tuned proof that pmfs are bnfs
authorhoelzl
Tue Nov 25 17:30:05 2014 +0100 (2014-11-25)
changeset 5905343e07797269b
parent 59052 a05c8305781e
child 59054 61b723761dff
tuned proof that pmfs are bnfs
src/HOL/Probability/Probability_Mass_Function.thy
     1.1 --- a/src/HOL/Probability/Probability_Mass_Function.thy	Tue Nov 25 17:29:39 2014 +0100
     1.2 +++ b/src/HOL/Probability/Probability_Mass_Function.thy	Tue Nov 25 17:30:05 2014 +0100
     1.3 @@ -297,6 +297,9 @@
     1.4  lemma map_pmf_id[simp]: "map_pmf id = id"
     1.5    by (rule, transfer) (auto simp: emeasure_distr measurable_def intro!: measure_eqI)
     1.6  
     1.7 +lemma map_pmf_ident[simp]: "map_pmf (\<lambda>x. x) = (\<lambda>x. x)"
     1.8 +  using map_pmf_id unfolding id_def .
     1.9 +
    1.10  lemma map_pmf_compose: "map_pmf (f \<circ> g) = map_pmf f \<circ> map_pmf g"
    1.11    by (rule, transfer) (simp add: distr_distr[symmetric, where N="count_space UNIV"] measurable_def) 
    1.12  
    1.13 @@ -844,6 +847,24 @@
    1.14  lemma map_snd_pair_pmf: "map_pmf snd (pair_pmf A B) = B"
    1.15    by (simp add: pair_pmf_def bind_return_pmf''[symmetric] bind_assoc_pmf bind_return_pmf bind_return_pmf')
    1.16  
    1.17 +lemma nn_integral_pmf':
    1.18 +  "inj_on f A \<Longrightarrow> (\<integral>\<^sup>+x. pmf p (f x) \<partial>count_space A) = emeasure p (f ` A)"
    1.19 +  by (subst nn_integral_bij_count_space[where g=f and B="f`A"])
    1.20 +     (auto simp: bij_betw_def nn_integral_pmf)
    1.21 +
    1.22 +lemma pmf_le_0_iff[simp]: "pmf M p \<le> 0 \<longleftrightarrow> pmf M p = 0"
    1.23 +  using pmf_nonneg[of M p] by simp
    1.24 +
    1.25 +lemma min_pmf_0[simp]: "min (pmf M p) 0 = 0" "min 0 (pmf M p) = 0"
    1.26 +  using pmf_nonneg[of M p] by simp_all
    1.27 +
    1.28 +lemma pmf_eq_0_set_pmf: "pmf M p = 0 \<longleftrightarrow> p \<notin> set_pmf M"
    1.29 +  unfolding set_pmf_iff by simp
    1.30 +
    1.31 +lemma pmf_map_inj: "inj_on f (set_pmf M) \<Longrightarrow> x \<in> set_pmf M \<Longrightarrow> pmf (map_pmf f M) (f x) = pmf M x"
    1.32 +  by (auto simp: pmf.rep_eq map_pmf.rep_eq measure_distr AE_measure_pmf_iff inj_onD
    1.33 +           intro!: measure_pmf.finite_measure_eq_AE)
    1.34 +
    1.35  inductive rel_pmf :: "('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> 'a pmf \<Rightarrow> 'b pmf \<Rightarrow> bool"
    1.36  for R p q
    1.37  where
    1.38 @@ -864,7 +885,7 @@
    1.39    { fix p :: "'s pmf"
    1.40      have "(card_of (set_pmf p), card_of (UNIV :: nat set)) \<in> ordLeq"
    1.41        by (rule card_of_ordLeqI[where f="to_nat_on (set_pmf p)"])
    1.42 -         (auto intro: countable_set_pmf inj_on_to_nat_on)
    1.43 +         (auto intro: countable_set_pmf)
    1.44      also have "(card_of (UNIV :: nat set), natLeq) \<in> ordLeq"
    1.45        by (metis Field_natLeq card_of_least natLeq_Well_order)
    1.46      finally show "(card_of (set_pmf p), natLeq) \<in> ordLeq" . }
    1.47 @@ -888,118 +909,80 @@
    1.48      from qr obtain qr where qr: "\<And>y z. (y, z) \<in> set_pmf qr \<Longrightarrow> S y z"
    1.49        and q': "q = map_pmf fst qr" and r: "r = map_pmf snd qr" by cases auto
    1.50  
    1.51 -    have support_subset: "set_pmf pq O set_pmf qr \<subseteq> set_pmf p \<times> set_pmf r"
    1.52 -      by(auto simp add: p r set_map_pmf intro: rev_image_eqI)
    1.53 +    note pmf_nonneg[intro, simp]
    1.54  
    1.55 -    let ?A = "\<lambda>y. {x. (x, y) \<in> set_pmf pq}"
    1.56 -      and ?B = "\<lambda>y. {z. (y, z) \<in> set_pmf qr}"
    1.57 -
    1.58 +    def A \<equiv> "\<lambda>y. {x. (x, y) \<in> set_pmf pq}"
    1.59 +    then have "\<And>y. A y \<subseteq> set_pmf p" by (auto simp add: p set_map_pmf intro: rev_image_eqI)
    1.60 +    then have [simp]: "\<And>y. countable (A y)" by (rule countable_subset) simp
    1.61 +    have A: "\<And>x y. (x, y) \<in> set_pmf pq \<longleftrightarrow> x \<in> A y"
    1.62 +      by (simp add: A_def)
    1.63  
    1.64 -    def ppp \<equiv> "\<lambda>A. \<lambda>f :: 'a \<Rightarrow> real. \<lambda>n. if n \<in> to_nat_on A ` A then f (from_nat_into A n) else 0"
    1.65 -    have [simp]: "\<And>A f n. (\<And>x. x \<in> A \<Longrightarrow> 0 \<le> f x) \<Longrightarrow> 0 \<le> ppp A f n"
    1.66 -                 "\<And>A f n x. \<lbrakk> x \<in> A; countable A \<rbrakk> \<Longrightarrow> ppp A f (to_nat_on A x) = f x"
    1.67 -                 "\<And>A f n. n \<notin> to_nat_on A ` A \<Longrightarrow> ppp A f n = 0"
    1.68 -      by(auto simp add: ppp_def intro: from_nat_into)
    1.69 -    def rrr \<equiv> "\<lambda>A. \<lambda>f :: 'c \<Rightarrow> real. \<lambda>n. if n \<in> to_nat_on A ` A then f (from_nat_into A n) else 0"
    1.70 -    have [simp]: "\<And>A f n. (\<And>x. x \<in> A \<Longrightarrow> 0 \<le> f x) \<Longrightarrow> 0 \<le> rrr A f n"
    1.71 -                 "\<And>A f n x. \<lbrakk> x \<in> A; countable A \<rbrakk> \<Longrightarrow> rrr A f (to_nat_on A x) = f x"
    1.72 -                 "\<And>A f n. n \<notin> to_nat_on A ` A \<Longrightarrow> rrr A f n = 0"
    1.73 -      by(auto simp add: rrr_def intro: from_nat_into)
    1.74 -
    1.75 -    def pp \<equiv> "\<lambda>y. ppp (?A y) (\<lambda>x. pmf pq (x, y))"
    1.76 -     and rr \<equiv> "\<lambda>y. rrr (?B y) (\<lambda>z. pmf qr (y, z))"
    1.77 +    let ?P = "\<lambda>y. to_nat_on (A y)"
    1.78 +    def pp \<equiv> "map_pmf (\<lambda>(x, y). (y, ?P y x)) pq"
    1.79 +    let ?pp = "\<lambda>y x. pmf pp (y, x)"
    1.80 +    { fix x y have "x \<in> A y \<Longrightarrow> pmf pp (y, ?P y x) = pmf pq (x, y)"
    1.81 +        unfolding pp_def
    1.82 +        by (intro pmf_map_inj[of "\<lambda>(x, y). (y, ?P y x)" pq "(x, y)", simplified])
    1.83 +           (auto simp: inj_on_def A) }
    1.84 +    note pmf_pp = this
    1.85  
    1.86 -    have pos_p [simp]: "\<And>y n. 0 \<le> pp y n"
    1.87 -      and pos_r [simp]: "\<And>y n. 0 \<le> rr y n"
    1.88 -      by(simp_all add: pmf_nonneg pp_def rr_def)
    1.89 -    { fix y n
    1.90 -      have "pp y n \<le> 0 \<longleftrightarrow> pp y n = 0" "\<not> 0 < pp y n \<longleftrightarrow> pp y n = 0"
    1.91 -        and "min (pp y n) 0 = 0" "min 0 (pp y n) = 0"
    1.92 -        using pos_p[of y n] by(auto simp del: pos_p) }
    1.93 -    note pp_convs [simp] = this
    1.94 -    { fix y n
    1.95 -      have "rr y n \<le> 0 \<longleftrightarrow> rr y n = 0" "\<not> 0 < rr y n \<longleftrightarrow> rr y n = 0"
    1.96 -        and "min (rr y n) 0 = 0" "min 0 (rr y n) = 0"
    1.97 -        using pos_r[of y n] by(auto simp del: pos_r) }
    1.98 -    note r_convs [simp] = this
    1.99 +    def B \<equiv> "\<lambda>y. {z. (y, z) \<in> set_pmf qr}"
   1.100 +    then have "\<And>y. B y \<subseteq> set_pmf r" by (auto simp add: r set_map_pmf intro: rev_image_eqI)
   1.101 +    then have [simp]: "\<And>y. countable (B y)" by (rule countable_subset) simp
   1.102 +    have B: "\<And>y z. (y, z) \<in> set_pmf qr \<longleftrightarrow> z \<in> B y"
   1.103 +      by (simp add: B_def)
   1.104  
   1.105 -    have "\<And>y. ?A y \<subseteq> set_pmf p" by(auto simp add: p set_map_pmf intro: rev_image_eqI)
   1.106 -    then have [simp]: "\<And>y. countable (?A y)" by(rule countable_subset) simp
   1.107 +    let ?R = "\<lambda>y. to_nat_on (B y)"
   1.108 +    def rr \<equiv> "map_pmf (\<lambda>(y, z). (y, ?R y z)) qr"
   1.109 +    let ?rr = "\<lambda>y z. pmf rr (y, z)"
   1.110 +    { fix y z have "z \<in> B y \<Longrightarrow> pmf rr (y, ?R y z) = pmf qr (y, z)"
   1.111 +        unfolding rr_def
   1.112 +        by (intro pmf_map_inj[of "\<lambda>(y, z). (y, ?R y z)" qr "(y, z)", simplified])
   1.113 +           (auto simp: inj_on_def B) }
   1.114 +    note pmf_rr = this
   1.115  
   1.116 -    have "\<And>y. ?B y \<subseteq> set_pmf r" by(auto simp add: r set_map_pmf intro: rev_image_eqI)
   1.117 -    then have [simp]: "\<And>y. countable (?B y)" by(rule countable_subset) simp
   1.118 -
   1.119 -    let ?P = "\<lambda>y. to_nat_on (?A y)"
   1.120 -      and ?R = "\<lambda>y. to_nat_on (?B y)"
   1.121 -
   1.122 -    have eq: "\<And>y. (\<integral>\<^sup>+ x. pp y x \<partial>count_space UNIV) = \<integral>\<^sup>+ z. rr y z \<partial>count_space UNIV"
   1.123 +    have eq: "\<And>y. (\<integral>\<^sup>+ x. ?pp y x \<partial>count_space UNIV) = (\<integral>\<^sup>+ z. ?rr y z \<partial>count_space UNIV)"
   1.124      proof -
   1.125        fix y
   1.126 -      have "(\<integral>\<^sup>+ x. pp y x \<partial>count_space UNIV) = (\<integral>\<^sup>+ x. pp y x \<partial>count_space (?P y ` ?A y))"
   1.127 -        by(auto simp add: pp_def nn_integral_count_space_indicator indicator_def intro!: nn_integral_cong)
   1.128 -      also have "\<dots> = (\<integral>\<^sup>+ x. pp y (?P y x) \<partial>count_space (?A y))"
   1.129 -        by(intro nn_integral_bij_count_space[symmetric] inj_on_imp_bij_betw inj_on_to_nat_on) simp
   1.130 -      also have "\<dots> = (\<integral>\<^sup>+ x. pmf pq (x, y) \<partial>count_space (?A y))"
   1.131 -        by(rule nn_integral_cong)(simp add: pp_def)
   1.132 -      also have "\<dots> = \<integral>\<^sup>+ x. emeasure (measure_pmf pq) {(x, y)} \<partial>count_space (?A y)"
   1.133 -        by(simp add: emeasure_pmf_single)
   1.134 -      also have "\<dots> = emeasure (measure_pmf pq) (\<Union>x\<in>?A y. {(x, y)})"
   1.135 -        by(subst emeasure_UN_countable)(simp_all add: disjoint_family_on_def)
   1.136 -      also have "\<dots> = emeasure (measure_pmf pq) ((\<Union>x\<in>?A y. {(x, y)}) \<union> {(x, y'). x \<notin> ?A y \<and> y' = y})"
   1.137 -        by(rule emeasure_Un_null_set[symmetric])+
   1.138 -          (auto simp add: q set_map_pmf split_beta intro!: in_null_sets_measure_pmfI intro: rev_image_eqI)
   1.139 -      also have "\<dots> = emeasure (measure_pmf pq) (snd -` {y})"
   1.140 -        by(rule arg_cong2[where f=emeasure])+auto
   1.141 -      also have "\<dots> = pmf q y" by(simp add: q ereal_pmf_map)
   1.142 -      also have "\<dots> = emeasure (measure_pmf qr) (fst -` {y})"
   1.143 -        by(simp add: q' ereal_pmf_map)
   1.144 -      also have "\<dots> = emeasure (measure_pmf qr) ((\<Union>z\<in>?B y. {(y, z)}) \<union> {(y', z). z \<notin> ?B y \<and> y' = y})"
   1.145 -        by(rule arg_cong2[where f=emeasure])+auto
   1.146 -      also have "\<dots> = emeasure (measure_pmf qr) (\<Union>z\<in>?B y. {(y, z)})"
   1.147 -        by(rule emeasure_Un_null_set)
   1.148 -          (auto simp add: q' set_map_pmf split_beta intro!: in_null_sets_measure_pmfI intro: rev_image_eqI)
   1.149 -      also have "\<dots> = \<integral>\<^sup>+ z. emeasure (measure_pmf qr) {(y, z)} \<partial>count_space (?B y)"
   1.150 -        by(subst emeasure_UN_countable)(simp_all add: disjoint_family_on_def)
   1.151 -      also have "\<dots> = (\<integral>\<^sup>+ z. pmf qr (y, z) \<partial>count_space (?B y))"
   1.152 -        by(simp add: emeasure_pmf_single)
   1.153 -      also have "\<dots> = (\<integral>\<^sup>+ z. rr y (?R y z) \<partial>count_space (?B y))"
   1.154 -        by(rule nn_integral_cong)(simp add: rr_def)
   1.155 -      also have "\<dots> = (\<integral>\<^sup>+ z. rr y z \<partial>count_space (?R y ` ?B y))"
   1.156 -        by(intro nn_integral_bij_count_space inj_on_imp_bij_betw inj_on_to_nat_on) simp
   1.157 -      also have "\<dots> = \<integral>\<^sup>+ z. rr y z \<partial>count_space UNIV"
   1.158 -        by(auto simp add: rr_def nn_integral_count_space_indicator indicator_def intro!: nn_integral_cong)
   1.159 +      have "(\<integral>\<^sup>+ x. ?pp y x \<partial>count_space UNIV) = pmf q y"
   1.160 +        by (simp add: nn_integral_pmf' inj_on_def pp_def q)
   1.161 +           (auto simp add: ereal_pmf_map intro!: arg_cong2[where f=emeasure])
   1.162 +      also have "\<dots> = (\<integral>\<^sup>+ x. ?rr y x \<partial>count_space UNIV)"
   1.163 +        by (simp add: nn_integral_pmf' inj_on_def rr_def q')
   1.164 +           (auto simp add: ereal_pmf_map intro!: arg_cong2[where f=emeasure])
   1.165        finally show "?thesis y" .
   1.166      qed
   1.167  
   1.168      def assign_aux \<equiv> "\<lambda>y remainder start weight z.
   1.169         if z < start then 0
   1.170         else if z = start then min weight remainder
   1.171 -       else if remainder + setsum (rr y) {Suc start ..<z} < weight then min (weight - remainder - setsum (rr y) {Suc start..<z}) (rr y z) else 0"
   1.172 +       else if remainder + setsum (?rr y) {Suc start ..<z} < weight then min (weight - remainder - setsum (?rr y) {Suc start..<z}) (?rr y z) else 0"
   1.173      hence assign_aux_alt_def: "\<And>y remainder start weight z. assign_aux y remainder start weight z = 
   1.174         (if z < start then 0
   1.175          else if z = start then min weight remainder
   1.176 -        else if remainder + setsum (rr y) {Suc start ..<z} < weight then min (weight - remainder - setsum (rr y) {Suc start..<z}) (rr y z) else 0)"
   1.177 +        else if remainder + setsum (?rr y) {Suc start ..<z} < weight then min (weight - remainder - setsum (?rr y) {Suc start..<z}) (?rr y z) else 0)"
   1.178         by simp
   1.179      { fix y and remainder :: real and start and weight :: real
   1.180        assume weight_nonneg: "0 \<le> weight"
   1.181        let ?assign_aux = "assign_aux y remainder start weight"
   1.182        { fix z
   1.183          have "setsum ?assign_aux {..<z} =
   1.184 -           (if z \<le> start then 0 else if remainder + setsum (rr y) {Suc start..<z} < weight then remainder + setsum (rr y) {Suc start..<z} else weight)"
   1.185 +           (if z \<le> start then 0 else if remainder + setsum (?rr y) {Suc start..<z} < weight then remainder + setsum (?rr y) {Suc start..<z} else weight)"
   1.186          proof(induction z)
   1.187            case (Suc z) show ?case
   1.188 -            by(auto simp add: Suc.IH assign_aux_alt_def[where z=z] not_less)(metis add.commute add.left_commute add_increasing pos_r)
   1.189 +            by (auto simp add: Suc.IH assign_aux_alt_def[where z=z] not_less)
   1.190 +               (metis add.commute add.left_commute add_increasing pmf_nonneg)
   1.191          qed(auto simp add: assign_aux_def) }
   1.192        note setsum_start_assign_aux = this
   1.193        moreover {
   1.194          assume remainder_nonneg: "0 \<le> remainder"
   1.195          have [simp]: "\<And>z. 0 \<le> ?assign_aux z"
   1.196            by(simp add: assign_aux_def weight_nonneg remainder_nonneg)
   1.197 -        moreover have "\<And>z. \<lbrakk> rr y z = 0; remainder \<le> rr y start \<rbrakk> \<Longrightarrow> ?assign_aux z = 0"
   1.198 +        moreover have "\<And>z. \<lbrakk> ?rr y z = 0; remainder \<le> ?rr y start \<rbrakk> \<Longrightarrow> ?assign_aux z = 0"
   1.199            using remainder_nonneg weight_nonneg
   1.200            by(auto simp add: assign_aux_def min_def)
   1.201          moreover have "(\<integral>\<^sup>+ z. ?assign_aux z \<partial>count_space UNIV) = 
   1.202 -          min weight (\<integral>\<^sup>+ z. (if z < start then 0 else if z = start then remainder else rr y z) \<partial>count_space UNIV)"
   1.203 +          min weight (\<integral>\<^sup>+ z. (if z < start then 0 else if z = start then remainder else ?rr y z) \<partial>count_space UNIV)"
   1.204            (is "?lhs = ?rhs" is "_ = min _ (\<integral>\<^sup>+ y. ?f y \<partial>_)")
   1.205          proof -
   1.206            have "?lhs = (SUP n. \<Sum>z<n. ereal (?assign_aux z))"
   1.207 @@ -1028,27 +1011,27 @@
   1.208        and assign_aux_eq_0_outside = this(3)
   1.209        and nn_integral_assign_aux = this(4)
   1.210      { fix y and remainder :: real and start target
   1.211 -      have "setsum (rr y) {Suc start..<target} \<ge> 0" by(simp add: setsum_nonneg)
   1.212 +      have "setsum (?rr y) {Suc start..<target} \<ge> 0" by (simp add: setsum_nonneg)
   1.213        moreover assume "0 \<le> remainder"
   1.214        ultimately have "assign_aux y remainder start 0 target = 0"
   1.215          by(auto simp add: assign_aux_def min_def) }
   1.216      note assign_aux_weight_0 [simp] = this
   1.217  
   1.218 -    def find_start \<equiv> "\<lambda>y weight. if \<exists>n. weight \<le> setsum (rr y)  {..n} then Some (LEAST n. weight \<le> setsum (rr y) {..n}) else None"
   1.219 +    def find_start \<equiv> "\<lambda>y weight. if \<exists>n. weight \<le> setsum (?rr y)  {..n} then Some (LEAST n. weight \<le> setsum (?rr y) {..n}) else None"
   1.220      have find_start_eq_Some_above:
   1.221 -      "\<And>y weight n. find_start y weight = Some n \<Longrightarrow> weight \<le> setsum (rr y) {..n}"
   1.222 +      "\<And>y weight n. find_start y weight = Some n \<Longrightarrow> weight \<le> setsum (?rr y) {..n}"
   1.223        by(drule sym)(auto simp add: find_start_def split: split_if_asm intro: LeastI)
   1.224      { fix y weight n
   1.225        assume find_start: "find_start y weight = Some n"
   1.226        and weight: "0 \<le> weight"
   1.227 -      have "setsum (rr y) {..n} \<le> rr y n + weight"
   1.228 +      have "setsum (?rr y) {..n} \<le> ?rr y n + weight"
   1.229        proof(rule ccontr)
   1.230          assume "\<not> ?thesis"
   1.231 -        hence "rr y n + weight < setsum (rr y) {..n}" by simp
   1.232 +        hence "?rr y n + weight < setsum (?rr y) {..n}" by simp
   1.233          moreover with weight obtain n' where "n = Suc n'" by(cases n) auto
   1.234 -        ultimately have "weight \<le> setsum (rr y) {..n'}" by simp
   1.235 -        hence "(LEAST n. weight \<le> setsum (rr y) {..n}) \<le> n'" by(rule Least_le)
   1.236 -        moreover from find_start have "n = (LEAST n. weight \<le> setsum (rr y) {..n})"
   1.237 +        ultimately have "weight \<le> setsum (?rr y) {..n'}" by simp
   1.238 +        hence "(LEAST n. weight \<le> setsum (?rr y) {..n}) \<le> n'" by(rule Least_le)
   1.239 +        moreover from find_start have "n = (LEAST n. weight \<le> setsum (?rr y) {..n})"
   1.240            by(auto simp add: find_start_def split: split_if_asm)
   1.241          ultimately show False using \<open>n = Suc n'\<close> by auto
   1.242        qed }
   1.243 @@ -1056,41 +1039,41 @@
   1.244      have find_start_0 [simp]: "\<And>y. find_start y 0 = Some 0"
   1.245        by(auto simp add: find_start_def intro!: exI[where x=0])
   1.246      { fix y and weight :: real
   1.247 -      assume "weight < \<integral>\<^sup>+ z. rr y z \<partial>count_space UNIV"
   1.248 -      also have "(\<integral>\<^sup>+ z. rr y z \<partial>count_space UNIV) = (SUP n. \<Sum>z<n. ereal (rr y z))"
   1.249 +      assume "weight < \<integral>\<^sup>+ z. ?rr y z \<partial>count_space UNIV"
   1.250 +      also have "(\<integral>\<^sup>+ z. ?rr y z \<partial>count_space UNIV) = (SUP n. \<Sum>z<n. ereal (?rr y z))"
   1.251          by(simp add: nn_integral_count_space_nat suminf_ereal_eq_SUP)
   1.252 -      finally obtain n where "weight < (\<Sum>z<n. rr y z)" by(auto simp add: less_SUP_iff)
   1.253 +      finally obtain n where "weight < (\<Sum>z<n. ?rr y z)" by(auto simp add: less_SUP_iff)
   1.254        hence "weight \<in> dom (find_start y)"
   1.255 -        by(auto simp add: find_start_def)(meson atMost_iff finite_atMost lessThan_iff less_imp_le order_trans pos_r setsum_mono3 subsetI) }
   1.256 +        by(auto simp add: find_start_def)(meson atMost_iff finite_atMost lessThan_iff less_imp_le order_trans pmf_nonneg setsum_mono3 subsetI) }
   1.257      note in_dom_find_startI = this
   1.258      { fix y and w w' :: real and m
   1.259 -      let ?m' = "LEAST m. w' \<le> setsum (rr y) {..m}"
   1.260 +      let ?m' = "LEAST m. w' \<le> setsum (?rr y) {..m}"
   1.261        assume "w' \<le> w"
   1.262        also  assume "find_start y w = Some m"
   1.263 -      hence "w \<le> setsum (rr y) {..m}" by(rule find_start_eq_Some_above)
   1.264 +      hence "w \<le> setsum (?rr y) {..m}" by(rule find_start_eq_Some_above)
   1.265        finally have "find_start y w' = Some ?m'" by(auto simp add: find_start_def)
   1.266 -      moreover from \<open>w' \<le> setsum (rr y) {..m}\<close> have "?m' \<le> m" by(rule Least_le)
   1.267 +      moreover from \<open>w' \<le> setsum (?rr y) {..m}\<close> have "?m' \<le> m" by(rule Least_le)
   1.268        ultimately have "\<exists>m'. find_start y w' = Some m' \<and> m' \<le> m" by blast }
   1.269      note find_start_mono = this[rotated]
   1.270  
   1.271 -    def assign \<equiv> "\<lambda>y x z. let used = setsum (pp y) {..<x}
   1.272 +    def assign \<equiv> "\<lambda>y x z. let used = setsum (?pp y) {..<x}
   1.273        in case find_start y used of None \<Rightarrow> 0
   1.274 -         | Some start \<Rightarrow> assign_aux y (setsum (rr y) {..start} - used) start (pp y x) z"
   1.275 +         | Some start \<Rightarrow> assign_aux y (setsum (?rr y) {..start} - used) start (?pp y x) z"
   1.276      hence assign_alt_def: "\<And>y x z. assign y x z = 
   1.277 -      (let used = setsum (pp y) {..<x}
   1.278 +      (let used = setsum (?pp y) {..<x}
   1.279         in case find_start y used of None \<Rightarrow> 0
   1.280 -          | Some start \<Rightarrow> assign_aux y (setsum (rr y) {..start} - used) start (pp y x) z)"
   1.281 +          | Some start \<Rightarrow> assign_aux y (setsum (?rr y) {..start} - used) start (?pp y x) z)"
   1.282        by simp
   1.283      have assign_nonneg [simp]: "\<And>y x z. 0 \<le> assign y x z"
   1.284 -      by(simp add: assign_def diff_le_iff find_start_eq_Some_above split: option.split)
   1.285 -    have assign_eq_0_outside: "\<And>y x z. \<lbrakk> pp y x = 0 \<or> rr y z = 0 \<rbrakk> \<Longrightarrow> assign y x z = 0"
   1.286 -      by(auto simp add: assign_def assign_aux_eq_0_outside diff_le_iff find_start_eq_Some_above find_start_eq_Some_least setsum_nonneg split: option.split)
   1.287 +      by(simp add: assign_def diff_le_iff find_start_eq_Some_above Let_def split: option.split)
   1.288 +    have assign_eq_0_outside: "\<And>y x z. \<lbrakk> ?pp y x = 0 \<or> ?rr y z = 0 \<rbrakk> \<Longrightarrow> assign y x z = 0"
   1.289 +      by(auto simp add: assign_def assign_aux_eq_0_outside diff_le_iff find_start_eq_Some_above find_start_eq_Some_least setsum_nonneg Let_def split: option.split)
   1.290  
   1.291      { fix y x z
   1.292        have "(\<Sum>n<Suc x. assign y n z) =
   1.293 -            (case find_start y (setsum (pp y) {..<x}) of None \<Rightarrow> rr y z
   1.294 -             | Some m \<Rightarrow> if z < m then rr y z 
   1.295 -                         else min (rr y z) (max 0 (setsum (pp y) {..<x} + pp y x - setsum (rr y) {..<z})))"
   1.296 +            (case find_start y (setsum (?pp y) {..<x}) of None \<Rightarrow> ?rr y z
   1.297 +             | Some m \<Rightarrow> if z < m then ?rr y z 
   1.298 +                         else min (?rr y z) (max 0 (setsum (?pp y) {..<x} + ?pp y x - setsum (?rr y) {..<z})))"
   1.299          (is "?lhs x = ?rhs x")
   1.300        proof(induction x)
   1.301          case 0 thus ?case 
   1.302 @@ -1100,46 +1083,46 @@
   1.303          have "?lhs (Suc x) = ?lhs x + assign y (Suc x) z" by simp
   1.304          also have "?lhs x = ?rhs x" by(rule Suc.IH)
   1.305          also have "?rhs x + assign y (Suc x) z = ?rhs (Suc x)"
   1.306 -        proof(cases "find_start y (setsum (pp y) {..<Suc x})")
   1.307 +        proof(cases "find_start y (setsum (?pp y) {..<Suc x})")
   1.308            case None
   1.309            thus ?thesis
   1.310              by(auto split: option.split simp add: assign_def min_def max_def diff_le_iff setsum_nonneg not_le field_simps)
   1.311                (metis add.commute add_increasing find_start_def lessThan_Suc_atMost less_imp_le option.distinct(1) setsum_lessThan_Suc)+
   1.312 -        next
   1.313 +        next 
   1.314            case (Some m)
   1.315 -          have [simp]: "setsum (rr y) {..m} = rr y m + setsum (rr y) {..<m}"
   1.316 +          have [simp]: "setsum (?rr y) {..m} = ?rr y m + setsum (?rr y) {..<m}"
   1.317              by(simp add: ivl_disj_un(2)[symmetric])
   1.318 -          from Some obtain m' where m': "find_start y (setsum (pp y) {..<x}) = Some m'" "m' \<le> m"
   1.319 -            by(auto dest: find_start_mono[where w'2="setsum (pp y) {..<x}"])
   1.320 +          from Some obtain m' where m': "find_start y (setsum (?pp y) {..<x}) = Some m'" "m' \<le> m"
   1.321 +            by(auto dest: find_start_mono[where w'2="setsum (?pp y) {..<x}"])
   1.322            moreover {
   1.323              assume "z < m"
   1.324 -            then have "setsum (rr y) {..z} \<le> setsum (rr y) {..<m}"
   1.325 +            then have "setsum (?rr y) {..z} \<le> setsum (?rr y) {..<m}"
   1.326                by(auto intro: setsum_mono3)
   1.327 -            also have "\<dots> \<le> setsum (pp y) {..<Suc x}" using find_start_eq_Some_least[OF Some]
   1.328 +            also have "\<dots> \<le> setsum (?pp y) {..<Suc x}" using find_start_eq_Some_least[OF Some]
   1.329                by(simp add: ivl_disj_un(2)[symmetric] setsum_nonneg)
   1.330 -            finally have "rr y z \<le> max 0 (setsum (pp y) {..<x} + pp y x - setsum (rr y) {..<z})"
   1.331 -              by(auto simp add: ivl_disj_un(2)[symmetric] max_def diff_le_iff simp del: r_convs)
   1.332 +            finally have "?rr y z \<le> max 0 (setsum (?pp y) {..<x} + ?pp y x - setsum (?rr y) {..<z})"
   1.333 +              by(auto simp add: ivl_disj_un(2)[symmetric] max_def diff_le_iff simp del: pmf_le_0_iff)
   1.334            } moreover {
   1.335              assume "m \<le> z"
   1.336 -            have "setsum (pp y) {..<Suc x} \<le> setsum (rr y) {..m}"
   1.337 +            have "setsum (?pp y) {..<Suc x} \<le> setsum (?rr y) {..m}"
   1.338                using Some by(rule find_start_eq_Some_above)
   1.339 -            also have "\<dots> \<le> setsum (rr y) {..<Suc z}" using \<open>m \<le> z\<close> by(intro setsum_mono3) auto
   1.340 -            finally have "max 0 (setsum (pp y) {..<x} + pp y x - setsum (rr y) {..<z}) \<le> rr y z" by simp
   1.341 -            moreover have "z \<noteq> m \<Longrightarrow> setsum (rr y) {..m} + setsum (rr y) {Suc m..<z} = setsum (rr y) {..<z}"
   1.342 +            also have "\<dots> \<le> setsum (?rr y) {..<Suc z}" using \<open>m \<le> z\<close> by(intro setsum_mono3) auto
   1.343 +            finally have "max 0 (setsum (?pp y) {..<x} + ?pp y x - setsum (?rr y) {..<z}) \<le> ?rr y z" by simp
   1.344 +            moreover have "z \<noteq> m \<Longrightarrow> setsum (?rr y) {..m} + setsum (?rr y) {Suc m..<z} = setsum (?rr y) {..<z}"
   1.345                using \<open>m \<le> z\<close>
   1.346                by(subst ivl_disj_un(8)[where l="Suc m", symmetric])
   1.347                  (simp_all add: setsum_Un ivl_disj_un(2)[symmetric] setsum.neutral)
   1.348              moreover note calculation
   1.349            } moreover {
   1.350              assume "m < z"
   1.351 -            have "setsum (pp y) {..<Suc x} \<le> setsum (rr y) {..m}"
   1.352 +            have "setsum (?pp y) {..<Suc x} \<le> setsum (?rr y) {..m}"
   1.353                using Some by(rule find_start_eq_Some_above)
   1.354 -            also have "\<dots> \<le> setsum (rr y) {..<z}" using \<open>m < z\<close> by(intro setsum_mono3) auto
   1.355 -            finally have "max 0 (setsum (pp y) {..<Suc x} - setsum (rr y) {..<z}) = 0" by simp }
   1.356 -          moreover have "setsum (pp y) {..<Suc x} \<ge> setsum (rr y) {..<m}"
   1.357 +            also have "\<dots> \<le> setsum (?rr y) {..<z}" using \<open>m < z\<close> by(intro setsum_mono3) auto
   1.358 +            finally have "max 0 (setsum (?pp y) {..<Suc x} - setsum (?rr y) {..<z}) = 0" by simp }
   1.359 +          moreover have "setsum (?pp y) {..<Suc x} \<ge> setsum (?rr y) {..<m}"
   1.360              using find_start_eq_Some_least[OF Some]
   1.361              by(simp add: setsum_nonneg ivl_disj_un(2)[symmetric])
   1.362 -          moreover hence "setsum (pp y) {..<Suc (Suc x)} \<ge> setsum (rr y) {..<m}"
   1.363 +          moreover hence "setsum (?pp y) {..<Suc (Suc x)} \<ge> setsum (?rr y) {..<m}"
   1.364              by(fastforce intro: order_trans)
   1.365            ultimately show ?thesis using Some
   1.366              by(auto simp add: assign_def assign_aux_def Let_def field_simps max_def)
   1.367 @@ -1148,60 +1131,63 @@
   1.368        qed }
   1.369      note setsum_assign = this
   1.370  
   1.371 -    have nn_integral_assign1: "\<And>y z. (\<integral>\<^sup>+ x. assign y x z \<partial>count_space UNIV) = rr y z"
   1.372 +    have nn_integral_assign1: "\<And>y z. (\<integral>\<^sup>+ x. assign y x z \<partial>count_space UNIV) = ?rr y z"
   1.373      proof -
   1.374        fix y z
   1.375        have "(\<integral>\<^sup>+ x. assign y x z \<partial>count_space UNIV) = (SUP n. ereal (\<Sum>x<n. assign y x z))"
   1.376          by(simp add: nn_integral_count_space_nat suminf_ereal_eq_SUP)
   1.377 -      also have "\<dots> = rr y z"
   1.378 +      also have "\<dots> = ?rr y z"
   1.379        proof(rule antisym)
   1.380 -        show "(SUP n. ereal (\<Sum>x<n. assign y x z)) \<le> rr y z"
   1.381 +        show "(SUP n. ereal (\<Sum>x<n. assign y x z)) \<le> ?rr y z"
   1.382          proof(rule SUP_least)
   1.383            fix n
   1.384 -          show "ereal (\<Sum>x<n. (assign y x z)) \<le> rr y z"
   1.385 +          show "ereal (\<Sum>x<n. (assign y x z)) \<le> ?rr y z"
   1.386              using setsum_assign[of y z "n - 1"]
   1.387              by(cases n)(simp_all split: option.split)
   1.388          qed
   1.389 -        show "rr y z \<le> (SUP n. ereal (\<Sum>x<n. assign y x z))"
   1.390 -        proof(cases "setsum (rr y) {..z} < \<integral>\<^sup>+ x. pp y x \<partial>count_space UNIV")
   1.391 +        show "?rr y z \<le> (SUP n. ereal (\<Sum>x<n. assign y x z))"
   1.392 +        proof(cases "setsum (?rr y) {..z} < \<integral>\<^sup>+ x. ?pp y x \<partial>count_space UNIV")
   1.393            case True
   1.394 -          then obtain n where "setsum (rr y) {..z} < setsum (pp y) {..<n}"
   1.395 +          then obtain n where "setsum (?rr y) {..z} < setsum (?pp y) {..<n}"
   1.396              by(auto simp add: nn_integral_count_space_nat suminf_ereal_eq_SUP less_SUP_iff)
   1.397 -          moreover have "\<And>k. k < z \<Longrightarrow> setsum (rr y) {..k} \<le> setsum (rr y) {..<z}"
   1.398 +          moreover have "\<And>k. k < z \<Longrightarrow> setsum (?rr y) {..k} \<le> setsum (?rr y) {..<z}"
   1.399              by(auto intro: setsum_mono3)
   1.400 -          ultimately have "rr y z \<le> (\<Sum>x<Suc n. assign y x z)"
   1.401 +          ultimately have "?rr y z \<le> (\<Sum>x<Suc n. assign y x z)"
   1.402              by(subst setsum_assign)(auto split: option.split dest!: find_start_eq_Some_above simp add: ivl_disj_un(2)[symmetric] add.commute add_increasing le_diff_eq le_max_iff_disj)
   1.403            also have "\<dots> \<le> (SUP n. ereal (\<Sum>x<n. assign y x z))" 
   1.404              by(rule SUP_upper) simp
   1.405            finally show ?thesis by simp
   1.406          next
   1.407            case False
   1.408 -          have "setsum (rr y) {..z} = \<integral>\<^sup>+ z. rr y z \<partial>count_space {..z}"
   1.409 +          have "setsum (?rr y) {..z} = \<integral>\<^sup>+ z. ?rr y z \<partial>count_space {..z}"
   1.410              by(simp add: nn_integral_count_space_finite max_def)
   1.411 -          also have "\<dots> \<le> \<integral>\<^sup>+ z. rr y z \<partial>count_space UNIV"
   1.412 +          also have "\<dots> \<le> \<integral>\<^sup>+ z. ?rr y z \<partial>count_space UNIV"
   1.413              by(auto simp add: nn_integral_count_space_indicator indicator_def intro: nn_integral_mono)
   1.414 -          also have "\<dots> = \<integral>\<^sup>+ x. pp y x \<partial>count_space UNIV" by(simp add: eq)
   1.415 -          finally have *: "setsum (rr y) {..z} = \<dots>" using False by simp
   1.416 -          also have "\<dots> = (SUP n. ereal (\<Sum>x<n. pp y x))"
   1.417 +          also have "\<dots> = \<integral>\<^sup>+ x. ?pp y x \<partial>count_space UNIV" by(simp add: eq)
   1.418 +          finally have *: "setsum (?rr y) {..z} = \<dots>" using False by simp
   1.419 +          also have "\<dots> = (SUP n. ereal (\<Sum>x<n. ?pp y x))"
   1.420              by(simp add: nn_integral_count_space_nat suminf_ereal_eq_SUP)
   1.421 -          also have "\<dots> \<le> (SUP n. ereal (\<Sum>x<n. assign y x z)) + setsum (rr y) {..<z}"
   1.422 +          also have "\<dots> \<le> (SUP n. ereal (\<Sum>x<n. assign y x z)) + setsum (?rr y) {..<z}"
   1.423            proof(rule SUP_least)
   1.424              fix n
   1.425 -            have "setsum (pp y) {..<n} = \<integral>\<^sup>+ x. pp y x \<partial>count_space {..<n}"
   1.426 +            have "setsum (?pp y) {..<n} = \<integral>\<^sup>+ x. ?pp y x \<partial>count_space {..<n}"
   1.427                by(simp add: nn_integral_count_space_finite max_def)
   1.428 -            also have "\<dots> \<le> \<integral>\<^sup>+ x. pp y x \<partial>count_space UNIV"
   1.429 +            also have "\<dots> \<le> \<integral>\<^sup>+ x. ?pp y x \<partial>count_space UNIV"
   1.430                by(auto simp add: nn_integral_count_space_indicator indicator_def intro: nn_integral_mono)
   1.431 -            also have "\<dots> = setsum (rr y) {..z}" using * by simp
   1.432 -            finally obtain k where k: "find_start y (setsum (pp y) {..<n}) = Some k"
   1.433 +            also have "\<dots> = setsum (?rr y) {..z}" using * by simp
   1.434 +            finally obtain k where k: "find_start y (setsum (?pp y) {..<n}) = Some k"
   1.435                by(fastforce simp add: find_start_def)
   1.436 -            with \<open>ereal (setsum (pp y) {..<n}) \<le> setsum (rr y) {..z}\<close>
   1.437 +            with \<open>ereal (setsum (?pp y) {..<n}) \<le> setsum (?rr y) {..z}\<close>
   1.438              have "k \<le> z" by(auto simp add: find_start_def split: split_if_asm intro: Least_le)
   1.439 -            then have "setsum (pp y) {..<n} - setsum (rr y) {..<z} \<le> ereal (\<Sum>x<Suc n. assign y x z)"
   1.440 -              using \<open>ereal (setsum (pp y) {..<n}) \<le> setsum (rr y) {..z}\<close>
   1.441 -              by(subst setsum_assign)(auto simp add: field_simps max_def k ivl_disj_un(2)[symmetric], metis le_add_same_cancel2 max.bounded_iff max_def pos_p)
   1.442 +            then have "setsum (?pp y) {..<n} - setsum (?rr y) {..<z} \<le> ereal (\<Sum>x<Suc n. assign y x z)"
   1.443 +              using \<open>ereal (setsum (?pp y) {..<n}) \<le> setsum (?rr y) {..z}\<close>
   1.444 +              apply (subst setsum_assign)
   1.445 +              apply (auto simp add: field_simps max_def k ivl_disj_un(2)[symmetric])
   1.446 +              apply (meson add_increasing le_cases pmf_nonneg)
   1.447 +              done
   1.448              also have "\<dots> \<le> (SUP n. ereal (\<Sum>x<n. assign y x z))"
   1.449                by(rule SUP_upper) simp
   1.450 -            finally show "ereal (\<Sum>x<n. pp y x) \<le> \<dots> + setsum (rr y) {..<z}" 
   1.451 +            finally show "ereal (\<Sum>x<n. ?pp y x) \<le> \<dots> + setsum (?rr y) {..<z}" 
   1.452                by(simp add: ereal_minus(1)[symmetric] ereal_minus_le del: ereal_minus(1))
   1.453            qed
   1.454            finally show ?thesis
   1.455 @@ -1212,249 +1198,113 @@
   1.456      qed
   1.457  
   1.458      { fix y x
   1.459 -      have "(\<integral>\<^sup>+ z. assign y x z \<partial>count_space UNIV) = pp y x"
   1.460 -      proof(cases "setsum (pp y) {..<x} = \<integral>\<^sup>+ x. pp y x \<partial>count_space UNIV")
   1.461 +      have "(\<integral>\<^sup>+ z. assign y x z \<partial>count_space UNIV) = ?pp y x"
   1.462 +      proof(cases "setsum (?pp y) {..<x} = \<integral>\<^sup>+ x. ?pp y x \<partial>count_space UNIV")
   1.463          case False
   1.464 -        let ?used = "setsum (pp y) {..<x}"
   1.465 -        have "?used = \<integral>\<^sup>+ x. pp y x \<partial>count_space {..<x}"
   1.466 +        let ?used = "setsum (?pp y) {..<x}"
   1.467 +        have "?used = \<integral>\<^sup>+ x. ?pp y x \<partial>count_space {..<x}"
   1.468            by(simp add: nn_integral_count_space_finite max_def)
   1.469 -        also have "\<dots> \<le> \<integral>\<^sup>+ x. pp y x \<partial>count_space UNIV"
   1.470 +        also have "\<dots> \<le> \<integral>\<^sup>+ x. ?pp y x \<partial>count_space UNIV"
   1.471            by(auto simp add: nn_integral_count_space_indicator indicator_def intro!: nn_integral_mono)
   1.472          finally have "?used < \<dots>" using False by auto
   1.473          also note eq finally have "?used \<in> dom (find_start y)" by(rule in_dom_find_startI)
   1.474          then obtain k where k: "find_start y ?used = Some k" by auto
   1.475 -        let ?f = "\<lambda>z. if z < k then 0 else if z = k then setsum (rr y) {..k} - ?used else rr y z"
   1.476 -        let ?g = "\<lambda>x'. if x' < x then 0 else pp y x'"
   1.477 -        have "pp y x = ?g x" by simp
   1.478 +        let ?f = "\<lambda>z. if z < k then 0 else if z = k then setsum (?rr y) {..k} - ?used else ?rr y z"
   1.479 +        let ?g = "\<lambda>x'. if x' < x then 0 else ?pp y x'"
   1.480 +        have "?pp y x = ?g x" by simp
   1.481          also have "?g x \<le> \<integral>\<^sup>+ x'. ?g x' \<partial>count_space UNIV" by(rule nn_integral_ge_point) simp
   1.482          also {
   1.483 -          have "?used = \<integral>\<^sup>+ x. pp y x \<partial>count_space {..<x}"
   1.484 +          have "?used = \<integral>\<^sup>+ x. ?pp y x \<partial>count_space {..<x}"
   1.485              by(simp add: nn_integral_count_space_finite max_def)
   1.486 -          also have "\<dots> = \<integral>\<^sup>+ x'. (if x' < x then pp y x' else 0) \<partial>count_space UNIV"
   1.487 -            by(simp add: nn_integral_count_space_indicator indicator_def if_distrib zero_ereal_def cong: if_cong)
   1.488 -          also have "(\<integral>\<^sup>+ x'. ?g x' \<partial>count_space UNIV) + \<dots> = \<integral>\<^sup>+ x. pp y x \<partial>count_space UNIV"
   1.489 +          also have "\<dots> = \<integral>\<^sup>+ x'. (if x' < x then ?pp y x' else 0) \<partial>count_space UNIV"
   1.490 +            by(simp add: nn_integral_count_space_indicator indicator_def if_distrib zero_ereal_def cong del: if_cong)
   1.491 +          also have "(\<integral>\<^sup>+ x'. ?g x' \<partial>count_space UNIV) + \<dots> = \<integral>\<^sup>+ x. ?pp y x \<partial>count_space UNIV"
   1.492              by(subst nn_integral_add[symmetric])(auto intro: nn_integral_cong)
   1.493            also note calculation }
   1.494 -        ultimately have "ereal (pp y x) + ?used \<le> \<integral>\<^sup>+ x. pp y x \<partial>count_space UNIV"
   1.495 +        ultimately have "ereal (?pp y x) + ?used \<le> \<integral>\<^sup>+ x. ?pp y x \<partial>count_space UNIV"
   1.496            by (metis (no_types, lifting) ereal_add_mono order_refl)
   1.497          also note eq
   1.498 -        also have "(\<integral>\<^sup>+ z. rr y z \<partial>count_space UNIV) = (\<integral>\<^sup>+ z. ?f z \<partial>count_space UNIV) + (\<integral>\<^sup>+ z. (if z < k then rr y z else if z = k then ?used - setsum (rr y) {..<k} else 0) \<partial>count_space UNIV)"
   1.499 +        also have "(\<integral>\<^sup>+ z. ?rr y z \<partial>count_space UNIV) = (\<integral>\<^sup>+ z. ?f z \<partial>count_space UNIV) + (\<integral>\<^sup>+ z. (if z < k then ?rr y z else if z = k then ?used - setsum (?rr y) {..<k} else 0) \<partial>count_space UNIV)"
   1.500            using k by(subst nn_integral_add[symmetric])(auto intro!: nn_integral_cong simp add: ivl_disj_un(2)[symmetric] setsum_nonneg dest: find_start_eq_Some_least find_start_eq_Some_above)
   1.501 -        also have "(\<integral>\<^sup>+ z. (if z < k then rr y z else if z = k then ?used - setsum (rr y) {..<k} else 0) \<partial>count_space UNIV) =
   1.502 -          (\<integral>\<^sup>+ z. (if z < k then rr y z else if z = k then ?used - setsum (rr y) {..<k} else 0) \<partial>count_space {..k})"
   1.503 +        also have "(\<integral>\<^sup>+ z. (if z < k then ?rr y z else if z = k then ?used - setsum (?rr y) {..<k} else 0) \<partial>count_space UNIV) =
   1.504 +          (\<integral>\<^sup>+ z. (if z < k then ?rr y z else if z = k then ?used - setsum (?rr y) {..<k} else 0) \<partial>count_space {..k})"
   1.505            by(auto simp add: nn_integral_count_space_indicator indicator_def intro: nn_integral_cong)
   1.506          also have "\<dots> = ?used" 
   1.507            using k by(auto simp add: nn_integral_count_space_finite max_def ivl_disj_un(2)[symmetric] diff_le_iff setsum_nonneg dest: find_start_eq_Some_least)
   1.508 -        finally have "pp y x \<le> (\<integral>\<^sup>+ z. ?f z \<partial>count_space UNIV)"
   1.509 +        finally have "?pp y x \<le> (\<integral>\<^sup>+ z. ?f z \<partial>count_space UNIV)"
   1.510            by(cases "\<integral>\<^sup>+ z. ?f z \<partial>count_space UNIV") simp_all
   1.511          then show ?thesis using k
   1.512            by(simp add: assign_def nn_integral_assign_aux diff_le_iff find_start_eq_Some_above min_def)
   1.513        next
   1.514          case True
   1.515 -        have "setsum (pp y) {..x} = \<integral>\<^sup>+ x. pp y x \<partial>count_space {..x}"
   1.516 +        have "setsum (?pp y) {..x} = \<integral>\<^sup>+ x. ?pp y x \<partial>count_space {..x}"
   1.517            by(simp add: nn_integral_count_space_finite max_def)
   1.518 -        also have "\<dots> \<le> \<integral>\<^sup>+ x. pp y x \<partial>count_space UNIV"
   1.519 +        also have "\<dots> \<le> \<integral>\<^sup>+ x. ?pp y x \<partial>count_space UNIV"
   1.520            by(auto simp add: nn_integral_count_space_indicator indicator_def intro: nn_integral_mono)
   1.521 -        also have "\<dots> = setsum (pp y) {..<x}" by(simp add: True)
   1.522 -        finally have "pp y x = 0" by(simp add: ivl_disj_un(2)[symmetric] eq_iff del: pp_convs)
   1.523 +        also have "\<dots> = setsum (?pp y) {..<x}" by(simp add: True)
   1.524 +        finally have "?pp y x = 0" by(simp add: ivl_disj_un(2)[symmetric] eq_iff del: pmf_le_0_iff)
   1.525          thus ?thesis
   1.526 -          by(cases "find_start y (setsum (pp y) {..<x})")(simp_all add: assign_def diff_le_iff find_start_eq_Some_above)
   1.527 +          by(cases "find_start y (setsum (?pp y) {..<x})")(simp_all add: assign_def diff_le_iff find_start_eq_Some_above)
   1.528        qed }
   1.529      note nn_integral_assign2 = this
   1.530  
   1.531 -    let ?f = "\<lambda>y x z. if x \<in> ?A y \<and> z \<in> ?B y then assign y (?P y x) (?R y z) else 0"
   1.532 -    def f \<equiv> "\<lambda>y x z. ereal (?f y x z)"
   1.533 -
   1.534 -    have pos: "\<And>y x z. 0 \<le> f y x z" by(simp add: f_def)
   1.535 +    def a \<equiv> "embed_pmf (\<lambda>(y, x, z). assign y x z)"
   1.536      { fix y x z
   1.537 -      have "f y x z \<le> 0 \<longleftrightarrow> f y x z = 0" using pos[of y x z] by simp }
   1.538 -    note f [simp] = this
   1.539 -    have support:
   1.540 -      "\<And>x y z. (x, y) \<notin> set_pmf pq \<Longrightarrow> f y x z = 0"
   1.541 -      "\<And>x y z. (y, z) \<notin> set_pmf qr \<Longrightarrow> f y x z = 0"
   1.542 -      by(auto simp add: f_def)
   1.543 -
   1.544 -    from pos support have support':
   1.545 -      "\<And>x z. x \<notin> set_pmf p \<Longrightarrow> (\<integral>\<^sup>+ y. f y x z \<partial>count_space UNIV) = 0"
   1.546 -      "\<And>x z. z \<notin> set_pmf r \<Longrightarrow> (\<integral>\<^sup>+ y. f y x z \<partial>count_space UNIV) = 0"
   1.547 -    and support'':
   1.548 -      "\<And>x y z. x \<notin> set_pmf p \<Longrightarrow> f y x z = 0"
   1.549 -      "\<And>x y z. y \<notin> set_pmf q \<Longrightarrow> f y x z = 0"
   1.550 -      "\<And>x y z. z \<notin> set_pmf r \<Longrightarrow> f y x z = 0"
   1.551 -      by(auto simp add: nn_integral_0_iff_AE AE_count_space p q r set_map_pmf image_iff)(metis fst_conv snd_conv)+
   1.552 +      have "assign y x z = pmf a (y, x, z)"
   1.553 +        unfolding a_def
   1.554 +      proof (subst pmf_embed_pmf)
   1.555 +        have "(\<integral>\<^sup>+ x. ereal ((\<lambda>(y, x, z). assign y x z) x) \<partial>count_space UNIV) =
   1.556 +          (\<integral>\<^sup>+ x. ereal ((\<lambda>(y, x, z). assign y x z) x) \<partial>(count_space ((\<lambda>((y, x), z). (y, x, z)) ` (pp \<times> UNIV))))"
   1.557 +          by (force simp add: nn_integral_count_space_indicator pmf_eq_0_set_pmf split: split_indicator
   1.558 +                    intro!: nn_integral_cong assign_eq_0_outside)
   1.559 +        also have "\<dots> = (\<integral>\<^sup>+ x. ereal ((\<lambda>((y, x), z). assign y x z) x) \<partial>(count_space (pp \<times> UNIV)))"
   1.560 +          by (subst nn_integral_bij_count_space[OF inj_on_imp_bij_betw, symmetric])
   1.561 +             (auto simp: inj_on_def intro!: nn_integral_cong)
   1.562 +        also have "\<dots> = (\<integral>\<^sup>+ y. \<integral>\<^sup>+z. ereal ((\<lambda>((y, x), z). assign y x z) (y, z)) \<partial>count_space UNIV \<partial>count_space pp)"
   1.563 +          by (subst sigma_finite_measure.nn_integral_fst)
   1.564 +             (auto simp: pair_measure_countable sigma_finite_measure_count_space_countable)
   1.565 +        also have "\<dots> = (\<integral>\<^sup>+ z. ?pp (fst z) (snd z) \<partial>count_space pp)"
   1.566 +          by (subst nn_integral_assign2[symmetric]) (auto intro!: nn_integral_cong)
   1.567 +        finally show "(\<integral>\<^sup>+ x. ereal ((\<lambda>(y, x, z). assign y x z) x) \<partial>count_space UNIV) = 1"
   1.568 +          by (simp add: nn_integral_pmf emeasure_pmf)
   1.569 +      qed auto }
   1.570 +    note a = this
   1.571  
   1.572 -    have f_x: "\<And>y z. (\<integral>\<^sup>+ x. f y x z \<partial>count_space (set_pmf p)) = pmf qr (y, z)"
   1.573 -    proof(case_tac "z \<in> ?B y")
   1.574 -      fix y z
   1.575 -      assume z: "z \<in> ?B y"
   1.576 -      have "(\<integral>\<^sup>+ x. f y x z \<partial>count_space (set_pmf p)) = (\<integral>\<^sup>+ x. ?f y x z \<partial>count_space (?A y))"
   1.577 -        using support''(1)[of _ y z]
   1.578 -        by(fastforce simp add: f_def nn_integral_count_space_indicator indicator_def intro!: nn_integral_cong)
   1.579 -      also have "\<dots> = \<integral>\<^sup>+ x. assign y (?P y x) (?R y z) \<partial>count_space (?A y)"
   1.580 -        using z by(intro nn_integral_cong) simp
   1.581 -      also have "\<dots> = \<integral>\<^sup>+ x. assign y x (?R y z) \<partial>count_space (?P y ` ?A y)"
   1.582 -        by(intro nn_integral_bij_count_space inj_on_imp_bij_betw inj_on_to_nat_on) simp
   1.583 -      also have "\<dots> = \<integral>\<^sup>+ x. assign y x (?R y z) \<partial>count_space UNIV"
   1.584 -        by(auto simp add: nn_integral_count_space_indicator indicator_def assign_eq_0_outside pp_def intro!: nn_integral_cong)
   1.585 -      also have "\<dots> = rr y (?R y z)" by(rule nn_integral_assign1)
   1.586 -      also have "\<dots> = pmf qr (y, z)" using z by(simp add: rr_def)
   1.587 -      finally show "?thesis y z" .
   1.588 -    qed(auto simp add: f_def zero_ereal_def[symmetric] set_pmf_iff)
   1.589 -
   1.590 -    have f_z: "\<And>x y. (\<integral>\<^sup>+ z. f y x z \<partial>count_space (set_pmf r)) = pmf pq (x, y)"
   1.591 -    proof(case_tac "x \<in> ?A y")
   1.592 -      fix x y
   1.593 -      assume x: "x \<in> ?A y"
   1.594 -      have "(\<integral>\<^sup>+ z. f y x z \<partial>count_space (set_pmf r)) = (\<integral>\<^sup>+ z. ?f y x z \<partial>count_space (?B y))"
   1.595 -        using support''(3)[of _ y x]
   1.596 -        by(fastforce simp add: f_def nn_integral_count_space_indicator indicator_def intro!: nn_integral_cong)
   1.597 -      also have "\<dots> = \<integral>\<^sup>+ z. assign y (?P y x) (?R y z) \<partial>count_space (?B y)"
   1.598 -        using x by(intro nn_integral_cong) simp
   1.599 -      also have "\<dots> = \<integral>\<^sup>+ z. assign y (?P y x) z \<partial>count_space (?R y ` ?B y)"
   1.600 -        by(intro nn_integral_bij_count_space inj_on_imp_bij_betw inj_on_to_nat_on) simp
   1.601 -      also have "\<dots> = \<integral>\<^sup>+ z. assign y (?P y x) z \<partial>count_space UNIV"
   1.602 -        by(auto simp add: nn_integral_count_space_indicator indicator_def assign_eq_0_outside rr_def intro!: nn_integral_cong)
   1.603 -      also have "\<dots> = pp y (?P y x)" by(rule nn_integral_assign2)
   1.604 -      also have "\<dots> = pmf pq (x, y)" using x by(simp add: pp_def)
   1.605 -      finally show "?thesis x y" .
   1.606 -    qed(auto simp add: f_def zero_ereal_def[symmetric] set_pmf_iff)
   1.607 -
   1.608 -    let ?pr = "\<lambda>(x, z). \<integral>\<^sup>+ y. f y x z \<partial>count_space UNIV"
   1.609 -
   1.610 -    have pr_pos: "\<And>xz. 0 \<le> ?pr xz"
   1.611 -      by(auto simp add: nn_integral_nonneg)
   1.612 +    def pr \<equiv> "map_pmf (\<lambda>(y, x, z). (from_nat_into (A y) x, from_nat_into (B y) z)) a"
   1.613  
   1.614 -    have pr': "?pr = (\<lambda>(x, z). \<integral>\<^sup>+ y. f y x z \<partial>count_space (set_pmf q))"
   1.615 -      by(auto simp add: fun_eq_iff nn_integral_count_space_indicator indicator_def support'' intro: nn_integral_cong)
   1.616 -    
   1.617 -    have "(\<integral>\<^sup>+ xz. ?pr xz \<partial>count_space UNIV) = (\<integral>\<^sup>+ xz. ?pr xz * indicator (set_pmf p \<times> set_pmf r) xz \<partial>count_space UNIV)"
   1.618 -      by(rule nn_integral_cong)(auto simp add: indicator_def support' intro: ccontr)
   1.619 -    also have "\<dots> = (\<integral>\<^sup>+ xz. ?pr xz \<partial>count_space (set_pmf p \<times> set_pmf r))"
   1.620 -      by(simp add: nn_integral_count_space_indicator)
   1.621 -    also have "\<dots> = (\<integral>\<^sup>+ xz. ?pr xz \<partial>(count_space (set_pmf p) \<Otimes>\<^sub>M count_space (set_pmf r)))"
   1.622 -      by(simp add: pair_measure_countable)
   1.623 -    also have "\<dots> = (\<integral>\<^sup>+ (x, z). \<integral>\<^sup>+ y. f y x z \<partial>count_space (set_pmf q) \<partial>(count_space (set_pmf p) \<Otimes>\<^sub>M count_space (set_pmf r)))"
   1.624 -      by(simp add: pr')
   1.625 -    also have "\<dots> = (\<integral>\<^sup>+ x. \<integral>\<^sup>+ z. \<integral>\<^sup>+ y. f y x z \<partial>count_space (set_pmf q) \<partial>count_space (set_pmf r) \<partial>count_space (set_pmf p))"
   1.626 -      by(subst sigma_finite_measure.nn_integral_fst[symmetric, OF sigma_finite_measure_count_space_countable])(simp_all add: pair_measure_countable)
   1.627 -    also have "\<dots> = (\<integral>\<^sup>+ x. \<integral>\<^sup>+ y. \<integral>\<^sup>+ z. f y x z \<partial>count_space (set_pmf r) \<partial>count_space (set_pmf q) \<partial>count_space (set_pmf p))"
   1.628 -      by(subst (2) pair_sigma_finite.Fubini')(simp_all add: pair_sigma_finite.intro sigma_finite_measure_count_space_countable pair_measure_countable)
   1.629 -    also have "\<dots> = (\<integral>\<^sup>+ x. \<integral>\<^sup>+ y. pmf pq (x, y) \<partial>count_space (set_pmf q) \<partial>count_space (set_pmf p))"
   1.630 -      by(simp add: f_z)
   1.631 -    also have "\<dots> = (\<integral>\<^sup>+ y. \<integral>\<^sup>+ x. pmf pq (x, y) \<partial>count_space (set_pmf p) \<partial>count_space (set_pmf q))"
   1.632 -      by(subst pair_sigma_finite.Fubini')(simp_all add: pair_sigma_finite.intro sigma_finite_measure_count_space_countable pair_measure_countable)
   1.633 -    also have "\<dots> = (\<integral>\<^sup>+ y. \<integral>\<^sup>+ x. emeasure (measure_pmf pq) {(x, y)} \<partial>count_space (set_pmf p) \<partial>count_space (set_pmf q))"
   1.634 -      by(simp add: emeasure_pmf_single)
   1.635 -    also have "\<dots> = (\<integral>\<^sup>+ y. emeasure (measure_pmf pq) (\<Union>x\<in>set_pmf p. {(x, y)}) \<partial>count_space (set_pmf q))"
   1.636 -      by(subst emeasure_UN_countable)(simp_all add: disjoint_family_on_def)
   1.637 -    also have "\<dots> = (\<integral>\<^sup>+ y. emeasure (measure_pmf pq) ((\<Union>x\<in>set_pmf p. {(x, y)}) \<union> {(x, y'). x \<notin> set_pmf p \<and> y' = y}) \<partial>count_space (set_pmf q))"
   1.638 -      by(rule nn_integral_cong emeasure_Un_null_set[symmetric])+
   1.639 -        (auto simp add: p set_map_pmf split_beta intro!: in_null_sets_measure_pmfI intro: rev_image_eqI)
   1.640 -    also have "\<dots> = (\<integral>\<^sup>+ y. emeasure (measure_pmf pq) (snd -` {y}) \<partial>count_space (set_pmf q))"
   1.641 -      by(rule nn_integral_cong arg_cong2[where f=emeasure])+auto
   1.642 -    also have "\<dots> = (\<integral>\<^sup>+ y. pmf q y \<partial>count_space (set_pmf q))"
   1.643 -      by(simp add: ereal_pmf_map q)
   1.644 -    also have "\<dots> = (\<integral>\<^sup>+ y. pmf q y \<partial>count_space UNIV)"
   1.645 -      by(auto simp add: nn_integral_count_space_indicator indicator_def set_pmf_iff intro: nn_integral_cong)
   1.646 -    also have "\<dots> = 1"
   1.647 -      by(subst nn_integral_pmf)(simp add: measure_pmf.emeasure_eq_1_AE)
   1.648 -    finally have pr_prob: "(\<integral>\<^sup>+ xz. ?pr xz \<partial>count_space UNIV) = 1" .
   1.649 -
   1.650 -    have pr_bounded: "\<And>xz. ?pr xz \<noteq> \<infinity>"
   1.651 -    proof -
   1.652 -      fix xz
   1.653 -      have "?pr xz \<le> \<integral>\<^sup>+ xz. ?pr xz \<partial>count_space UNIV"
   1.654 -        by(rule nn_integral_ge_point) simp
   1.655 -      also have "\<dots> = 1" by(fact pr_prob)
   1.656 -      finally show "?thesis xz" by auto
   1.657 -    qed
   1.658 -
   1.659 -    def pr \<equiv> "embed_pmf (real \<circ> ?pr)"
   1.660 -    have pmf_pr: "\<And>xz. pmf pr xz = real (?pr xz)" using pr_pos pr_prob
   1.661 -      unfolding pr_def by(subst pmf_embed_pmf)(auto simp add: real_of_ereal_pos ereal_real pr_bounded)
   1.662 -
   1.663 -    have set_pmf_pr_subset: "set_pmf pr \<subseteq> set_pmf pq O set_pmf qr"
   1.664 +    have "rel_pmf (R OO S) p r"
   1.665      proof
   1.666 -      fix xz :: "'a \<times> 'c"
   1.667 -      obtain x z where xz: "xz = (x, z)" by(cases xz)
   1.668 -      assume "xz \<in> set_pmf pr"
   1.669 -      with xz have "pmf pr (x, z) \<noteq> 0" by(simp add: set_pmf_iff)
   1.670 -      hence "\<exists>y. f y x z \<noteq> 0" by(rule contrapos_np)(simp add: pmf_pr)
   1.671 -      then obtain y where y: "f y x z \<noteq> 0" ..
   1.672 -      then have "(x, y) \<in> set_pmf pq" "(y, z) \<in> set_pmf qr" 
   1.673 -        using support by fastforce+
   1.674 -      then show "xz \<in> set_pmf pq O set_pmf qr" using xz by auto
   1.675 -    qed
   1.676 -    hence "\<And>x z. (x, z) \<in> set_pmf pr \<Longrightarrow> (R OO S) x z" using pq qr by blast
   1.677 -    moreover
   1.678 -    have "map_pmf fst pr = p"
   1.679 -    proof(rule pmf_eqI)
   1.680 -      fix x
   1.681 -      have "pmf (map_pmf fst pr) x = emeasure (measure_pmf pr) (fst -` {x})"
   1.682 -        by(simp add: ereal_pmf_map)
   1.683 -      also have "\<dots> = \<integral>\<^sup>+ xz. pmf pr xz \<partial>count_space (fst -` {x})"
   1.684 -        by(simp add: nn_integral_pmf)
   1.685 -      also have "\<dots> = \<integral>\<^sup>+ xz. ?pr xz \<partial>count_space (fst -` {x})"
   1.686 -        by(simp add: pmf_pr ereal_real pr_bounded pr_pos)
   1.687 -      also have "\<dots> =  \<integral>\<^sup>+ xz. ?pr xz \<partial>count_space {x} \<Otimes>\<^sub>M count_space (set_pmf r)"
   1.688 -        by(auto simp add: nn_integral_count_space_indicator indicator_def support' pair_measure_countable intro!: nn_integral_cong)
   1.689 -      also have "\<dots> = \<integral>\<^sup>+ z. \<integral>\<^sup>+ x. ?pr (x, z) \<partial>count_space {x} \<partial>count_space (set_pmf r)"
   1.690 -        by(subst pair_sigma_finite.nn_integral_snd[symmetric])(simp_all add: pair_measure_countable pair_sigma_finite.intro sigma_finite_measure_count_space_countable)
   1.691 -      also have "\<dots> = \<integral>\<^sup>+ z. ?pr (x, z) \<partial>count_space (set_pmf r)"
   1.692 -        using pr_pos by(clarsimp simp add: nn_integral_count_space_finite max_def)
   1.693 -      also have "\<dots> = \<integral>\<^sup>+ z. \<integral>\<^sup>+ y. f y x z \<partial>count_space (set_pmf q) \<partial>count_space (set_pmf r)"
   1.694 -        by(simp add: pr')
   1.695 -      also have "\<dots> =  \<integral>\<^sup>+ y. \<integral>\<^sup>+ z. f y x z \<partial>count_space (set_pmf r) \<partial>count_space (set_pmf q)"
   1.696 -        by(subst pair_sigma_finite.Fubini')(simp_all add: pair_sigma_finite.intro sigma_finite_measure_count_space_countable pair_measure_countable)
   1.697 -      also have "\<dots> = \<integral>\<^sup>+ y. pmf pq (x, y) \<partial>count_space (set_pmf q)"
   1.698 -        by(simp add: f_z)
   1.699 -      also have "\<dots> = \<integral>\<^sup>+ y. emeasure (measure_pmf pq) {(x, y)} \<partial>count_space (set_pmf q)"
   1.700 -        by(simp add: emeasure_pmf_single)
   1.701 -      also have "\<dots> = emeasure (measure_pmf pq) (\<Union>y\<in>set_pmf q. {(x, y)})"
   1.702 -        by(subst emeasure_UN_countable)(simp_all add: disjoint_family_on_def)
   1.703 -      also have "\<dots> = emeasure (measure_pmf pq) ((\<Union>y\<in>set_pmf q. {(x, y)}) \<union> {(x', y). y \<notin> set_pmf q \<and> x' = x})"
   1.704 -        by(rule emeasure_Un_null_set[symmetric])+
   1.705 -          (auto simp add: q set_map_pmf split_beta intro!: in_null_sets_measure_pmfI intro: rev_image_eqI)
   1.706 -      also have "\<dots> = emeasure (measure_pmf pq) (fst -` {x})"
   1.707 -        by(rule arg_cong2[where f=emeasure])+auto
   1.708 -      also have "\<dots> = pmf p x" by(simp add: ereal_pmf_map p)
   1.709 -      finally show "pmf (map_pmf fst pr) x = pmf p x" by simp
   1.710 -    qed
   1.711 -    moreover
   1.712 -    have "map_pmf snd pr = r"
   1.713 -    proof(rule pmf_eqI)
   1.714 -      fix z
   1.715 -      have "pmf (map_pmf snd pr) z = emeasure (measure_pmf pr) (snd -` {z})"
   1.716 -        by(simp add: ereal_pmf_map)
   1.717 -      also have "\<dots> = \<integral>\<^sup>+ xz. pmf pr xz \<partial>count_space (snd -` {z})"
   1.718 -        by(simp add: nn_integral_pmf)
   1.719 -      also have "\<dots> = \<integral>\<^sup>+ xz. ?pr xz \<partial>count_space (snd -` {z})"
   1.720 -        by(simp add: pmf_pr ereal_real pr_bounded pr_pos)
   1.721 -      also have "\<dots> =  \<integral>\<^sup>+ xz. ?pr xz \<partial>count_space (set_pmf p) \<Otimes>\<^sub>M count_space {z}"
   1.722 -        by(auto simp add: nn_integral_count_space_indicator indicator_def support' pair_measure_countable intro!: nn_integral_cong)
   1.723 -      also have "\<dots> = \<integral>\<^sup>+ x. \<integral>\<^sup>+ z. ?pr (x, z) \<partial>count_space {z} \<partial>count_space (set_pmf p)"
   1.724 -        by(subst sigma_finite_measure.nn_integral_fst[symmetric])(simp_all add: pair_measure_countable sigma_finite_measure_count_space_countable)
   1.725 -      also have "\<dots> = \<integral>\<^sup>+ x. ?pr (x, z) \<partial>count_space (set_pmf p)"
   1.726 -        using pr_pos by(clarsimp simp add: nn_integral_count_space_finite max_def)
   1.727 -      also have "\<dots> = \<integral>\<^sup>+ x. \<integral>\<^sup>+ y. f y x z \<partial>count_space (set_pmf q) \<partial>count_space (set_pmf p)"
   1.728 -        by(simp add: pr')
   1.729 -      also have "\<dots> =  \<integral>\<^sup>+ y. \<integral>\<^sup>+ x. f y x z \<partial>count_space (set_pmf p) \<partial>count_space (set_pmf q)"
   1.730 -        by(subst pair_sigma_finite.Fubini')(simp_all add: pair_sigma_finite.intro sigma_finite_measure_count_space_countable pair_measure_countable)
   1.731 -      also have "\<dots> = \<integral>\<^sup>+ y. pmf qr (y, z) \<partial>count_space (set_pmf q)"
   1.732 -        by(simp add: f_x)
   1.733 -      also have "\<dots> = \<integral>\<^sup>+ y. emeasure (measure_pmf qr) {(y, z)} \<partial>count_space (set_pmf q)"
   1.734 -        by(simp add: emeasure_pmf_single)
   1.735 -      also have "\<dots> = emeasure (measure_pmf qr) (\<Union>y\<in>set_pmf q. {(y, z)})"
   1.736 -        by(subst emeasure_UN_countable)(simp_all add: disjoint_family_on_def)
   1.737 -      also have "\<dots> = emeasure (measure_pmf qr) ((\<Union>y\<in>set_pmf q. {(y, z)}) \<union> {(y, z'). y \<notin> set_pmf q \<and> z' = z})"
   1.738 -        by(rule emeasure_Un_null_set[symmetric])+
   1.739 -          (auto simp add: q' set_map_pmf split_beta intro!: in_null_sets_measure_pmfI intro: rev_image_eqI)
   1.740 -      also have "\<dots> = emeasure (measure_pmf qr) (snd -` {z})"
   1.741 -        by(rule arg_cong2[where f=emeasure])+auto
   1.742 -      also have "\<dots> = pmf r z" by(simp add: ereal_pmf_map r)
   1.743 -      finally show "pmf (map_pmf snd pr) z = pmf r z" by simp
   1.744 -    qed
   1.745 -    ultimately have "rel_pmf (R OO S) p r" .. }
   1.746 +      have pp_eq: "pp = map_pmf (\<lambda>(y, x, z). (y, x)) a"
   1.747 +      proof (rule pmf_eqI)
   1.748 +        fix i
   1.749 +        show "pmf pp i = pmf (map_pmf (\<lambda>(y, x, z). (y, x)) a) i"
   1.750 +          using nn_integral_assign2[of "fst i" "snd i", symmetric]
   1.751 +          by (auto simp add: a nn_integral_pmf' inj_on_def ereal.inject[symmetric] ereal_pmf_map 
   1.752 +                   simp del: ereal.inject intro!: arg_cong2[where f=emeasure])
   1.753 +      qed
   1.754 +      moreover have pq_eq: "pq = map_pmf (\<lambda>(y, x). (from_nat_into (A y) x, y)) pp"
   1.755 +        by (simp add: pp_def map_pmf_comp split_beta A[symmetric] cong: map_pmf_cong)
   1.756 +      ultimately show "map_pmf fst pr = p"
   1.757 +        unfolding p pr_def by (simp add: map_pmf_comp split_beta)
   1.758 +
   1.759 +      have rr_eq: "rr = map_pmf (\<lambda>(y, x, z). (y, z)) a"
   1.760 +      proof (rule pmf_eqI)
   1.761 +        fix i show "pmf rr i = pmf (map_pmf (\<lambda>(y, x, z). (y, z)) a) i"
   1.762 +          using nn_integral_assign1[of "fst i" "snd i", symmetric]
   1.763 +          by (auto simp add: a nn_integral_pmf' inj_on_def ereal.inject[symmetric] ereal_pmf_map 
   1.764 +                   simp del: ereal.inject intro!: arg_cong2[where f=emeasure])
   1.765 +      qed
   1.766 +      moreover have qr_eq: "qr = map_pmf (\<lambda>(y, z). (y, from_nat_into (B y) z)) rr"
   1.767 +        by (simp add: rr_def map_pmf_comp split_beta B[symmetric] cong: map_pmf_cong)
   1.768 +      ultimately show "map_pmf snd pr = r"
   1.769 +        unfolding r pr_def by (simp add: map_pmf_comp split_beta)
   1.770 +
   1.771 +      fix x z assume "(x, z) \<in> set_pmf pr"
   1.772 +      then have "\<exists>y. (x, y) \<in> set_pmf pq \<and> (y, z) \<in> set_pmf qr"
   1.773 +        by (force simp add: pp_eq pq_eq rr_eq qr_eq set_map_pmf pr_def image_image)
   1.774 +      with pq qr show "(R OO S) x z"
   1.775 +        by blast
   1.776 +    qed }
   1.777    then show "rel_pmf R OO rel_pmf S \<le> rel_pmf (R OO S)"
   1.778      by(auto simp add: le_fun_def)
   1.779  qed (fact natLeq_card_order natLeq_cinfinite)+