmf_def bind_return_pmf map_pmf_def)
967 lemma pair_pair_pmf: "pair_pmf (pair_pmf u v) w = map_pmf (\<lambda>(x, (y, z)). ((x, y), z)) (pair_pmf u (pair_pmf v w))"
968 by(simp add: pair_pmf_def bind_return_pmf map_pmf_def bind_assoc_pmf)
970 lemma pair_commute_pmf: "pair_pmf x y = map_pmf (\<lambda>(x, y). (y, x)) (pair_pmf y x)"
971 unfolding pair_pmf_def by(subst bind_commute_pmf)(simp add: map_pmf_def bind_assoc_pmf bind_return_pmf)
973 lemma set_pmf_subset_singleton: "set_pmf p \<subseteq> {x} \<longleftrightarrow> p = return_pmf x"
974 proof(intro iffI pmf_eqI)
975   fix i
976   assume x: "set_pmf p \<subseteq> {x}"
977   hence *: "set_pmf p = {x}" using set_pmf_not_empty[of p] by auto
978   have "ennreal (pmf p x) = \<integral>\<^sup>+ i. indicator {x} i \<partial>p" by(simp add: emeasure_pmf_single)
979   also have "\<dots> = \<integral>\<^sup>+ i. 1 \<partial>p" by(rule nn_integral_cong_AE)(simp add: AE_measure_pmf_iff * )
980   also have "\<dots> = 1" by simp
981   finally show "pmf p i = pmf (return_pmf x) i" using x
982     by(auto split: split_indicator simp add: pmf_eq_0_set_pmf)
983 qed auto
985 lemma bind_eq_return_pmf:
986   "bind_pmf p f = return_pmf x \<longleftrightarrow> (\<forall>y\<in>set_pmf p. f y = return_pmf x)"
987   (is "?lhs \<longleftrightarrow> ?rhs")
988 proof(intro iffI strip)
989   fix y
990   assume y: "y \<in> set_pmf p"
991   assume "?lhs"
992   hence "set_pmf (bind_pmf p f) = {x}" by simp
993   hence "(\<Union>y\<in>set_pmf p. set_pmf (f y)) = {x}" by simp
994   hence "set_pmf (f y) \<subseteq> {x}" using y by auto
995   thus "f y = return_pmf x" by(simp add: set_pmf_subset_singleton)
996 next
997   assume *: ?rhs
998   show ?lhs
999   proof(rule pmf_eqI)
1000     fix i
1001     have "ennreal (pmf (bind_pmf p f) i) = \<integral>\<^sup>+ y. ennreal (pmf (f y) i) \<partial>p"
1002       by (simp add: ennreal_pmf_bind)
1003     also have "\<dots> = \<integral>\<^sup>+ y. ennreal (pmf (return_pmf x) i) \<partial>p"
1004       by(rule nn_integral_cong_AE)(simp add: AE_measure_pmf_iff * )
1005     also have "\<dots> = ennreal (pmf (return_pmf x) i)"
1006       by simp
1007     finally show "pmf (bind_pmf p f) i = pmf (return_pmf x) i"
1008       by (simp add: pmf_nonneg)
1009   qed
1010 qed
1012 lemma pmf_False_conv_True: "pmf p False = 1 - pmf p True"
1013 proof -
1014   have "pmf p False + pmf p True = measure p {False} + measure p {True}"
1015     by(simp add: measure_pmf_single)
1016   also have "\<dots> = measure p ({False} \<union> {True})"
1017     by(subst measure_pmf.finite_measure_Union) simp_all
1018   also have "{False} \<union> {True} = space p" by auto
1019   finally show ?thesis by simp
1020 qed
1022 lemma pmf_True_conv_False: "pmf p True = 1 - pmf p False"
1023 by(simp add: pmf_False_conv_True)
1025 subsection \<open> Conditional Probabilities \<close>
1027 lemma measure_pmf_zero_iff: "measure (measure_pmf p) s = 0 \<longleftrightarrow> set_pmf p \<inter> s = {}"
1028   by (subst measure_pmf.prob_eq_0) (auto simp: AE_measure_pmf_iff)
1030 context
1031   fixes p :: "'a pmf" and s :: "'a set"
1032   assumes not_empty: "set_pmf p \<inter> s \<noteq> {}"
1033 begin
1035 interpretation pmf_as_measure .
1037 lemma emeasure_measure_pmf_not_zero: "emeasure (measure_pmf p) s \<noteq> 0"
1038 proof
1039   assume "emeasure (measure_pmf p) s = 0"
1040   then have "AE x in measure_pmf p. x \<notin> s"
1041     by (rule AE_I[rotated]) auto
1042   with not_empty show False
1043     by (auto simp: AE_measure_pmf_iff)
1044 qed
1046 lemma measure_measure_pmf_not_zero: "measure (measure_pmf p) s \<noteq> 0"
1047   using emeasure_measure_pmf_not_zero by (simp add: measure_pmf.emeasure_eq_measure measure_nonneg)
1049 lift_definition cond_pmf :: "'a pmf" is
1050   "uniform_measure (measure_pmf p) s"
1051 proof (intro conjI)
1052   show "prob_space (uniform_measure (measure_pmf p) s)"
1053     by (intro prob_space_uniform_measure) (auto simp: emeasure_measure_pmf_not_zero)
1054   show "AE x in uniform_measure (measure_pmf p) s. measure (uniform_measure (measure_pmf p) s) {x} \<noteq> 0"
1055     by (simp add: emeasure_measure_pmf_not_zero measure_measure_pmf_not_zero AE_uniform_measure
1056                   AE_measure_pmf_iff set_pmf.rep_eq less_top[symmetric])
1057 qed simp
1059 lemma pmf_cond: "pmf cond_pmf x = (if x \<in> s then pmf p x / measure p s else 0)"
1060   by transfer (simp add: emeasure_measure_pmf_not_zero pmf.rep_eq)
1062 lemma set_cond_pmf[simp]: "set_pmf cond_pmf = set_pmf p \<inter> s"
1063   by (auto simp add: set_pmf_iff pmf_cond measure_measure_pmf_not_zero split: if_split_asm)
1065 end
1067 lemma measure_pmf_posI: "x \<in> set_pmf p \<Longrightarrow> x \<in> A \<Longrightarrow> measure_pmf.prob p A > 0"
1068   using measure_measure_pmf_not_zero[of p A] by (subst zero_less_measure_iff) blast
1070 lemma cond_map_pmf:
1071   assumes "set_pmf p \<inter> f -` s \<noteq> {}"
1072   shows "cond_pmf (map_pmf f p) s = map_pmf f (cond_pmf p (f -` s))"
1073 proof -
1074   have *: "set_pmf (map_pmf f p) \<inter> s \<noteq> {}"
1075     using assms by auto
1076   { fix x
1077     have "ennreal (pmf (map_pmf f (cond_pmf p (f -` s))) x) =
1078       emeasure p (f -` s \<inter> f -` {x}) / emeasure p (f -` s)"
1079       unfolding ennreal_pmf_map cond_pmf.rep_eq[OF assms] by (simp add: nn_integral_uniform_measure)
1080     also have "f -` s \<inter> f -` {x} = (if x \<in> s then f -` {x} else {})"
1081       by auto
1082     also have "emeasure p (if x \<in> s then f -` {x} else {}) / emeasure p (f -` s) =
1083       ennreal (pmf (cond_pmf (map_pmf f p) s) x)"
1084       using measure_measure_pmf_not_zero[OF *]
1085       by (simp add: pmf_cond[OF *] ennreal_pmf_map measure_pmf.emeasure_eq_measure
1086                     divide_ennreal pmf_nonneg measure_nonneg zero_less_measure_iff pmf_map)
1087     finally have "ennreal (pmf (cond_pmf (map_pmf f p) s) x) = ennreal (pmf (map_pmf f (cond_pmf p (f -` s))) x)"
1088       by simp }
1089   then show ?thesis
1090     by (intro pmf_eqI) (simp add: pmf_nonneg)
1091 qed
1093 lemma bind_cond_pmf_cancel:
1094   assumes [simp]: "\<And>x. x \<in> set_pmf p \<Longrightarrow> set_pmf q \<inter> {y. R x y} \<noteq> {}"
1095   assumes [simp]: "\<And>y. y \<in> set_pmf q \<Longrightarrow> set_pmf p \<inter> {x. R x y} \<noteq> {}"
1096   assumes [simp]: "\<And>x y. x \<in> set_pmf p \<Longrightarrow> y \<in> set_pmf q \<Longrightarrow> R x y \<Longrightarrow> measure q {y. R x y} = measure p {x. R x y}"
1097   shows "bind_pmf p (\<lambda>x. cond_pmf q {y. R x y}) = q"
1098 proof (rule pmf_eqI)
1099   fix i
1100   have "ennreal (pmf (bind_pmf p (\<lambda>x. cond_pmf q {y. R x y})) i) =
1101     (\<integral>\<^sup>+x. ennreal (pmf q i / measure p {x. R x i}) * ennreal (indicator {x. R x i} x) \<partial>p)"
1102     by (auto simp add: ennreal_pmf_bind AE_measure_pmf_iff pmf_cond pmf_eq_0_set_pmf pmf_nonneg measure_nonneg
1103              intro!: nn_integral_cong_AE)
1104   also have "\<dots> = (pmf q i * measure p {x. R x i}) / measure p {x. R x i}"
1105     by (simp add: pmf_nonneg measure_nonneg zero_ennreal_def[symmetric] ennreal_indicator
1106                   nn_integral_cmult measure_pmf.emeasure_eq_measure ennreal_mult[symmetric])
1107   also have "\<dots> = pmf q i"
1108     by (cases "pmf q i = 0")
1109        (simp_all add: pmf_eq_0_set_pmf measure_measure_pmf_not_zero pmf_nonneg)
1110   finally show "pmf (bind_pmf p (\<lambda>x. cond_pmf q {y. R x y})) i = pmf q i"
1111     by (simp add: pmf_nonneg)
1112 qed
1114 subsection \<open> Relator \<close>
1116 inductive rel_pmf :: "('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> 'a pmf \<Rightarrow> 'b pmf \<Rightarrow> bool"
1117 for R p q
1118 where
1119   "\<lbrakk> \<And>x y. (x, y) \<in> set_pmf pq \<Longrightarrow> R x y;
1120      map_pmf fst pq = p; map_pmf snd pq = q \<rbrakk>
1121   \<Longrightarrow> rel_pmf R p q"
1123 lemma rel_pmfI:
1124   assumes R: "rel_set R (set_pmf p) (set_pmf q)"
1125   assumes eq: "\<And>x y. x \<in> set_pmf p \<Longrightarrow> y \<in> set_pmf q \<Longrightarrow> R x y \<Longrightarrow>
1126     measure p {x. R x y} = measure q {y. R x y}"
1127   shows "rel_pmf R p q"
1128 proof
1129   let ?pq = "bind_pmf p (\<lambda>x. bind_pmf (cond_pmf q {y. R x y}) (\<lambda>y. return_pmf (x, y)))"
1130   have "\<And>x. x \<in> set_pmf p \<Longrightarrow> set_pmf q \<inter> {y. R x y} \<noteq> {}"
1131     using R by (auto simp: rel_set_def)
1132   then show "\<And>x y. (x, y) \<in> set_pmf ?pq \<Longrightarrow> R x y"
1133     by auto
1134   show "map_pmf fst ?pq = p"
1135     by (simp add: map_bind_pmf bind_return_pmf')
1137   show "map_pmf snd ?pq = q"
1138     using R eq
1139     apply (simp add: bind_cond_pmf_cancel map_bind_pmf bind_return_pmf')
1140     apply (rule bind_cond_pmf_cancel)
1141     apply (auto simp: rel_set_def)
1142     done
1143 qed
1145 lemma rel_pmf_imp_rel_set: "rel_pmf R p q \<Longrightarrow> rel_set R (set_pmf p) (set_pmf q)"
1146   by (force simp add: rel_pmf.simps rel_set_def)
1148 lemma rel_pmfD_measure:
1149   assumes rel_R: "rel_pmf R p q" and R: "\<And>a b. R a b \<Longrightarrow> R a y \<longleftrightarrow> R x b"
1150   assumes "x \<in> set_pmf p" "y \<in> set_pmf q"
1151   shows "measure p {x. R x y} = measure q {y. R x y}"
1152 proof -
1153   from rel_R obtain pq where pq: "\<And>x y. (x, y) \<in> set_pmf pq \<Longrightarrow> R x y"
1154     and eq: "p = map_pmf fst pq" "q = map_pmf snd pq"
1155     by (auto elim: rel_pmf.cases)
1156   have "measure p {x. R x y} = measure pq {x. R (fst x) y}"
1157     by (simp add: eq map_pmf_rep_eq measure_distr)
1158   also have "\<dots> = measure pq {y. R x (snd y)}"
1159     by (intro measure_pmf.finite_measure_eq_AE)
1160        (auto simp: AE_measure_pmf_iff R dest!: pq)
1161   also have "\<dots> = measure q {y. R x y}"
1162     by (simp add: eq map_pmf_rep_eq measure_distr)
1163   finally show "measure p {x. R x y} = measure q {y. R x y}" .
1164 qed
1166 lemma rel_pmf_measureD:
1167   assumes "rel_pmf R p q"
1168   shows "measure (measure_pmf p) A \<le> measure (measure_pmf q) {y. \<exists>x\<in>A. R x y}" (is "?lhs \<le> ?rhs")
1169 using assms
1170 proof cases
1171   fix pq
1172   assume R: "\<And>x y. (x, y) \<in> set_pmf pq \<Longrightarrow> R x y"
1173     and p[symmetric]: "map_pmf fst pq = p"
1174     and q[symmetric]: "map_pmf snd pq = q"
1175   have "?lhs = measure (measure_pmf pq) (fst -` A)" by(simp add: p)
1176   also have "\<dots> \<le> measure (measure_pmf pq) {y. \<exists>x\<in>A. R x (snd y)}"
1177     by(rule measure_pmf.finite_measure_mono_AE)(auto 4 3 simp add: AE_measure_pmf_iff dest: R)
1178   also have "\<dots> = ?rhs" by(simp add: q)
1179   finally show ?thesis .
1180 qed
1182 lemma rel_pmf_iff_measure:
1183   assumes "symp R" "transp R"
1184   shows "rel_pmf R p q \<longleftrightarrow>
1185     rel_set R (set_pmf p) (set_pmf q) \<and>
1186     (\<forall>x\<in>set_pmf p. \<forall>y\<in>set_pmf q. R x y \<longrightarrow> measure p {x. R x y} = measure q {y. R x y})"
1187   by (safe intro!: rel_pmf_imp_rel_set rel_pmfI)
1188      (auto intro!: rel_pmfD_measure dest: sympD[OF \<open>symp R\<close>] transpD[OF \<open>transp R\<close>])
1190 lemma quotient_rel_set_disjoint:
1191   "equivp R \<Longrightarrow> C \<in> UNIV // {(x, y). R x y} \<Longrightarrow> rel_set R A B \<Longrightarrow> A \<inter> C = {} \<longleftrightarrow> B \<inter> C = {}"
1192   using in_quotient_imp_closed[of UNIV "{(x, y). R x y}" C]
1193   by (auto 0 0 simp: equivp_equiv rel_set_def set_eq_iff elim: equivpE)
1194      (blast dest: equivp_symp)+
1196 lemma quotientD: "equiv X R \<Longrightarrow> A \<in> X // R \<Longrightarrow> x \<in> A \<Longrightarrow> A = R `` {x}"
1197   by (metis Image_singleton_iff equiv_class_eq_iff quotientE)
1199 lemma rel_pmf_iff_equivp:
1200   assumes "equivp R"
1201   shows "rel_pmf R p q \<longleftrightarrow> (\<forall>C\<in>UNIV // {(x, y). R x y}. measure p C = measure q C)"
1202     (is "_ \<longleftrightarrow>   (\<forall>C\<in>_//?R. _)")
1203 proof (subst rel_pmf_iff_measure, safe)
1204   show "symp R" "transp R"
1205     using assms by (auto simp: equivp_reflp_symp_transp)
1206 next
1207   fix C assume C: "C \<in> UNIV // ?R" and R: "rel_set R (set_pmf p) (set_pmf q)"
1208   assume eq: "\<forall>x\<in>set_pmf p. \<forall>y\<in>set_pmf q. R x y \<longrightarrow> measure p {x. R x y} = measure q {y. R x y}"
1210   show "measure p C = measure q C"
1211   proof (cases "p \<inter> C = {}")
1212     case True
1213     then have "q \<inter> C = {}"
1214       using quotient_rel_set_disjoint[OF assms C R] by simp
1215     with True show ?thesis
1216       unfolding measure_pmf_zero_iff[symmetric] by simp
1217   next
1218     case False
1219     then have "q \<inter> C \<noteq> {}"
1220       using quotient_rel_set_disjoint[OF assms C R] by simp
1221     with False obtain x y where in_set: "x \<in> set_pmf p" "y \<in> set_pmf q" and in_C: "x \<in> C" "y \<in> C"
1222       by auto
1223     then have "R x y"
1224       using in_quotient_imp_in_rel[of UNIV ?R C x y] C assms
1225       by (simp add: equivp_equiv)
1226     with in_set eq have "measure p {x. R x y} = measure q {y. R x y}"
1227       by auto
1228     moreover have "{y. R x y} = C"
1229       using assms \<open>x \<in> C\<close> C quotientD[of UNIV ?R C x] by (simp add: equivp_equiv)
1230     moreover have "{x. R x y} = C"
1231       using assms \<open>y \<in> C\<close> C quotientD[of UNIV "?R" C y] sympD[of R]
1232       by (auto simp add: equivp_equiv elim: equivpE)
1233     ultimately show ?thesis
1234       by auto
1235   qed
1236 next
1237   assume eq: "\<forall>C\<in>UNIV // ?R. measure p C = measure q C"
1238   show "rel_set R (set_pmf p) (set_pmf q)"
1239     unfolding rel_set_def
1240   proof safe
1241     fix x assume x: "x \<in> set_pmf p"
1242     have "{y. R x y} \<in> UNIV // ?R"
1243       by (auto simp: quotient_def)
1244     with eq have *: "measure q {y. R x y} = measure p {y. R x y}"
1245       by auto
1246     have "measure q {y. R x y} \<noteq> 0"
1247       using x assms unfolding * by (auto simp: measure_pmf_zero_iff set_eq_iff dest: equivp_reflp)
1248     then show "\<exists>y\<in>set_pmf q. R x y"
1249       unfolding measure_pmf_zero_iff by auto
1250   next
1251     fix y assume y: "y \<in> set_pmf q"
1252     have "{x. R x y} \<in> UNIV // ?R"
1253       using assms by (auto simp: quotient_def dest: equivp_symp)
1254     with eq have *: "measure p {x. R x y} = measure q {x. R x y}"
1255       by auto
1256     have "measure p {x. R x y} \<noteq> 0"
1257       using y assms unfolding * by (auto simp: measure_pmf_zero_iff set_eq_iff dest: equivp_reflp)
1258     then show "\<exists>x\<in>set_pmf p. R x y"
1259       unfolding measure_pmf_zero_iff by auto
1260   qed
1262   fix x y assume "x \<in> set_pmf p" "y \<in> set_pmf q" "R x y"
1263   have "{y. R x y} \<in> UNIV // ?R" "{x. R x y} = {y. R x y}"
1264     using assms \<open>R x y\<close> by (auto simp: quotient_def dest: equivp_symp equivp_transp)
1265   with eq show "measure p {x. R x y} = measure q {y. R x y}"
1266     by auto
1267 qed
1269 bnf pmf: "'a pmf" map: map_pmf sets: set_pmf bd : "natLeq" rel: rel_pmf
1270 proof -
1271   show "map_pmf id = id" by (rule map_pmf_id)
1272   show "\<And>f g. map_pmf (f \<circ> g) = map_pmf f \<circ> map_pmf g" by (rule map_pmf_compose)
1273   show "\<And>f g::'a \<Rightarrow> 'b. \<And>p. (\<And>x. x \<in> set_pmf p \<Longrightarrow> f x = g x) \<Longrightarrow> map_pmf f p = map_pmf g p"
1274     by (intro map_pmf_cong refl)
1276   show "\<And>f::'a \<Rightarrow> 'b. set_pmf \<circ> map_pmf f = op ` f \<circ> set_pmf"
1277     by (rule pmf_set_map)
1279   show "(card_of (set_pmf p), natLeq) \<in> ordLeq" for p :: "'s pmf"
1280   proof -
1281     have "(card_of (set_pmf p), card_of (UNIV :: nat set)) \<in> ordLeq"
1282       by (rule card_of_ordLeqI[where f="to_nat_on (set_pmf p)"])
1283          (auto intro: countable_set_pmf)
1284     also have "(card_of (UNIV :: nat set), natLeq) \<in> ordLeq"
1285       by (metis Field_natLeq card_of_least natLeq_Well_order)
1286     finally show ?thesis .
1287   qed
1289   show "\<And>R. rel_pmf R = (\<lambda>x y. \<exists>z. set_pmf z \<subseteq> {(x, y). R x y} \<and>
1290     map_pmf fst z = x \<and> map_pmf snd z = y)"
1291      by (auto simp add: fun_eq_iff rel_pmf.simps)
1293   show "rel_pmf R OO rel_pmf S \<le> rel_pmf (R OO S)"
1294     for R :: "'a \<Rightarrow> 'b \<Rightarrow> bool" and S :: "'b \<Rightarrow> 'c \<Rightarrow> bool"
1295   proof -
1296     { fix p q r
1297       assume pq: "rel_pmf R p q"
1298         and qr:"rel_pmf S q r"
1299       from pq obtain pq where pq: "\<And>x y. (x, y) \<in> set_pmf pq \<Longrightarrow> R x y"
1300         and p: "p = map_pmf fst pq" and q: "q = map_pmf snd pq" by cases auto
1301       from qr obtain qr where qr: "\<And>y z. (y, z) \<in> set_pmf qr \<Longrightarrow> S y z"
1302         and q': "q = map_pmf fst qr" and r: "r = map_pmf snd qr" by cases auto
1304       define pr where "pr =
1305         bind_pmf pq (\<lambda>xy. bind_pmf (cond_pmf qr {yz. fst yz = snd xy})
1306           (\<lambda>yz. return_pmf (fst xy, snd yz)))"
1307       have pr_welldefined: "\<And>y. y \<in> q \<Longrightarrow> qr \<inter> {yz. fst yz = y} \<noteq> {}"
1308         by (force simp: q')
1310       have "rel_pmf (R OO S) p r"
1311       proof (rule rel_pmf.intros)
1312         fix x z assume "(x, z) \<in> pr"
1313         then have "\<exists>y. (x, y) \<in> pq \<and> (y, z) \<in> qr"
1314           by (auto simp: q pr_welldefined pr_def split_beta)
1315         with pq qr show "(R OO S) x z"
1316           by blast
1317       next
1318         have "map_pmf snd pr = map_pmf snd (bind_pmf q (\<lambda>y. cond_pmf qr {yz. fst yz = y}))"
1319           by (simp add: pr_def q split_beta bind_map_pmf map_pmf_def[symmetric] map_bind_pmf map_pmf_comp)
1320         then show "map_pmf snd pr = r"
1321           unfolding r q' bind_map_pmf by (subst (asm) bind_cond_pmf_cancel) (auto simp: eq_commute)
1322       qed (simp add: pr_def map_bind_pmf split_beta map_pmf_def[symmetric] p map_pmf_comp)
1323     }
1324     then show ?thesis
1325       by(auto simp add: le_fun_def)
1326   qed
1327 qed (fact natLeq_card_order natLeq_cinfinite)+
1329 lemma map_pmf_idI: "(\<And>x. x \<in> set_pmf p \<Longrightarrow> f x = x) \<Longrightarrow> map_pmf f p = p"
1330 by(simp cong: pmf.map_cong)
1332 lemma rel_pmf_conj[simp]:
1333   "rel_pmf (\<lambda>x y. P \<and> Q x y) x y \<longleftrightarrow> P \<and> rel_pmf Q x y"
1334   "rel_pmf (\<lambda>x y. Q x y \<and> P) x y \<longleftrightarrow> P \<and> rel_pmf Q x y"
1335   using set_pmf_not_empty by (fastforce simp: pmf.in_rel subset_eq)+
1337 lemma rel_pmf_top[simp]: "rel_pmf top = top"
1338   by (auto simp: pmf.in_rel[abs_def] fun_eq_iff map_fst_pair_pmf map_snd_pair_pmf
1339            intro: exI[of _ "pair_pmf x y" for x y])
1341 lemma rel_pmf_return_pmf1: "rel_pmf R (return_pmf x) M \<longleftrightarrow> (\<forall>a\<in>M. R x a)"
1342 proof safe
1343   fix a assume "a \<in> M" "rel_pmf R (return_pmf x) M"
1344   then obtain pq where *: "\<And>a b. (a, b) \<in> set_pmf pq \<Longrightarrow> R a b"
1345     and eq: "return_pmf x = map_pmf fst pq" "M = map_pmf snd pq"
1346     by (force elim: rel_pmf.cases)
1347   moreover have "set_pmf (return_pmf x) = {x}"
1348     by simp
1349   with \<open>a \<in> M\<close> have "(x, a) \<in> pq"
1350     by (force simp: eq)
1351   with * show "R x a"
1352     by auto
1353 qed (auto intro!: rel_pmf.intros[where pq="pair_pmf (return_pmf x) M"]
1354           simp: map_fst_pair_pmf map_snd_pair_pmf)
1356 lemma rel_pmf_return_pmf2: "rel_pmf R M (return_pmf x) \<longleftrightarrow> (\<forall>a\<in>M. R a x)"
1357   by (subst pmf.rel_flip[symmetric]) (simp add: rel_pmf_return_pmf1)
1359 lemma rel_return_pmf[simp]: "rel_pmf R (return_pmf x1) (return_pmf x2) = R x1 x2"
1360   unfolding rel_pmf_return_pmf2 set_return_pmf by simp
1362 lemma rel_pmf_False[simp]: "rel_pmf (\<lambda>x y. False) x y = False"
1363   unfolding pmf.in_rel fun_eq_iff using set_pmf_not_empty by fastforce
1365 lemma rel_pmf_rel_prod:
1366   "rel_pmf (rel_prod R S) (pair_pmf A A') (pair_pmf B B') \<longleftrightarrow> rel_pmf R A B \<and> rel_pmf S A' B'"
1367 proof safe
1368   assume "rel_pmf (rel_prod R S) (pair_pmf A A') (pair_pmf B B')"
1369   then obtain pq where pq: "\<And>a b c d. ((a, c), (b, d)) \<in> set_pmf pq \<Longrightarrow> R a b \<and> S c d"
1370     and eq: "map_pmf fst pq = pair_pmf A A'" "map_pmf snd pq = pair_pmf B B'"
1371     by (force elim: rel_pmf.cases)
1372   show "rel_pmf R A B"
1373   proof (rule rel_pmf.intros)
1374     let ?f = "\<lambda>(a, b). (fst a, fst b)"
1375     have [simp]: "(\<lambda>x. fst (?f x)) = fst o fst" "(\<lambda>x. snd (?f x)) = fst o snd"
1376       by auto
1378     show "map_pmf fst (map_pmf ?f pq) = A"
1379       by (simp add: map_pmf_comp pmf.map_comp[symmetric] eq map_fst_pair_pmf)
1380     show "map_pmf snd (map_pmf ?f pq) = B"
1381       by (simp add: map_pmf_comp pmf.map_comp[symmetric] eq map_fst_pair_pmf)
1383     fix a b assume "(a, b) \<in> set_pmf (map_pmf ?f pq)"
1384     then obtain c d where "((a, c), (b, d)) \<in> set_pmf pq"
1385       by auto
1386     from pq[OF this] show "R a b" ..
1387   qed
1388   show "rel_pmf S A' B'"
1389   proof (rule rel_pmf.intros)
1390     let ?f = "\<lambda>(a, b). (snd a, snd b)"
1391     have [simp]: "(\<lambda>x. fst (?f x)) = snd o fst" "(\<lambda>x. snd (?f x)) = snd o snd"
1392       by auto
1394     show "map_pmf fst (map_pmf ?f pq) = A'"
1395       by (simp add: map_pmf_comp pmf.map_comp[symmetric] eq map_snd_pair_pmf)
1396     show "map_pmf snd (map_pmf ?f pq) = B'"
1397       by (simp add: map_pmf_comp pmf.map_comp[symmetric] eq map_snd_pair_pmf)
1399     fix c d assume "(c, d) \<in> set_pmf (map_pmf ?f pq)"
1400     then obtain a b where "((a, c), (b, d)) \<in> set_pmf pq"
1401       by auto
1402     from pq[OF this] show "S c d" ..
1403   qed
1404 next
1405   assume "rel_pmf R A B" "rel_pmf S A' B'"
1406   then obtain Rpq Spq
1407     where Rpq: "\<And>a b. (a, b) \<in> set_pmf Rpq \<Longrightarrow> R a b"
1408         "map_pmf fst Rpq = A" "map_pmf snd Rpq = B"
1409       and Spq: "\<And>a b. (a, b) \<in> set_pmf Spq \<Longrightarrow> S a b"
1410         "map_pmf fst Spq = A'" "map_pmf snd Spq = B'"
1411     by (force elim: rel_pmf.cases)
1413   let ?f = "(\<lambda>((a, c), (b, d)). ((a, b), (c, d)))"
1414   let ?pq = "map_pmf ?f (pair_pmf Rpq Spq)"
1415   have [simp]: "(\<lambda>x. fst (?f x)) = (\<lambda>(a, b). (fst a, fst b))" "(\<lambda>x. snd (?f x)) = (\<lambda>(a, b). (snd a, snd b))"
1416     by auto
1418   show "rel_pmf (rel_prod R S) (pair_pmf A A') (pair_pmf B B')"
1419     by (rule rel_pmf.intros[where pq="?pq"])
1420        (auto simp: map_snd_pair_pmf map_fst_pair_pmf map_pmf_comp Rpq Spq
1421                    map_pair)
1422 qed
1424 lemma rel_pmf_reflI:
1425   assumes "\<And>x. x \<in> set_pmf p \<Longrightarrow> P x x"
1426   shows "rel_pmf P p p"
1427   by (rule rel_pmf.intros[where pq="map_pmf (\<lambda>x. (x, x)) p"])
1428      (auto simp add: pmf.map_comp o_def assms)
1430 lemma rel_pmf_bij_betw:
1431   assumes f: "bij_betw f (set_pmf p) (set_pmf q)"
1432   and eq: "\<And>x. x \<in> set_pmf p \<Longrightarrow> pmf p x = pmf q (f x)"
1433   shows "rel_pmf (\<lambda>x y. f x = y) p q"
1434 proof(rule rel_pmf.intros)
1435   let ?pq = "map_pmf (\<lambda>x. (x, f x)) p"
1436   show "map_pmf fst ?pq = p" by(simp add: pmf.map_comp o_def)
1438   have "map_pmf f p = q"
1439   proof(rule pmf_eqI)
1440     fix i
1441     show "pmf (map_pmf f p) i = pmf q i"
1442     proof(cases "i \<in> set_pmf q")
1443       case True
1444       with f obtain j where "i = f j" "j \<in> set_pmf p"
1445         by(auto simp add: bij_betw_def image_iff)
1446       thus ?thesis using f by(simp add: bij_betw_def pmf_map_inj eq)
1447     next
1448       case False thus ?thesis
1449         by(subst pmf_map_outside)(auto simp add: set_pmf_iff eq[symmetric])
1450     qed
1451   qed
1452   then show "map_pmf snd ?pq = q" by(simp add: pmf.map_comp o_def)
1453 qed auto
1455 context
1456 begin
1458 interpretation pmf_as_measure .
1460 definition "join_pmf M = bind_pmf M (\<lambda>x. x)"
1462 lemma bind_eq_join_pmf: "bind_pmf M f = join_pmf (map_pmf f M)"
1463   unfolding join_pmf_def bind_map_pmf ..
1465 lemma join_eq_bind_pmf: "join_pmf M = bind_pmf M id"
1466   by (simp add: join_pmf_def id_def)
1468 lemma pmf_join: "pmf (join_pmf N) i = (\<integral>M. pmf M i \<partial>measure_pmf N)"
1469   unfolding join_pmf_def pmf_bind ..
1471 lemma ennreal_pmf_join: "ennreal (pmf (join_pmf N) i) = (\<integral>\<^sup>+M. pmf M i \<partial>measure_pmf N)"
1472   unfolding join_pmf_def ennreal_pmf_bind ..
1474 lemma set_pmf_join_pmf[simp]: "set_pmf (join_pmf f) = (\<Union>p\<in>set_pmf f. set_pmf p)"
1475   by (simp add: join_pmf_def)
1477 lemma join_return_pmf: "join_pmf (return_pmf M) = M"
1478   by (simp add: integral_return pmf_eq_iff pmf_join return_pmf.rep_eq)
1480 lemma map_join_pmf: "map_pmf f (join_pmf AA) = join_pmf (map_pmf (map_pmf f) AA)"
1481   by (simp add: join_pmf_def map_pmf_def bind_assoc_pmf bind_return_pmf)
1483 lemma join_map_return_pmf: "join_pmf (map_pmf return_pmf A) = A"
1484   by (simp add: join_pmf_def map_pmf_def bind_assoc_pmf bind_return_pmf bind_return_pmf')
1486 end
1488 lemma rel_pmf_joinI:
1489   assumes "rel_pmf (rel_pmf P) p q"
1490   shows "rel_pmf P (join_pmf p) (join_pmf q)"
1491 proof -
1492   from assms obtain pq where p: "p = map_pmf fst pq"
1493     and q: "q = map_pmf snd pq"
1494     and P: "\<And>x y. (x, y) \<in> set_pmf pq \<Longrightarrow> rel_pmf P x y"
1495     by cases auto
1496   from P obtain PQ
1497     where PQ: "\<And>x y a b. \<lbrakk> (x, y) \<in> set_pmf pq; (a, b) \<in> set_pmf (PQ x y) \<rbrakk> \<Longrightarrow> P a b"
1498     and x: "\<And>x y. (x, y) \<in> set_pmf pq \<Longrightarrow> map_pmf fst (PQ x y) = x"
1499     and y: "\<And>x y. (x, y) \<in> set_pmf pq \<Longrightarrow> map_pmf snd (PQ x y) = y"
1500     by(metis rel_pmf.simps)
1502   let ?r = "bind_pmf pq (\<lambda>(x, y). PQ x y)"
1503   have "\<And>a b. (a, b) \<in> set_pmf ?r \<Longrightarrow> P a b" by (auto intro: PQ)
1504   moreover have "map_pmf fst ?r = join_pmf p" "map_pmf snd ?r = join_pmf q"
1505     by (simp_all add: p q x y join_pmf_def map_bind_pmf bind_map_pmf split_def cong: bind_pmf_cong)
1506   ultimately show ?thesis ..
1507 qed
1509 lemma rel_pmf_bindI:
1510   assumes pq: "rel_pmf R p q"
1511   and fg: "\<And>x y. R x y \<Longrightarrow> rel_pmf P (f x) (g y)"
1512   shows "rel_pmf P (bind_pmf p f) (bind_pmf q g)"
1513   unfolding bind_eq_join_pmf
1514   by (rule rel_pmf_joinI)
1515      (auto simp add: pmf.rel_map intro: pmf.rel_mono[THEN le_funD, THEN le_funD, THEN le_boolD, THEN mp, OF _ pq] fg)
1517 text \<open>
1518   Proof that @{const rel_pmf} preserves orders.
1519   Antisymmetry proof follows Thm. 1 in N. Saheb-Djahromi, Cpo's of measures for nondeterminism,
1520   Theoretical Computer Science 12(1):19--37, 1980,
1521   \<^url>\<open>http://dx.doi.org/10.1016/0304-3975(80)90003-1\<close>
1522 \<close>
1524 lemma
1525   assumes *: "rel_pmf R p q"
1526   and refl: "reflp R" and trans: "transp R"
1527   shows measure_Ici: "measure p {y. R x y} \<le> measure q {y. R x y}" (is ?thesis1)
1528   and measure_Ioi: "measure p {y. R x y \<and> \<not> R y x} \<le> measure q {y. R x y \<and> \<not> R y x}" (is ?thesis2)
1529 proof -
1530   from * obtain pq
1531     where pq: "\<And>x y. (x, y) \<in> set_pmf pq \<Longrightarrow> R x y"
1532     and p: "p = map_pmf fst pq"
1533     and q: "q = map_pmf snd pq"
1534     by cases auto
1535   show ?thesis1 ?thesis2 unfolding p q map_pmf_rep_eq using refl trans
1536     by(auto 4 3 simp add: measure_distr reflpD AE_measure_pmf_iff intro!: measure_pmf.finite_measure_mono_AE dest!: pq elim: transpE)
1537 qed
1539 lemma rel_pmf_inf:
1540   fixes p q :: "'a pmf"
1541   assumes 1: "rel_pmf R p q"
1542   assumes 2: "rel_pmf R q p"
1543   and refl: "reflp R" and trans: "transp R"
1544   shows "rel_pmf (inf R R\<inverse>\<inverse>) p q"
1545 proof (subst rel_pmf_iff_equivp, safe)
1546   show "equivp (inf R R\<inverse>\<inverse>)"
1547     using trans refl by (auto simp: equivp_reflp_symp_transp intro: sympI transpI reflpI dest: transpD reflpD)
1549   fix C assume "C \<in> UNIV // {(x, y). inf R R\<inverse>\<inverse> x y}"
1550   then obtain x where C: "C = {y. R x y \<and> R y x}"
1551     by (auto elim: quotientE)
1553   let ?R = "\<lambda>x y. R x y \<and> R y x"
1554   let ?\<mu>R = "\<lambda>y. measure q {x. ?R x y}"
1555   have "measure p {y. ?R x y} = measure p ({y. R x y} - {y. R x y \<and> \<not> R y x})"
1556     by(auto intro!: arg_cong[where f="measure p"])
1557   also have "\<dots> = measure p {y. R x y} - measure p {y. R x y \<and> \<not> R y x}"
1558     by (rule measure_pmf.finite_measure_Diff) auto
1559   also have "measure p {y. R x y \<and> \<not> R y x} = measure q {y. R x y \<and> \<not> R y x}"
1560     using 1 2 refl trans by(auto intro!: Orderings.antisym measure_Ioi)
1561   also have "measure p {y. R x y} = measure q {y. R x y}"
1562     using 1 2 refl trans by(auto intro!: Orderings.antisym measure_Ici)
1563   also have "measure q {y. R x y} - measure q {y. R x y \<and> \<not> R y x} =
1564     measure q ({y. R x y} - {y. R x y \<and> \<not> R y x})"
1565     by(rule measure_pmf.finite_measure_Diff[symmetric]) auto
1566   also have "\<dots> = ?\<mu>R x"
1567     by(auto intro!: arg_cong[where f="measure q"])
1568   finally show "measure p C = measure q C"
1569     by (simp add: C conj_commute)
1570 qed
1572 lemma rel_pmf_antisym:
1573   fixes p q :: "'a pmf"
1574   assumes 1: "rel_pmf R p q"
1575   assumes 2: "rel_pmf R q p"
1576   and refl: "reflp R" and trans: "transp R" and antisym: "antisymP R"
1577   shows "p = q"
1578 proof -
1579   from 1 2 refl trans have "rel_pmf (inf R R\<inverse>\<inverse>) p q" by(rule rel_pmf_inf)
1580   also have "inf R R\<inverse>\<inverse> = op ="
1581     using refl antisym by (auto intro!: ext simp add: reflpD dest: antisymD)
1582   finally show ?thesis unfolding pmf.rel_eq .
1583 qed
1585 lemma reflp_rel_pmf: "reflp R \<Longrightarrow> reflp (rel_pmf R)"
1586 by(blast intro: reflpI rel_pmf_reflI reflpD)
1588 lemma antisymP_rel_pmf:
1589   "\<lbrakk> reflp R; transp R; antisymP R \<rbrakk>
1590   \<Longrightarrow> antisymP (rel_pmf R)"
1591 by(rule antisymI)(blast intro: rel_pmf_antisym)
1593 lemma transp_rel_pmf:
1594   assumes "transp R"
1595   shows "transp (rel_pmf R)"
1596 proof (rule transpI)
1597   fix x y z
1598   assume "rel_pmf R x y" and "rel_pmf R y z"
1599   hence "rel_pmf (R OO R) x z" by (simp add: pmf.rel_compp relcompp.relcompI)
1600   thus "rel_pmf R x z"
1601     using assms by (metis (no_types) pmf.rel_mono rev_predicate2D transp_relcompp_less_eq)
1602 qed
1604 subsection \<open> Distributions \<close>
1606 context
1607 begin
1609 interpretation pmf_as_function .
1611 subsubsection \<open> Bernoulli Distribution \<close>
1613 lift_definition bernoulli_pmf :: "real \<Rightarrow> bool pmf" is
1614   "\<lambda>p b. ((\<lambda>p. if b then p else 1 - p) \<circ> min 1 \<circ> max 0) p"
1615   by (auto simp: nn_integral_count_space_finite[where A="{False, True}"] UNIV_bool
1616            split: split_max split_min)
1618 lemma pmf_bernoulli_True[simp]: "0 \<le> p \<Longrightarrow> p \<le> 1 \<Longrightarrow> pmf (bernoulli_pmf p) True = p"
1619   by transfer simp
1621 lemma pmf_bernoulli_False[simp]: "0 \<le> p \<Longrightarrow> p \<le> 1 \<Longrightarrow> pmf (bernoulli_pmf p) False = 1 - p"
1622   by transfer simp
1624 lemma set_pmf_bernoulli[simp]: "0 < p \<Longrightarrow> p < 1 \<Longrightarrow> set_pmf (bernoulli_pmf p) = UNIV"
1625   by (auto simp add: set_pmf_iff UNIV_bool)
1627 lemma nn_integral_bernoulli_pmf[simp]:
1628   assumes [simp]: "0 \<le> p" "p \<le> 1" "\<And>x. 0 \<le> f x"
1629   shows "(\<integral>\<^sup>+x. f x \<partial>bernoulli_pmf p) = f True * p + f False * (1 - p)"
1630   by (subst nn_integral_measure_pmf_support[of UNIV])
1631      (auto simp: UNIV_bool field_simps)
1633 lemma integral_bernoulli_pmf[simp]:
1634   assumes [simp]: "0 \<le> p" "p \<le> 1"
1635   shows "(\<integral>x. f x \<partial>bernoulli_pmf p) = f True * p + f False * (1 - p)"
1636   by (subst integral_measure_pmf[of UNIV]) (auto simp: UNIV_bool)
1638 lemma pmf_bernoulli_half [simp]: "pmf (bernoulli_pmf (1 / 2)) x = 1 / 2"
1639 by(cases x) simp_all
1641 lemma measure_pmf_bernoulli_half: "measure_pmf (bernoulli_pmf (1 / 2)) = uniform_count_measure UNIV"
1642   by (rule measure_eqI)
1643      (simp_all add: nn_integral_pmf[symmetric] emeasure_uniform_count_measure ennreal_divide_numeral[symmetric]
1644                     nn_integral_count_space_finite sets_uniform_count_measure divide_ennreal_def mult_ac
1645                     ennreal_of_nat_eq_real_of_nat)
1647 subsubsection \<open> Geometric Distribution \<close>
1649 context
1650   fixes p :: real assumes p[arith]: "0 < p" "p \<le> 1"
1651 begin
1653 lift_definition geometric_pmf :: "nat pmf" is "\<lambda>n. (1 - p)^n * p"
1654 proof
1655   have "(\<Sum>i. ennreal (p * (1 - p) ^ i)) = ennreal (p * (1 / (1 - (1 - p))))"
1656     by (intro suminf_ennreal_eq sums_mult geometric_sums) auto
1657   then show "(\<integral>\<^sup>+ x. ennreal ((1 - p)^x * p) \<partial>count_space UNIV) = 1"
1658     by (simp add: nn_integral_count_space_nat field_simps)
1659 qed simp
1661 lemma pmf_geometric[simp]: "pmf geometric_pmf n = (1 - p)^n * p"
1662   by transfer rule
1664 end
1666 lemma set_pmf_geometric: "0 < p \<Longrightarrow> p < 1 \<Longrightarrow> set_pmf (geometric_pmf p) = UNIV"
1667   by (auto simp: set_pmf_iff)
1669 subsubsection \<open> Uniform Multiset Distribution \<close>
1671 context
1672   fixes M :: "'a multiset" assumes M_not_empty: "M \<noteq> {#}"
1673 begin
1675 lift_definition pmf_of_multiset :: "'a pmf" is "\<lambda>x. count M x / size M"
1676 proof
1677   show "(\<integral>\<^sup>+ x. ennreal (real (count M x) / real (size M)) \<partial>count_space UNIV) = 1"
1678     using M_not_empty
1679     by (simp add: zero_less_divide_iff nn_integral_count_space nonempty_has_size
1680                   sum_divide_distrib[symmetric])
1681        (auto simp: size_multiset_overloaded_eq intro!: sum.cong)
1682 qed simp
1684 lemma pmf_of_multiset[simp]: "pmf pmf_of_multiset x = count M x / size M"
1685   by transfer rule
1687 lemma set_pmf_of_multiset[simp]: "set_pmf pmf_of_multiset = set_mset M"
1688   by (auto simp: set_pmf_iff)
1690 end
1692 subsubsection \<open> Uniform Distribution \<close>
1694 context
1695   fixes S :: "'a set" assumes S_not_empty: "S \<noteq> {}" and S_finite: "finite S"
1696 begin
1698 lift_definition pmf_of_set :: "'a pmf" is "\<lambda>x. indicator S x / card S"
1699 proof
1700   show "(\<integral>\<^sup>+ x. ennreal (indicator S x / real (card S)) \<partial>count_space UNIV) = 1"
1701     using S_not_empty S_finite
1702     by (subst nn_integral_count_space'[of S])
1703        (auto simp: ennreal_of_nat_eq_real_of_nat ennreal_mult[symmetric])
1704 qed simp
1706 lemma pmf_of_set[simp]: "pmf pmf_of_set x = indicator S x / card S"
1707   by transfer rule
1709 lemma set_pmf_of_set[simp]: "set_pmf pmf_of_set = S"
1710   using S_finite S_not_empty by (auto simp: set_pmf_iff)
1712 lemma emeasure_pmf_of_set_space[simp]: "emeasure pmf_of_set S = 1"
1713   by (rule measure_pmf.emeasure_eq_1_AE) (auto simp: AE_measure_pmf_iff)
1715 lemma nn_integral_pmf_of_set: "nn_integral (measure_pmf pmf_of_set) f = sum f S / card S"
1716   by (subst nn_integral_measure_pmf_finite)
1717      (simp_all add: sum_distrib_right[symmetric] card_gt_0_iff S_not_empty S_finite divide_ennreal_def
1718                 divide_ennreal[symmetric] ennreal_of_nat_eq_real_of_nat[symmetric] ennreal_times_divide)
1720 lemma integral_pmf_of_set: "integral\<^sup>L (measure_pmf pmf_of_set) f = sum f S / card S"
1721   by (subst integral_measure_pmf[of S]) (auto simp: S_finite sum_divide_distrib)
1723 lemma emeasure_pmf_of_set: "emeasure (measure_pmf pmf_of_set) A = card (S \<inter> A) / card S"
1724   by (subst nn_integral_indicator[symmetric], simp)
1725      (simp add: S_finite S_not_empty card_gt_0_iff indicator_def sum.If_cases divide_ennreal
1726                 ennreal_of_nat_eq_real_of_nat nn_integral_pmf_of_set)
1728 lemma measure_pmf_of_set: "measure (measure_pmf pmf_of_set) A = card (S \<inter> A) / card S"
1729   using emeasure_pmf_of_set[of A]
1730   by (simp add: measure_nonneg measure_pmf.emeasure_eq_measure)
1732 end
1734 lemma map_pmf_of_set:
1735   assumes "finite A" "A \<noteq> {}"
1736   shows   "map_pmf f (pmf_of_set A) = pmf_of_multiset (image_mset f (mset_set A))"
1737     (is "?lhs = ?rhs")
1738 proof (intro pmf_eqI)
1739   fix x
1740   from assms have "ennreal (pmf ?lhs x) = ennreal (pmf ?rhs x)"
1741     by (subst ennreal_pmf_map)
1742        (simp_all add: emeasure_pmf_of_set mset_set_empty_iff count_image_mset Int_commute)
1743   thus "pmf ?lhs x = pmf ?rhs x" by simp
1744 qed
1746 lemma pmf_bind_pmf_of_set:
1747   assumes "A \<noteq> {}" "finite A"
1748   shows   "pmf (bind_pmf (pmf_of_set A) f) x =
1749              (\<Sum>xa\<in>A. pmf (f xa) x) / real_of_nat (card A)" (is "?lhs = ?rhs")
1750 proof -
1751   from assms have "card A > 0" by auto
1752   with assms have "ennreal ?lhs = ennreal ?rhs"
1753     by (subst ennreal_pmf_bind)
1754        (simp_all add: nn_integral_pmf_of_set max_def pmf_nonneg divide_ennreal [symmetric]
1755         sum_nonneg ennreal_of_nat_eq_real_of_nat)
1756   thus ?thesis by (subst (asm) ennreal_inj) (auto intro!: sum_nonneg divide_nonneg_nonneg)
1757 qed
1759 lemma pmf_of_set_singleton: "pmf_of_set {x} = return_pmf x"
1760 by(rule pmf_eqI)(simp add: indicator_def)
1762 lemma map_pmf_of_set_inj:
1763   assumes f: "inj_on f A"
1764   and [simp]: "A \<noteq> {}" "finite A"
1765   shows "map_pmf f (pmf_of_set A) = pmf_of_set (f ` A)" (is "?lhs = ?rhs")
1766 proof(rule pmf_eqI)
1767   fix i
1768   show "pmf ?lhs i = pmf ?rhs i"
1769   proof(cases "i \<in> f ` A")
1770     case True
1771     then obtain i' where "i = f i'" "i' \<in> A" by auto
1772     thus ?thesis using f by(simp add: card_image pmf_map_inj)
1773   next
1774     case False
1775     hence "pmf ?lhs i = 0" by(simp add: pmf_eq_0_set_pmf set_map_pmf)
1776     moreover have "pmf ?rhs i = 0" using False by simp
1777     ultimately show ?thesis by simp
1778   qed
1779 qed
1781 text \<open>
1782   Choosing an element uniformly at random from the union of a disjoint family
1783   of finite non-empty sets with the same size is the same as first choosing a set
1784   from the family uniformly at random and then choosing an element from the chosen set
1785   uniformly at random.
1786 \<close>
1787 lemma pmf_of_set_UN:
1788   assumes "finite (UNION A f)" "A \<noteq> {}" "\<And>x. x \<in> A \<Longrightarrow> f x \<noteq> {}"
1789           "\<And>x. x \<in> A \<Longrightarrow> card (f x) = n" "disjoint_family_on f A"
1790   shows   "pmf_of_set (UNION A f) = do {x \<leftarrow> pmf_of_set A; pmf_of_set (f x)}"
1791             (is "?lhs = ?rhs")
1792 proof (intro pmf_eqI)
1793   fix x
1794   from assms have [simp]: "finite A"
1795     using infinite_disjoint_family_imp_infinite_UNION[of A f] by blast
1796   from assms have "ereal (pmf (pmf_of_set (UNION A f)) x) =
1797     ereal (indicator (\<Union>x\<in>A. f x) x / real (card (\<Union>x\<in>A. f x)))"
1798     by (subst pmf_of_set) auto
1799   also from assms have "card (\<Union>x\<in>A. f x) = card A * n"
1800     by (subst card_UN_disjoint) (auto simp: disjoint_family_on_def)
1801   also from assms
1802     have "indicator (\<Union>x\<in>A. f x) x / real \<dots> =
1803               indicator (\<Union>x\<in>A. f x) x / (n * real (card A))"
1804       by (simp add: sum_divide_distrib [symmetric] mult_ac)
1805   also from assms have "indicator (\<Union>x\<in>A. f x) x = (\<Sum>y\<in>A. indicator (f y) x)"
1806     by (intro indicator_UN_disjoint) simp_all
1807   also from assms have "ereal ((\<Sum>y\<in>A. indicator (f y) x) / (real n * real (card A))) =
1808                           ereal (pmf ?rhs x)"
1809     by (subst pmf_bind_pmf_of_set) (simp_all add: sum_divide_distrib)
1810   finally show "pmf ?lhs x = pmf ?rhs x" by simp
1811 qed
1813 lemma bernoulli_pmf_half_conv_pmf_of_set: "bernoulli_pmf (1 / 2) = pmf_of_set UNIV"
1814   by (rule pmf_eqI) simp_all
1816 subsubsection \<open> Poisson Distribution \<close>
1818 context
1819   fixes rate :: real assumes rate_pos: "0 < rate"
1820 begin
1822 lift_definition poisson_pmf :: "nat pmf" is "\<lambda>k. rate ^ k / fact k * exp (-rate)"
1823 proof  (* by Manuel Eberl *)
1824   have summable: "summable (\<lambda>x::nat. rate ^ x / fact x)" using summable_exp
1825     by (simp add: field_simps divide_inverse [symmetric])
1826   have "(\<integral>\<^sup>+(x::nat). rate ^ x / fact x * exp (-rate) \<partial>count_space UNIV) =
1827           exp (-rate) * (\<integral>\<^sup>+(x::nat). rate ^ x / fact x \<partial>count_space UNIV)"
1828     by (simp add: field_simps nn_integral_cmult[symmetric] ennreal_mult'[symmetric])
1829   also from rate_pos have "(\<integral>\<^sup>+(x::nat). rate ^ x / fact x \<partial>count_space UNIV) = (\<Sum>x. rate ^ x / fact x)"
1830     by (simp_all add: nn_integral_count_space_nat suminf_ennreal summable ennreal_suminf_neq_top)
1831   also have "... = exp rate" unfolding exp_def
1832     by (simp add: field_simps divide_inverse [symmetric])
1833   also have "ennreal (exp (-rate)) * ennreal (exp rate) = 1"
1834     by (simp add: mult_exp_exp ennreal_mult[symmetric])
1835   finally show "(\<integral>\<^sup>+ x. ennreal (rate ^ x / (fact x) * exp (- rate)) \<partial>count_space UNIV) = 1" .
1836 qed (simp add: rate_pos[THEN less_imp_le])
1838 lemma pmf_poisson[simp]: "pmf poisson_pmf k = rate ^ k / fact k * exp (-rate)"
1839   by transfer rule
1841 lemma set_pmf_poisson[simp]: "set_pmf poisson_pmf = UNIV"
1842   using rate_pos by (auto simp: set_pmf_iff)
1844 end
1846 subsubsection \<open> Binomial Distribution \<close>
1848 context
1849   fixes n :: nat and p :: real assumes p_nonneg: "0 \<le> p" and p_le_1: "p \<le> 1"
1850 begin
1852 lift_definition binomial_pmf :: "nat pmf" is "\<lambda>k. (n choose k) * p^k * (1 - p)^(n - k)"
1853 proof
1854   have "(\<integral>\<^sup>+k. ennreal (real (n choose k) * p ^ k * (1 - p) ^ (n - k)) \<partial>count_space UNIV) =
1855     ennreal (\<Sum>k\<le>n. real (n choose k) * p ^ k * (1 - p) ^ (n - k))"
1856     using p_le_1 p_nonneg by (subst nn_integral_count_space') auto
1857   also have "(\<Sum>k\<le>n. real (n choose k) * p ^ k * (1 - p) ^ (n - k)) = (p + (1 - p)) ^ n"
1858     by (subst binomial_ring) (simp add: atLeast0AtMost)
1859   finally show "(\<integral>\<^sup>+ x. ennreal (real (n choose x) * p ^ x * (1 - p) ^ (n - x)) \<partial>count_space UNIV) = 1"
1860     by simp
1861 qed (insert p_nonneg p_le_1, simp)
1863 lemma pmf_binomial[simp]: "pmf binomial_pmf k = (n choose k) * p^k * (1 - p)^(n - k)"
1864   by transfer rule
1866 lemma set_pmf_binomial_eq: "set_pmf binomial_pmf = (if p = 0 then {0} else if p = 1 then {n} else {.. n})"
1867   using p_nonneg p_le_1 unfolding set_eq_iff set_pmf_iff pmf_binomial by (auto simp: set_pmf_iff)
1869 end
1871 end
1873 lemma set_pmf_binomial_0[simp]: "set_pmf (binomial_pmf n 0) = {0}"
1874   by (simp add: set_pmf_binomial_eq)
1876 lemma set_pmf_binomial_1[simp]: "set_pmf (binomial_pmf n 1) = {n}"
1877   by (simp add: set_pmf_binomial_eq)
1879 lemma set_pmf_binomial[simp]: "0 < p \<Longrightarrow> p < 1 \<Longrightarrow> set_pmf (binomial_pmf n p) = {..n}"
1880   by (simp add: set_pmf_binomial_eq)
1882 context includes lifting_syntax
1883 begin
1885 lemma bind_pmf_parametric [transfer_rule]:
1886   "(rel_pmf A ===> (A ===> rel_pmf B) ===> rel_pmf B) bind_pmf bind_pmf"
1887 by(blast intro: rel_pmf_bindI dest: rel_funD)
1889 lemma return_pmf_parametric [transfer_rule]: "(A ===> rel_pmf A) return_pmf return_pmf"
1890 by(rule rel_funI) simp
1892 end
1895 primrec replicate_pmf :: "nat \<Rightarrow> 'a pmf \<Rightarrow> 'a list pmf" where
1896   "replicate_pmf 0 _ = return_pmf []"
1897 | "replicate_pmf (Suc n) p = do {x \<leftarrow> p; xs \<leftarrow> replicate_pmf n p; return_pmf (x#xs)}"
1899 lemma replicate_pmf_1: "replicate_pmf 1 p = map_pmf (\<lambda>x. [x]) p"
1900   by (simp add: map_pmf_def bind_return_pmf)
1902 lemma set_replicate_pmf:
1903   "set_pmf (replicate_pmf n p) = {xs\<in>lists (set_pmf p). length xs = n}"
1904   by (induction n) (auto simp: length_Suc_conv)
1906 lemma replicate_pmf_distrib:
1907   "replicate_pmf (m + n) p =
1908      do {xs \<leftarrow> replicate_pmf m p; ys \<leftarrow> replicate_pmf n p; return_pmf (xs @ ys)}"
1909   by (induction m) (simp_all add: bind_return_pmf bind_return_pmf' bind_assoc_pmf)
1911 lemma power_diff':
1912   assumes "b \<le> a"
1913   shows   "x ^ (a - b) = (if x = 0 \<and> a = b then 1 else x ^ a / (x::'a::field) ^ b)"
1914 proof (cases "x = 0")
1915   case True
1916   with assms show ?thesis by (cases "a - b") simp_all
1917 qed (insert assms, simp_all add: power_diff)
1920 lemma binomial_pmf_Suc:
1921   assumes "p \<in> {0..1}"
1922   shows   "binomial_pmf (Suc n) p =
1923              do {b \<leftarrow> bernoulli_pmf p;
1924                  k \<leftarrow> binomial_pmf n p;
1925                  return_pmf ((if b then 1 else 0) + k)}" (is "_ = ?rhs")
1926 proof (intro pmf_eqI)
1927   fix k
1928   have A: "indicator {Suc a} (Suc b) = indicator {a} b" for a b
1929     by (simp add: indicator_def)
1930   show "pmf (binomial_pmf (Suc n) p) k = pmf ?rhs k"
1931     by (cases k; cases "k > n")
1932        (insert assms, auto simp: pmf_bind measure_pmf_single A divide_simps algebra_simps
1933           not_less less_eq_Suc_le [symmetric] power_diff')
1934 qed
1936 lemma binomial_pmf_0: "p \<in> {0..1} \<Longrightarrow> binomial_pmf 0 p = return_pmf 0"
1937   by (rule pmf_eqI) (simp_all add: indicator_def)
1939 lemma binomial_pmf_altdef:
1940   assumes "p \<in> {0..1}"
1941   shows   "binomial_pmf n p = map_pmf (length \<circ> filter id) (replicate_pmf n (bernoulli_pmf p))"
1942   by (induction n)
1943      (insert assms, auto simp: binomial_pmf_Suc map_pmf_def bind_return_pmf bind_assoc_pmf
1944         bind_return_pmf' binomial_pmf_0 intro!: bind_pmf_cong)
1947 subsection \<open>PMFs from assiciation lists\<close>
1949 definition pmf_of_list ::" ('a \<times> real) list \<Rightarrow> 'a pmf" where
1950   "pmf_of_list xs = embed_pmf (\<lambda>x. sum_list (map snd (filter (\<lambda>z. fst z = x) xs)))"
1952 definition pmf_of_list_wf where
1953   "pmf_of_list_wf xs \<longleftrightarrow> (\<forall>x\<in>set (map snd xs) . x \<ge> 0) \<and> sum_list (map snd xs) = 1"
1955 lemma pmf_of_list_wfI:
1956   "(\<And>x. x \<in> set (map snd xs) \<Longrightarrow> x \<ge> 0) \<Longrightarrow> sum_list (map snd xs) = 1 \<Longrightarrow> pmf_of_list_wf xs"
1957   unfolding pmf_of_list_wf_def by simp
1959 context
1960 begin
1962 private lemma pmf_of_list_aux:
1963   assumes "\<And>x. x \<in> set (map snd xs) \<Longrightarrow> x \<ge> 0"
1964   assumes "sum_list (map snd xs) = 1"
1965   shows "(\<integral>\<^sup>+ x. ennreal (sum_list (map snd [z\<leftarrow>xs . fst z = x])) \<partial>count_space UNIV) = 1"
1966 proof -
1967   have "(\<integral>\<^sup>+ x. ennreal (sum_list (map snd (filter (\<lambda>z. fst z = x) xs))) \<partial>count_space UNIV) =
1968             (\<integral>\<^sup>+ x. ennreal (sum_list (map (\<lambda>(x',p). indicator {x'} x * p) xs)) \<partial>count_space UNIV)"
1969     by (intro nn_integral_cong ennreal_cong, subst sum_list_map_filter') (auto intro: sum_list_cong)
1970   also have "\<dots> = (\<Sum>(x',p)\<leftarrow>xs. (\<integral>\<^sup>+ x. ennreal (indicator {x'} x * p) \<partial>count_space UNIV))"
1971     using assms(1)
1972   proof (induction xs)
1973     case (Cons x xs)
1974     from Cons.prems have "snd x \<ge> 0" by simp
1975     moreover have "b \<ge> 0" if "(a,b) \<in> set xs" for a b
1976       using Cons.prems[of b] that by force
1977     ultimately have "(\<integral>\<^sup>+ y. ennreal (\<Sum>(x', p)\<leftarrow>x # xs. indicator {x'} y * p) \<partial>count_space UNIV) =
1978             (\<integral>\<^sup>+ y. ennreal (indicator {fst x} y * snd x) +
1979             ennreal (\<Sum>(x', p)\<leftarrow>xs. indicator {x'} y * p) \<partial>count_space UNIV)"
1980       by (intro nn_integral_cong, subst ennreal_plus [symmetric])
1981          (auto simp: case_prod_unfold indicator_def intro!: sum_list_nonneg)
1982     also have "\<dots> = (\<integral>\<^sup>+ y. ennreal (indicator {fst x} y * snd x) \<partial>count_space UNIV) +
1983                       (\<integral>\<^sup>+ y. ennreal (\<Sum>(x', p)\<leftarrow>xs. indicator {x'} y * p) \<partial>count_space UNIV)"
1984       by (intro nn_integral_add)
1985          (force intro!: sum_list_nonneg AE_I2 intro: Cons simp: indicator_def)+
1986     also have "(\<integral>\<^sup>+ y. ennreal (\<Sum>(x', p)\<leftarrow>xs. indicator {x'} y * p) \<partial>count_space UNIV) =
1987                (\<Sum>(x', p)\<leftarrow>xs. (\<integral>\<^sup>+ y. ennreal (indicator {x'} y * p) \<partial>count_space UNIV))"
1988       using Cons(1) by (intro Cons) simp_all
1989     finally show ?case by (simp add: case_prod_unfold)
1990   qed simp
1991   also have "\<dots> = (\<Sum>(x',p)\<leftarrow>xs. ennreal p * (\<integral>\<^sup>+ x. indicator {x'} x \<partial>count_space UNIV))"
1992     using assms(1)
1993     by (intro sum_list_cong, simp only: case_prod_unfold, subst nn_integral_cmult [symmetric])
1994        (auto intro!: assms(1) simp: max_def times_ereal.simps [symmetric] mult_ac ereal_indicator
1995              simp del: times_ereal.simps)+
1996   also from assms have "\<dots> = sum_list (map snd xs)" by (simp add: case_prod_unfold sum_list_ennreal)
1997   also have "\<dots> = 1" using assms(2) by simp
1998   finally show ?thesis .
1999 qed
2001 lemma pmf_pmf_of_list:
2002   assumes "pmf_of_list_wf xs"
2003   shows   "pmf (pmf_of_list xs) x = sum_list (map snd (filter (\<lambda>z. fst z = x) xs))"
2004   using assms pmf_of_list_aux[of xs] unfolding pmf_of_list_def pmf_of_list_wf_def
2005   by (subst pmf_embed_pmf) (auto intro!: sum_list_nonneg)
2007 end
2009 lemma set_pmf_of_list:
2010   assumes "pmf_of_list_wf xs"
2011   shows   "set_pmf (pmf_of_list xs) \<subseteq> set (map fst xs)"
2012 proof clarify
2013   fix x assume A: "x \<in> set_pmf (pmf_of_list xs)"
2014   show "x \<in> set (map fst xs)"
2015   proof (rule ccontr)
2016     assume "x \<notin> set (map fst xs)"
2017     hence "[z\<leftarrow>xs . fst z = x] = []" by (auto simp: filter_empty_conv)
2018     with A assms show False by (simp add: pmf_pmf_of_list set_pmf_eq)
2019   qed
2020 qed
2022 lemma finite_set_pmf_of_list:
2023   assumes "pmf_of_list_wf xs"
2024   shows   "finite (set_pmf (pmf_of_list xs))"
2025   using assms by (rule finite_subset[OF set_pmf_of_list]) simp_all
2027 lemma emeasure_Int_set_pmf:
2028   "emeasure (measure_pmf p) (A \<inter> set_pmf p) = emeasure (measure_pmf p) A"
2029   by (rule emeasure_eq_AE) (auto simp: AE_measure_pmf_iff)
2031 lemma measure_Int_set_pmf:
2032   "measure (measure_pmf p) (A \<inter> set_pmf p) = measure (measure_pmf p) A"
2033   using emeasure_Int_set_pmf[of p A] by (simp add: Sigma_Algebra.measure_def)
2035 lemma emeasure_pmf_of_list:
2036   assumes "pmf_of_list_wf xs"
2037   shows   "emeasure (pmf_of_list xs) A = ennreal (sum_list (map snd (filter (\<lambda>x. fst x \<in> A) xs)))"
2038 proof -
2039   have "emeasure (pmf_of_list xs) A = nn_integral (measure_pmf (pmf_of_list xs)) (indicator A)"
2040     by simp
2041   also from assms
2042     have "\<dots> = (\<Sum>x\<in>set_pmf (pmf_of_list xs) \<inter> A. ennreal (sum_list (map snd [z\<leftarrow>xs . fst z = x])))"
2043     by (subst nn_integral_measure_pmf_finite) (simp_all add: finite_set_pmf_of_list pmf_pmf_of_list Int_def)
2044   also from assms
2045     have "\<dots> = ennreal (\<Sum>x\<in>set_pmf (pmf_of_list xs) \<inter> A. sum_list (map snd [z\<leftarrow>xs . fst z = x]))"
2046     by (subst sum_ennreal) (auto simp: pmf_of_list_wf_def intro!: sum_list_nonneg)
2047   also have "\<dots> = ennreal (\<Sum>x\<in>set_pmf (pmf_of_list xs) \<inter> A.
2048       indicator A x * pmf (pmf_of_list xs) x)" (is "_ = ennreal ?S")
2049     using assms by (intro ennreal_cong sum.cong) (auto simp: pmf_pmf_of_list)
2050   also have "?S = (\<Sum>x\<in>set_pmf (pmf_of_list xs). indicator A x * pmf (pmf_of_list xs) x)"
2051     using assms by (intro sum.mono_neutral_left set_pmf_of_list finite_set_pmf_of_list) auto
2052   also have "\<dots> = (\<Sum>x\<in>set (map fst xs). indicator A x * pmf (pmf_of_list xs) x)"
2053     using assms by (intro sum.mono_neutral_left set_pmf_of_list) (auto simp: set_pmf_eq)
2054   also have "\<dots> = (\<Sum>x\<in>set (map fst xs). indicator A x *
2055                       sum_list (map snd (filter (\<lambda>z. fst z = x) xs)))"
2056     using assms by (simp add: pmf_pmf_of_list)
2057   also have "\<dots> = (\<Sum>x\<in>set (map fst xs). sum_list (map snd (filter (\<lambda>z. fst z = x \<and> x \<in> A) xs)))"
2058     by (intro sum.cong) (auto simp: indicator_def)
2059   also have "\<dots> = (\<Sum>x\<in>set (map fst xs). (\<Sum>xa = 0..<length xs.
2060                      if fst (xs ! xa) = x \<and> x \<in> A then snd (xs ! xa) else 0))"
2061     by (intro sum.cong refl, subst sum_list_map_filter', subst sum_list_sum_nth) simp
2062   also have "\<dots> = (\<Sum>xa = 0..<length xs. (\<Sum>x\<in>set (map fst xs).
2063                      if fst (xs ! xa) = x \<and> x \<in> A then snd (xs ! xa) else 0))"
2064     by (rule sum.commute)
2065   also have "\<dots> = (\<Sum>xa = 0..<length xs. if fst (xs ! xa) \<in> A then
2066                      (\<Sum>x\<in>set (map fst xs). if x = fst (xs ! xa) then snd (xs ! xa) else 0) else 0)"
2067     by (auto intro!: sum.cong sum.neutral)
2068   also have "\<dots> = (\<Sum>xa = 0..<length xs. if fst (xs ! xa) \<in> A then snd (xs ! xa) else 0)"
2069     by (intro sum.cong refl) (simp_all add: sum.delta)
2070   also have "\<dots> = sum_list (map snd (filter (\<lambda>x. fst x \<in> A) xs))"
2071     by (subst sum_list_map_filter', subst sum_list_sum_nth) simp_all
2072   finally show ?thesis .
2073 qed
2075 lemma measure_pmf_of_list:
2076   assumes "pmf_of_list_wf xs"
2077   shows   "measure (pmf_of_list xs) A = sum_list (map snd (filter (\<lambda>x. fst x \<in> A) xs))"
2078   using assms unfolding pmf_of_list_wf_def Sigma_Algebra.measure_def
2079   by (subst emeasure_pmf_of_list [OF assms], subst enn2real_ennreal) (auto intro!: sum_list_nonneg)
2081 (* TODO Move? *)
2082 lemma sum_list_nonneg_eq_zero_iff:
2083   fixes xs :: "'a :: linordered_ab_group_add list"
2084   shows "(\<And>x. x \<in> set xs \<Longrightarrow> x \<ge> 0) \<Longrightarrow> sum_list xs = 0 \<longleftrightarrow> set xs \<subseteq> {0}"
2085 proof (induction xs)
2086   case (Cons x xs)
2087   from Cons.prems have "sum_list (x#xs) = 0 \<longleftrightarrow> x = 0 \<and> sum_list xs = 0"
2088     unfolding sum_list_simps by (subst add_nonneg_eq_0_iff) (auto intro: sum_list_nonneg)
2089   with Cons.IH Cons.prems show ?case by simp
2090 qed simp_all
2092 lemma sum_list_filter_nonzero:
2093   "sum_list (filter (\<lambda>x. x \<noteq> 0) xs) = sum_list xs"
2094   by (induction xs) simp_all
2095 (* END MOVE *)
2097 lemma set_pmf_of_list_eq:
2098   assumes "pmf_of_list_wf xs" "\<And>x. x \<in> snd ` set xs \<Longrightarrow> x > 0"
2099   shows   "set_pmf (pmf_of_list xs) = fst ` set xs"
2100 proof
2101   {
2102     fix x assume A: "x \<in> fst ` set xs" and B: "x \<notin> set_pmf (pmf_of_list xs)"
2103     then obtain y where y: "(x, y) \<in> set xs" by auto
2104     from B have "sum_list (map snd [z\<leftarrow>xs. fst z = x]) = 0"
2105       by (simp add: pmf_pmf_of_list[OF assms(1)] set_pmf_eq)
2106     moreover from y have "y \<in> snd ` {xa \<in> set xs. fst xa = x}" by force
2107     ultimately have "y = 0" using assms(1)
2108       by (subst (asm) sum_list_nonneg_eq_zero_iff) (auto simp: pmf_of_list_wf_def)
2109     with assms(2) y have False by force
2110   }
2111   thus "fst ` set xs \<subseteq> set_pmf (pmf_of_list xs)" by blast
2112 qed (insert set_pmf_of_list[OF assms(1)], simp_all)
2114 lemma pmf_of_list_remove_zeros:
2115   assumes "pmf_of_list_wf xs"
2116   defines "xs' \<equiv> filter (\<lambda>z. snd z \<noteq> 0) xs"
2117   shows   "pmf_of_list_wf xs'" "pmf_of_list xs' = pmf_of_list xs"
2118 proof -
2119   have "map snd [z\<leftarrow>xs . snd z \<noteq> 0] = filter (\<lambda>x. x \<noteq> 0) (map snd xs)"
2120     by (induction xs) simp_all
2121   with assms(1) show wf: "pmf_of_list_wf xs'"
2122     by (auto simp: pmf_of_list_wf_def xs'_def sum_list_filter_nonzero)
2123   have "sum_list (map snd [z\<leftarrow>xs' . fst z = i]) = sum_list (map snd [z\<leftarrow>xs . fst z = i])" for i
2124     unfolding xs'_def by (induction xs) simp_all
2125   with assms(1) wf show "pmf_of_list xs' = pmf_of_list xs"
2126     by (intro pmf_eqI) (simp_all add: pmf_pmf_of_list)
2127 qed
2129 end