use 'image_mset' as BNF map function
authorblanchet
Sun Aug 17 22:27:58 2014 +0200 (2014-08-17)
changeset 579666fab7e95587d
parent 57965 a18a351132b7
child 57967 e6d2e998c30f
child 57979 fc136831d6ca
use 'image_mset' as BNF map function
src/HOL/Library/Multiset.thy
     1.1 --- a/src/HOL/Library/Multiset.thy	Sun Aug 17 16:24:04 2014 +0200
     1.2 +++ b/src/HOL/Library/Multiset.thy	Sun Aug 17 22:27:58 2014 +0200
     1.3 @@ -2224,697 +2224,214 @@
     1.4  
     1.5  subsection {* BNF setup *}
     1.6  
     1.7 -lemma setsum_gt_0_iff:
     1.8 -fixes f :: "'a \<Rightarrow> nat" assumes "finite A"
     1.9 -shows "setsum f A > 0 \<longleftrightarrow> (\<exists> a \<in> A. f a > 0)"
    1.10 -(is "?L \<longleftrightarrow> ?R")
    1.11 -proof-
    1.12 -  have "?L \<longleftrightarrow> \<not> setsum f A = 0" by fast
    1.13 -  also have "... \<longleftrightarrow> (\<exists> a \<in> A. f a \<noteq> 0)" using assms by simp
    1.14 -  also have "... \<longleftrightarrow> ?R" by simp
    1.15 -  finally show ?thesis .
    1.16 -qed
    1.17 -
    1.18 -lift_definition mmap :: "('a \<Rightarrow> 'b) \<Rightarrow> 'a multiset \<Rightarrow> 'b multiset" is
    1.19 -  "\<lambda>h f b. setsum f {a. h a = b \<and> f a > 0} :: nat"
    1.20 -unfolding multiset_def proof safe
    1.21 -  fix h :: "'a \<Rightarrow> 'b" and f :: "'a \<Rightarrow> nat"
    1.22 -  assume fin: "finite {a. 0 < f a}"  (is "finite ?A")
    1.23 -  show "finite {b. 0 < setsum f {a. h a = b \<and> 0 < f a}}"
    1.24 -  (is "finite {b. 0 < setsum f (?As b)}")
    1.25 -  proof- let ?B = "{b. 0 < setsum f (?As b)}"
    1.26 -    have "\<And> b. finite (?As b)" using fin by simp
    1.27 -    hence B: "?B = {b. ?As b \<noteq> {}}" by (auto simp add: setsum_gt_0_iff)
    1.28 -    hence "?B \<subseteq> h ` ?A" by auto
    1.29 -    thus ?thesis using finite_surj[OF fin] by auto
    1.30 -  qed
    1.31 -qed
    1.32 -
    1.33 -lemma mmap_id0: "mmap id = id"
    1.34 -proof (intro ext multiset_eqI)
    1.35 -  fix f a show "count (mmap id f) a = count (id f) a"
    1.36 -  proof (cases "count f a = 0")
    1.37 -    case False
    1.38 -    hence 1: "{aa. aa = a \<and> aa \<in># f} = {a}" by auto
    1.39 -    thus ?thesis by transfer auto
    1.40 -  qed (transfer, simp)
    1.41 -qed
    1.42 -
    1.43 -lemma inj_on_setsum_inv:
    1.44 -assumes 1: "(0::nat) < setsum (count f) {a. h a = b' \<and> a \<in># f}" (is "0 < setsum (count f) ?A'")
    1.45 -and     2: "{a. h a = b \<and> a \<in># f} = {a. h a = b' \<and> a \<in># f}" (is "?A = ?A'")
    1.46 -shows "b = b'"
    1.47 -using assms by (auto simp add: setsum_gt_0_iff)
    1.48 -
    1.49 -lemma mmap_comp:
    1.50 -fixes h1 :: "'a \<Rightarrow> 'b" and h2 :: "'b \<Rightarrow> 'c"
    1.51 -shows "mmap (h2 o h1) = mmap h2 o mmap h1"
    1.52 -proof (intro ext multiset_eqI)
    1.53 -  fix f :: "'a multiset" fix c :: 'c
    1.54 -  let ?A = "{a. h2 (h1 a) = c \<and> a \<in># f}"
    1.55 -  let ?As = "\<lambda> b. {a. h1 a = b \<and> a \<in># f}"
    1.56 -  let ?B = "{b. h2 b = c \<and> 0 < setsum (count f) (?As b)}"
    1.57 -  have 0: "{?As b | b.  b \<in> ?B} = ?As ` ?B" by auto
    1.58 -  have "\<And> b. finite (?As b)" by transfer (simp add: multiset_def)
    1.59 -  hence "?B = {b. h2 b = c \<and> ?As b \<noteq> {}}" by (auto simp add: setsum_gt_0_iff)
    1.60 -  hence A: "?A = \<Union> {?As b | b.  b \<in> ?B}" by auto
    1.61 -  have "setsum (count f) ?A = setsum (setsum (count f)) {?As b | b.  b \<in> ?B}"
    1.62 -    unfolding A by transfer (intro setsum.Union_disjoint [simplified], auto simp: multiset_def setsum.Union_disjoint)
    1.63 -  also have "... = setsum (setsum (count f)) (?As ` ?B)" unfolding 0 ..
    1.64 -  also have "... = setsum (setsum (count f) o ?As) ?B"
    1.65 -    by (intro setsum.reindex) (auto simp add: setsum_gt_0_iff inj_on_def)
    1.66 -  also have "... = setsum (\<lambda> b. setsum (count f) (?As b)) ?B" unfolding comp_def ..
    1.67 -  finally have "setsum (count f) ?A = setsum (\<lambda> b. setsum (count f) (?As b)) ?B" .
    1.68 -  thus "count (mmap (h2 \<circ> h1) f) c = count ((mmap h2 \<circ> mmap h1) f) c"
    1.69 -    by transfer (unfold comp_apply, blast)
    1.70 -qed
    1.71 -
    1.72 -lemma mmap_cong:
    1.73 -assumes "\<And>a. a \<in># M \<Longrightarrow> f a = g a"
    1.74 -shows "mmap f M = mmap g M"
    1.75 -using assms by transfer (auto intro!: setsum.cong)
    1.76 -
    1.77 -context
    1.78 -begin
    1.79 -interpretation lifting_syntax .
    1.80 -
    1.81 -lemma set_of_transfer[transfer_rule]: "(pcr_multiset op = ===> op =) (\<lambda>f. {a. 0 < f a}) set_of"
    1.82 -  unfolding set_of_def pcr_multiset_def cr_multiset_def rel_fun_def by auto
    1.83 -
    1.84 -end
    1.85 -
    1.86 -lemma set_of_mmap: "set_of o mmap h = image h o set_of"
    1.87 -proof (rule ext, unfold comp_apply)
    1.88 -  fix M show "set_of (mmap h M) = h ` set_of M"
    1.89 -    by transfer (auto simp add: multiset_def setsum_gt_0_iff)
    1.90 -qed
    1.91 -
    1.92 -lemma multiset_of_surj:
    1.93 -  "multiset_of ` {as. set as \<subseteq> A} = {M. set_of M \<subseteq> A}"
    1.94 -proof safe
    1.95 -  fix M assume M: "set_of M \<subseteq> A"
    1.96 -  obtain as where eq: "M = multiset_of as" using surj_multiset_of unfolding surj_def by auto
    1.97 -  hence "set as \<subseteq> A" using M by auto
    1.98 -  thus "M \<in> multiset_of ` {as. set as \<subseteq> A}" using eq by auto
    1.99 +definition rel_mset where
   1.100 +  "rel_mset R X Y \<longleftrightarrow> (\<exists>xs ys. multiset_of xs = X \<and> multiset_of ys = Y \<and> list_all2 R xs ys)"
   1.101 +
   1.102 +lemma multiset_of_zip_take_Cons_drop_twice:
   1.103 +  assumes "length xs = length ys" "j \<le> length xs"
   1.104 +  shows "multiset_of (zip (take j xs @ x # drop j xs) (take j ys @ y # drop j ys)) =
   1.105 +    multiset_of (zip xs ys) + {#(x, y)#}"
   1.106 +using assms
   1.107 +proof (induct xs ys arbitrary: x y j rule: list_induct2)
   1.108 +  case Nil
   1.109 +  thus ?case
   1.110 +    by simp
   1.111  next
   1.112 -  show "\<And>x xa xb. \<lbrakk>set xa \<subseteq> A; xb \<in> set_of (multiset_of xa)\<rbrakk> \<Longrightarrow> xb \<in> A"
   1.113 -  by (erule set_mp) (unfold set_of_multiset_of)
   1.114 -qed
   1.115 -
   1.116 -lemma card_of_set_of:
   1.117 -"(card_of {M. set_of M \<subseteq> A}, card_of {as. set as \<subseteq> A}) \<in> ordLeq"
   1.118 -apply(rule surj_imp_ordLeq[of _ multiset_of]) using multiset_of_surj by auto
   1.119 -
   1.120 -lemma nat_sum_induct:
   1.121 -assumes "\<And>n1 n2. (\<And> m1 m2. m1 + m2 < n1 + n2 \<Longrightarrow> phi m1 m2) \<Longrightarrow> phi n1 n2"
   1.122 -shows "phi (n1::nat) (n2::nat)"
   1.123 -proof-
   1.124 -  let ?chi = "\<lambda> n1n2 :: nat * nat. phi (fst n1n2) (snd n1n2)"
   1.125 -  have "?chi (n1,n2)"
   1.126 -  apply(induct rule: measure_induct[of "\<lambda> n1n2. fst n1n2 + snd n1n2" ?chi])
   1.127 -  using assms by (metis fstI sndI)
   1.128 -  thus ?thesis by simp
   1.129 -qed
   1.130 -
   1.131 -lemma matrix_count:
   1.132 -fixes ct1 ct2 :: "nat \<Rightarrow> nat"
   1.133 -assumes "setsum ct1 {..<Suc n1} = setsum ct2 {..<Suc n2}"
   1.134 -shows
   1.135 -"\<exists> ct. (\<forall> i1 \<le> n1. setsum (\<lambda> i2. ct i1 i2) {..<Suc n2} = ct1 i1) \<and>
   1.136 -       (\<forall> i2 \<le> n2. setsum (\<lambda> i1. ct i1 i2) {..<Suc n1} = ct2 i2)"
   1.137 -(is "?phi ct1 ct2 n1 n2")
   1.138 -proof-
   1.139 -  have "\<forall> ct1 ct2 :: nat \<Rightarrow> nat.
   1.140 -        setsum ct1 {..<Suc n1} = setsum ct2 {..<Suc n2} \<longrightarrow> ?phi ct1 ct2 n1 n2"
   1.141 -  proof(induct rule: nat_sum_induct[of
   1.142 -"\<lambda> n1 n2. \<forall> ct1 ct2 :: nat \<Rightarrow> nat.
   1.143 -     setsum ct1 {..<Suc n1} = setsum ct2 {..<Suc n2} \<longrightarrow> ?phi ct1 ct2 n1 n2"],
   1.144 -      clarify)
   1.145 -  fix n1 n2 :: nat and ct1 ct2 :: "nat \<Rightarrow> nat"
   1.146 -  assume IH: "\<And> m1 m2. m1 + m2 < n1 + n2 \<Longrightarrow>
   1.147 -                \<forall> dt1 dt2 :: nat \<Rightarrow> nat.
   1.148 -                setsum dt1 {..<Suc m1} = setsum dt2 {..<Suc m2} \<longrightarrow> ?phi dt1 dt2 m1 m2"
   1.149 -  and ss: "setsum ct1 {..<Suc n1} = setsum ct2 {..<Suc n2}"
   1.150 -  show "?phi ct1 ct2 n1 n2"
   1.151 -  proof(cases n1)
   1.152 -    case 0 note n1 = 0
   1.153 -    show ?thesis
   1.154 -    proof(cases n2)
   1.155 -      case 0 note n2 = 0
   1.156 -      let ?ct = "\<lambda> i1 i2. ct2 0"
   1.157 -      show ?thesis apply(rule exI[of _ ?ct]) using n1 n2 ss by simp
   1.158 -    next
   1.159 -      case (Suc m2) note n2 = Suc
   1.160 -      let ?ct = "\<lambda> i1 i2. ct2 i2"
   1.161 -      show ?thesis apply(rule exI[of _ ?ct]) using n1 n2 ss by auto
   1.162 -    qed
   1.163 +  case (Cons x xs y ys)
   1.164 +  thus ?case
   1.165 +  proof (cases "j = 0")
   1.166 +    case True
   1.167 +    thus ?thesis
   1.168 +      by simp
   1.169    next
   1.170 -    case (Suc m1) note n1 = Suc
   1.171 -    show ?thesis
   1.172 -    proof(cases n2)
   1.173 -      case 0 note n2 = 0
   1.174 -      let ?ct = "\<lambda> i1 i2. ct1 i1"
   1.175 -      show ?thesis apply(rule exI[of _ ?ct]) using n1 n2 ss by auto
   1.176 -    next
   1.177 -      case (Suc m2) note n2 = Suc
   1.178 -      show ?thesis
   1.179 -      proof(cases "ct1 n1 \<le> ct2 n2")
   1.180 -        case True
   1.181 -        def dt2 \<equiv> "\<lambda> i2. if i2 = n2 then ct2 i2 - ct1 n1 else ct2 i2"
   1.182 -        have "setsum ct1 {..<Suc m1} = setsum dt2 {..<Suc n2}"
   1.183 -        unfolding dt2_def using ss n1 True by auto
   1.184 -        hence "?phi ct1 dt2 m1 n2" using IH[of m1 n2] n1 by simp
   1.185 -        then obtain dt where
   1.186 -        1: "\<And> i1. i1 \<le> m1 \<Longrightarrow> setsum (\<lambda> i2. dt i1 i2) {..<Suc n2} = ct1 i1" and
   1.187 -        2: "\<And> i2. i2 \<le> n2 \<Longrightarrow> setsum (\<lambda> i1. dt i1 i2) {..<Suc m1} = dt2 i2" by auto
   1.188 -        let ?ct = "\<lambda> i1 i2. if i1 = n1 then (if i2 = n2 then ct1 n1 else 0)
   1.189 -                                       else dt i1 i2"
   1.190 -        show ?thesis apply(rule exI[of _ ?ct])
   1.191 -        using n1 n2 1 2 True unfolding dt2_def by simp
   1.192 -      next
   1.193 -        case False
   1.194 -        hence False: "ct2 n2 < ct1 n1" by simp
   1.195 -        def dt1 \<equiv> "\<lambda> i1. if i1 = n1 then ct1 i1 - ct2 n2 else ct1 i1"
   1.196 -        have "setsum dt1 {..<Suc n1} = setsum ct2 {..<Suc m2}"
   1.197 -        unfolding dt1_def using ss n2 False by auto
   1.198 -        hence "?phi dt1 ct2 n1 m2" using IH[of n1 m2] n2 by simp
   1.199 -        then obtain dt where
   1.200 -        1: "\<And> i1. i1 \<le> n1 \<Longrightarrow> setsum (\<lambda> i2. dt i1 i2) {..<Suc m2} = dt1 i1" and
   1.201 -        2: "\<And> i2. i2 \<le> m2 \<Longrightarrow> setsum (\<lambda> i1. dt i1 i2) {..<Suc n1} = ct2 i2" by force
   1.202 -        let ?ct = "\<lambda> i1 i2. if i2 = n2 then (if i1 = n1 then ct2 n2 else 0)
   1.203 -                                       else dt i1 i2"
   1.204 -        show ?thesis apply(rule exI[of _ ?ct])
   1.205 -        using n1 n2 1 2 False unfolding dt1_def by simp
   1.206 -      qed
   1.207 -    qed
   1.208 -  qed
   1.209 -  qed
   1.210 -  thus ?thesis using assms by auto
   1.211 -qed
   1.212 -
   1.213 -definition
   1.214 -"inj2 u B1 B2 \<equiv>
   1.215 - \<forall> b1 b1' b2 b2'. {b1,b1'} \<subseteq> B1 \<and> {b2,b2'} \<subseteq> B2 \<and> u b1 b2 = u b1' b2'
   1.216 -                  \<longrightarrow> b1 = b1' \<and> b2 = b2'"
   1.217 -
   1.218 -lemma matrix_setsum_finite:
   1.219 -assumes B1: "B1 \<noteq> {}" "finite B1" and B2: "B2 \<noteq> {}" "finite B2" and u: "inj2 u B1 B2"
   1.220 -and ss: "setsum N1 B1 = setsum N2 B2"
   1.221 -shows "\<exists> M :: 'a \<Rightarrow> nat.
   1.222 -            (\<forall> b1 \<in> B1. setsum (\<lambda> b2. M (u b1 b2)) B2 = N1 b1) \<and>
   1.223 -            (\<forall> b2 \<in> B2. setsum (\<lambda> b1. M (u b1 b2)) B1 = N2 b2)"
   1.224 -proof-
   1.225 -  obtain n1 where "card B1 = Suc n1" using B1 by (metis card_insert finite.simps)
   1.226 -  then obtain e1 where e1: "bij_betw e1 {..<Suc n1} B1"
   1.227 -  using ex_bij_betw_finite_nat[OF B1(2)] by (metis atLeast0LessThan bij_betw_the_inv_into)
   1.228 -  hence e1_inj: "inj_on e1 {..<Suc n1}" and e1_surj: "e1 ` {..<Suc n1} = B1"
   1.229 -  unfolding bij_betw_def by auto
   1.230 -  def f1 \<equiv> "inv_into {..<Suc n1} e1"
   1.231 -  have f1: "bij_betw f1 B1 {..<Suc n1}"
   1.232 -  and f1e1[simp]: "\<And> i1. i1 < Suc n1 \<Longrightarrow> f1 (e1 i1) = i1"
   1.233 -  and e1f1[simp]: "\<And> b1. b1 \<in> B1 \<Longrightarrow> e1 (f1 b1) = b1" unfolding f1_def
   1.234 -  apply (metis bij_betw_inv_into e1, metis bij_betw_inv_into_left e1 lessThan_iff)
   1.235 -  by (metis e1_surj f_inv_into_f)
   1.236 -  (*  *)
   1.237 -  obtain n2 where "card B2 = Suc n2" using B2 by (metis card_insert finite.simps)
   1.238 -  then obtain e2 where e2: "bij_betw e2 {..<Suc n2} B2"
   1.239 -  using ex_bij_betw_finite_nat[OF B2(2)] by (metis atLeast0LessThan bij_betw_the_inv_into)
   1.240 -  hence e2_inj: "inj_on e2 {..<Suc n2}" and e2_surj: "e2 ` {..<Suc n2} = B2"
   1.241 -  unfolding bij_betw_def by auto
   1.242 -  def f2 \<equiv> "inv_into {..<Suc n2} e2"
   1.243 -  have f2: "bij_betw f2 B2 {..<Suc n2}"
   1.244 -  and f2e2[simp]: "\<And> i2. i2 < Suc n2 \<Longrightarrow> f2 (e2 i2) = i2"
   1.245 -  and e2f2[simp]: "\<And> b2. b2 \<in> B2 \<Longrightarrow> e2 (f2 b2) = b2" unfolding f2_def
   1.246 -  apply (metis bij_betw_inv_into e2, metis bij_betw_inv_into_left e2 lessThan_iff)
   1.247 -  by (metis e2_surj f_inv_into_f)
   1.248 -  (*  *)
   1.249 -  let ?ct1 = "N1 o e1"  let ?ct2 = "N2 o e2"
   1.250 -  have ss: "setsum ?ct1 {..<Suc n1} = setsum ?ct2 {..<Suc n2}"
   1.251 -  unfolding setsum.reindex[OF e1_inj, symmetric] setsum.reindex[OF e2_inj, symmetric]
   1.252 -  e1_surj e2_surj using ss .
   1.253 -  obtain ct where
   1.254 -  ct1: "\<And> i1. i1 \<le> n1 \<Longrightarrow> setsum (\<lambda> i2. ct i1 i2) {..<Suc n2} = ?ct1 i1" and
   1.255 -  ct2: "\<And> i2. i2 \<le> n2 \<Longrightarrow> setsum (\<lambda> i1. ct i1 i2) {..<Suc n1} = ?ct2 i2"
   1.256 -  using matrix_count[OF ss] by blast
   1.257 -  (*  *)
   1.258 -  def A \<equiv> "{u b1 b2 | b1 b2. b1 \<in> B1 \<and> b2 \<in> B2}"
   1.259 -  have "\<forall> a \<in> A. \<exists> b1b2 \<in> B1 <*> B2. u (fst b1b2) (snd b1b2) = a"
   1.260 -  unfolding A_def Ball_def mem_Collect_eq by auto
   1.261 -  then obtain h1h2 where h12:
   1.262 -  "\<And>a. a \<in> A \<Longrightarrow> u (fst (h1h2 a)) (snd (h1h2 a)) = a \<and> h1h2 a \<in> B1 <*> B2" by metis
   1.263 -  def h1 \<equiv> "fst o h1h2"  def h2 \<equiv> "snd o h1h2"
   1.264 -  have h12[simp]: "\<And>a. a \<in> A \<Longrightarrow> u (h1 a) (h2 a) = a"
   1.265 -                  "\<And> a. a \<in> A \<Longrightarrow> h1 a \<in> B1"  "\<And> a. a \<in> A \<Longrightarrow> h2 a \<in> B2"
   1.266 -  using h12 unfolding h1_def h2_def by force+
   1.267 -  {fix b1 b2 assume b1: "b1 \<in> B1" and b2: "b2 \<in> B2"
   1.268 -   hence inA: "u b1 b2 \<in> A" unfolding A_def by auto
   1.269 -   hence "u b1 b2 = u (h1 (u b1 b2)) (h2 (u b1 b2))" by auto
   1.270 -   moreover have "h1 (u b1 b2) \<in> B1" "h2 (u b1 b2) \<in> B2" using inA by auto
   1.271 -   ultimately have "h1 (u b1 b2) = b1 \<and> h2 (u b1 b2) = b2"
   1.272 -   using u b1 b2 unfolding inj2_def by fastforce
   1.273 -  }
   1.274 -  hence h1[simp]: "\<And> b1 b2. \<lbrakk>b1 \<in> B1; b2 \<in> B2\<rbrakk> \<Longrightarrow> h1 (u b1 b2) = b1" and
   1.275 -        h2[simp]: "\<And> b1 b2. \<lbrakk>b1 \<in> B1; b2 \<in> B2\<rbrakk> \<Longrightarrow> h2 (u b1 b2) = b2" by auto
   1.276 -  def M \<equiv> "\<lambda> a. ct (f1 (h1 a)) (f2 (h2 a))"
   1.277 -  show ?thesis
   1.278 -  apply(rule exI[of _ M]) proof safe
   1.279 -    fix b1 assume b1: "b1 \<in> B1"
   1.280 -    hence f1b1: "f1 b1 \<le> n1" using f1 unfolding bij_betw_def
   1.281 -    by (metis image_eqI lessThan_iff less_Suc_eq_le)
   1.282 -    have "(\<Sum>b2\<in>B2. M (u b1 b2)) = (\<Sum>i2<Suc n2. ct (f1 b1) (f2 (e2 i2)))"
   1.283 -    unfolding e2_surj[symmetric] setsum.reindex[OF e2_inj]
   1.284 -    unfolding M_def comp_def apply(intro setsum.cong) apply force
   1.285 -    by (metis e2_surj b1 h1 h2 imageI)
   1.286 -    also have "... = N1 b1" using b1 ct1[OF f1b1] by simp
   1.287 -    finally show "(\<Sum>b2\<in>B2. M (u b1 b2)) = N1 b1" .
   1.288 -  next
   1.289 -    fix b2 assume b2: "b2 \<in> B2"
   1.290 -    hence f2b2: "f2 b2 \<le> n2" using f2 unfolding bij_betw_def
   1.291 -    by (metis image_eqI lessThan_iff less_Suc_eq_le)
   1.292 -    have "(\<Sum>b1\<in>B1. M (u b1 b2)) = (\<Sum>i1<Suc n1. ct (f1 (e1 i1)) (f2 b2))"
   1.293 -    unfolding e1_surj[symmetric] setsum.reindex[OF e1_inj]
   1.294 -    unfolding M_def comp_def apply(intro setsum.cong) apply force
   1.295 -    by (metis e1_surj b2 h1 h2 imageI)
   1.296 -    also have "... = N2 b2" using b2 ct2[OF f2b2] by simp
   1.297 -    finally show "(\<Sum>b1\<in>B1. M (u b1 b2)) = N2 b2" .
   1.298 -  qed
   1.299 -qed
   1.300 -
   1.301 -lemma supp_vimage_mmap: "set_of M \<subseteq> f -` (set_of (mmap f M))"
   1.302 -  by transfer (auto simp: multiset_def setsum_gt_0_iff)
   1.303 -
   1.304 -lemma mmap_ge_0: "b \<in># mmap f M \<longleftrightarrow> (\<exists>a. a \<in># M \<and> f a = b)"
   1.305 -  by transfer (auto simp: multiset_def setsum_gt_0_iff)
   1.306 -
   1.307 -lemma finite_twosets:
   1.308 -assumes "finite B1" and "finite B2"
   1.309 -shows "finite {u b1 b2 |b1 b2. b1 \<in> B1 \<and> b2 \<in> B2}"  (is "finite ?A")
   1.310 -proof-
   1.311 -  have A: "?A = (\<lambda> b1b2. u (fst b1b2) (snd b1b2)) ` (B1 <*> B2)" by force
   1.312 -  show ?thesis unfolding A using finite_cartesian_product[OF assms] by auto
   1.313 +    case False
   1.314 +    then obtain k where k: "j = Suc k"
   1.315 +      by (case_tac j) simp
   1.316 +    hence "k \<le> length xs"
   1.317 +      using Cons.prems by auto
   1.318 +    hence "multiset_of (zip (take k xs @ x # drop k xs) (take k ys @ y # drop k ys)) =
   1.319 +      multiset_of (zip xs ys) + {#(x, y)#}"
   1.320 +      by (rule Cons.hyps(2))
   1.321 +    thus ?thesis
   1.322 +      unfolding k by (auto simp: add.commute union_lcomm)
   1.323 +  qed      
   1.324  qed
   1.325  
   1.326 -(* Weak pullbacks: *)
   1.327 -definition wpull where
   1.328 -"wpull A B1 B2 f1 f2 p1 p2 \<longleftrightarrow>
   1.329 - (\<forall> b1 b2. b1 \<in> B1 \<and> b2 \<in> B2 \<and> f1 b1 = f2 b2 \<longrightarrow> (\<exists> a \<in> A. p1 a = b1 \<and> p2 a = b2))"
   1.330 -
   1.331 -(* Weak pseudo-pullbacks *)
   1.332 -definition wppull where
   1.333 -"wppull A B1 B2 f1 f2 e1 e2 p1 p2 \<longleftrightarrow>
   1.334 - (\<forall> b1 b2. b1 \<in> B1 \<and> b2 \<in> B2 \<and> f1 b1 = f2 b2 \<longrightarrow>
   1.335 -           (\<exists> a \<in> A. e1 (p1 a) = e1 b1 \<and> e2 (p2 a) = e2 b2))"
   1.336 -
   1.337 -
   1.338 -(* The pullback of sets *)
   1.339 -definition thePull where
   1.340 -"thePull B1 B2 f1 f2 = {(b1,b2). b1 \<in> B1 \<and> b2 \<in> B2 \<and> f1 b1 = f2 b2}"
   1.341 -
   1.342 -lemma wpull_thePull:
   1.343 -"wpull (thePull B1 B2 f1 f2) B1 B2 f1 f2 fst snd"
   1.344 -unfolding wpull_def thePull_def by auto
   1.345 -
   1.346 -lemma wppull_thePull:
   1.347 -assumes "wppull A B1 B2 f1 f2 e1 e2 p1 p2"
   1.348 -shows
   1.349 -"\<exists> j. \<forall> a' \<in> thePull B1 B2 f1 f2.
   1.350 -   j a' \<in> A \<and>
   1.351 -   e1 (p1 (j a')) = e1 (fst a') \<and> e2 (p2 (j a')) = e2 (snd a')"
   1.352 -(is "\<exists> j. \<forall> a' \<in> ?A'. ?phi a' (j a')")
   1.353 -proof(rule bchoice[of ?A' ?phi], default)
   1.354 -  fix a' assume a': "a' \<in> ?A'"
   1.355 -  hence "fst a' \<in> B1" unfolding thePull_def by auto
   1.356 -  moreover
   1.357 -  from a' have "snd a' \<in> B2" unfolding thePull_def by auto
   1.358 -  moreover have "f1 (fst a') = f2 (snd a')"
   1.359 -  using a' unfolding csquare_def thePull_def by auto
   1.360 -  ultimately show "\<exists> ja'. ?phi a' ja'"
   1.361 -  using assms unfolding wppull_def by blast
   1.362 -qed
   1.363 -
   1.364 -lemma wpull_wppull:
   1.365 -assumes wp: "wpull A' B1 B2 f1 f2 p1' p2'" and
   1.366 -1: "\<forall> a' \<in> A'. j a' \<in> A \<and> e1 (p1 (j a')) = e1 (p1' a') \<and> e2 (p2 (j a')) = e2 (p2' a')"
   1.367 -shows "wppull A B1 B2 f1 f2 e1 e2 p1 p2"
   1.368 -unfolding wppull_def proof safe
   1.369 -  fix b1 b2
   1.370 -  assume b1: "b1 \<in> B1" and b2: "b2 \<in> B2" and f: "f1 b1 = f2 b2"
   1.371 -  then obtain a' where a': "a' \<in> A'" and b1: "b1 = p1' a'" and b2: "b2 = p2' a'"
   1.372 -  using wp unfolding wpull_def by blast
   1.373 -  show "\<exists>a\<in>A. e1 (p1 a) = e1 b1 \<and> e2 (p2 a) = e2 b2"
   1.374 -  apply (rule bexI[of _ "j a'"]) unfolding b1 b2 using a' 1 by auto
   1.375 +lemma ex_multiset_of_zip_left:
   1.376 +  assumes "length xs = length ys" "multiset_of xs' = multiset_of xs"
   1.377 +  shows "\<exists>ys'. length ys' = length xs' \<and> multiset_of (zip xs' ys') = multiset_of (zip xs ys)"
   1.378 +using assms 
   1.379 +proof (induct xs ys arbitrary: xs' rule: list_induct2)
   1.380 +  case Nil
   1.381 +  thus ?case
   1.382 +    by auto
   1.383 +next
   1.384 +  case (Cons x xs y ys xs')
   1.385 +  obtain j where j_len: "j < length xs'" and nth_j: "xs' ! j = x"
   1.386 +  proof -
   1.387 +    assume "\<And>j. \<lbrakk>j < length xs'; xs' ! j = x\<rbrakk> \<Longrightarrow> ?thesis"
   1.388 +    moreover have "\<And>k m n. (m\<Colon>nat) + n < m + k \<or> \<not> n < k" by linarith
   1.389 +    moreover have "\<And>n a as. n - n < length (a # as) \<or> n < n"
   1.390 +      by (metis Nat.add_diff_inverse diff_add_inverse2 impossible_Cons le_add1
   1.391 +        less_diff_conv not_add_less2)
   1.392 +    moreover have "\<not> length xs' < length xs'" by blast
   1.393 +    ultimately show ?thesis
   1.394 +      by (metis (no_types) Cons.prems Nat.add_diff_inverse diff_add_inverse2 length_append
   1.395 +        less_diff_conv list.set_intros(1) multiset_of_eq_setD nth_append_length split_list)
   1.396 +  qed
   1.397 +
   1.398 +  def xsa \<equiv> "take j xs' @ drop (Suc j) xs'" 
   1.399 +  have "multiset_of xs' = {#x#} + multiset_of xsa"
   1.400 +    unfolding xsa_def using j_len nth_j
   1.401 +    by (metis (no_types) ab_semigroup_add_class.add_ac(1) append_take_drop_id drop_Suc_conv_tl
   1.402 +      multiset_of.simps(2) union_code union_commute)
   1.403 +  hence ms_x: "multiset_of xsa = multiset_of xs"
   1.404 +    by (metis Cons.prems add.commute add_right_imp_eq multiset_of.simps(2))
   1.405 +  then obtain ysa where
   1.406 +    len_a: "length ysa = length xsa" and ms_a: "multiset_of (zip xsa ysa) = multiset_of (zip xs ys)"
   1.407 +    using Cons.hyps(2) by blast
   1.408 +
   1.409 +  def ys' \<equiv> "take j ysa @ y # drop j ysa"
   1.410 +  have xs': "xs' = take j xsa @ x # drop j xsa"
   1.411 +    using ms_x j_len nth_j Cons.prems xsa_def
   1.412 +    by (metis append_eq_append_conv append_take_drop_id diff_Suc_Suc drop_Suc_conv_tl length_Cons
   1.413 +      length_drop mcard_multiset_of)
   1.414 +  have j_len': "j \<le> length xsa"
   1.415 +    using j_len xs' xsa_def
   1.416 +    by (metis add_Suc_right append_take_drop_id length_Cons length_append less_eq_Suc_le not_less)
   1.417 +  have "length ys' = length xs'"
   1.418 +    unfolding ys'_def using Cons.prems len_a ms_x
   1.419 +    by (metis add_Suc_right append_take_drop_id length_Cons length_append multiset_of_eq_length)
   1.420 +  moreover have "multiset_of (zip xs' ys') = multiset_of (zip (x # xs) (y # ys))"
   1.421 +    unfolding xs' ys'_def
   1.422 +    by (rule trans[OF multiset_of_zip_take_Cons_drop_twice])
   1.423 +      (auto simp: len_a ms_a j_len' add.commute)
   1.424 +  ultimately show ?case
   1.425 +    by blast
   1.426  qed
   1.427  
   1.428 -lemma wppull_fstOp_sndOp:
   1.429 -shows "wppull (Collect (split (P OO Q))) (Collect (split P)) (Collect (split Q))
   1.430 -  snd fst fst snd (BNF_Def.fstOp P Q) (BNF_Def.sndOp P Q)"
   1.431 -using pick_middlep unfolding wppull_def fstOp_def sndOp_def relcompp.simps by auto
   1.432 -
   1.433 -lemma wpull_mmap:
   1.434 -fixes A :: "'a set" and B1 :: "'b1 set" and B2 :: "'b2 set"
   1.435 -assumes wp: "wpull A B1 B2 f1 f2 p1 p2"
   1.436 -shows
   1.437 -"wpull {M. set_of M \<subseteq> A}
   1.438 -       {N1. set_of N1 \<subseteq> B1} {N2. set_of N2 \<subseteq> B2}
   1.439 -       (mmap f1) (mmap f2) (mmap p1) (mmap p2)"
   1.440 -unfolding wpull_def proof (safe, unfold Bex_def mem_Collect_eq)
   1.441 -  fix N1 :: "'b1 multiset" and N2 :: "'b2 multiset"
   1.442 -  assume mmap': "mmap f1 N1 = mmap f2 N2"
   1.443 -  and N1[simp]: "set_of N1 \<subseteq> B1"
   1.444 -  and N2[simp]: "set_of N2 \<subseteq> B2"
   1.445 -  def P \<equiv> "mmap f1 N1"
   1.446 -  have P1: "P = mmap f1 N1" and P2: "P = mmap f2 N2" unfolding P_def using mmap' by auto
   1.447 -  note P = P1 P2
   1.448 -  have fin_N1[simp]: "finite (set_of N1)"
   1.449 -   and fin_N2[simp]: "finite (set_of N2)"
   1.450 -   and fin_P[simp]: "finite (set_of P)" by auto
   1.451 -
   1.452 -  def set1 \<equiv> "\<lambda> c. {b1 \<in> set_of N1. f1 b1 = c}"
   1.453 -  have set1[simp]: "\<And> c b1. b1 \<in> set1 c \<Longrightarrow> f1 b1 = c" unfolding set1_def by auto
   1.454 -  have fin_set1: "\<And> c. c \<in> set_of P \<Longrightarrow> finite (set1 c)"
   1.455 -    using N1(1) unfolding set1_def multiset_def by auto
   1.456 -  have set1_NE: "\<And> c. c \<in> set_of P \<Longrightarrow> set1 c \<noteq> {}"
   1.457 -   unfolding set1_def set_of_def P mmap_ge_0 by auto
   1.458 -  have supp_N1_set1: "set_of N1 = (\<Union> c \<in> set_of P. set1 c)"
   1.459 -    using supp_vimage_mmap[of N1 f1] unfolding set1_def P1 by auto
   1.460 -  hence set1_inclN1: "\<And>c. c \<in> set_of P \<Longrightarrow> set1 c \<subseteq> set_of N1" by auto
   1.461 -  hence set1_incl: "\<And> c. c \<in> set_of P \<Longrightarrow> set1 c \<subseteq> B1" using N1 by blast
   1.462 -  have set1_disj: "\<And> c c'. c \<noteq> c' \<Longrightarrow> set1 c \<inter> set1 c' = {}"
   1.463 -    unfolding set1_def by auto
   1.464 -  have setsum_set1: "\<And> c. setsum (count N1) (set1 c) = count P c"
   1.465 -    unfolding P1 set1_def by transfer (auto intro: setsum.cong)
   1.466 -
   1.467 -  def set2 \<equiv> "\<lambda> c. {b2 \<in> set_of N2. f2 b2 = c}"
   1.468 -  have set2[simp]: "\<And> c b2. b2 \<in> set2 c \<Longrightarrow> f2 b2 = c" unfolding set2_def by auto
   1.469 -  have fin_set2: "\<And> c. c \<in> set_of P \<Longrightarrow> finite (set2 c)"
   1.470 -  using N2(1) unfolding set2_def multiset_def by auto
   1.471 -  have set2_NE: "\<And> c. c \<in> set_of P \<Longrightarrow> set2 c \<noteq> {}"
   1.472 -    unfolding set2_def P2 mmap_ge_0 set_of_def by auto
   1.473 -  have supp_N2_set2: "set_of N2 = (\<Union> c \<in> set_of P. set2 c)"
   1.474 -    using supp_vimage_mmap[of N2 f2] unfolding set2_def P2 by auto
   1.475 -  hence set2_inclN2: "\<And>c. c \<in> set_of P \<Longrightarrow> set2 c \<subseteq> set_of N2" by auto
   1.476 -  hence set2_incl: "\<And> c. c \<in> set_of P \<Longrightarrow> set2 c \<subseteq> B2" using N2 by blast
   1.477 -  have set2_disj: "\<And> c c'. c \<noteq> c' \<Longrightarrow> set2 c \<inter> set2 c' = {}"
   1.478 -    unfolding set2_def by auto
   1.479 -  have setsum_set2: "\<And> c. setsum (count N2) (set2 c) = count P c"
   1.480 -    unfolding P2 set2_def by transfer (auto intro: setsum.cong)
   1.481 -
   1.482 -  have ss: "\<And> c. c \<in> set_of P \<Longrightarrow> setsum (count N1) (set1 c) = setsum (count N2) (set2 c)"
   1.483 -    unfolding setsum_set1 setsum_set2 ..
   1.484 -  have "\<forall> c \<in> set_of P. \<forall> b1b2 \<in> (set1 c) \<times> (set2 c).
   1.485 -          \<exists> a \<in> A. p1 a = fst b1b2 \<and> p2 a = snd b1b2"
   1.486 -    using wp set1_incl set2_incl unfolding wpull_def Ball_def mem_Collect_eq
   1.487 -    by simp (metis set1 set2 set_rev_mp)
   1.488 -  then obtain uu where uu:
   1.489 -  "\<forall> c \<in> set_of P. \<forall> b1b2 \<in> (set1 c) \<times> (set2 c).
   1.490 -     uu c b1b2 \<in> A \<and> p1 (uu c b1b2) = fst b1b2 \<and> p2 (uu c b1b2) = snd b1b2" by metis
   1.491 -  def u \<equiv> "\<lambda> c b1 b2. uu c (b1,b2)"
   1.492 -  have u[simp]:
   1.493 -  "\<And> c b1 b2. \<lbrakk>c \<in> set_of P; b1 \<in> set1 c; b2 \<in> set2 c\<rbrakk> \<Longrightarrow> u c b1 b2 \<in> A"
   1.494 -  "\<And> c b1 b2. \<lbrakk>c \<in> set_of P; b1 \<in> set1 c; b2 \<in> set2 c\<rbrakk> \<Longrightarrow> p1 (u c b1 b2) = b1"
   1.495 -  "\<And> c b1 b2. \<lbrakk>c \<in> set_of P; b1 \<in> set1 c; b2 \<in> set2 c\<rbrakk> \<Longrightarrow> p2 (u c b1 b2) = b2"
   1.496 -    using uu unfolding u_def by auto
   1.497 -  {fix c assume c: "c \<in> set_of P"
   1.498 -   have "inj2 (u c) (set1 c) (set2 c)" unfolding inj2_def proof clarify
   1.499 -     fix b1 b1' b2 b2'
   1.500 -     assume "{b1, b1'} \<subseteq> set1 c" "{b2, b2'} \<subseteq> set2 c" and 0: "u c b1 b2 = u c b1' b2'"
   1.501 -     hence "p1 (u c b1 b2) = b1 \<and> p2 (u c b1 b2) = b2 \<and>
   1.502 -            p1 (u c b1' b2') = b1' \<and> p2 (u c b1' b2') = b2'"
   1.503 -     using u(2)[OF c] u(3)[OF c] by simp metis
   1.504 -     thus "b1 = b1' \<and> b2 = b2'" using 0 by auto
   1.505 -   qed
   1.506 -  } note inj = this
   1.507 -  def sset \<equiv> "\<lambda> c. {u c b1 b2 | b1 b2. b1 \<in> set1 c \<and> b2 \<in> set2 c}"
   1.508 -  have fin_sset[simp]: "\<And> c. c \<in> set_of P \<Longrightarrow> finite (sset c)" unfolding sset_def
   1.509 -    using fin_set1 fin_set2 finite_twosets by blast
   1.510 -  have sset_A: "\<And> c. c \<in> set_of P \<Longrightarrow> sset c \<subseteq> A" unfolding sset_def by auto
   1.511 -  {fix c a assume c: "c \<in> set_of P" and ac: "a \<in> sset c"
   1.512 -   then obtain b1 b2 where b1: "b1 \<in> set1 c" and b2: "b2 \<in> set2 c"
   1.513 -   and a: "a = u c b1 b2" unfolding sset_def by auto
   1.514 -   have "p1 a \<in> set1 c" and p2a: "p2 a \<in> set2 c"
   1.515 -   using ac a b1 b2 c u(2) u(3) by simp+
   1.516 -   hence "u c (p1 a) (p2 a) = a" unfolding a using b1 b2 inj[OF c]
   1.517 -   unfolding inj2_def by (metis c u(2) u(3))
   1.518 -  } note u_p12[simp] = this
   1.519 -  {fix c a assume c: "c \<in> set_of P" and ac: "a \<in> sset c"
   1.520 -   hence "p1 a \<in> set1 c" unfolding sset_def by auto
   1.521 -  }note p1[simp] = this
   1.522 -  {fix c a assume c: "c \<in> set_of P" and ac: "a \<in> sset c"
   1.523 -   hence "p2 a \<in> set2 c" unfolding sset_def by auto
   1.524 -  }note p2[simp] = this
   1.525 -
   1.526 -  {fix c assume c: "c \<in> set_of P"
   1.527 -   hence "\<exists> M. (\<forall> b1 \<in> set1 c. setsum (\<lambda> b2. M (u c b1 b2)) (set2 c) = count N1 b1) \<and>
   1.528 -               (\<forall> b2 \<in> set2 c. setsum (\<lambda> b1. M (u c b1 b2)) (set1 c) = count N2 b2)"
   1.529 -   unfolding sset_def
   1.530 -   using matrix_setsum_finite[OF set1_NE[OF c] fin_set1[OF c]
   1.531 -                                 set2_NE[OF c] fin_set2[OF c] inj[OF c] ss[OF c]] by auto
   1.532 -  }
   1.533 -  then obtain Ms where
   1.534 -  ss1: "\<And> c b1. \<lbrakk>c \<in> set_of P; b1 \<in> set1 c\<rbrakk> \<Longrightarrow>
   1.535 -                   setsum (\<lambda> b2. Ms c (u c b1 b2)) (set2 c) = count N1 b1" and
   1.536 -  ss2: "\<And> c b2. \<lbrakk>c \<in> set_of P; b2 \<in> set2 c\<rbrakk> \<Longrightarrow>
   1.537 -                   setsum (\<lambda> b1. Ms c (u c b1 b2)) (set1 c) = count N2 b2"
   1.538 -  by metis
   1.539 -  def SET \<equiv> "\<Union> c \<in> set_of P. sset c"
   1.540 -  have fin_SET[simp]: "finite SET" unfolding SET_def apply(rule finite_UN_I) by auto
   1.541 -  have SET_A: "SET \<subseteq> A" unfolding SET_def using sset_A by blast
   1.542 -  have u_SET[simp]: "\<And> c b1 b2. \<lbrakk>c \<in> set_of P; b1 \<in> set1 c; b2 \<in> set2 c\<rbrakk> \<Longrightarrow> u c b1 b2 \<in> SET"
   1.543 -    unfolding SET_def sset_def by blast
   1.544 -  {fix c a assume c: "c \<in> set_of P" and a: "a \<in> SET" and p1a: "p1 a \<in> set1 c"
   1.545 -   then obtain c' where c': "c' \<in> set_of P" and ac': "a \<in> sset c'"
   1.546 -    unfolding SET_def by auto
   1.547 -   hence "p1 a \<in> set1 c'" unfolding sset_def by auto
   1.548 -   hence eq: "c = c'" using p1a c c' set1_disj by auto
   1.549 -   hence "a \<in> sset c" using ac' by simp
   1.550 -  } note p1_rev = this
   1.551 -  {fix c a assume c: "c \<in> set_of P" and a: "a \<in> SET" and p2a: "p2 a \<in> set2 c"
   1.552 -   then obtain c' where c': "c' \<in> set_of P" and ac': "a \<in> sset c'"
   1.553 -   unfolding SET_def by auto
   1.554 -   hence "p2 a \<in> set2 c'" unfolding sset_def by auto
   1.555 -   hence eq: "c = c'" using p2a c c' set2_disj by auto
   1.556 -   hence "a \<in> sset c" using ac' by simp
   1.557 -  } note p2_rev = this
   1.558 -
   1.559 -  have "\<forall> a \<in> SET. \<exists> c \<in> set_of P. a \<in> sset c" unfolding SET_def by auto
   1.560 -  then obtain h where h: "\<forall> a \<in> SET. h a \<in> set_of P \<and> a \<in> sset (h a)" by metis
   1.561 -  have h_u[simp]: "\<And> c b1 b2. \<lbrakk>c \<in> set_of P; b1 \<in> set1 c; b2 \<in> set2 c\<rbrakk>
   1.562 -                      \<Longrightarrow> h (u c b1 b2) = c"
   1.563 -  by (metis h p2 set2 u(3) u_SET)
   1.564 -  have h_u1: "\<And> c b1 b2. \<lbrakk>c \<in> set_of P; b1 \<in> set1 c; b2 \<in> set2 c\<rbrakk>
   1.565 -                      \<Longrightarrow> h (u c b1 b2) = f1 b1"
   1.566 -  using h unfolding sset_def by auto
   1.567 -  have h_u2: "\<And> c b1 b2. \<lbrakk>c \<in> set_of P; b1 \<in> set1 c; b2 \<in> set2 c\<rbrakk>
   1.568 -                      \<Longrightarrow> h (u c b1 b2) = f2 b2"
   1.569 -  using h unfolding sset_def by auto
   1.570 -  def M \<equiv>
   1.571 -    "Abs_multiset (\<lambda> a. if a \<in> SET \<and> p1 a \<in> set_of N1 \<and> p2 a \<in> set_of N2 then Ms (h a) a else 0)"
   1.572 -  have "(\<lambda> a. if a \<in> SET \<and> p1 a \<in> set_of N1 \<and> p2 a \<in> set_of N2 then Ms (h a) a else 0) \<in> multiset"
   1.573 -    unfolding multiset_def by auto
   1.574 -  hence [transfer_rule]: "pcr_multiset op = (\<lambda> a. if a \<in> SET \<and> p1 a \<in> set_of N1 \<and> p2 a \<in> set_of N2 then Ms (h a) a else 0) M"
   1.575 -    unfolding M_def pcr_multiset_def cr_multiset_def by (auto simp: Abs_multiset_inverse)
   1.576 -  have sM: "set_of M \<subseteq> SET" "set_of M \<subseteq> p1 -` (set_of N1)" "set_of M \<subseteq> p2 -` set_of N2"
   1.577 -    by (transfer, auto split: split_if_asm)+
   1.578 -  show "\<exists>M. set_of M \<subseteq> A \<and> mmap p1 M = N1 \<and> mmap p2 M = N2"
   1.579 -  proof(rule exI[of _ M], safe)
   1.580 -    fix a assume *: "a \<in> set_of M"
   1.581 -    from SET_A show "a \<in> A"
   1.582 -    proof (cases "a \<in> SET")
   1.583 -      case False thus ?thesis using * by transfer' auto
   1.584 -    qed blast
   1.585 -  next
   1.586 -    show "mmap p1 M = N1"
   1.587 -    proof(intro multiset_eqI)
   1.588 -      fix b1
   1.589 -      let ?K = "{a. p1 a = b1 \<and> a \<in># M}"
   1.590 -      have "setsum (count M) ?K = count N1 b1"
   1.591 -      proof(cases "b1 \<in> set_of N1")
   1.592 -        case False
   1.593 -        hence "?K = {}" using sM(2) by auto
   1.594 -        thus ?thesis using False by auto
   1.595 -      next
   1.596 -        case True
   1.597 -        def c \<equiv> "f1 b1"
   1.598 -        have c: "c \<in> set_of P" and b1: "b1 \<in> set1 c"
   1.599 -          unfolding set1_def c_def P1 using True by (auto simp: comp_eq_dest[OF set_of_mmap])
   1.600 -        with sM(1) have "setsum (count M) ?K = setsum (count M) {a. p1 a = b1 \<and> a \<in> SET}"
   1.601 -          by transfer (force intro: setsum.mono_neutral_cong_left split: split_if_asm)
   1.602 -        also have "... = setsum (count M) ((\<lambda> b2. u c b1 b2) ` (set2 c))"
   1.603 -          apply(rule setsum.cong) using c b1 proof safe
   1.604 -          fix a assume p1a: "p1 a \<in> set1 c" and "c \<in> set_of P" and "a \<in> SET"
   1.605 -          hence ac: "a \<in> sset c" using p1_rev by auto
   1.606 -          hence "a = u c (p1 a) (p2 a)" using c by auto
   1.607 -          moreover have "p2 a \<in> set2 c" using ac c by auto
   1.608 -          ultimately show "a \<in> u c (p1 a) ` set2 c" by auto
   1.609 -        qed auto
   1.610 -        also have "... = setsum (\<lambda> b2. count M (u c b1 b2)) (set2 c)"
   1.611 -          unfolding comp_def[symmetric] apply(rule setsum.reindex)
   1.612 -          using inj unfolding inj_on_def inj2_def using b1 c u(3) by blast
   1.613 -        also have "... = count N1 b1" unfolding ss1[OF c b1, symmetric]
   1.614 -          apply(rule setsum.cong[OF refl]) apply (transfer fixing: Ms u c b1 set2)
   1.615 -          using True h_u[OF c b1] set2_def u(2,3)[OF c b1] u_SET[OF c b1]
   1.616 -            [[hypsubst_thin = true]]
   1.617 -          by fastforce
   1.618 -        finally show ?thesis .
   1.619 -      qed
   1.620 -      thus "count (mmap p1 M) b1 = count N1 b1" by transfer
   1.621 -    qed
   1.622 -  next
   1.623 -    show "mmap p2 M = N2"
   1.624 -    proof(intro multiset_eqI)
   1.625 -      fix b2
   1.626 -      let ?K = "{a. p2 a = b2 \<and> a \<in># M}"
   1.627 -      have "setsum (count M) ?K = count N2 b2"
   1.628 -      proof(cases "b2 \<in> set_of N2")
   1.629 -        case False
   1.630 -        hence "?K = {}" using sM(3) by auto
   1.631 -        thus ?thesis using False by auto
   1.632 -      next
   1.633 -        case True
   1.634 -        def c \<equiv> "f2 b2"
   1.635 -        have c: "c \<in> set_of P" and b2: "b2 \<in> set2 c"
   1.636 -          unfolding set2_def c_def P2 using True by (auto simp: comp_eq_dest[OF set_of_mmap])
   1.637 -        with sM(1) have "setsum (count M) ?K = setsum (count M) {a. p2 a = b2 \<and> a \<in> SET}"
   1.638 -          by transfer (force intro: setsum.mono_neutral_cong_left split: split_if_asm)
   1.639 -        also have "... = setsum (count M) ((\<lambda> b1. u c b1 b2) ` (set1 c))"
   1.640 -          apply(rule setsum.cong) using c b2 proof safe
   1.641 -          fix a assume p2a: "p2 a \<in> set2 c" and "c \<in> set_of P" and "a \<in> SET"
   1.642 -          hence ac: "a \<in> sset c" using p2_rev by auto
   1.643 -          hence "a = u c (p1 a) (p2 a)" using c by auto
   1.644 -          moreover have "p1 a \<in> set1 c" using ac c by auto
   1.645 -          ultimately show "a \<in> (\<lambda>x. u c x (p2 a)) ` set1 c" by auto
   1.646 -        qed auto
   1.647 -        also have "... = setsum (count M o (\<lambda> b1. u c b1 b2)) (set1 c)"
   1.648 -          apply(rule setsum.reindex)
   1.649 -          using inj unfolding inj_on_def inj2_def using b2 c u(2) by blast
   1.650 -        also have "... = setsum (\<lambda> b1. count M (u c b1 b2)) (set1 c)" by simp
   1.651 -        also have "... = count N2 b2" unfolding ss2[OF c b2, symmetric] comp_def
   1.652 -          apply(rule setsum.cong[OF refl]) apply (transfer fixing: Ms u c b2 set1)
   1.653 -          using True h_u1[OF c _ b2] u(2,3)[OF c _ b2] u_SET[OF c _ b2] set1_def
   1.654 -            [[hypsubst_thin = true]]
   1.655 -          by fastforce
   1.656 -        finally show ?thesis .
   1.657 -      qed
   1.658 -      thus "count (mmap p2 M) b2 = count N2 b2" by transfer
   1.659 -    qed
   1.660 -  qed
   1.661 +lemma list_all2_reorder_left_invariance:
   1.662 +  assumes rel: "list_all2 R xs ys" and ms_x: "multiset_of xs' = multiset_of xs"
   1.663 +  shows "\<exists>ys'. list_all2 R xs' ys' \<and> multiset_of ys' = multiset_of ys"
   1.664 +proof -
   1.665 +  have len: "length xs = length ys"
   1.666 +    using rel list_all2_conv_all_nth by auto
   1.667 +  obtain ys' where
   1.668 +    len': "length xs' = length ys'" and ms_xy: "multiset_of (zip xs' ys') = multiset_of (zip xs ys)"
   1.669 +    using len ms_x by (metis ex_multiset_of_zip_left)
   1.670 +  have "list_all2 R xs' ys'"
   1.671 +    using assms(1) len' ms_xy unfolding list_all2_iff by (blast dest: multiset_of_eq_setD)
   1.672 +  moreover have "multiset_of ys' = multiset_of ys"
   1.673 +    using len len' ms_xy map_snd_zip multiset_of_map by metis
   1.674 +  ultimately show ?thesis
   1.675 +    by blast
   1.676  qed
   1.677  
   1.678 -lemma set_of_bd: "(card_of (set_of x), natLeq) \<in> ordLeq"
   1.679 -  by transfer
   1.680 -    (auto intro!: ordLess_imp_ordLeq simp: finite_iff_ordLess_natLeq[symmetric] multiset_def)
   1.681 -
   1.682 -lemma wppull_mmap:
   1.683 -  assumes "wppull A B1 B2 f1 f2 e1 e2 p1 p2"
   1.684 -  shows "wppull {M. set_of M \<subseteq> A} {N1. set_of N1 \<subseteq> B1} {N2. set_of N2 \<subseteq> B2}
   1.685 -    (mmap f1) (mmap f2) (mmap e1) (mmap e2) (mmap p1) (mmap p2)"
   1.686 -proof -
   1.687 -  from assms obtain j where j: "\<forall>a'\<in>thePull B1 B2 f1 f2.
   1.688 -    j a' \<in> A \<and> e1 (p1 (j a')) = e1 (fst a') \<and> e2 (p2 (j a')) = e2 (snd a')" 
   1.689 -    by (blast dest: wppull_thePull)
   1.690 -  then show ?thesis
   1.691 -    by (intro wpull_wppull[OF wpull_mmap[OF wpull_thePull], of _ _ _ _ "mmap j"])
   1.692 -      (auto simp: comp_eq_dest_lhs[OF mmap_comp[symmetric]] comp_eq_dest[OF set_of_mmap]
   1.693 -        intro!: mmap_cong simp del: mem_set_of_iff simp: mem_set_of_iff[symmetric])
   1.694 -qed
   1.695 +lemma ex_multiset_of: "\<exists>xs. multiset_of xs = X"
   1.696 +  by (induct X) (simp, metis multiset_of.simps(2))
   1.697  
   1.698  bnf "'a multiset"
   1.699 -  map: mmap
   1.700 +  map: image_mset
   1.701    sets: set_of 
   1.702    bd: natLeq
   1.703    wits: "{#}"
   1.704 -by (auto simp add: mmap_id0 mmap_comp set_of_mmap natLeq_card_order natLeq_cinfinite set_of_bd
   1.705 -  Grp_def relcompp.simps intro: mmap_cong)
   1.706 -  (metis wppull_mmap[OF wppull_fstOp_sndOp, unfolded wppull_def
   1.707 -    o_eq_dest_lhs[OF mmap_comp[symmetric]] fstOp_def sndOp_def comp_def, simplified])
   1.708 -
   1.709 -inductive rel_multiset' where
   1.710 -  Zero[intro]: "rel_multiset' R {#} {#}"
   1.711 -| Plus[intro]: "\<lbrakk>R a b; rel_multiset' R M N\<rbrakk> \<Longrightarrow> rel_multiset' R (M + {#a#}) (N + {#b#})"
   1.712 -
   1.713 -lemma map_multiset_Zero_iff[simp]: "mmap f M = {#} \<longleftrightarrow> M = {#}"
   1.714 -by (metis image_is_empty multiset.set_map set_of_eq_empty_iff)
   1.715 -
   1.716 -lemma map_multiset_Zero[simp]: "mmap f {#} = {#}" by simp
   1.717 -
   1.718 -lemma rel_multiset_Zero: "rel_multiset R {#} {#}"
   1.719 -unfolding rel_multiset_def Grp_def by auto
   1.720 +  rel: rel_mset
   1.721 +proof -
   1.722 +  show "image_mset id = id"
   1.723 +    by (rule image_mset.id)
   1.724 +next
   1.725 +  show "\<And>f g. image_mset (g \<circ> f) = image_mset g \<circ> image_mset f"
   1.726 +    unfolding comp_def by (rule ext) (simp add: image_mset.compositionality comp_def)
   1.727 +next
   1.728 +  fix X :: "'a multiset"
   1.729 +  show "\<And>f g. (\<And>z. z \<in> set_of X \<Longrightarrow> f z = g z) \<Longrightarrow> image_mset f X = image_mset g X"
   1.730 +    by (induct X, (simp (no_asm))+,
   1.731 +      metis One_nat_def Un_iff count_single mem_set_of_iff set_of_union zero_less_Suc)
   1.732 +next
   1.733 +  show "\<And>f. set_of \<circ> image_mset f = op ` f \<circ> set_of"
   1.734 +    by auto
   1.735 +next
   1.736 +  show "card_order natLeq"
   1.737 +    by (rule natLeq_card_order)
   1.738 +next
   1.739 +  show "BNF_Cardinal_Arithmetic.cinfinite natLeq"
   1.740 +    by (rule natLeq_cinfinite)
   1.741 +next
   1.742 +  show "\<And>X. ordLeq3 (card_of (set_of X)) natLeq"
   1.743 +    by transfer
   1.744 +      (auto intro!: ordLess_imp_ordLeq simp: finite_iff_ordLess_natLeq[symmetric] multiset_def)
   1.745 +next
   1.746 +  show "\<And>R S. rel_mset R OO rel_mset S \<le> rel_mset (R OO S)"
   1.747 +    unfolding rel_mset_def[abs_def] OO_def
   1.748 +    apply clarify
   1.749 +    apply (rename_tac X Z Y xs ys' ys zs)
   1.750 +    apply (drule_tac xs = ys' and ys = zs and xs' = ys in list_all2_reorder_left_invariance)
   1.751 +    by (auto intro: list_all2_trans)
   1.752 +next
   1.753 +  show "\<And>R. rel_mset R =
   1.754 +    (BNF_Def.Grp {x. set_of x \<subseteq> {(x, y). R x y}} (image_mset fst))\<inverse>\<inverse> OO
   1.755 +    BNF_Def.Grp {x. set_of x \<subseteq> {(x, y). R x y}} (image_mset snd)"
   1.756 +    unfolding rel_mset_def[abs_def] BNF_Def.Grp_def OO_def
   1.757 +    apply (rule ext)+
   1.758 +    apply auto
   1.759 +     apply (rule_tac x = "multiset_of (zip xs ys)" in exI)
   1.760 +     apply auto[1]
   1.761 +        apply (metis list_all2_lengthD map_fst_zip multiset_of_map)
   1.762 +       apply (auto simp: list_all2_iff)[1]
   1.763 +      apply (metis list_all2_lengthD map_snd_zip multiset_of_map)
   1.764 +     apply (auto simp: list_all2_iff)[1]
   1.765 +    apply (rename_tac XY)
   1.766 +    apply (cut_tac X = XY in ex_multiset_of)
   1.767 +    apply (erule exE)
   1.768 +    apply (rename_tac xys)
   1.769 +    apply (rule_tac x = "map fst xys" in exI)
   1.770 +    apply (auto simp: multiset_of_map)
   1.771 +    apply (rule_tac x = "map snd xys" in exI)
   1.772 +    by (auto simp: multiset_of_map list_all2I subset_eq zip_map_fst_snd)
   1.773 +next
   1.774 +  show "\<And>z. z \<in> set_of {#} \<Longrightarrow> False"
   1.775 +    by auto
   1.776 +qed
   1.777 +
   1.778 +inductive rel_mset' where
   1.779 +  Zero[intro]: "rel_mset' R {#} {#}"
   1.780 +| Plus[intro]: "\<lbrakk>R a b; rel_mset' R M N\<rbrakk> \<Longrightarrow> rel_mset' R (M + {#a#}) (N + {#b#})"
   1.781 +
   1.782 +lemma rel_mset_Zero: "rel_mset R {#} {#}"
   1.783 +unfolding rel_mset_def Grp_def by auto
   1.784  
   1.785  declare multiset.count[simp]
   1.786  declare Abs_multiset_inverse[simp]
   1.787  declare multiset.count_inverse[simp]
   1.788  declare union_preserves_multiset[simp]
   1.789  
   1.790 -lemma map_multiset_Plus[simp]: "mmap f (M1 + M2) = mmap f M1 + mmap f M2"
   1.791 -proof (intro multiset_eqI, transfer fixing: f)
   1.792 -  fix x :: 'a and M1 M2 :: "'b \<Rightarrow> nat"
   1.793 -  assume "M1 \<in> multiset" "M2 \<in> multiset"
   1.794 -  hence "setsum M1 {a. f a = x \<and> 0 < M1 a} = setsum M1 {a. f a = x \<and> 0 < M1 a + M2 a}"
   1.795 -        "setsum M2 {a. f a = x \<and> 0 < M2 a} = setsum M2 {a. f a = x \<and> 0 < M1 a + M2 a}"
   1.796 -    by (auto simp: multiset_def intro!: setsum.mono_neutral_cong_left)
   1.797 -  then show "(\<Sum>a | f a = x \<and> 0 < M1 a + M2 a. M1 a + M2 a) =
   1.798 -       setsum M1 {a. f a = x \<and> 0 < M1 a} +
   1.799 -       setsum M2 {a. f a = x \<and> 0 < M2 a}"
   1.800 -    by (auto simp: setsum.distrib[symmetric])
   1.801 -qed
   1.802 -
   1.803 -lemma map_multiset_single[simp]: "mmap f {#a#} = {#f a#}"
   1.804 -  by transfer auto
   1.805 -
   1.806 -lemma rel_multiset_Plus:
   1.807 -assumes ab: "R a b" and MN: "rel_multiset R M N"
   1.808 -shows "rel_multiset R (M + {#a#}) (N + {#b#})"
   1.809 +lemma rel_mset_Plus:
   1.810 +assumes ab: "R a b" and MN: "rel_mset R M N"
   1.811 +shows "rel_mset R (M + {#a#}) (N + {#b#})"
   1.812  proof-
   1.813    {fix y assume "R a b" and "set_of y \<subseteq> {(x, y). R x y}"
   1.814 -   hence "\<exists>ya. mmap fst y + {#a#} = mmap fst ya \<and>
   1.815 -               mmap snd y + {#b#} = mmap snd ya \<and>
   1.816 +   hence "\<exists>ya. image_mset fst y + {#a#} = image_mset fst ya \<and>
   1.817 +               image_mset snd y + {#b#} = image_mset snd ya \<and>
   1.818                 set_of ya \<subseteq> {(x, y). R x y}"
   1.819     apply(intro exI[of _ "y + {#(a,b)#}"]) by auto
   1.820    }
   1.821    thus ?thesis
   1.822    using assms
   1.823 -  unfolding rel_multiset_def Grp_def by force
   1.824 +  unfolding multiset.rel_compp_Grp Grp_def by blast
   1.825  qed
   1.826  
   1.827 -lemma rel_multiset'_imp_rel_multiset:
   1.828 -"rel_multiset' R M N \<Longrightarrow> rel_multiset R M N"
   1.829 -apply(induct rule: rel_multiset'.induct)
   1.830 -using rel_multiset_Zero rel_multiset_Plus by auto
   1.831 -
   1.832 -lemma mcard_mmap[simp]: "mcard (mmap f M) = mcard M"
   1.833 -proof -
   1.834 -  def A \<equiv> "\<lambda> b. {a. f a = b \<and> a \<in># M}"
   1.835 -  let ?B = "{b. 0 < setsum (count M) (A b)}"
   1.836 -  have "{b. \<exists>a. f a = b \<and> a \<in># M} \<subseteq> f ` {a. a \<in># M}" by auto
   1.837 -  moreover have "finite (f ` {a. a \<in># M})" apply(rule finite_imageI)
   1.838 -  using finite_Collect_mem .
   1.839 -  ultimately have fin: "finite {b. \<exists>a. f a = b \<and> a \<in># M}" by(rule finite_subset)
   1.840 -  have i: "inj_on A ?B" unfolding inj_on_def A_def apply clarsimp
   1.841 -    by (metis (lifting, full_types) mem_Collect_eq neq0_conv setsum.neutral)
   1.842 -  have 0: "\<And> b. 0 < setsum (count M) (A b) \<longleftrightarrow> (\<exists> a \<in> A b. count M a > 0)"
   1.843 -  apply safe
   1.844 -    apply (metis less_not_refl setsum_gt_0_iff setsum.infinite)
   1.845 -    by (metis A_def finite_Collect_conjI finite_Collect_mem setsum_gt_0_iff)
   1.846 -  hence AB: "A ` ?B = {A b | b. \<exists> a \<in> A b. count M a > 0}" by auto
   1.847 -
   1.848 -  have "setsum (\<lambda> x. setsum (count M) (A x)) ?B = setsum (setsum (count M) o A) ?B"
   1.849 -  unfolding comp_def ..
   1.850 -  also have "... = (\<Sum>x\<in> A ` ?B. setsum (count M) x)"
   1.851 -  unfolding setsum.reindex [OF i, symmetric] ..
   1.852 -  also have "... = setsum (count M) (\<Union>x\<in>A ` {b. 0 < setsum (count M) (A b)}. x)"
   1.853 -  (is "_ = setsum (count M) ?J")
   1.854 -  apply(rule setsum.UNION_disjoint[symmetric])
   1.855 -  using 0 fin unfolding A_def by auto
   1.856 -  also have "?J = {a. a \<in># M}" unfolding AB unfolding A_def by auto
   1.857 -  finally have "setsum (\<lambda> x. setsum (count M) (A x)) ?B =
   1.858 -                setsum (count M) {a. a \<in># M}" .
   1.859 -  then show ?thesis unfolding mcard_unfold_setsum A_def by transfer
   1.860 -qed
   1.861 -
   1.862 -lemma rel_multiset_mcard:
   1.863 -assumes "rel_multiset R M N"
   1.864 -shows "mcard M = mcard N"
   1.865 -using assms unfolding rel_multiset_def Grp_def by auto
   1.866 +lemma rel_mset'_imp_rel_mset:
   1.867 +"rel_mset' R M N \<Longrightarrow> rel_mset R M N"
   1.868 +apply(induct rule: rel_mset'.induct)
   1.869 +using rel_mset_Zero rel_mset_Plus by auto
   1.870 +
   1.871 +lemma mcard_image_mset[simp]: "mcard (image_mset f M) = mcard M"
   1.872 +  unfolding size_eq_mcard[symmetric] by (rule size_image_mset)
   1.873 +
   1.874 +lemma rel_mset_mcard:
   1.875 +  assumes "rel_mset R M N"
   1.876 +  shows "mcard M = mcard N"
   1.877 +using assms unfolding multiset.rel_compp_Grp Grp_def by auto
   1.878  
   1.879  lemma multiset_induct2[case_names empty addL addR]:
   1.880  assumes empty: "P {#} {#}"
   1.881 @@ -2946,100 +2463,96 @@
   1.882  qed
   1.883  
   1.884  lemma msed_map_invL:
   1.885 -assumes "mmap f (M + {#a#}) = N"
   1.886 -shows "\<exists> N1. N = N1 + {#f a#} \<and> mmap f M = N1"
   1.887 +assumes "image_mset f (M + {#a#}) = N"
   1.888 +shows "\<exists>N1. N = N1 + {#f a#} \<and> image_mset f M = N1"
   1.889  proof-
   1.890    have "f a \<in># N"
   1.891    using assms multiset.set_map[of f "M + {#a#}"] by auto
   1.892    then obtain N1 where N: "N = N1 + {#f a#}" using multi_member_split by metis
   1.893 -  have "mmap f M = N1" using assms unfolding N by simp
   1.894 +  have "image_mset f M = N1" using assms unfolding N by simp
   1.895    thus ?thesis using N by blast
   1.896  qed
   1.897  
   1.898  lemma msed_map_invR:
   1.899 -assumes "mmap f M = N + {#b#}"
   1.900 -shows "\<exists> M1 a. M = M1 + {#a#} \<and> f a = b \<and> mmap f M1 = N"
   1.901 +assumes "image_mset f M = N + {#b#}"
   1.902 +shows "\<exists>M1 a. M = M1 + {#a#} \<and> f a = b \<and> image_mset f M1 = N"
   1.903  proof-
   1.904    obtain a where a: "a \<in># M" and fa: "f a = b"
   1.905    using multiset.set_map[of f M] unfolding assms
   1.906    by (metis image_iff mem_set_of_iff union_single_eq_member)
   1.907    then obtain M1 where M: "M = M1 + {#a#}" using multi_member_split by metis
   1.908 -  have "mmap f M1 = N" using assms unfolding M fa[symmetric] by simp
   1.909 +  have "image_mset f M1 = N" using assms unfolding M fa[symmetric] by simp
   1.910    thus ?thesis using M fa by blast
   1.911  qed
   1.912  
   1.913  lemma msed_rel_invL:
   1.914 -assumes "rel_multiset R (M + {#a#}) N"
   1.915 -shows "\<exists> N1 b. N = N1 + {#b#} \<and> R a b \<and> rel_multiset R M N1"
   1.916 +assumes "rel_mset R (M + {#a#}) N"
   1.917 +shows "\<exists>N1 b. N = N1 + {#b#} \<and> R a b \<and> rel_mset R M N1"
   1.918  proof-
   1.919 -  obtain K where KM: "mmap fst K = M + {#a#}"
   1.920 -  and KN: "mmap snd K = N" and sK: "set_of K \<subseteq> {(a, b). R a b}"
   1.921 +  obtain K where KM: "image_mset fst K = M + {#a#}"
   1.922 +  and KN: "image_mset snd K = N" and sK: "set_of K \<subseteq> {(a, b). R a b}"
   1.923    using assms
   1.924 -  unfolding rel_multiset_def Grp_def by auto
   1.925 +  unfolding multiset.rel_compp_Grp Grp_def by auto
   1.926    obtain K1 ab where K: "K = K1 + {#ab#}" and a: "fst ab = a"
   1.927 -  and K1M: "mmap fst K1 = M" using msed_map_invR[OF KM] by auto
   1.928 -  obtain N1 where N: "N = N1 + {#snd ab#}" and K1N1: "mmap snd K1 = N1"
   1.929 +  and K1M: "image_mset fst K1 = M" using msed_map_invR[OF KM] by auto
   1.930 +  obtain N1 where N: "N = N1 + {#snd ab#}" and K1N1: "image_mset snd K1 = N1"
   1.931    using msed_map_invL[OF KN[unfolded K]] by auto
   1.932    have Rab: "R a (snd ab)" using sK a unfolding K by auto
   1.933 -  have "rel_multiset R M N1" using sK K1M K1N1
   1.934 -  unfolding K rel_multiset_def Grp_def by auto
   1.935 +  have "rel_mset R M N1" using sK K1M K1N1
   1.936 +  unfolding K multiset.rel_compp_Grp Grp_def by auto
   1.937    thus ?thesis using N Rab by auto
   1.938  qed
   1.939  
   1.940  lemma msed_rel_invR:
   1.941 -assumes "rel_multiset R M (N + {#b#})"
   1.942 -shows "\<exists> M1 a. M = M1 + {#a#} \<and> R a b \<and> rel_multiset R M1 N"
   1.943 +assumes "rel_mset R M (N + {#b#})"
   1.944 +shows "\<exists>M1 a. M = M1 + {#a#} \<and> R a b \<and> rel_mset R M1 N"
   1.945  proof-
   1.946 -  obtain K where KN: "mmap snd K = N + {#b#}"
   1.947 -  and KM: "mmap fst K = M" and sK: "set_of K \<subseteq> {(a, b). R a b}"
   1.948 +  obtain K where KN: "image_mset snd K = N + {#b#}"
   1.949 +  and KM: "image_mset fst K = M" and sK: "set_of K \<subseteq> {(a, b). R a b}"
   1.950    using assms
   1.951 -  unfolding rel_multiset_def Grp_def by auto
   1.952 +  unfolding multiset.rel_compp_Grp Grp_def by auto
   1.953    obtain K1 ab where K: "K = K1 + {#ab#}" and b: "snd ab = b"
   1.954 -  and K1N: "mmap snd K1 = N" using msed_map_invR[OF KN] by auto
   1.955 -  obtain M1 where M: "M = M1 + {#fst ab#}" and K1M1: "mmap fst K1 = M1"
   1.956 +  and K1N: "image_mset snd K1 = N" using msed_map_invR[OF KN] by auto
   1.957 +  obtain M1 where M: "M = M1 + {#fst ab#}" and K1M1: "image_mset fst K1 = M1"
   1.958    using msed_map_invL[OF KM[unfolded K]] by auto
   1.959    have Rab: "R (fst ab) b" using sK b unfolding K by auto
   1.960 -  have "rel_multiset R M1 N" using sK K1N K1M1
   1.961 -  unfolding K rel_multiset_def Grp_def by auto
   1.962 +  have "rel_mset R M1 N" using sK K1N K1M1
   1.963 +  unfolding K multiset.rel_compp_Grp Grp_def by auto
   1.964    thus ?thesis using M Rab by auto
   1.965  qed
   1.966  
   1.967 -lemma rel_multiset_imp_rel_multiset':
   1.968 -assumes "rel_multiset R M N"
   1.969 -shows "rel_multiset' R M N"
   1.970 +lemma rel_mset_imp_rel_mset':
   1.971 +assumes "rel_mset R M N"
   1.972 +shows "rel_mset' R M N"
   1.973  using assms proof(induct M arbitrary: N rule: measure_induct_rule[of mcard])
   1.974    case (less M)
   1.975 -  have c: "mcard M = mcard N" using rel_multiset_mcard[OF less.prems] .
   1.976 +  have c: "mcard M = mcard N" using rel_mset_mcard[OF less.prems] .
   1.977    show ?case
   1.978    proof(cases "M = {#}")
   1.979      case True hence "N = {#}" using c by simp
   1.980 -    thus ?thesis using True rel_multiset'.Zero by auto
   1.981 +    thus ?thesis using True rel_mset'.Zero by auto
   1.982    next
   1.983      case False then obtain M1 a where M: "M = M1 + {#a#}" by (metis multi_nonempty_split)
   1.984 -    obtain N1 b where N: "N = N1 + {#b#}" and R: "R a b" and ms: "rel_multiset R M1 N1"
   1.985 +    obtain N1 b where N: "N = N1 + {#b#}" and R: "R a b" and ms: "rel_mset R M1 N1"
   1.986      using msed_rel_invL[OF less.prems[unfolded M]] by auto
   1.987 -    have "rel_multiset' R M1 N1" using less.hyps[of M1 N1] ms unfolding M by simp
   1.988 -    thus ?thesis using rel_multiset'.Plus[of R a b, OF R] unfolding M N by simp
   1.989 +    have "rel_mset' R M1 N1" using less.hyps[of M1 N1] ms unfolding M by simp
   1.990 +    thus ?thesis using rel_mset'.Plus[of R a b, OF R] unfolding M N by simp
   1.991    qed
   1.992  qed
   1.993  
   1.994 -lemma rel_multiset_rel_multiset':
   1.995 -"rel_multiset R M N = rel_multiset' R M N"
   1.996 -using  rel_multiset_imp_rel_multiset' rel_multiset'_imp_rel_multiset by auto
   1.997 -
   1.998 -(* The main end product for rel_multiset: inductive characterization *)
   1.999 -theorems rel_multiset_induct[case_names empty add, induct pred: rel_multiset] =
  1.1000 -         rel_multiset'.induct[unfolded rel_multiset_rel_multiset'[symmetric]]
  1.1001 +lemma rel_mset_rel_mset':
  1.1002 +"rel_mset R M N = rel_mset' R M N"
  1.1003 +using rel_mset_imp_rel_mset' rel_mset'_imp_rel_mset by auto
  1.1004 +
  1.1005 +(* The main end product for rel_mset: inductive characterization *)
  1.1006 +theorems rel_mset_induct[case_names empty add, induct pred: rel_mset] =
  1.1007 +         rel_mset'.induct[unfolded rel_mset_rel_mset'[symmetric]]
  1.1008  
  1.1009  
  1.1010  subsection {* Size setup *}
  1.1011  
  1.1012 -lemma multiset_size_o_map: "size_multiset g \<circ> mmap f = size_multiset (g \<circ> f)"
  1.1013 -apply (rule ext)
  1.1014 -apply (unfold o_apply)
  1.1015 -apply (induct_tac x)
  1.1016 -apply auto
  1.1017 -done
  1.1018 +lemma multiset_size_o_map: "size_multiset g \<circ> image_mset f = size_multiset (g \<circ> f)"
  1.1019 +  unfolding o_apply by (rule ext) (induct_tac, auto)
  1.1020  
  1.1021  setup {*
  1.1022  BNF_LFP_Size.register_size_global @{type_name multiset} @{const_name size_multiset}