Formalization of Measure and Lebesgue Integration Over Extended Reals in HOL

Formalization of Measure and Lebesgue Integration over
Extended Reals in HOL

Tarek Mhamdi, Osman Hasan, and So`ene Tahar
Department of Electrical and Computer Engineering,
Concordia University, Montreal, Canada
{mhamdi,o hasan,tahar}@ece.concordia.ca
Technical Report
Jan, 2011
Abstract
Measure theory and Lebesgue integration are fundamental tools in a wide range of mathematical
theories such probability and information theory. Consequently, a formalization of these theories is
highly required to be able to tackle numerous application using a theorem prover. This report is primarily
focused towards overcoming the shortcomings of previous formalizations to raise the state-of-the-art in
higher-order-logic formalization of measure and Lebesgue integration from the existing level, where they
are applicable only to isolated facets, to a level allowing formal analysis of contemporary engineering and
scientic problems. In this regard, we propose to develop a rigorous higher-order-logic formalization of
measure, Lebesgue integration and probability theories over the extended real numbers, which are real
numbers extended with positive and negative innity. We also formalize the Radon-Nikodym derivative
and prove some of its properties using the HOL theorem prover.
1 Introduction
Traditionally, paper-and-pencil based analytical techniques have been used for probabilistic
or information-theoretic analysis but these methods do not scale very well to most real-
world systems. Therefore, computer simulations are predominantly used for probabilistic
analysis these days. However, due to its inherent nature, computer simulation can never
ascertain 100% accuracy. This fact is extremely undesirable due to the ever increasing usage
of probabilistic and information theoretic analysis in the design of safety and mission critical
systems. Formal methods tend to overcome such inaccuracy limitations. The main theories
required to formalize probability and information theory are the theories of measure and
1
Lebesgue integration. In fact, they allow us to provide a rigorous treatment of probability
and a unied framework where the denitions are valid for the discrete and continuous cases.
Various higher-order-logic formalization of measure and Lebesgue integration have recently
been proposed [7, 2, 9]. However, the underlying theories of this development have certain
constraints and lack important properties of the quantities formalized, which are necessary
for any probabilistic analysis. For example, the theories do not support innite values for
functions or integrals, which limits the scope of applications and most importantly prevents
the proof of important and necessary theorems, like the Radon Nikodym theorem [4].
This report is primarily focused towards overcoming these shortcomings as we attempt
to raise the state-of-the-art in higher-order-logic formalization of measure and Lebesgue
integration from the existing level, where they are applicable only to isolated facets, to
a level allowing formal analysis of contemporary engineering and scientic problems. In
this regard, we propose to develop a rigorous higher-order-logic formalization of measure
and Lebesgue integration theories over the extended real numbers, which are real numbers
extended with positive and negative innity.
Using extended reals to dene the measure theory allows us to work with regular nite
non-negative measures, innite measures as well as signed measures. Working with functions
or random variables that can take innite values, allows us to prove important limiting
theorems that are not possible to prove when we do not consider innite values. In fact, in
that case, the limit of a sequence is undened when the sequence is not convergent. However,
in the extended reals case, a limit is always dened and can be innite. Finally, working
with innite Lebesgue integrals allows us to prove various convergence theorems without
requiring the sequences to be convergent.
Building on top of this framework, we dene the Radon Nikodym derivative and prove its
properties. The existence of this derivative for absolutely continuous measures is guaranteed
by the so called Radon Nikodym theorem. The proof of this theorem was the main motivation
to use the extended reals in the formalization.
All of the above mentioned formalization is done using the HOL theorem prover [5] and
the report provides the associated formalization and verication details. This infrastruc-
ture paves the path to the formal probabilistic and information-theoretic analysis of many
engineering systems and protocols.
2 Related Work
Based on the work of Hurd [7] on measure theory, Coble [2] formalized the main concepts
of Lebesgue integration and probability and used them in the formalization of information
theory in HOL. Coble used this framework to verify anonymity properties of the dining
cryptographers protocol. This formalization, however, does not include important conver-
gence theorems and properties of the Lebesgue integral and measurable functions, limiting
the scope of its applications. We provided a generalization of this work [9], based on Borel
spaces, allowing us to verify those properties and theorems. Both formalizations, however,
only consider nite-valued measures, functions and integrals. In this report, we propose to
dene a new type for extended reals and use it to formalize measure, Lebesgue integration,
probability and main concepts of information theory. Using extended reals in the formal-
ization has many advantages. It allows us to dene sigma-nite and other innite measures
as well as signed measures. Properties of the Lebesgue integral like the monotonicity can
be proven even for non-integrable functions, but most importantly, it allows us to prove
2
convergence theorems that are valid even for non convergent sequences. The latter was
the main reason to dene extended-real-valued integrals, to be able to prove the impor-
tant Radon Nikodym theorem. This theorem, and consequently some of the properties of
the Radon Nikodym derivative, could not be proven using the formalizations in [2, 9]. The
Radon Nikodym derivative is needed in the denition of the relative entropy. To the best our
knowledge, this is the rst higher-order-logic formalization of the Radon Nikodym derivative
which also includes their properties.
A formalization of the positive extended reals in HOL was proposed by Hurd [8] and has
been imported to the Isabelle theorem prover [10]. We propose a formalization that includes
all real numbers as well as the positive innity + and negative innity . This has,
obviously, the advantage of working with negative extended real numbers, for example for
signed measures. A formalization of measure theory dened on the positive extended reals
has been developed in Isabelle [6], based on the work of Coble [2]. This has been used to
prove the Radon Nikodym theorem. The main dierence with our work is the use of extended
reals, which allows us to dene signed measures as well as have the integral dened on the
extended reals for arbitrary functions.
A formalization of the Lebesgue integral on the extended reals has been proposed in
Mizar [11]. We provide a more general formalization that allowed us to formalize the Radon
Nikodym derivative and prove its properties. To the best of our knowledge, neither the
Radon Nikodym derivative and its properties nor the relative entropy have been formalized
in Mizar.
3 Extended Real Numbers
The set of extended real numbers R is the set of real numbers R extended with two additional
elements, namely, the positive innity + and negative innity . R is useful to describe
various limiting behaviors in many mathematical elds. For instance, it is necessary to
use the extended reals system to dene the integration theory, otherwise the convergence
theorems such as the monotone convergence and dominated convergence theorems would
be less useful. Using the extended reals to dene the measure theory makes it possible to
dene sigma nite measures and other innite measures. With extended reals, the limit of
a monotonic sequence is always dened, innite when the sequence is divergent, but still
dened and properties can be proven on it. The price to pay for these advantages is an
increased level of diculty in the analysis and the need to prove a large body of theorems
on the extended reals and operators on them.
An extended real is either a normal real number, positive innity or negative innity. we
use Hol_datatype to dene the new type extreal as follows,
val _ = Hol_datatypeextreal = NegInf | PosInf | Normal of real;
The arithmetic operations of R are extended to R with partial functions. For example the
addition is extended as follow.
a. a = a + (+) = ++ a = +
a. a = + a + () = + a =
This is formalized in higher-order logic as
3
val extreal_add_def = Define
(extreal_add (Normal x) (Normal y) = (Normal (x + y)))
(extreal_add (Normal _) a = a)
(extreal_add b (Normal _) = b)
(extreal_add NegInf NegInf = NegInf)
(extreal_add PosInf PosInf = PosInf)
The function is left undened when one of the operands is PosInf and the other is NegInf.
Similarly, we extend the other arithmetic operators and prove their properties.
for all a R, a +. With this order, R is a complete lattice where every subset
has a supremum and an inmum. The supremum is formalized in HOL as:
val extreal_sup_def = Define
extreal_sup p =
if x. (y. p y y x) (x = PosInf) then PosInf
else (if x. p x (x = NegInf) then NegInf
else Normal (sup (r. p (Normal r))));
In this denition, sup refers to the supremum over a set of real numbers. Next, we tackle
the following theorem, which we will use in the Radon Nikodym theorem proof in Section ??
Theorem 1. For any non-empty, upper bounded (by a nite number) set P of extended real
numbers, there exists a monotonically increasing sequence of elements of P that converges
to the supremum of P.
For the case where the supremum is an element of the set, we simply consider the sequence
n, x
p
(n) = sup P. Otherwise, we prove that x
p
(n), dened below, is one such sequence.
x
p
(0) = @r. r P (sup P 1) < r and
x
p
(n + 1) = @r. r P max(x
p
(n), sup P
1
2
n+1
) < r < sup P
where @ represents the Hilbert choice operator.
We then dene the sum of extended real numbers over a nite set and prove its properties
whenever the sum is dened. The obvious way to dene the sum is the following
val SIGMA_DEF = new_definition("SIGMA_DEF",
SIGMA f s = ITSET (e acc. f e + acc) s (0:extreal))
However, using this denition, we are not able to prove the recursive form without requiring
that all the elements we are adding are nite. In fact, to be able to prove the recursive form,
we need to use the theorem
f e s b.
(x y z. f x (f y z) = f y (f x z)) FINITE s
(ITSET f (e INSERT s) b = f e (ITSET f (s DELETE e) b))
This requires that the addition is associative and commutative for all the elements considered,
which is not the case unless we restrict our denition to nite values. This is, obviously,
undesirable when working with extended real numbers. Instead, we propose the following
denition for the sum.
4
val SIGMA_def = let open TotalDefn
in tDefine "SIGMA"
SIGMA (f:a -> extreal) (s: a -> bool) =
if FINITE s then
if s={} then 0:extreal
else f (CHOICE s) + SIGMA f (REST s)
else ARB
(WF_REL_TAC measure (CARD o SND) THEN
METIS_TAC [CARD_PSUBSET, REST_PSUBSET])
end;
We use WF_REL_TAC to initiate the termination proof of the denition with the measure
function measure (CARD o SND). From this denition, we prove the recursive form, which
will be used in proving the main properties of the sum.
f s. FINITE s
e. (x. x e INSERT s f x = NegInf)
(x. x e INSERT s f x = PosInf)
(SIGMA f (e INSERT s) = f e + SIGMA f (s DELETE e))
Notice that we can have innite values as long as the sum in dened. The properties that
we proved include the linearity, monotonicity, and the summation over disjoint sets and
products of sets.
Finally, we dene the innite sum of extended real numbers
nN
x
n
using the SIGMA and
sup operators and prove its properties.
val ext_suminf_def = Define
ext_suminf f = sup (IMAGE (n. SIGMA f (count n)) UNIV)
We provide an extensive formalization of the extended real numbers, which consists of
more than 220 theorems written in around 3000 lines of code. It contains all the necessary
tools to formalize most of the concepts that we need in measure, integration, probability
and information theories. The proof script is available and can used in a variety of other
applications as well. In the next sections, we present the formalization of these theories
based on the extended real numbers.
4 Formalization of Measure, Integration and Probability
Using measure theory to formalize probability has the advantage of providing a mathemati-
cally rigorous treatment of probabilities and a unied framework for discrete and continuous
probability measures. In this context, a probability measure is a measure function, an event
is a measurable set and a random variable is a measurable function. The expectation of
a random variable is its integral with respect to the probability measure. The Lebesgue
integral is used because it provides a unique denition for discrete and continuous random
variables, it handles a broader class of functions than the Reimann integral, and it exhibits
a better behavior when it comes to interchanging limits and integrals. Most of the concepts
of this section have already been formalized in HOL [9]. However, the formalization of this
report is based on the extended reals. In this context, the limit of a monotonically increas-
ing sequence becomes the supremum and can be innite. This allows us to verify various
limiting properties and convergence theorems.
5
4.1 Measure Theory
By denition, measurable functions satisfy the condition that the inverse image of a mea-
surable set is also measurable, which we formalize in higher-order logic as follows
a b f. f measurable a b =
sigma_algebra a sigma_algebra b
f (space a space b)
s. s subsets b PREIMAGE f s space a subsets a
This denition applies to functions dened on arbitrary spaces. We are interested in real-
valued measurable functions and hence the Borel sigma algebra on the set of extended real
numbers is used. Working with the Borel sigma algebra makes the set of measurable func-
tions a vector space. It also allows us to formally verify various properties of the measurable
functions necessary for the formalization of the Lebesgue integral and its properties in HOL.
We dene the Borel sigma algebra on R, which we call Borel, as the smallest sigma
algebra generated by the open rays
val Borel_def = Define
Borel = sigma (UNIV:extreal->bool)
(IMAGE (a. {x:extreal | x < a}) UNIV)
where sigma is dened as
sigma sp st = (sp,
s | st s sigma_algebra (sp,s))
We also prove that the Borel sigma algebra on the extended reals is the smallest sigma
algebra generated by any of the following classes of intervals: [c, +], (c, +], [, c],
(c, d), [c, d), (c, d], [c, d], where c, d R. Using the above result, we prove that to check the
measurability of extended-real-valued function, it is sucient to check that the inverse image
of the open ray is measurable. The same result is valid for the other classes of intervals.
Theorem 2. Let (X, A) be a measurable space. A function f : X R is measurable with
respect to (A, B(R)) i c R, f
1
([, c[) A
We prove in HOL various properties of the extended-real-valued measurable functions.
Every constant real function on a space X is measurable.
The indicator function on a set A is measurable i A is measurable.
Let f and g be measurable functions and c R, then the following functions are also
measurable: cf, |f|, f
n
, f + g, fg and max(f, g).
If (f
n
) is a monotonically increasing sequence of extended-real-valued measurable func-
tions such that x, f(x) = sup
nN
f
n
(x), then f is a measurable function.
4.2 Lebesgue Integral
The Lebesgue integral is dened using a special class of functions called positive simple
functions. They are measurable functions taking nitely many values. In other words, a
6
positive simple function g is represented by the triple (s, a, x) as a nite linear combination
of indicator functions of measurable sets (a
i
) that form a partition of the space X.
t X, g(t) =
is
x
i
I
ai
(t) c
i
0 (1)
We also add the condition that positive simple functions take nite values, i.e., i s. x
i
<
. Their Lebesgue integral can however be innite.
The Lebesgue integral is rst dened for positive simple functions then extended to non-
negative functions and nally to arbitrary functions. Let (X, A, ) be a measure space. The
integral of the positive simple function g with respect to the measure is given by
X
g d =
is
x
i
(a
i
) (2)
This is formalized in HOL as
val pos_simple_fn_integral_def = Define
pos_simple_fn_integral m s a x =
SIGMA (i. x i * measure m (a i)) s
While the choice of ((x
i
), (a
i
), s) to represent g is not unique, we prove that the integral
as dened above is independent of that choice. We also prove important properties of the
Lebesgue integral of positive simple functions such as the linearity and monotonicity. The
Lebesgue integral of non-negative measurable functions is given by
X
f d = sup{
X
g d | g f and g positive simple function} (3)
Its formalization in HOL is the following
val pos_fn_integral_def = Define
pos_fn_integral m f =
sup {r | g. r psfis m g x. g x f x}
where psfis m g is used to represent the Lebesgue integral of the positive simple function
g. Finally, the integral for arbitrary measurable functions is given by
X
f d =
X
f
+
d
X
f
d (4)
where f
+
and f
are the non-negative measurable functions dened by f

+
(x) = max(f(x), 0)
and f
(x) = max(f(x), 0).

val fn_integral_def = Define
fn_integral m f = pos_fn_integral m (fn_plus f) -
pos_fn_integral m (fn_minus f)
As dened above, the Lebesgue integral can be undened when the integrals of both
f
+
and f
are innite. This requires that in most properties of the Lebesgue integral, we
assume that the functions are integrable, as dened next.
7
Denition 1. Let (X, A, ) be a measure space, a measurable function f is integrable i
X
f
+
d < and
X
f
d <
val integrable_def = Define
integrable m f =
f measurable (m_space m,measurable_sets m) Borel
pos_fn_integral m (fn_plus f) = PosInf
pos_fn_integral m (fn_minus f) = PosInf;
4.2.1 Lebesgue Monotone Convergence
The monotone convergence is arguably the most important theorem of the Lebesgue inte-
gration theory and it plays a major role in the proof of the Radon Nikodym theorem [1] and
the properties of the integral. We present in the sequel a proof of the theorem in HOL.
Theorem 3. g
Let (f
n
) be a monotonically increasing sequence of non-negative measurable functions such
that x, f(x) = sup
nN
f
n
(x), then
X
f d = sup
nN
X
f
n
d
m f fi. measure_space m i x. 0 fi i x
i. fi i measurable (m_space m, measurable_sets m) Borel
x. mono_increasing (i. fi i x)
x. x m_space m f x = sup (IMAGE (i. fi i x) UNIV)
sup (IMAGE (i. pos_fn_integral m (fi i)) UNIV)
We prove the Lebesgue monotone convergence theorem by using the properties of the supre-
mum and by proving the lemma stating that if f is the supremum of a monotonically in-
creasing sequence of non-negative measurable functions f
n
and g is a positive simple function
such that g f, then the integral of g satises
X
g d sup
nN
X
f
n
d
Or, as formalized in HOL:
m f fi g r.
measure_space m i x. 0 fi i x
i. fi i measurable (m_space m, measurable_sets m) Borel
x. mono_increasing (i. fi i x)
x. x m_space m f x = sup (IMAGE (i. fi i x) UNIV)
r psfis m g x. g x f x
r sup (IMAGE (i. pos_fn_integral m (fi i)) UNIV)
4.2.2 Lebesgue Integral Properties
Most properties of the Lebesgue integral cannot be proved directly from the denition of
the integral. We prove instead that any measurable function is the limit of a sequence of
positive simple functions. The properties of the Lebesgue integral are then derived from the
properties on the positive simple functions.
8
Theorem 4. For any non-negative measurable function f there exists a monotonically in-
creasing sequence of positive simple functions (f
n
) such that x, f(x) = sup
nN
f
n
(x).
Besides
X
f d = sup
nN
X
f
n
d
The above theorem is formalized in HOL as
m f. measure_space m x. 0 f x
f measurable (m_space m,measurable_sets m) Borel
fi ri. x. mono_increasing (i. fi i x)
x. x m_space m sup (IMAGE (. fi i x) UNIV) = f x
i. ri i psfis m (fi i)
sup (IMAGE (i. pos_fn_integral m (fi i)) UNIV)
We prove this theorem by showing that the sequence (f
n
), dened below, satises the condi-
tions of the theorem and use the Lebesgue monotone convergence theorem to conclude that
X
f d = sup
nN
X
f
n
d.
f
n
(x) =
4
n
1
k=0
k
2
n
I
{x|
k
2
n
f(x)<
k+1
2
n
}
+ 2
n
I
{x|2
n
f(x)}
For arbitrary integrable functions, Theorem 4 is applied to f
+
and f
and results in a
well-dened integral, given by
X
f d = sup
nN
X
f
+
n
d sup
nN
X
f
n
d
Using Theorem 4, we extend the properties of the Lebesgue integral for positive simple
functions to arbitrary integrable functions. The main properties we proved are the mono-
tonicity and linearity of the Lebesgue integral. Let f and g be integrable functions and
c R then
x, 0 f(x) 0
X
f d
x, f(x) g(x)
X
f d
X
g d
X
cf d = c
X
f d
X
f + g d =
X
f d +
X
g d
A and B disjoint sets
AB
f d =
A
f d +
B
f d
4.2.3 Radon Nikodym Derivative
The Radon Nikodym derivative of with respect to .
A
d
d
d = (A)
The Radon Nikodym derivative is formalized in HOL as
9
val RN_deriv_def = Define
RN_deriv m v =
@f. f IN measurable (m_space m, measurable_sets m) Borel
(a. a measurable_sets m
(fn_integral m (x. f x * indicator_fn a x) = measure v a))
The relative entropy is then formalized as
val KL_divergence_def = Define
KL_divergence b m v =
- fn_integral m (x. logr b ((RN_deriv m v) x))
The existence of the Radon Nikodym derivative is guaranteed for absolutely continuous
measures by the Radon Nikodym theorem. A measure is absolutely continuous with respect
to the measure i for every measurable set A, (A) = 0 implies that (A) = 0. Next, we
state and prove the Radon Nikodym theorem (RNT) for nite measures. The theorem can
be easily generalized to sigma nite measures.
Theorem 5. (RNT)
If is absolutely continuous with respect to , then there exists a non-negative integrable
function f such that for any measurable sets,
A
f d = (A)
The Radon Nikodym theorem is formalized in HOL as follows,
m v. measure_space m measure_space v
(m_space v = m_space m)
(measurable_sets v = measurable_sets m)
(measure_absolutely_continuous m v)
(measure v (m_space v) = PosInf)
(measure m (m_space m) = PosInf)
(f. f measurable (m_space m,measurable_sets m) Borel
(A. A measurable_sets m
(pos_fn_integral m (x. f x * indicator_fn A x) = measure v A)))
To prove the theorem, we prove the following lemma, which we propose as a generalization of
Theorem 1. To the best of our knowledge, this lemma has not been referred to in textbooks
and we nd that it is a useful result that can be used in other proofs.
Lemma 1. If P is a non-empty set of extended-real valued functions closed under the max
operator, g is monotone over P and g(P) is upper bounded, then there exists a monotonically
increasing sequence f(n) of functions, elements of P, such that
sup
nN
g(f(n)) = sup
fP
g(f)
Proving the Radon Nikodym theorem consists in dening the set F of non-negative mea-
surable functions such that for any measurable set A,
A
f d (A). Then we prove that
this set is non-empty, upper bounded by the nite measure of the space and is closed under
10
the max operator. Next, using the monotonicity of the integral and the lemma above, we
prove the existence of a monotonically increasing sequence f(n) of functions in F such that
sup
nN
X
f
n
d = sup
fF
X
f d
Finally, we prove that the function g, dened below, satises the conditions of the theorem.
x. g(x) = sup
nN
f
n
(x)
The main reason we used the extended reals in our formalization was the inability to
prove the Radon Nikodym theorem without considering innite values. In fact, in our proof,
we use the Lebesgue monotone convergence to prove that
X
g d = sup
nN
X
f
n
d
However, the Lebesgue monotone convergence in [9] which does not support the extended
reals, requires the sequence f
n
to be convergent, which is not necessarily the case here and
cannot be added as an assumption because the sequence f
n
is generated inside the proof. The
Lebesgue monotone convergence theorem with the extended reals is valid even for sequences
that are not convergent since it uses the sup operator instead of the limit lim.
Next, we prove the following properties of the Radon Nikodym derivative.
The Radon Nikodym derivative of with respect to is unique, almost-everywhere,
i.e., unique up to a null set with respect to .
If
1
and
2
are absolutely continuous with respect to , then
d(1+2)
d
=
d1
d
+
d2
d
,
almost-everywhere.
If is absolutely continuous with respect to and c 0, then
d(c)
d
= c
d
d
,
almost-everywhere.
For nite spaces, we prove that
x X, {x} = 0
d
d
(x) =
{x}
{x}
4.3 Probability Theory
We formalize the Kolmogorov axiomatic denition of probability using measure theory by
dening the sample space , the set F of events which are subsets of and the probability
measure p. A probability measure is a measure function and an event is a measurable set.
(, F, p) is a probability space i it is a measure space and p() = 1. A random variable is
by denition a measurable function.
val random_variable_def = Define
random_variable X p s = prob_space p
X measurable (p_space p, events p) s
The properties we proved in the previous section for measurable functions are obviously valid
for random variables.
11
Theorem 6. If X and Y are random variables and c R then the following functions are
also random variables: cX, |X|, X
n
, X + Y, XY and max(X, Y ).
The probability mass function (PMF) of a random variable X is dened as the function
p
X
assigning to a set A the probability of the event {X A}. We also formalize the joint
probability mass function of two random variables and of a sequence of random variables.
val pmf_def = Define
pmf p X = (A. prob p (PREIMAGE X A p_space p))
Finally we use the formalization of the Lebesgue integral to dene the expectation of a
random variable and its variance. The expectation of a random value X is dened as the
integral of X with respect to the probability measure, E[X] =
X dp.
val expectation_def = Define expectation = fn_integral
The properties of the expectation are derived from the properties of the integral. The
variance of a random variable is dened as E[|X E[X]|
2
]. We also prove the properties of
the variance in HOL.
5 Conclusions
In this report, we have presented a formalization in HOL of measure, Lebesgue integration
and probability theories dened on the extended reals. We used this infrastructure, to formal-
ize the Radon Nikodym derivative and prove its properties. The Radon Nikodym derivative
is used, for instance, in the denition of relative entropy and probability density functions.
The formalization based on the extended reals enables us to verify important properties and
convergence theorems as well as prove the important Radon Nikodym theorem.
We intend to use this higher-order-logic formalization of measure, Lebesgue integration
and probability theories to formalize main concepts of information theory such as the Shan-
non entropy and relative entropy. The verication of properties of the Shannon entropy and
relative entropy makes it possible to perform information theoretic analysis on a wide range
of applications. Using this formalization, we prove the Asymptotic Equipartition Property
in HOL, which is used to dene and verify the notion of typical sets. This, in turn, is the
basis to prove the Shannon source coding theorem, providing the fundamental limits of data
compression. The relative entropy is an important measure of divergence between probabil-
ity distributions. It is used to dene other concepts of information theory, but it is also used
in several other applications like the anonymity application in [3].
Our future work include the formalization of measures of entropy and applying the tech-
nique in [3] to verify the anonymity properties of the Dining Cryptographers and Crowds
protocols within the sound core of a theorem prover.
References
[1] V. I. Bogachev. Measure Theory. Springer, 2006.
[2] A. R. Coble. Anonymity, Information, and Machine-Assisted Proof. PhD thesis, Uni-
versity of Cambridge, 2010.
[3] Y. Deng, J. Pang, and P. Wu. Measuring Anonymity with Relative Entropy. In Formal
Aspects in Security and Trust, volume 4691 of LNCS, pages 6579. Springer, 2007.
12
[4] R. R. Goldberg. Methods of Real Analysis. Wiley, 1976.
[5] M. J. C. Gordon and T. F. Melham. Introduction to HOL: A Theorem Proving Envi-
ronment for Higher-Order Logic. Cambridge University Press, 1993.
[6] J. Holzl. Mechanized Measure, Probability, and Information Theory.
http://puma.in.tum.de/p-wiki/images/d/d6/szentendre hoelzl probability.pdf, Techni-
cal University Munich, Germany, 2010.
[7] J. Hurd. Formal Verifcation of Probabilistic Algorithms. PhD thesis, University of
Cambridge, 2002.
[8] J. Hurd, A. McIver, and C. Morgan. Probabilistic Guarded Commands Mechanized in
HOL. Electronic Notes in Theoretical Computer Science, 112:95111, 2005.
[9] T. Mhamdi, O. Hasan, and S. Tahar. On the Formalization of the Lebesgue Integration
Theory in HOL. In Interactive Theorem Proving, volume 6172 of LNCS, pages 387402.
Springer, 2010.
[10] L. C. Paulson. Isabelle: a Generic Theorem Prover. Springer, 1994.
[11] Y. Shidama, N. Endou, and P.N. Kawamoto. On the formalization of lebesgue integrals.
Studies in Logic, Grammar and Rhetoric, 10(23):167177, 2007.
6 HOL Code Theories Signatures
signature extrealTheory =
sig
type thm = Thm.thm
(* Definitions *)
val EXTREAL_SUM_IMAGE_curried_def : thm
val EXTREAL_SUM_IMAGE_tupled_primitive_def : thm
val ext_mono_decreasing_def : thm
val ext_mono_increasing_def : thm
val ext_suminf_def : thm
val extreal_TY_DEF : thm
val extreal_abs_primitive_def : thm
val extreal_add_curried_def : thm
val extreal_add_tupled_primitive_def : thm
val extreal_ainv_def : thm
val extreal_case_def : thm
val extreal_div_def : thm
val extreal_inf_def : thm
val extreal_inv_def : thm
val extreal_le_curried_def : thm
val extreal_le_tupled_primitive_def : thm
val extreal_lt_def : thm
val extreal_max_def : thm
val extreal_min_def : thm
13
val extreal_mul_curried_def : thm
val extreal_mul_tupled_primitive_def : thm
val extreal_of_num_def : thm
val extreal_pow_def : thm
val extreal_repfns : thm
val extreal_size_def : thm
val extreal_sqrt_def : thm
val extreal_sub_curried_def : thm
val extreal_sub_tupled_primitive_def : thm
val extreal_sup_def : thm
val mono_decreasing_def : thm
val mono_increasing_def : thm
val real_def : thm
(* Theorems *)
val DISJOINT_DIFF : thm
val EXTREAL_ARCH : thm
val EXTREAL_ARCH_POW : thm
val EXTREAL_ARCH_POW_INV : thm
val EXTREAL_EQ_LADD : thm
val EXTREAL_SUM_IMAGE_0 : thm
val EXTREAL_SUM_IMAGE_ADD : thm
val EXTREAL_SUM_IMAGE_CMUL : thm
val EXTREAL_SUM_IMAGE_DISJOINT_UNION : thm
val EXTREAL_SUM_IMAGE_EMPTY : thm
val EXTREAL_SUM_IMAGE_EQ : thm
val EXTREAL_SUM_IMAGE_EQ_CARD : thm
val EXTREAL_SUM_IMAGE_EXTREAL_SUM_IMAGE : thm
val EXTREAL_SUM_IMAGE_FINITE_CONST : thm
val EXTREAL_SUM_IMAGE_FINITE_SAME : thm
val EXTREAL_SUM_IMAGE_IF_ELIM : thm
val EXTREAL_SUM_IMAGE_IMAGE : thm
val EXTREAL_SUM_IMAGE_IND : thm
val EXTREAL_SUM_IMAGE_INSERT : thm
val EXTREAL_SUM_IMAGE_INTER_ELIM : thm
val EXTREAL_SUM_IMAGE_INTER_NONZERO : thm
val EXTREAL_SUM_IMAGE_INV_CARD_EQ_1 : thm
val EXTREAL_SUM_IMAGE_IN_IF : thm
val EXTREAL_SUM_IMAGE_IN_IF_ALT : thm
val EXTREAL_SUM_IMAGE_MONO : thm
val EXTREAL_SUM_IMAGE_MONO_SET : thm
val EXTREAL_SUM_IMAGE_NORMAL : thm
val EXTREAL_SUM_IMAGE_NOT_INFTY : thm
val EXTREAL_SUM_IMAGE_NOT_NEG_INF : thm
val EXTREAL_SUM_IMAGE_NOT_POS_INF : thm
val EXTREAL_SUM_IMAGE_POS : thm
val EXTREAL_SUM_IMAGE_POS_MEM_LE : thm
14
val EXTREAL_SUM_IMAGE_PROPERTY : thm
val EXTREAL_SUM_IMAGE_PROPERTY_NEG : thm
val EXTREAL_SUM_IMAGE_PROPERTY_POS : thm
val EXTREAL_SUM_IMAGE_SING : thm
val EXTREAL_SUM_IMAGE_SPOS : thm
val EXTREAL_SUM_IMAGE_SUB : thm
val EXTREAL_SUM_IMAGE_THM : thm
val EXTREAL_SUM_IMAGE_ZERO : thm
val EXTREAL_SUM_IMAGE_def : thm
val EXTREAL_SUM_IMAGE_ind : thm
val POW_NEG_ODD : thm
val POW_POS_EVEN : thm
val REAL_ARCH_POW : thm
val REAL_LE_MUL_EPSILON : thm
val REAL_LE_RDIV_EQ_NEG : thm
val REAL_LT_LMUL_0_NEG : thm
val REAL_LT_LMUL_NEG_0 : thm
val REAL_LT_LMUL_NEG_0_NEG : thm
val REAL_LT_RDIV_EQ_NEG : thm
val REAL_LT_RMUL_0_NEG : thm
val REAL_LT_RMUL_NEG_0 : thm
val REAL_LT_RMUL_NEG_0_NEG : thm
val REAL_NEG_NZ : thm
val REAL_SUM_IMAGE_EQ_sum : thm
val SIMP_EXTREAL_ARCH : thm
val SIMP_REAL_ARCH : thm
val abs_bounds : thm
val abs_pos : thm
val abs_refl : thm
val add_assoc : thm
val add_comm : thm
val add_comm_normal : thm
val add_infty : thm
val add_ldistrib : thm
val add_ldistrib_neg : thm
val add_ldistrib_neg_neg : thm
val add_ldistrib_normal : thm
val add_ldistrib_pos : thm
val add_ldistrib_pos_pos : thm
val add_lzero : thm
val add_not_infty : thm
val add_pow2 : thm
val add_rdistrib : thm
val add_rdistrib_normal : thm
val add_rzero : thm
val add_sub : thm
val add_sub2 : thm
15
val datatype_extreal : thm
val div_one : thm
val eq_sub_ladd_normal : thm
val eq_sub_switch : thm
val ext_mono_decreasing_suc : thm
val ext_mono_increasing_suc : thm
val ext_suminf_add : thm
val ext_suminf_cmul : thm
val ext_suminf_cmul_alt : thm
val ext_suminf_lt_infty : thm
val ext_suminf_mono : thm
val ext_suminf_sub : thm
val ext_suminf_sum : thm
val ext_suminf_suminf : thm
val extreal_11 : thm
val extreal_Axiom : thm
val extreal_abs_def : thm
val extreal_abs_ind : thm
val extreal_add_def : thm
val extreal_add_ind : thm
val extreal_case_cong : thm
val extreal_cases : thm
val extreal_distinct : thm
val extreal_div_eq : thm
val extreal_eq_zero : thm
val extreal_induction : thm
val extreal_le_def : thm
val extreal_le_ind : thm
val extreal_lt_eq : thm
val extreal_mul_def : thm
val extreal_mul_ind : thm
val extreal_nchotomy : thm
val extreal_not_infty : thm
val extreal_sub_add : thm
val extreal_sub_def : thm
val extreal_sub_ind : thm
val half_between : thm
val inf_cminus : thm
val inf_const : thm
val inf_const_alt : thm
val inf_const_over_set : thm
val inf_eq : thm
val inf_le : thm
val inf_le_imp : thm
val inf_lt_infty : thm
val inf_min : thm
val inf_seq : thm
16
val inf_suc : thm
val inv_one : thm
val le_01 : thm
val le_add : thm
val le_add2 : thm
val le_addr : thm
val le_addr_imp : thm
val le_antisym : thm
val le_epsilon : thm
val le_inf : thm
val le_infty : thm
val le_ladd : thm
val le_ladd_imp : thm
val le_ldiv : thm
val le_lmul_imp : thm
val le_lneg : thm
val le_lsub_imp : thm
val le_lt : thm
val le_max : thm
val le_max1 : thm
val le_max2 : thm
val le_min : thm
val le_mul : thm
val le_mul_epsilon : thm
val le_neg : thm
val le_num : thm
val le_pow2 : thm
val le_radd : thm
val le_radd_imp : thm
val le_rdiv : thm
val le_refl : thm
val le_rmul_imp : thm
val le_sub_eq : thm
val le_sub_eq2 : thm
val le_sub_imp : thm
val le_sub_imp2 : thm
val le_sup : thm
val le_sup_imp : thm
val le_total : thm
val le_trans : thm
val let_add : thm
val let_add2 : thm
val let_trans : thm
val lt_01 : thm
val lt_add : thm
val lt_addl : thm
val lt_antisym : thm
17
val lt_imp_le : thm
val lt_imp_ne : thm
val lt_infty : thm
val lt_ladd : thm
val lt_ldiv : thm
val lt_le : thm
val lt_lmul : thm
val lt_mul : thm
val lt_mul2 : thm
val lt_neg : thm
val lt_radd : thm
val lt_rdiv : thm
val lt_rdiv_neg : thm
val lt_refl : thm
val lt_rmul : thm
val lt_sub : thm
val lt_sub_imp : thm
val lt_sub_imp2 : thm
val lt_total : thm
val lt_trans : thm
val lte_add : thm
val lte_trans : thm
val max_comm : thm
val max_infty : thm
val max_le : thm
val max_le2_imp : thm
val max_refl : thm
val min_comm : thm
val min_infty : thm
val min_le : thm
val min_le1 : thm
val min_le2 : thm
val min_le2_imp : thm
val min_refl : thm
val mono_decreasing_suc : thm
val mono_increasing_converges_to_sup : thm
val mono_increasing_suc : thm
val mul_assoc : thm
val mul_comm : thm
val mul_lneg : thm
val mul_lone : thm
val mul_lzero : thm
val mul_not_infty : thm
val mul_rneg : thm
val mul_rone : thm
val mul_rzero : thm
val ne_01 : thm
18
val neg_0 : thm
val neg_minus1 : thm
val neg_neg : thm
val normal_real : thm
val num_not_infty : thm
val pow2_sqrt : thm
val pow_0 : thm
val pow_1 : thm
val pow_2 : thm
val pow_add : thm
val pow_le : thm
val pow_le_mono : thm
val pow_lt : thm
val pow_lt2 : thm
val pow_minus1 : thm
val pow_mul : thm
val pow_neg_odd : thm
val pow_not_infty : thm
val pow_pos_even : thm
val pow_pos_le : thm
val pow_pos_lt : thm
val pow_zero : thm
val pow_zero_imp : thm
val real_normal : thm
val sqrt_mono_le : thm
val sqrt_pos_le : thm
val sqrt_pos_lt : thm
val sqrt_pow2 : thm
val sub_0 : thm
val sub_add : thm
val sub_add2 : thm
val sub_le_eq : thm
val sub_le_eq2 : thm
val sub_le_imp : thm
val sub_le_imp2 : thm
val sub_le_switch : thm
val sub_le_switch2 : thm
val sub_le_zero : thm
val sub_lt_imp : thm
val sub_lt_imp2 : thm
val sub_lt_zero : thm
val sub_lt_zero2 : thm
val sub_lzero : thm
val sub_not_infty : thm
val sub_refl : thm
val sub_rneg : thm
val sub_rzero : thm
19
val sub_zero_le : thm
val sub_zero_lt : thm
val sub_zero_lt2 : thm
val sup_add_mono : thm
val sup_cmul : thm
val sup_const : thm
val sup_const_alt : thm
val sup_const_over_set : thm
val sup_eq : thm
val sup_le : thm
val sup_le_mono : thm
val sup_le_sup_imp : thm
val sup_lt : thm
val sup_lt_epsilon : thm
val sup_lt_infty : thm
val sup_max : thm
val sup_mono : thm
val sup_num : thm
val sup_seq : thm
val sup_suc : thm
val sup_sum_mono : thm
val thirds_between : thm
val extreal_grammars : type_grammar.grammar * term_grammar.grammar
(*
[extra_pred_set] Parent theory of "extreal"
[EXTREAL_SUM_IMAGE_curried_def] Definition
|- !x x1. SIGMA x x1 = EXTREAL_SUM_IMAGE_tupled (x,x1)
[EXTREAL_SUM_IMAGE_tupled_primitive_def] Definition
|- EXTREAL_SUM_IMAGE_tupled =
WFREC (@R. WF R /\ !f s. FINITE s /\ s <> {} ==> R (f,REST s) (f,s))
(\EXTREAL_SUM_IMAGE_tupled a.
case a of
(f,s) ->
I
(if FINITE s then
if s = {} then
0
else
f (CHOICE s) + EXTREAL_SUM_IMAGE_tupled (f,REST s)
else
ARB))
20
[ext_mono_decreasing_def] Definition
|- !f. mono_decreasing f <=> !m n. m <= n ==> f n <= f m
[ext_mono_increasing_def] Definition
|- !f. mono_increasing f <=> !m n. m <= n ==> f m <= f n
[ext_suminf_def] Definition
|- !f. suminf f = sup (IMAGE (\n. SIGMA f (count n)) univ(:num))
[extreal_TY_DEF] Definition
|- ?rep.
TYPE_DEFINITION
(\a0.
!extreal .
(!a0.
(a0 = ind_type$CONSTR 0 ARB (\n. ind_type$BOTTOM)) \/
(a0 = ind_type$CONSTR (SUC 0) ARB (\n. ind_type$BOTTOM)) \/
(?a.
a0 =
(\a. ind_type$CONSTR (SUC (SUC 0)) a (\n. ind_type$BOTTOM))
a) ==>
extreal a0) ==>
extreal a0) rep
[extreal_abs_primitive_def] Definition
|- abs =
WFREC (@R. WF R)
(\extreal_abs a.
case a of
NegInf -> I PosInf
|| PosInf -> I PosInf
|| Normal x -> I (Normal (abs x)))
[extreal_add_curried_def] Definition
|- !x x1. x + x1 = extreal_add_tupled (x,x1)
[extreal_add_tupled_primitive_def] Definition
|- extreal_add_tupled =
WFREC (@R. WF R)
(\extreal_add_tupled a.
21
case a of
(NegInf,NegInf) -> I NegInf
|| (NegInf,PosInf) -> ARB
|| (NegInf,Normal v5) -> I NegInf
|| (PosInf,NegInf) -> ARB
|| (PosInf,PosInf) -> I PosInf
|| (PosInf,Normal v6) -> I PosInf
|| (Normal x,NegInf) -> I NegInf
|| (Normal x,PosInf) -> I PosInf
|| (Normal x,Normal y) -> I (Normal (x + y)))
[extreal_ainv_def] Definition
|- (-NegInf = PosInf) /\ (-PosInf = NegInf) /\ !x. -Normal x = Normal (-x)
[extreal_case_def] Definition
|- (!v v1 f. extreal_case v v1 f NegInf = v) /\
(!v v1 f. extreal_case v v1 f PosInf = v1) /\
!v v1 f a. extreal_case v v1 f (Normal a) = f a
[extreal_div_def] Definition
|- !x y. x / y = x * inv y
[extreal_inf_def] Definition
|- !p. inf p = -sup (IMAGE numeric_negate p)
[extreal_inv_def] Definition
|- (inv NegInf = Normal 0) /\ (inv PosInf = Normal 0) /\
!x. inv (Normal x) = if x = 0 then PosInf else Normal (inv x)
[extreal_le_curried_def] Definition
|- !x x1. x <= x1 <=> extreal_le_tupled (x,x1)
[extreal_le_tupled_primitive_def] Definition
|- extreal_le_tupled =
WFREC (@R. WF R)
(\extreal_le_tupled a.
case a of
(NegInf,NegInf) -> I T
|| (NegInf,PosInf) -> I T
|| (NegInf,Normal v6) -> I T
22
|| (PosInf,NegInf) -> I F
|| (PosInf,PosInf) -> I T
|| (PosInf,Normal v8) -> I F
|| (Normal x,NegInf) -> I F
|| (Normal x,PosInf) -> I T
|| (Normal x,Normal y) -> I (x <= y))
[extreal_lt_def] Definition
|- !x y. x < y <=> ~(y <= x)
[extreal_max_def] Definition
|- !x y. max x y = if x <= y then y else x
[extreal_min_def] Definition
|- !x y. min x y = if x <= y then x else y
[extreal_mul_curried_def] Definition
|- !x x1. x * x1 = extreal_mul_tupled (x,x1)
[extreal_mul_tupled_primitive_def] Definition
|- extreal_mul_tupled =
WFREC (@R. WF R)
(\extreal_mul_tupled a.
case a of
(NegInf,NegInf) -> I PosInf
|| (NegInf,PosInf) -> I NegInf
|| (NegInf,Normal y) ->
I (if y = 0 then Normal 0 else if 0 < y then NegInf else PosInf)
|| (PosInf,NegInf) -> I NegInf
|| (PosInf,PosInf) -> I PosInf
|| (PosInf,Normal y) ->
I (if y = 0 then Normal 0 else if 0 < y then PosInf else NegInf)
|| (Normal x,NegInf) ->
I (if x = 0 then Normal 0 else if 0 < x then NegInf else PosInf)
|| (Normal x,PosInf) ->
I (if x = 0 then Normal 0 else if 0 < x then PosInf else NegInf)
|| (Normal x,Normal y) -> I (Normal (x * y)))
[extreal_of_num_def] Definition
|- !n. &n = Normal (&n)
23
[extreal_pow_def] Definition
|- (!a n. Normal a pow n = Normal (a pow n)) /\
(!n. PosInf pow n = if n = 0 then Normal 1 else PosInf) /\
!n.
NegInf pow n =
if n = 0 then Normal 1 else if EVEN n then PosInf else NegInf
[extreal_repfns] Definition
|- (!a. mk_extreal (dest_extreal a) = a) /\
!r.
(\a0.
!extreal .
(!a0.
(a0 = ind_type$CONSTR 0 ARB (\n. ind_type$BOTTOM)) \/
(a0 = ind_type$CONSTR (SUC 0) ARB (\n. ind_type$BOTTOM)) \/
(?a.
a0 =
(\a. ind_type$CONSTR (SUC (SUC 0)) a (\n. ind_type$BOTTOM))
a) ==>
extreal a0) ==>
extreal a0) r <=> (dest_extreal (mk_extreal r) = r)
[extreal_size_def] Definition
|- (extreal_size NegInf = 0) /\ (extreal_size PosInf = 0) /\
!a. extreal_size (Normal a) = 1
[extreal_sqrt_def] Definition
|- (!x. sqrt (Normal x) = Normal (sqrt x)) /\ (sqrt PosInf = PosInf)
[extreal_sub_curried_def] Definition
|- !x x1. x - x1 = extreal_sub_tupled (x,x1)
[extreal_sub_tupled_primitive_def] Definition
|- extreal_sub_tupled =
WFREC (@R. WF R)
(\extreal_sub_tupled a.
case a of
(NegInf,NegInf) -> ARB
|| (NegInf,PosInf) -> I NegInf
|| (NegInf,Normal v6) -> I NegInf
|| (PosInf,NegInf) -> I PosInf
24
|| (PosInf,PosInf) -> ARB
|| (PosInf,Normal v7) -> I PosInf
|| (Normal x,NegInf) -> I PosInf
|| (Normal x,PosInf) -> I NegInf
|| (Normal x,Normal y) -> I (Normal (x - y)))
[extreal_sup_def] Definition
|- !p.
sup p =
if !x. (!y. p y ==> y <= x) ==> (x = PosInf) then
PosInf
else if !x. p x ==> (x = NegInf) then
NegInf
else
Normal (sup (\r. p (Normal r)))
[mono_decreasing_def] Definition
|- !f. mono_decreasing f <=> !m n. m <= n ==> f n <= f m
[mono_increasing_def] Definition
|- !f. mono_increasing f <=> !m n. m <= n ==> f m <= f n
[real_def] Definition
|- !x. real x = if (x = NegInf) \/ (x = PosInf) then 0 else @r. x = Normal r
[DISJOINT_DIFF] Theorem
|- !s t. DISJOINT t (s DIFF t) /\ DISJOINT (s DIFF t) t
[EXTREAL_ARCH] Theorem
|- !x. 0 < x ==> !y. y <> PosInf ==> ?n. y < &n * x
[EXTREAL_ARCH_POW] Theorem
|- !x. x <> PosInf ==> ?n. x < 2 pow n
[EXTREAL_ARCH_POW_INV] Theorem
|- !e. 0 < e ==> ?n. Normal ((1 / 2) pow n) < e
[EXTREAL_EQ_LADD] Theorem
25
|- !x y z. x <> NegInf /\ x <> PosInf ==> ((x + y = x + z) <=> (y = z))
[EXTREAL_SUM_IMAGE_0] Theorem
|- !f s. FINITE s /\ (!x. x IN s ==> (f x = 0)) ==> (SIGMA f s = 0)
[EXTREAL_SUM_IMAGE_ADD] Theorem
|- !s.
FINITE s ==>
!f f.
(!x. x IN s ==> f x <> NegInf /\ f x <> NegInf) \/
(!x. x IN s ==> f x <> PosInf /\ f x <> PosInf) ==>
(SIGMA (\x. f x + f x) s = SIGMA f s + SIGMA f s)
[EXTREAL_SUM_IMAGE_CMUL] Theorem
|- !s.
FINITE s ==>
!f c.
(!x. x IN s ==> f x <> NegInf) \/ (!x. x IN s ==> f x <> PosInf) ==>
(SIGMA (\x. Normal c * f x) s = Normal c * SIGMA f s)
[EXTREAL_SUM_IMAGE_DISJOINT_UNION] Theorem
|- !s s.
FINITE s /\ FINITE s /\ DISJOINT s s ==>
!f.
(!x. x IN s UNION s ==> f x <> NegInf) \/
(!x. x IN s UNION s ==> f x <> PosInf) ==>
(SIGMA f (s UNION s) = SIGMA f s + SIGMA f s)
[EXTREAL_SUM_IMAGE_EMPTY] Theorem
|- !f. SIGMA f {} = 0
[EXTREAL_SUM_IMAGE_EQ] Theorem
|- !s.
FINITE s ==>
!f f.
((!x. x IN s ==> f x <> NegInf /\ f x <> NegInf) \/
!x. x IN s ==> f x <> PosInf /\ f x <> PosInf) /\
(!x. x IN s ==> (f x = f x)) ==>
(SIGMA f s = SIGMA f s)
[EXTREAL_SUM_IMAGE_EQ_CARD] Theorem
26
|- !s. FINITE s ==> (SIGMA (\x. if x IN s then 1 else 0) s = &CARD s)
[EXTREAL_SUM_IMAGE_EXTREAL_SUM_IMAGE] Theorem
|- !s s f.
FINITE s /\ FINITE s /\
(!x. x IN s CROSS s ==> f (FST x) (SND x) <> NegInf) ==>
(SIGMA (\x. SIGMA (f x) s) s =
SIGMA (\x. f (FST x) (SND x)) (s CROSS s))
[EXTREAL_SUM_IMAGE_FINITE_CONST] Theorem
|- !P.
FINITE P ==>
!f x.
(!y. f y = x) /\ (x <> NegInf \/ x <> PosInf) ==>
(SIGMA f P = &CARD P * x)
[EXTREAL_SUM_IMAGE_FINITE_SAME] Theorem
|- !s.
FINITE s ==>
!f p.
p IN s /\ (!q. q IN s ==> (f p = f q)) /\
((!x. x IN s ==> f x <> NegInf) \/ !x. x IN s ==> f x <> PosInf) ==>
(SIGMA f s = &CARD s * f p)
[EXTREAL_SUM_IMAGE_IF_ELIM] Theorem
|- !s P f.
FINITE s /\ (!x. x IN s ==> P x) /\
(SIGMA (\x. if P x then f x else 0) s = SIGMA f s)
[EXTREAL_SUM_IMAGE_IMAGE] Theorem
|- !s.
FINITE s ==>
!f.
INJ f s (IMAGE f s) ==>
!f.
(!x. x IN IMAGE f s ==> f x <> NegInf) \/
(!x. x IN IMAGE f s ==> f x <> PosInf) ==>
(SIGMA f (IMAGE f s) = SIGMA (f o f) s)
[EXTREAL_SUM_IMAGE_IND] Theorem
27
|- !P.
(!f s. (FINITE s /\ s <> {} ==> P f (REST s)) ==> P f s) ==> !v v1. P v v1
[EXTREAL_SUM_IMAGE_INSERT] Theorem
|- !s.
FINITE s ==>
!f x.
SIGMA f (x INSERT s) =
f (CHOICE (x INSERT s)) + SIGMA f (REST (x INSERT s))
[EXTREAL_SUM_IMAGE_INTER_ELIM] Theorem
|- !s.
FINITE s ==>
!f s.
((!x. x IN s ==> f x <> NegInf) \/ !x. x IN s ==> f x <> PosInf) /\
(!x. x NOTIN s ==> (f x = 0)) ==>
(SIGMA f (s INTER s) = SIGMA f s)
[EXTREAL_SUM_IMAGE_INTER_NONZERO] Theorem
|- !s.
FINITE s ==>
!f.
(SIGMA f (s INTER (\p. f p <> 0)) = SIGMA f s)
[EXTREAL_SUM_IMAGE_INV_CARD_EQ_1] Theorem
|- !s.
s <> {} /\ FINITE s ==>
(SIGMA (\x. if x IN s then inv (&CARD s) else 0) s = 1)
[EXTREAL_SUM_IMAGE_IN_IF] Theorem
|- !s.
FINITE s ==>
!f.
(SIGMA f s = SIGMA (\x. if x IN s then f x else 0) s)
[EXTREAL_SUM_IMAGE_IN_IF_ALT] Theorem
|- !s f z.
FINITE s /\
28
(SIGMA f s = SIGMA (\x. if x IN s then f x else z) s)
[EXTREAL_SUM_IMAGE_MONO] Theorem
|- !s.
FINITE s ==>
!f f.
((!x. x IN s ==> f x <> NegInf /\ f x <> NegInf) \/
!x. x IN s ==> f x <> PosInf /\ f x <> PosInf) /\
(!x. x IN s ==> f x <= f x) ==>
SIGMA f s <= SIGMA f s
[EXTREAL_SUM_IMAGE_MONO_SET] Theorem
|- !f s t.
FINITE s /\ FINITE t /\ s SUBSET t /\ (!x. x IN t ==> 0 <= f x) ==>
SIGMA f s <= SIGMA f t
[EXTREAL_SUM_IMAGE_NORMAL] Theorem
|- !f s. FINITE s ==> (SIGMA (\x. Normal (f x)) s = Normal (SIGMA f s))
[EXTREAL_SUM_IMAGE_NOT_INFTY] Theorem
|- !f s.
(FINITE s /\ (!x. x IN s ==> f x <> NegInf) ==> SIGMA f s <> NegInf) /\
(FINITE s /\ (!x. x IN s ==> f x <> PosInf) ==> SIGMA f s <> PosInf)
[EXTREAL_SUM_IMAGE_NOT_NEG_INF] Theorem
|- !f s. FINITE s /\ (!x. x IN s ==> f x <> NegInf) ==> SIGMA f s <> NegInf
[EXTREAL_SUM_IMAGE_NOT_POS_INF] Theorem
|- !f s. FINITE s /\ (!x. x IN s ==> f x <> PosInf) ==> SIGMA f s <> PosInf
[EXTREAL_SUM_IMAGE_POS] Theorem
|- !f s. FINITE s /\ (!x. x IN s ==> 0 <= f x) ==> 0 <= SIGMA f s
[EXTREAL_SUM_IMAGE_POS_MEM_LE] Theorem
|- !f s.
FINITE s /\ (!x. x IN s ==> 0 <= f x) ==> !x. x IN s ==> f x <= SIGMA f s
[EXTREAL_SUM_IMAGE_PROPERTY] Theorem
29
|- !f s.
FINITE s ==>
!e.
(!x. x IN e INSERT s ==> f x <> NegInf) \/
(!x. x IN e INSERT s ==> f x <> PosInf) ==>
[EXTREAL_SUM_IMAGE_PROPERTY_NEG] Theorem
|- !f s.
FINITE s ==>
!e.
(!x. x IN e INSERT s ==> f x <> NegInf) ==>
[EXTREAL_SUM_IMAGE_PROPERTY_POS] Theorem
|- !f s.
FINITE s ==>
!e.
(!x. x IN e INSERT s ==> f x <> PosInf) ==>
[EXTREAL_SUM_IMAGE_SING] Theorem
|- !f e. SIGMA f {e} = f e
[EXTREAL_SUM_IMAGE_SPOS] Theorem
|- !f s. FINITE s /\ s <> {} /\ (!x. x IN s ==> 0 < f x) ==> 0 < SIGMA f s
[EXTREAL_SUM_IMAGE_SUB] Theorem
|- !s.
FINITE s ==>
!f f.
(!x. x IN s ==> f x <> NegInf /\ f x <> PosInf) \/
(!x. x IN s ==> f x <> PosInf /\ f x <> NegInf) ==>
(SIGMA (\x. f x - f x) s = SIGMA f s - SIGMA f s)
[EXTREAL_SUM_IMAGE_THM] Theorem
|- !s f.
FINITE s ==>
(SIGMA f s = if s = {} then 0 else f (CHOICE s) + SIGMA f (REST s))
30
[EXTREAL_SUM_IMAGE_ZERO] Theorem
|- !s. FINITE s ==> (SIGMA (\x. 0) s = 0)
[EXTREAL_SUM_IMAGE_def] Theorem
|- SIGMA f s =
if FINITE s then
if s = {} then 0 else f (CHOICE s) + SIGMA f (REST s)
else
ARB
[EXTREAL_SUM_IMAGE_ind] Theorem
|- !P.
(!f s. (FINITE s /\ s <> {} ==> P f (REST s)) ==> P f s) ==> !v v1. P v v1
[POW_NEG_ODD] Theorem
|- !x. x < 0 ==> (x pow n < 0 <=> ODD n)
[POW_POS_EVEN] Theorem
|- !x. x < 0 ==> (0 < x pow n <=> EVEN n)
[REAL_ARCH_POW] Theorem
|- !x. ?n. x < 2 pow n
[REAL_LE_MUL_EPSILON] Theorem
|- !x y. (!z. 0 < z /\ z < 1 ==> z * x <= y) ==> x <= y
[REAL_LE_RDIV_EQ_NEG] Theorem
|- !x y z. z < 0 ==> (y / z <= x <=> x * z <= y)
[REAL_LT_LMUL_0_NEG] Theorem
|- !x y. 0 < x * y /\ x < 0 ==> y < 0
[REAL_LT_LMUL_NEG_0] Theorem
|- !x y. x * y < 0 /\ 0 < x ==> y < 0
[REAL_LT_LMUL_NEG_0_NEG] Theorem
31
|- !x y. x * y < 0 /\ x < 0 ==> 0 < y
[REAL_LT_RDIV_EQ_NEG] Theorem
|- !x y z. z < 0 ==> (y / z < x <=> x * z < y)
[REAL_LT_RMUL_0_NEG] Theorem
|- !x y. 0 < x * y /\ y < 0 ==> x < 0
[REAL_LT_RMUL_NEG_0] Theorem
|- !x y. x * y < 0 /\ 0 < y ==> x < 0
[REAL_LT_RMUL_NEG_0_NEG] Theorem
|- !x y. x * y < 0 /\ y < 0 ==> 0 < x
[REAL_NEG_NZ] Theorem
|- !x. x < 0 ==> x <> 0
[REAL_SUM_IMAGE_EQ_sum] Theorem
|- !n r. sum (0,n) r = SIGMA r (count n)
[SIMP_EXTREAL_ARCH] Theorem
|- !x. x <> PosInf ==> ?n. x <= &n
[SIMP_REAL_ARCH] Theorem
|- !x. ?n. x <= &n
[abs_bounds] Theorem
|- !x k. abs x <= k <=> -k <= x /\ x <= k
[abs_pos] Theorem
|- !x. 0 <= abs x
[abs_refl] Theorem
|- !x. (abs x = x) <=> 0 <= x
[add_assoc] Theorem
32
|- !x y z.
x <> NegInf /\ y <> NegInf /\ z <> NegInf \/
x <> PosInf /\ y <> PosInf /\ z <> PosInf ==>
(x + (y + z) = x + y + z)
[add_comm] Theorem
|- !x y.
x <> NegInf /\ y <> NegInf \/ x <> PosInf /\ y <> PosInf ==>
(x + y = y + x)
[add_comm_normal] Theorem
|- !x y. Normal x + y = y + Normal x
[add_infty] Theorem
|- (!x. x <> NegInf ==> (x + PosInf = PosInf) /\ (PosInf + x = PosInf)) /\
!x. x <> PosInf ==> (x + NegInf = NegInf) /\ (NegInf + x = NegInf)
[add_ldistrib] Theorem
|- !x y z.
0 <= y /\ 0 <= z \/ y <= 0 /\ z <= 0 \/
y <> NegInf /\ z <> NegInf /\ y <= 0 /\ z <= 0 \/
y <> PosInf /\ z <> PosInf /\ 0 <= y /\ 0 <= z ==>
(x * (y + z) = x * y + x * z)
[add_ldistrib_neg] Theorem
|- !x y z. y <= 0 /\ z <= 0 ==> (x * (y + z) = x * y + x * z)
[add_ldistrib_neg_neg] Theorem
|- !x y z.
y <> NegInf /\ z <> NegInf /\ y <= 0 /\ z <= 0 ==>
(x * (y + z) = x * y + x * z)
[add_ldistrib_normal] Theorem
|- !x y z.
y <> PosInf /\ z <> PosInf \/ y <> NegInf /\ z <> NegInf ==>
(Normal x * (y + z) = Normal x * y + Normal x * z)
[add_ldistrib_pos] Theorem
33
|- !x y z. 0 <= y /\ 0 <= z ==> (x * (y + z) = x * y + x * z)
[add_ldistrib_pos_pos] Theorem
|- !x y z.
(x * (y + z) = x * y + x * z)
[add_lzero] Theorem
|- !x. 0 + x = x
[add_not_infty] Theorem
|- !x y.
(x <> NegInf /\ y <> NegInf ==> x + y <> NegInf) /\
(x <> PosInf /\ y <> PosInf ==> x + y <> PosInf)
[add_pow2] Theorem
|- !x y.
x <> NegInf /\ x <> PosInf /\ y <> NegInf /\ y <> PosInf ==>
((x + y) pow 2 = x pow 2 + y pow 2 + 2 * x * y)
[add_rdistrib] Theorem
|- !x y z.
0 <= y /\ 0 <= z \/ y <= 0 /\ z <= 0 \/
y <> NegInf /\ z <> NegInf /\ y <= 0 /\ z <= 0 \/
((y + z) * x = y * x + z * x)
[add_rdistrib_normal] Theorem
|- !x y z.
y <> PosInf /\ z <> PosInf \/ y <> NegInf /\ z <> NegInf ==>
((y + z) * Normal x = y * Normal x + z * Normal x)
[add_rzero] Theorem
|- !x. x + 0 = x
[add_sub] Theorem
|- !x y. y <> NegInf /\ y <> PosInf ==> (x + y - y = x)
[add_sub2] Theorem
34
|- !x y. y <> NegInf /\ y <> PosInf ==> (y + x - y = x)
[datatype_extreal] Theorem
|- DATATYPE (extreal NegInf PosInf Normal)
[div_one] Theorem
|- !x. x / 1 = x
[eq_sub_ladd_normal] Theorem
|- !x y z. (x = y - Normal z) <=> (x + Normal z = y)
[eq_sub_switch] Theorem
|- !x y z. (x = Normal z - y) <=> (y = Normal z - x)
[ext_mono_decreasing_suc] Theorem
|- !f. mono_decreasing f <=> !n. f (SUC n) <= f n
[ext_mono_increasing_suc] Theorem
|- !f. mono_increasing f <=> !n. f n <= f (SUC n)
[ext_suminf_add] Theorem
[oracles: tactic_failed] [axioms: ] []
|- !f g.
(!n. 0 <= f n /\ 0 <= g n) ==>
(suminf (\n. f n + g n) = suminf f + suminf g)
[ext_suminf_cmul] Theorem
|- !f c. 0 <= c /\ (!n. 0 <= f n) ==> (suminf (\n. c * f n) = c * suminf f)
[ext_suminf_cmul_alt] Theorem
|- !f c.
0 <= c /\ ((!n. f n <> NegInf) \/ !n. f n <> PosInf) ==>
(suminf (\n. Normal c * f n) = Normal c * suminf f)
[ext_suminf_lt_infty] Theorem
|- !f. (!n. 0 <= f n) /\ suminf f <> PosInf ==> !n. f n < PosInf
35
[ext_suminf_mono] Theorem
|- !f g. (!n. g n <> NegInf /\ g n <= f n) ==> suminf g <= suminf f
[ext_suminf_sub] Theorem
|- !f g.
(!n. 0 <= g n /\ g n <= f n) /\ suminf f <> PosInf ==>
(suminf (\i. f i - g i) = suminf f - suminf g)
[ext_suminf_sum] Theorem
|- !f n.
(!n. 0 <= f n) /\ (!m. n <= m ==> (f m = 0)) ==>
(suminf f = SIGMA f (count n))
[ext_suminf_suminf] Theorem
|- !r.
(!n. 0 <= r n) /\ suminf (\n. Normal (r n)) <> PosInf ==>
(suminf (\n. Normal (r n)) = Normal (suminf r))
[extreal_11] Theorem
|- !a a. (Normal a = Normal a) <=> (a = a)
[extreal_Axiom] Theorem
|- !f0 f1 f2.
?fn. (fn NegInf = f0) /\ (fn PosInf = f1) /\ !a. fn (Normal a) = f2 a
[extreal_abs_def] Theorem
|- (abs (Normal x) = Normal (abs x)) /\ (abs NegInf = PosInf) /\
(abs PosInf = PosInf)
[extreal_abs_ind] Theorem
|- !P. (!x. P (Normal x)) /\ P NegInf /\ P PosInf ==> !v. P v
[extreal_add_def] Theorem
|- (Normal x + Normal y = Normal (x + y)) /\ (Normal v0 + NegInf = NegInf) /\
(Normal v0 + PosInf = PosInf) /\ (NegInf + Normal v1 = NegInf) /\
(PosInf + Normal v1 = PosInf) /\ (NegInf + NegInf = NegInf) /\
36
(PosInf + PosInf = PosInf)
[extreal_add_ind] Theorem
|- !P.
(!x y. P (Normal x) (Normal y)) /\ (!v0. P (Normal v0) NegInf) /\
(!v0. P (Normal v0) PosInf) /\ (!v1. P NegInf (Normal v1)) /\
(!v1. P PosInf (Normal v1)) /\ P NegInf NegInf /\ P PosInf PosInf /\
P NegInf PosInf /\ P PosInf NegInf ==>
!v v1. P v v1
[extreal_case_cong] Theorem
|- !M M v v1 f.
(M = M) /\ ((M = NegInf) ==> (v = v)) /\
((M = PosInf) ==> (v1 = v1)) /\
(!a. (M = Normal a) ==> (f a = f a)) ==>
(extreal_case v v1 f M = extreal_case v v1 f M)
[extreal_cases] Theorem
|- !x. (x = NegInf) \/ (x = PosInf) \/ ?r. x = Normal r
[extreal_distinct] Theorem
|- NegInf <> PosInf /\ (!a. NegInf <> Normal a) /\ !a. PosInf <> Normal a
[extreal_div_eq] Theorem
|- !x y. y <> 0 ==> (Normal x / Normal y = Normal (x / y))
[extreal_eq_zero] Theorem
|- !x. (Normal x = 0) <=> (x = 0)
[extreal_induction] Theorem
|- !P. P NegInf /\ P PosInf /\ (!r. P (Normal r)) ==> !e. P e
[extreal_le_def] Theorem
|- (Normal x <= Normal y <=> x <= y) /\ (NegInf <= NegInf <=> T) /\
(NegInf <= PosInf <=> T) /\ (NegInf <= Normal v5 <=> T) /\
(PosInf <= PosInf <=> T) /\ (Normal v2 <= PosInf <=> T) /\
(PosInf <= NegInf <=> F) /\ (Normal v3 <= NegInf <=> F) /\
(PosInf <= Normal v7 <=> F)
37
[extreal_le_ind] Theorem
|- !P.
(!x y. P (Normal x) (Normal y)) /\ P NegInf NegInf /\ P NegInf PosInf /\
(!v5. P NegInf (Normal v5)) /\ P PosInf PosInf /\
(!v2. P (Normal v2) PosInf) /\ P PosInf NegInf /\
(!v3. P (Normal v3) NegInf) /\ (!v7. P PosInf (Normal v7)) ==>
!v v1. P v v1
[extreal_lt_eq] Theorem
|- !x y. Normal x < Normal y <=> x < y
[extreal_mul_def] Theorem
|- (NegInf * NegInf = PosInf) /\ (NegInf * PosInf = NegInf) /\
(PosInf * NegInf = NegInf) /\ (PosInf * PosInf = PosInf) /\
(Normal x * NegInf =
if x = 0 then Normal 0 else if 0 < x then NegInf else PosInf) /\
(NegInf * Normal y =
if y = 0 then Normal 0 else if 0 < y then NegInf else PosInf) /\
(Normal x * PosInf =
if x = 0 then Normal 0 else if 0 < x then PosInf else NegInf) /\
(PosInf * Normal y =
if y = 0 then Normal 0 else if 0 < y then PosInf else NegInf) /\
(Normal x * Normal y = Normal (x * y))
[extreal_mul_ind] Theorem
|- !P.
P NegInf NegInf /\ P NegInf PosInf /\ P PosInf NegInf /\
P PosInf PosInf /\ (!x. P (Normal x) NegInf) /\
(!y. P NegInf (Normal y)) /\ (!x. P (Normal x) PosInf) /\
(!y. P PosInf (Normal y)) /\ (!x y. P (Normal x) (Normal y)) ==>
!v v1. P v v1
[extreal_nchotomy] Theorem
|- !ee. (ee = NegInf) \/ (ee = PosInf) \/ ?r. ee = Normal r
[extreal_not_infty] Theorem
|- !x. Normal x <> NegInf /\ Normal x <> PosInf
[extreal_sub_add] Theorem
|- !x y.
38
x <> NegInf /\ y <> PosInf \/ x <> PosInf /\ y <> NegInf ==>
(x - y = x + -y)
[extreal_sub_def] Theorem
|- (Normal x - Normal y = Normal (x - y)) /\ (NegInf - Normal v0 = NegInf) /\
(PosInf - Normal v0 = PosInf) /\ (Normal v1 - NegInf = PosInf) /\
(Normal v2 - PosInf = NegInf) /\ (NegInf - PosInf = NegInf) /\
(PosInf - NegInf = PosInf)
[extreal_sub_ind] Theorem
|- !P.
(!x y. P (Normal x) (Normal y)) /\ (!v0. P NegInf (Normal v0)) /\
(!v0. P PosInf (Normal v0)) /\ (!v1. P (Normal v1) NegInf) /\
(!v2. P (Normal v2) PosInf) /\ P NegInf PosInf /\ P PosInf NegInf /\
P NegInf NegInf /\ P PosInf PosInf ==>
!v v1. P v v1
[half_between] Theorem
|- (0 < 1 / 2 /\ 1 / 2 < 1) /\ 0 <= 1 / 2 /\ 1 / 2 <= 1
[inf_cminus] Theorem
|- !f c.
Normal c - inf (IMAGE f univ(:a)) =
sup (IMAGE (\n. Normal c - f n) univ(:a))
[inf_const] Theorem
|- !x. inf (\y. y = x) = x
[inf_const_alt] Theorem
|- !p z. (?x. p x) /\ (!x. p x ==> (x = z)) ==> (inf p = z)
[inf_const_over_set] Theorem
|- !s k. s <> {} ==> (inf (IMAGE (\x. k) s) = k)
[inf_eq] Theorem
|- !p x.
(inf p = x) <=>
(!y. p y ==> x <= y) /\ !y. (!z. p z ==> y <= z) ==> y <= x
39
[inf_le] Theorem
|- !p x. inf p <= x <=> !y. (!z. p z ==> y <= z) ==> y <= x
[inf_le_imp] Theorem
|- !p x. p x ==> inf p <= x
[inf_lt_infty] Theorem
|- !p. NegInf < inf p ==> !x. p x ==> NegInf < x
[inf_min] Theorem
|- !p z. p z /\ (!x. p x ==> z <= x) ==> (inf p = z)
[inf_seq] Theorem
|- !f l.
mono_decreasing f ==>
(f --> l <=> (inf (IMAGE (\n. Normal (f n)) univ(:num)) = Normal l))
[inf_suc] Theorem
|- !f.
(!m n. m <= n ==> f n <= f m) ==>
(inf (IMAGE (\n. f (SUC n)) univ(:num)) = inf (IMAGE f univ(:num)))
[inv_one] Theorem
|- inv 1 = 1
[le_01] Theorem
|- 0 <= 1
[le_add] Theorem
|- !x y. 0 <= x /\ 0 <= y ==> 0 <= x + y
[le_add2] Theorem
|- !w x y z. w <= x /\ y <= z ==> w + y <= x + z
[le_addr] Theorem
|- !x y. x <> NegInf /\ x <> PosInf ==> (x <= x + y <=> 0 <= y)
40
[le_addr_imp] Theorem
|- !x y. 0 <= y ==> x <= x + y
[le_antisym] Theorem
|- !x y. x <= y /\ y <= x <=> (x = y)
[le_epsilon] Theorem
|- !x y. (!e. 0 < e /\ e <> PosInf ==> x <= y + e) ==> x <= y
[le_inf] Theorem
|- !p x. x <= inf p <=> !y. p y ==> x <= y
[le_infty] Theorem
|- (!x. NegInf <= x /\ x <= PosInf) /\ (!x. x <= NegInf <=> (x = NegInf)) /\
!x. PosInf <= x <=> (x = PosInf)
[le_ladd] Theorem
|- !x y z. x <> NegInf /\ x <> PosInf ==> (x + y <= x + z <=> y <= z)
[le_ladd_imp] Theorem
|- !x y z. y <= z ==> x + y <= x + z
[le_ldiv] Theorem
|- !x y z. 0 < x ==> (y <= z * Normal x <=> y / Normal x <= z)
[le_lmul_imp] Theorem
|- !x y z. 0 <= z /\ x <= y ==> z * x <= z * y
[le_lneg] Theorem
|- !x y.
x <> NegInf /\ y <> NegInf \/ x <> PosInf /\ y <> PosInf ==>
(-x <= y <=> 0 <= x + y)
[le_lsub_imp] Theorem
|- !x y z. y <= z ==> x - z <= x - y
41
[le_lt] Theorem
|- !x y. x <= y <=> x < y \/ (x = y)
[le_max] Theorem
|- !z x y. z <= max x y <=> z <= x \/ z <= y
[le_max1] Theorem
|- !x y. x <= max x y
[le_max2] Theorem
|- !x y. y <= max x y
[le_min] Theorem
|- !z x y. z <= min x y <=> z <= x /\ z <= y
[le_mul] Theorem
|- !x y. 0 <= x /\ 0 <= y ==> 0 <= x * y
[le_mul_epsilon] Theorem
|- !x y. (!z. 0 <= z /\ z < 1 ==> z * x <= y) ==> x <= y
[le_neg] Theorem
|- !x y. -x <= -y <=> y <= x
[le_num] Theorem
|- !n. 0 <= &n
[le_pow2] Theorem
|- !x. 0 <= x pow 2
[le_radd] Theorem
|- !x y z. x <> NegInf /\ x <> PosInf ==> (y + x <= z + x <=> y <= z)
[le_radd_imp] Theorem
42
|- !x y z. y <= z ==> y + x <= z + x
[le_rdiv] Theorem
|- !x y z. 0 < x ==> (y * Normal x <= z <=> y <= z / Normal x)
[le_refl] Theorem
|- !x. x <= x
[le_rmul_imp] Theorem
|- !x y z. 0 < z /\ x <= y ==> x * z <= y * z
[le_sub_eq] Theorem
|- !x y z. x <> NegInf /\ x <> PosInf ==> (y <= z - x <=> y + x <= z)
[le_sub_eq2] Theorem
|- !x y z.
z <> NegInf /\ z <> PosInf /\ x <> NegInf /\ y <> NegInf ==>
(y <= z - x <=> y + x <= z)
[le_sub_imp] Theorem
|- !x y z. x <> NegInf /\ x <> PosInf /\ y + x <= z ==> y <= z - x
[le_sub_imp2] Theorem
|- !x y z. z <> NegInf /\ z <> PosInf /\ y + x <= z ==> y <= z - x
[le_sup] Theorem
|- !p x. x <= sup p <=> !y. (!z. p z ==> z <= y) ==> x <= y
[le_sup_imp] Theorem
|- !p x. p x ==> x <= sup p
[le_total] Theorem
|- !x y. x <= y \/ y <= x
[le_trans] Theorem
|- !x y z. x <= y /\ y <= z ==> x <= z
43
[let_add] Theorem
|- !x y. 0 <= x /\ 0 < y ==> 0 < x + y
[let_add2] Theorem
|- !w x y z.
w <> NegInf /\ w <> PosInf /\ y <> NegInf /\ y <> PosInf /\ w <= x /\
y < z ==>
w + y < x + z
[let_trans] Theorem
|- !x y z. x <= y /\ y < z ==> x < z
[lt_01] Theorem
|- 0 < 1
[lt_add] Theorem
|- !x y. 0 < x /\ 0 < y ==> 0 < x + y
[lt_addl] Theorem
|- !x y. y <> NegInf /\ y <> PosInf ==> (y < x + y <=> 0 < x)
[lt_antisym] Theorem
|- !x y. ~(x < y /\ y < x)
[lt_imp_le] Theorem
|- !x y. x < y ==> x <= y
[lt_imp_ne] Theorem
|- !x y. x < y ==> x <> y
[lt_infty] Theorem
|- !x y.
NegInf < Normal y /\ Normal y < PosInf /\ NegInf < PosInf /\
~(x < NegInf) /\ ~(PosInf < x) /\ (x <> PosInf <=> x < PosInf) /\
(x <> NegInf <=> NegInf < x)
44
[lt_ladd] Theorem
|- !x y z. x <> NegInf /\ x <> PosInf ==> (x + y < x + z <=> y < z)
[lt_ldiv] Theorem
|- !x y z. 0 < z ==> (x / Normal z < y <=> x < y * Normal z)
[lt_le] Theorem
|- !x y. x < y <=> x <= y /\ x <> y
[lt_lmul] Theorem
|- !x y z. 0 < x /\ x <> PosInf ==> (x * y < x * z <=> y < z)
[lt_mul] Theorem
|- !x y. 0 < x /\ 0 < y ==> 0 < x * y
[lt_mul2] Theorem
|- !x1 x2 y1 y2.
0 <= x1 /\ 0 <= y1 /\ x1 <> PosInf /\ y1 <> PosInf /\ x1 < x2 /\
y1 < y2 ==>
x1 * y1 < x2 * y2
[lt_neg] Theorem
|- !x y. -x < -y <=> y < x
[lt_radd] Theorem
|- !x y z. x <> NegInf /\ x <> PosInf ==> (y + x < z + x <=> y < z)
[lt_rdiv] Theorem
|- !x y z. 0 < z ==> (x < y / Normal z <=> x * Normal z < y)
[lt_rdiv_neg] Theorem
|- !x y z. z < 0 ==> (y / Normal z < x <=> x * Normal z < y)
[lt_refl] Theorem
|- !x. ~(x < x)
45
[lt_rmul] Theorem
|- !x y z. 0 < z /\ z <> PosInf ==> (x * z < y * z <=> x < y)
[lt_sub] Theorem
|- !x y z.
x <> NegInf /\ y <> NegInf /\ z <> NegInf /\ z <> PosInf ==>
(y + x < z <=> y < z - x)
[lt_sub_imp] Theorem
|- !x y z. x <> NegInf /\ y <> NegInf /\ y + x < z ==> y < z - x
[lt_sub_imp2] Theorem
|- !x y z. x <> NegInf /\ x <> PosInf /\ y + x < z ==> y < z - x
[lt_total] Theorem
|- !x y. (x = y) \/ x < y \/ y < x
[lt_trans] Theorem
|- !x y z. x < y /\ y < z ==> x < z
[lte_add] Theorem
|- !x y. 0 < x /\ 0 <= y ==> 0 < x + y
[lte_trans] Theorem
|- !x y z. x < y /\ y <= z ==> x < z
[max_comm] Theorem
|- !x y. max x y = max y x
[max_infty] Theorem
|- !x.
(max x PosInf = PosInf) /\ (max PosInf x = PosInf) /\
(max NegInf x = x) /\ (max x NegInf = x)
[max_le] Theorem
|- !z x y. max x y <= z <=> x <= z /\ y <= z
46
[max_le2_imp] Theorem
|- !x1 x2 y1 y2. x1 <= y1 /\ x2 <= y2 ==> max x1 x2 <= max y1 y2
[max_refl] Theorem
|- !x. max x x = x
[min_comm] Theorem
|- !x y. min x y = min y x
[min_infty] Theorem
|- !x.
(min x PosInf = x) /\ (min PosInf x = x) /\ (min NegInf x = NegInf) /\
(min x NegInf = NegInf)
[min_le] Theorem
|- !z x y. min x y <= z <=> x <= z \/ y <= z
[min_le1] Theorem
|- !x y. min x y <= x
[min_le2] Theorem
|- !x y. min x y <= y
[min_le2_imp] Theorem
|- !x1 x2 y1 y2. x1 <= y1 /\ x2 <= y2 ==> min x1 x2 <= min y1 y2
[min_refl] Theorem
|- !x. min x x = x
[mono_decreasing_suc] Theorem
|- !f. mono_decreasing f <=> !n. f (SUC n) <= f n
[mono_increasing_converges_to_sup] Theorem
|- !f r. mono_increasing f /\ f --> r ==> (r = sup (IMAGE f univ(:num)))
47
[mono_increasing_suc] Theorem
|- !f. mono_increasing f <=> !n. f n <= f (SUC n)
[mul_assoc] Theorem
|- !x y z. x * (y * z) = x * y * z
[mul_comm] Theorem
|- !x y. x * y = y * x
[mul_lneg] Theorem
|- !x y. -x * y = -(x * y)
[mul_lone] Theorem
|- !x. 1 * x = x
[mul_lzero] Theorem
|- !x. 0 * x = 0
[mul_not_infty] Theorem
|- (!c y. 0 <= c /\ y <> NegInf ==> Normal c * y <> NegInf) /\
(!c y. 0 <= c /\ y <> PosInf ==> Normal c * y <> PosInf) /\
(!c y. c <= 0 /\ y <> NegInf ==> Normal c * y <> PosInf) /\
!c y. c <= 0 /\ y <> PosInf ==> Normal c * y <> NegInf
[mul_rneg] Theorem
|- !x y. x * -y = -(x * y)
[mul_rone] Theorem
|- !x. x * 1 = x
[mul_rzero] Theorem
|- !x. x * 0 = 0
[ne_01] Theorem
|- 0 <> 1
48
[neg_0] Theorem
|- -0 = 0
[neg_minus1] Theorem
|- !x. -x = -1 * x
[neg_neg] Theorem
|- !x. --x = x
[normal_real] Theorem
|- !x. x <> NegInf /\ x <> PosInf ==> (Normal (real x) = x)
[num_not_infty] Theorem
|- !n. &n <> NegInf /\ &n <> PosInf
[pow2_sqrt] Theorem
|- !x. 0 <= x ==> (sqrt (x pow 2) = x)
[pow_0] Theorem
|- !x. x pow 0 = 1
[pow_1] Theorem
|- !x. x pow 1 = x
[pow_2] Theorem
|- !x. x pow 2 = x * x
[pow_add] Theorem
|- !x n m. x pow (n + m) = x pow n * x pow m
[pow_le] Theorem
|- !n x y. 0 <= x /\ x <= y ==> x pow n <= y pow n
[pow_le_mono] Theorem
|- !x n m. 1 <= x /\ n <= m ==> x pow n <= x pow m
49
[pow_lt] Theorem
|- !n x y. 0 <= x /\ x < y ==> x pow SUC n < y pow SUC n
[pow_lt2] Theorem
|- !n x y. n <> 0 /\ 0 <= x /\ x < y ==> x pow n < y pow n
[pow_minus1] Theorem
|- !n. -1 pow (2 * n) = 1
[pow_mul] Theorem
|- !n x y. (x * y) pow n = x pow n * y pow n
[pow_neg_odd] Theorem
|- !x. x < 0 ==> (x pow n < 0 <=> ODD n)
[pow_not_infty] Theorem
|- !n x. x <> NegInf /\ x <> PosInf ==> x pow n <> NegInf /\ x pow n <> PosInf
[pow_pos_even] Theorem
|- !x. x < 0 ==> (0 < x pow n <=> EVEN n)
[pow_pos_le] Theorem
|- !x. 0 <= x ==> !n. 0 <= x pow n
[pow_pos_lt] Theorem
|- !x n. 0 < x ==> 0 < x pow n
[pow_zero] Theorem
|- !n x. (x pow SUC n = 0) <=> (x = 0)
[pow_zero_imp] Theorem
|- !n x. (x pow n = 0) ==> (x = 0)
[real_normal] Theorem
50
|- !x. real (Normal x) = x
[sqrt_mono_le] Theorem
|- !x y. 0 <= x /\ x <= y ==> sqrt x <= sqrt y
[sqrt_pos_le] Theorem
|- !x. 0 <= x ==> 0 <= sqrt x
[sqrt_pos_lt] Theorem
|- !x. 0 < x ==> 0 < sqrt x
[sqrt_pow2] Theorem
|- !x. (sqrt x pow 2 = x) <=> 0 <= x
[sub_0] Theorem
|- !x y. (x - y = 0) ==> (x = y)
[sub_add] Theorem
|- !x y. y <> NegInf /\ y <> PosInf ==> (x - y + y = x)
[sub_add2] Theorem
|- !x y. x <> NegInf /\ x <> PosInf ==> (x + (y - x) = y)
[sub_le_eq] Theorem
|- !x y z. x <> NegInf /\ x <> PosInf ==> (y - x <= z <=> y <= z + x)
[sub_le_eq2] Theorem
|- !x y z.
y <> NegInf /\ y <> PosInf /\ x <> NegInf /\ z <> NegInf ==>
(y - x <= z <=> y <= z + x)
[sub_le_imp] Theorem
|- !x y z. x <> NegInf /\ x <> PosInf /\ y <= z + x ==> y - x <= z
[sub_le_imp2] Theorem
|- !x y z. y <> NegInf /\ y <> PosInf /\ y <= z + x ==> y - x <= z
51
[sub_le_switch] Theorem
|- !x y z.
x <> NegInf /\ x <> PosInf /\ z <> NegInf /\ z <> PosInf ==>
(y - x <= z <=> y - z <= x)
[sub_le_switch2] Theorem
|- !x y z.
x <> NegInf /\ x <> PosInf /\ y <> NegInf /\ y <> PosInf ==>
(y - x <= z <=> y - z <= x)
[sub_le_zero] Theorem
|- !x y. y <> NegInf /\ y <> PosInf ==> (x <= y <=> x - y <= 0)
[sub_lt_imp] Theorem
|- !x y z. x <> NegInf /\ x <> PosInf /\ y < z + x ==> y - x < z
[sub_lt_imp2] Theorem
|- !x y z. z <> NegInf /\ z <> PosInf /\ y < z + x ==> y - x < z
[sub_lt_zero] Theorem
|- !x y. x < y ==> x - y < 0
[sub_lt_zero2] Theorem
|- !x y. y <> NegInf /\ y <> PosInf /\ x - y < 0 ==> x < y
[sub_lzero] Theorem
|- !x. 0 - x = -x
[sub_not_infty] Theorem
|- !x y.
(x <> NegInf /\ y <> PosInf ==> x - y <> NegInf) /\
(x <> PosInf /\ y <> NegInf ==> x - y <> PosInf)
[sub_refl] Theorem
|- !x. x <> NegInf /\ x <> PosInf ==> (x - x = 0)
52
[sub_rneg] Theorem
|- !c x. Normal c - -x = Normal c + x
[sub_rzero] Theorem
|- !x. x - 0 = x
[sub_zero_le] Theorem
|- !x y. x <> NegInf /\ x <> PosInf ==> (x <= y <=> 0 <= y - x)
[sub_zero_lt] Theorem
|- !x y. x < y ==> 0 < y - x
[sub_zero_lt2] Theorem
|- !x y. x <> NegInf /\ x <> PosInf /\ 0 < y - x ==> x < y
[sup_add_mono] Theorem
|- !f g.
(!n. 0 <= f n) /\ (!n. f n <= f (SUC n)) /\ (!n. 0 <= g n) /\
(!n. g n <= g (SUC n)) ==>
(sup (IMAGE (\n. f n + g n) univ(:num)) =
sup (IMAGE f univ(:num)) + sup (IMAGE g univ(:num)))
[sup_cmul] Theorem
|- !f c.
0 <= c ==>
(sup (IMAGE (\n. Normal c * f n) univ(:a)) =
Normal c * sup (IMAGE f univ(:a)))
[sup_const] Theorem
|- !x. sup (\y. y = x) = x
[sup_const_alt] Theorem
|- !p z. (?x. p x) /\ (!x. p x ==> (x = z)) ==> (sup p = z)
[sup_const_over_set] Theorem
|- !s k. s <> {} ==> (sup (IMAGE (\x. k) s) = k)
53
[sup_eq] Theorem
|- !p x.
(sup p = x) <=>
(!y. p y ==> y <= x) /\ !y. (!z. p z ==> z <= y) ==> x <= y
[sup_le] Theorem
|- !p x. sup p <= x <=> !y. p y ==> y <= x
[sup_le_mono] Theorem
|- !f z.
(!n. f n <= f (SUC n)) /\ z < sup (IMAGE f univ(:num)) ==> ?n. z <= f n
[sup_le_sup_imp] Theorem
|- !p q. (!x. p x ==> ?y. q y /\ x <= y) ==> sup p <= sup q
[sup_lt] Theorem
|- !P y. (?x. P x /\ y < x) <=> y < sup P
[sup_lt_epsilon] Theorem
|- !P e.
0 < e /\ (?x. P x /\ x <> NegInf) /\ sup P <> PosInf ==>
?x. P x /\ sup P < x + e
[sup_lt_infty] Theorem
|- !p. sup p < PosInf ==> !x. p x ==> x < PosInf
[sup_max] Theorem
|- !p z. p z /\ (!x. p x ==> x <= z) ==> (sup p = z)
[sup_mono] Theorem
|- !p q.
(!n. p n <= q n) ==> sup (IMAGE p univ(:num)) <= sup (IMAGE q univ(:num))
[sup_num] Theorem
|- sup (\x. ?n. x = &n) = PosInf
[sup_seq] Theorem
54
|- !f l.
mono_increasing f ==>
(f --> l <=> (sup (IMAGE (\n. Normal (f n)) univ(:num)) = Normal l))
[sup_suc] Theorem
|- !f.
(!m n. m <= n ==> f m <= f n) ==>
(sup (IMAGE (\n. f (SUC n)) univ(:num)) = sup (IMAGE f univ(:num)))
[sup_sum_mono] Theorem
|- !f s.
FINITE s /\ (!i. i IN s ==> !n. 0 <= f i n) /\
(!i. i IN s ==> !n. f i n <= f i (SUC n)) ==>
(sup (IMAGE (\n. SIGMA (\i. f i n) s) univ(:num)) =
SIGMA (\i. sup (IMAGE (f i) univ(:num))) s)
[thirds_between] Theorem
|- ((0 < 1 / 3 /\ 1 / 3 < 1) /\ 0 < 2 / 3 /\ 2 / 3 < 1) /\
(0 <= 1 / 3 /\ 1 / 3 <= 1) /\ 0 <= 2 / 3 /\ 2 / 3 <= 1
*)
end
signature rationalTheory =
sig
type thm = Thm.thm
(* Definitions *)
val Q_set_def : thm
val ceiling_def : thm
val open_interval_def : thm
val open_intervals_set_def : thm
val rational_intervals_def : thm
(* Theorems *)
val ADD_IN_Q : thm
val CEILING_LBOUND : thm
val CEILING_UBOUND : thm
55
val CMUL_IN_Q : thm
val COUNTABLE_ENUM_Q : thm
val COUNTABLE_RATIONAL_INTERVALS : thm
val CROSS_COUNTABLE : thm
val CROSS_COUNTABLE_LEMMA1 : thm
val CROSS_COUNTABLE_LEMMA2 : thm
val CROSS_COUNTABLE_UNIV : thm
val DIV_IN_Q : thm
val INV_IN_Q : thm
val MUL_IN_Q : thm
val NUM_2D_BIJ_NZ : thm
val NUM_2D_BIJ_NZ_ALT : thm
val NUM_2D_BIJ_NZ_ALT2 : thm
val NUM_2D_BIJ_NZ_ALT2_INV : thm
val NUM_2D_BIJ_NZ_ALT_INV : thm
val NUM_2D_BIJ_NZ_INV : thm
val NUM_IN_Q : thm
val OPP_IN_Q : thm
val Q_COUNTABLE : thm
val Q_DENSE_IN_R : thm
val Q_DENSE_IN_R_LEMMA : thm
val Q_INFINITE : thm
val Q_not_infty : thm
val SUB_IN_Q : thm
val rat_not_infty : thm
val rational_grammars : type_grammar.grammar * term_grammar.grammar
(*
[extreal] Parent theory of "rational"
[Q_set_def] Definition
|- Q_set =
{x | ?a b. (x = &a / &b) /\ 0 < &b} UNION
{x | ?a b. (x = -(&a / &b)) /\ 0 < &b}
[ceiling_def] Definition
|- !x. ceiling (Normal x) = LEAST n. x <= &n
[open_interval_def] Definition
|- !a b. open_interval a b = {x | a < x /\ x < b}
[open_intervals_set_def] Definition
|- open_intervals_set =
56
{open_interval a b | a IN univ(:extreal) /\ b IN univ(:extreal)}
[rational_intervals_def] Definition
|- rational_intervals = {open_interval a b | a IN Q_set /\ b IN Q_set}
[ADD_IN_Q] Theorem
|- !x y. x IN Q_set /\ y IN Q_set ==> x + y IN Q_set
[CEILING_LBOUND] Theorem
|- !x. Normal x <= &ceiling (Normal x)
[CEILING_UBOUND] Theorem
|- !x. 0 <= x ==> &ceiling (Normal x) < Normal x + 1
[CMUL_IN_Q] Theorem
|- !z x. x IN Q_set ==> &z * x IN Q_set /\ -&z * x IN Q_set
[COUNTABLE_ENUM_Q] Theorem
|- !c. countable c <=> (c = {}) \/ ?f. c = IMAGE f Q_set
[COUNTABLE_RATIONAL_INTERVALS] Theorem
|- countable rational_intervals
[CROSS_COUNTABLE] Theorem
|- !s. countable s /\ countable t ==> countable (s CROSS t)
[CROSS_COUNTABLE_LEMMA1] Theorem
|- !s. countable s /\ FINITE s /\ countable t ==> countable (s CROSS t)
[CROSS_COUNTABLE_LEMMA2] Theorem
|- !s. countable s /\ countable t /\ FINITE t ==> countable (s CROSS t)
[CROSS_COUNTABLE_UNIV] Theorem
|- countable (univ(:num) CROSS univ(:num))
[DIV_IN_Q] Theorem
57
|- !x y. x IN Q_set /\ y IN Q_set /\ y <> 0 ==> x / y IN Q_set
[INV_IN_Q] Theorem
|- !x. x IN Q_set /\ x <> 0 ==> 1 / x IN Q_set
[MUL_IN_Q] Theorem
|- !x y. x IN Q_set /\ y IN Q_set ==> x * y IN Q_set
[NUM_2D_BIJ_NZ] Theorem
|- ?f. BIJ f (univ(:num) CROSS (univ(:num) DIFF {0})) univ(:num)
[NUM_2D_BIJ_NZ_ALT] Theorem
|- ?f. BIJ f (univ(:num) CROSS univ(:num)) (univ(:num) DIFF {0})
[NUM_2D_BIJ_NZ_ALT2] Theorem
|- ?f. BIJ f ((univ(:num) DIFF {0}) CROSS (univ(:num) DIFF {0})) univ(:num)
[NUM_2D_BIJ_NZ_ALT2_INV] Theorem
|- ?f. BIJ f univ(:num) ((univ(:num) DIFF {0}) CROSS (univ(:num) DIFF {0}))
[NUM_2D_BIJ_NZ_ALT_INV] Theorem
|- ?f. BIJ f (univ(:num) DIFF {0}) (univ(:num) CROSS univ(:num))
[NUM_2D_BIJ_NZ_INV] Theorem
|- ?f. BIJ f univ(:num) (univ(:num) CROSS (univ(:num) DIFF {0}))
[NUM_IN_Q] Theorem
|- !n. &n IN Q_set /\ -&n IN Q_set
[OPP_IN_Q] Theorem
|- !x. x IN Q_set ==> -x IN Q_set
[Q_COUNTABLE] Theorem
|- countable Q_set
58
[Q_DENSE_IN_R] Theorem
|- !x y. x < y ==> ?r. r IN Q_set /\ x < r /\ r < y
[Q_DENSE_IN_R_LEMMA] Theorem
|- !x y. 0 <= x /\ x < y ==> ?r. r IN Q_set /\ x < r /\ r < y
[Q_INFINITE] Theorem
|- INFINITE Q_set
[Q_not_infty] Theorem
|- !x. x IN Q_set ==> ?y. x = Normal y
[SUB_IN_Q] Theorem
|- !x y. x IN Q_set /\ y IN Q_set ==> x - y IN Q_set
[rat_not_infty] Theorem
|- !r. r IN Q_set ==> r <> NegInf /\ r <> PosInf
*)
end
signature measureTheory =
sig
type thm = Thm.thm
(* Definitions *)
val Borel_def : thm
val additive_def : thm
val algebra_def : thm
val countably_additive_def : thm
val countably_subadditive_def : thm
val fn_abs_def : thm
val fn_minus_def : thm
val fn_plus_def : thm
val increasing_def : thm
val indicator_fn_def : thm
59
val inf_measure_def : thm
val m_space_def : thm
val measurable_def : thm
val measurable_sets_def : thm
val measure_def : thm
val measure_preserving_def : thm
val measure_space_def : thm
val null_set_def : thm
val outer_measure_space_def : thm
val pos_simple_fn_def : thm
val positive_def : thm
val sigma_algebra_def : thm
val sigma_def : thm
val space_def : thm
val subadditive_def : thm
val subset_class_def : thm
val subsets_def : thm
(* Theorems *)
val ADDITIVE : thm
val ADDITIVE_INCREASING : thm
val ADDITIVE_SUM : thm
val ALGEBRA_ALT_INTER : thm
val ALGEBRA_COMPL : thm
val ALGEBRA_DIFF : thm
val ALGEBRA_EMPTY : thm
val ALGEBRA_FINITE_UNION : thm
val ALGEBRA_INTER : thm
val ALGEBRA_INTER_SPACE : thm
val ALGEBRA_SPACE : thm
val ALGEBRA_UNION : thm
val BIGUNION_IMAGE_Q : thm
val BOREL_MEASURABLE_SETS : thm
val BOREL_MEASURABLE_SETS_CC : thm
val BOREL_MEASURABLE_SETS_CO : thm
val BOREL_MEASURABLE_SETS_CR : thm
val BOREL_MEASURABLE_SETS_OC : thm
val BOREL_MEASURABLE_SETS_OO : thm
val BOREL_MEASURABLE_SETS_OR : thm
val BOREL_MEASURABLE_SETS_RC : thm
val BOREL_MEASURABLE_SETS_RO : thm
val BOREL_MEASURABLE_SETS_SING : thm
val COUNTABLY_ADDITIVE : thm
val COUNTABLY_ADDITIVE_ADDITIVE : thm
val COUNTABLY_SUBADDITIVE : thm
val FN_MINUS_POS : thm
val FN_MINUS_POS_ZERO : thm
60
val FN_PLUS_POS : thm
val FN_PLUS_POS_ID : thm
val IMAGE_SING : thm
val INCREASING : thm
val INDICATOR_FN_MUL_INTER : thm
val IN_MEASURABLE : thm
val IN_MEASURABLE_BOREL : thm
val IN_MEASURABLE_BOREL_ABS : thm
val IN_MEASURABLE_BOREL_ADD : thm
val IN_MEASURABLE_BOREL_ALL : thm
val IN_MEASURABLE_BOREL_ALT1 : thm
val IN_MEASURABLE_BOREL_ALT4_IMP : thm
val IN_MEASURABLE_BOREL_CMUL : thm
val IN_MEASURABLE_BOREL_CMUL_INDICATOR : thm
val IN_MEASURABLE_BOREL_CONST : thm
val IN_MEASURABLE_BOREL_FN_MINUS : thm
val IN_MEASURABLE_BOREL_FN_PLUS : thm
val IN_MEASURABLE_BOREL_INDICATOR : thm
val IN_MEASURABLE_BOREL_LE : thm
val IN_MEASURABLE_BOREL_LT : thm
val IN_MEASURABLE_BOREL_MAX : thm
val IN_MEASURABLE_BOREL_MONO_SUP : thm
val IN_MEASURABLE_BOREL_MUL : thm
val IN_MEASURABLE_BOREL_MUL_INDICATOR : thm
val IN_MEASURABLE_BOREL_POS_SIMPLE_FN : thm
val IN_MEASURABLE_BOREL_POW : thm
val IN_MEASURABLE_BOREL_SQR : thm
val IN_MEASURABLE_BOREL_SUB : thm
val IN_MEASURABLE_BOREL_SUM : thm
val IN_MEASURE_PRESERVING : thm
val IN_SIGMA : thm
val MEASUBABLE_BIGUNION_LEMMA : thm
val MEASURABLE_BIGUNION_PROPERTY : thm
val MEASURABLE_BOREL : thm
val MEASURABLE_COMP : thm
61
val MEASURABLE_COMP_STRONG : thm
val MEASURABLE_COMP_STRONGER : thm
val MEASURABLE_DIFF_PROPERTY : thm
val MEASURABLE_I : thm
val MEASURABLE_LIFT : thm
val MEASURABLE_POW_TO_POW : thm
val MEASURABLE_POW_TO_POW_IMAGE : thm
val MEASURABLE_PROD_SIGMA : thm
val MEASURABLE_RANGE_REDUCE : thm
val MEASURABLE_SETS_SUBSET_SPACE : thm
val MEASURABLE_SIGMA : thm
val MEASURABLE_SIGMA_PREIMAGES : thm
val MEASURABLE_SUBSET : thm
val MEASURABLE_UP_LIFT : thm
val MEASURABLE_UP_SIGMA : thm
val MEASURABLE_UP_SUBSET : thm
val MEASURE_ADDITIVE : thm
val MEASURE_COUNTABLE_INCREASING : thm
val MEASURE_COUNTABLY_ADDITIVE : thm
val MEASURE_DOWN : thm
val MEASURE_EMPTY : thm
val MEASURE_EXTREAL_SUM_IMAGE : thm
val MEASURE_PRESERVING_UP_LIFT : thm
val MEASURE_PRESERVING_UP_SIGMA : thm
val MEASURE_PRESERVING_UP_SUBSET : thm
val MEASURE_SPACE_ADDITIVE : thm
val MEASURE_SPACE_BIGINTER : thm
val MEASURE_SPACE_BIGUNION : thm
val MEASURE_SPACE_CMUL : thm
val MEASURE_SPACE_DIFF : thm
val MEASURE_SPACE_EMPTY_MEASURABLE : thm
val MEASURE_SPACE_FINITE_DIFF : thm
val MEASURE_SPACE_FINITE_DIFF_SUBSET : thm
val MEASURE_SPACE_FINITE_MEASURE : thm
val MEASURE_SPACE_INCREASING : thm
val MEASURE_SPACE_INTER : thm
val MEASURE_SPACE_IN_MSPACE : thm
val MEASURE_SPACE_MSPACE_MEASURABLE : thm
val MEASURE_SPACE_POSITIVE : thm
val MEASURE_SPACE_REDUCE : thm
val MEASURE_SPACE_RESTRICTED : thm
val MEASURE_SPACE_SUBSET : thm
val MEASURE_SPACE_SUBSET_MSPACE : thm
val MEASURE_SPACE_UNION : thm
val MONOTONE_CONVERGENCE : thm
val MONOTONE_CONVERGENCE2 : thm
val MONOTONE_CONVERGENCE_BIGINTER : thm
62
val MONOTONE_CONVERGENCE_BIGINTER2 : thm
val OUTER_MEASURE_SPACE_POSITIVE : thm
val POW_ALGEBRA : thm
val POW_SIGMA_ALGEBRA : thm
val SIGMA_ALGEBRA : thm
val SIGMA_ALGEBRA_ALGEBRA : thm
val SIGMA_ALGEBRA_ALT : thm
val SIGMA_ALGEBRA_ALT_DISJOINT : thm
val SIGMA_ALGEBRA_ALT_MONO : thm
val SIGMA_ALGEBRA_BOREL : thm
val SIGMA_ALGEBRA_COUNTABLE_UNION : thm
val SIGMA_ALGEBRA_ENUM : thm
val SIGMA_ALGEBRA_FN : thm
val SIGMA_ALGEBRA_FN_BIGINTER : thm
val SIGMA_ALGEBRA_FN_DISJOINT : thm
val SIGMA_ALGEBRA_SIGMA : thm
val SIGMA_POW : thm
val SIGMA_PROPERTY : thm
val SIGMA_PROPERTY_ALT : thm
val SIGMA_PROPERTY_DISJOINT_WEAK : thm
val SIGMA_REDUCE : thm
val SIGMA_SUBSET : thm
val SIGMA_SUBSET_MEASURABLE_SETS : thm
val SIGMA_SUBSET_SUBSETS : thm
val SPACE : thm
val SPACE_BOREL : thm
val SPACE_SIGMA : thm
val STRONG_MEASURE_SPACE_SUBSET : thm
val SUBADDITIVE : thm
val SUBSET_BIGINTER : thm
val UNIV_SIGMA_ALGEBRA : thm
val finite_additivity_sufficient_for_finite_spaces : thm
val finite_additivity_sufficient_for_finite_spaces2 : thm
val indicator_fn_split : thm
val indicator_fn_suminf : thm
val measure_split : thm
val positive_not_infty : thm
val measure_grammars : type_grammar.grammar * term_grammar.grammar
(*
[extra_real] Parent theory of "measure"
[rational] Parent theory of "measure"
[Borel_def] Definition
|- Borel = sigma univ(:extreal) (IMAGE (\a. {x | x < Normal a}) univ(:real))
63
[additive_def] Definition
|- !m.
additive m <=>
!s t.
s IN measurable_sets m /\ t IN measurable_sets m /\ DISJOINT s t ==>
(measure m (s UNION t) = measure m s + measure m t)
[algebra_def] Definition
|- !a.
algebra a <=>
subset_class (space a) (subsets a) /\ {} IN subsets a /\
(!s. s IN subsets a ==> space a DIFF s IN subsets a) /\
!s t. s IN subsets a /\ t IN subsets a ==> s UNION t IN subsets a
[countably_additive_def] Definition
|- !m.
countably_additive m <=>
!f.
f IN (univ(:num) -> measurable_sets m) /\
(!m n. m <> n ==> DISJOINT (f m) (f n)) /\
BIGUNION (IMAGE f univ(:num)) IN measurable_sets m ==>
(measure m (BIGUNION (IMAGE f univ(:num))) = suminf (measure m o f))
[countably_subadditive_def] Definition
|- !m.
countably_subadditive m <=>
!f.
BIGUNION (IMAGE f univ(:num)) IN measurable_sets m ==>
measure m (BIGUNION (IMAGE f univ(:num))) <= suminf (measure m o f)
[fn_abs_def] Definition
|- !f. fn_abs f = (\x. abs (f x))
[fn_minus_def] Definition
|- !f. fn_minus f = (\x. if f x < 0 then -f x else 0)
[fn_plus_def] Definition
|- !f. fn_plus f = (\x. if 0 < f x then f x else 0)
64
[increasing_def] Definition
|- !m.
increasing m <=>
!s t.
s IN measurable_sets m /\ t IN measurable_sets m /\ s SUBSET t ==>
measure m s <= measure m t
[indicator_fn_def] Definition
|- !s. indicator_fn s = (\x. if x IN s then 1 else 0)
[inf_measure_def] Definition
|- !m s.
inf_measure m s =
inf
{r |
?f.
s SUBSET BIGUNION (IMAGE f univ(:num)) /\
(suminf (measure m o f) = r)}
[m_space_def] Definition
|- !sp sts mu. m_space (sp,sts,mu) = sp
[measurable_def] Definition
|- !a b.
measurable a b =
{f |
sigma_algebra a /\ sigma_algebra b /\ f IN (space a -> space b) /\
!s. s IN subsets b ==> PREIMAGE f s INTER space a IN subsets a}
[measurable_sets_def] Definition
|- !sp sts mu. measurable_sets (sp,sts,mu) = sts
[measure_def] Definition
|- !sp sts mu. measure (sp,sts,mu) = mu
[measure_preserving_def] Definition
65
|- !m1 m2.
measure_preserving m1 m2 =
{f |
f IN
measurable (m_space m1,measurable_sets m1)
(m_space m2,measurable_sets m2) /\
!s.
s IN measurable_sets m2 ==>
(measure m1 (PREIMAGE f s INTER m_space m1) = measure m2 s)}
[measure_space_def] Definition
|- !m.
measure_space m <=>
sigma_algebra (m_space m,measurable_sets m) /\ positive m /\
countably_additive m
[null_set_def] Definition
|- !m s. null_set m s <=> s IN measurable_sets m /\ (measure m s = 0)
[outer_measure_space_def] Definition
|- !m.
outer_measure_space m <=>
positive m /\ increasing m /\ countably_subadditive m
[pos_simple_fn_def] Definition
|- !m f s a x.
pos_simple_fn m f s a x <=>
(!t. 0 <= f t) /\
(!t.
t IN m_space m ==>
(f t = SIGMA (\i. Normal (x i) * indicator_fn (a i) t) s)) /\
(!i. i IN s ==> a i IN measurable_sets m) /\ FINITE s /\
(!i. i IN s ==> 0 <= x i) /\
(!i j. i IN s /\ j IN s /\ i <> j ==> DISJOINT (a i) (a j)) /\
(BIGUNION (IMAGE a s) = m_space m)
[positive_def] Definition
|- !m.
positive m <=>
(measure m {} = 0) /\ !s. s IN measurable_sets m ==> 0 <= measure m s
[sigma_algebra_def] Definition
66
|- !a.
sigma_algebra a <=>
algebra a /\
!c. countable c /\ c SUBSET subsets a ==> BIGUNION c IN subsets a
[sigma_def] Definition
|- !sp st.
sigma sp st = (sp,BIGINTER {s | st SUBSET s /\ sigma_algebra (sp,s)})
[space_def] Definition
|- !x y. space (x,y) = x
[subadditive_def] Definition
|- !m.
subadditive m <=>
!s t.
s IN measurable_sets m /\ t IN measurable_sets m ==>
measure m (s UNION t) <= measure m s + measure m t
[subset_class_def] Definition
|- !sp sts. subset_class sp sts <=> !x. x IN sts ==> x SUBSET sp
[subsets_def] Definition
|- !x y. subsets (x,y) = y
[ADDITIVE] Theorem
|- !m s t u.
additive m /\ s IN measurable_sets m /\ t IN measurable_sets m /\
DISJOINT s t /\ (u = s UNION t) ==>
(measure m u = measure m s + measure m t)
[ADDITIVE_INCREASING] Theorem
|- !m.
algebra (m_space m,measurable_sets m) /\ positive m /\ additive m ==>
increasing m
[ADDITIVE_SUM] Theorem
|- !m f n.
67
algebra (m_space m,measurable_sets m) /\ positive m /\ additive m /\
(!m n. m <> n ==> DISJOINT (f m) (f n)) ==>
(SIGMA (measure m o f) (count n) =
measure m (BIGUNION (IMAGE f (count n))))
[ALGEBRA_ALT_INTER] Theorem
|- !a.
algebra a <=>
!s t. s IN subsets a /\ t IN subsets a ==> s INTER t IN subsets a
[ALGEBRA_COMPL] Theorem
|- !a s. algebra a /\ s IN subsets a ==> space a DIFF s IN subsets a
[ALGEBRA_DIFF] Theorem
|- !a s t.
algebra a /\ s IN subsets a /\ t IN subsets a ==> s DIFF t IN subsets a
[ALGEBRA_EMPTY] Theorem
|- !a. algebra a ==> {} IN subsets a
[ALGEBRA_FINITE_UNION] Theorem
|- !a c.
algebra a /\ FINITE c /\ c SUBSET subsets a ==> BIGUNION c IN subsets a
[ALGEBRA_INTER] Theorem
|- !a s t.
algebra a /\ s IN subsets a /\ t IN subsets a ==> s INTER t IN subsets a
[ALGEBRA_INTER_SPACE] Theorem
|- !a s.
algebra a /\ s IN subsets a ==>
(space a INTER s = s) /\ (s INTER space a = s)
[ALGEBRA_SPACE] Theorem
|- !a. algebra a ==> space a IN subsets a
68
[ALGEBRA_UNION] Theorem
|- !a s t.
algebra a /\ s IN subsets a /\ t IN subsets a ==> s UNION t IN subsets a
[BIGUNION_IMAGE_Q] Theorem
|- !a f.
sigma_algebra a /\ f IN (Q_set -> subsets a) ==>
BIGUNION (IMAGE f Q_set) IN subsets a
[BOREL_MEASURABLE_SETS] Theorem
|- (!c. {x | x < Normal c} IN subsets Borel) /\
(!c. {x | Normal c <= x} IN subsets Borel) /\
(!c. {x | Normal c < x} IN subsets Borel) /\
(!c. {x | x <= Normal c} IN subsets Borel) /\
(!c d. {x | Normal c < x /\ x < Normal d} IN subsets Borel) /\
(!c d. {x | Normal c <= x /\ x < Normal d} IN subsets Borel) /\
(!c d. {x | Normal c < x /\ x <= Normal d} IN subsets Borel) /\
(!c d. {x | Normal c <= x /\ x <= Normal d} IN subsets Borel) /\
!c. {Normal c} IN subsets Borel
[BOREL_MEASURABLE_SETS_CC] Theorem
|- !c d. {x | Normal c <= x /\ x <= Normal d} IN subsets Borel
[BOREL_MEASURABLE_SETS_CO] Theorem
|- !c d. {x | Normal c <= x /\ x < Normal d} IN subsets Borel
[BOREL_MEASURABLE_SETS_CR] Theorem
|- !c. {x | Normal c <= x} IN subsets Borel
[BOREL_MEASURABLE_SETS_OC] Theorem
|- !c d. {x | Normal c < x /\ x <= Normal d} IN subsets Borel
[BOREL_MEASURABLE_SETS_OO] Theorem
|- !c d. {x | Normal c < x /\ x < Normal d} IN subsets Borel
[BOREL_MEASURABLE_SETS_OR] Theorem
|- !c. {x | Normal c < x} IN subsets Borel
69
[BOREL_MEASURABLE_SETS_RC] Theorem
|- !c. {x | x <= Normal c} IN subsets Borel
[BOREL_MEASURABLE_SETS_RO] Theorem
|- !c. {x | x < Normal c} IN subsets Borel
[BOREL_MEASURABLE_SETS_SING] Theorem
|- !c. {Normal c} IN subsets Borel
[COUNTABLY_ADDITIVE] Theorem
|- !m s f.
countably_additive m /\ f IN (univ(:num) -> measurable_sets m) /\
(s = BIGUNION (IMAGE f univ(:num))) /\ s IN measurable_sets m ==>
(suminf (measure m o f) = measure m s)
[COUNTABLY_ADDITIVE_ADDITIVE] Theorem
|- !m.
algebra (m_space m,measurable_sets m) /\ positive m /\
countably_additive m ==>
additive m
[COUNTABLY_SUBADDITIVE] Theorem
|- !m f s.
countably_subadditive m /\ f IN (univ(:num) -> measurable_sets m) /\
(s = BIGUNION (IMAGE f univ(:num))) /\ s IN measurable_sets m ==>
measure m s <= suminf (measure m o f)
[FN_MINUS_POS] Theorem
|- !g x. 0 <= fn_minus g x
[FN_MINUS_POS_ZERO] Theorem
|- (!x. 0 <= g x) ==> (fn_minus g = (\x. 0))
[FN_PLUS_POS] Theorem
|- !g x. 0 <= fn_plus g x
[FN_PLUS_POS_ID] Theorem
70
|- (!x. 0 <= g x) ==> (fn_plus g = g)
[IMAGE_SING] Theorem
|- !f x. IMAGE f {x} = {f x}
[INCREASING] Theorem
|- !m s t.
increasing m /\ s SUBSET t /\ s IN measurable_sets m /\
t IN measurable_sets m ==>
measure m s <= measure m t
[INDICATOR_FN_MUL_INTER] Theorem
|- !A B.
(\t. indicator_fn A t * indicator_fn B t) =
(\t. indicator_fn (A INTER B) t)
[IN_MEASURABLE] Theorem
|- !a b f.
f IN measurable a b <=>
!s. s IN subsets b ==> PREIMAGE f s INTER space a IN subsets a
[IN_MEASURABLE_BOREL] Theorem
|- !f a.
f IN measurable a Borel <=>
sigma_algebra a /\ f IN (space a -> univ(:extreal)) /\
!c. {x | f x < Normal c} INTER space a IN subsets a
[IN_MEASURABLE_BOREL_ABS] Theorem
|- !a f g.
sigma_algebra a /\ f IN measurable a Borel /\
(!x. x IN space a ==> (g x = abs (f x))) ==>
g IN measurable a Borel
[IN_MEASURABLE_BOREL_ADD] Theorem
|- !a f g h.
sigma_algebra a /\ f IN measurable a Borel /\ g IN measurable a Borel /\
(!x. x IN space a ==> f x <> NegInf /\ g x <> NegInf) /\
(!x. x IN space a ==> (h x = f x + g x)) ==>
71
h IN measurable a Borel
[IN_MEASURABLE_BOREL_ALL] Theorem
|- !f a.
f IN measurable a Borel ==>
(!c. {x | f x < Normal c} INTER space a IN subsets a) /\
(!c. {x | Normal c <= f x} INTER space a IN subsets a) /\
(!c. {x | f x <= Normal c} INTER space a IN subsets a) /\
(!c. {x | Normal c < f x} INTER space a IN subsets a) /\
(!c d.
{x | Normal c < f x /\ f x < Normal d} INTER space a IN subsets a) /\
(!c d.
{x | Normal c <= f x /\ f x < Normal d} INTER space a IN subsets a) /\
(!c d.
{x | Normal c < f x /\ f x <= Normal d} INTER space a IN subsets a) /\
(!c d.
{x | Normal c <= f x /\ f x <= Normal d} INTER space a IN subsets a) /\
!c. {x | f x = c} INTER space a IN subsets a
[IN_MEASURABLE_BOREL_ALT1] Theorem
|- !f a.
!c. {x | Normal c <= f x} INTER space a IN subsets a
|- !f a.
{x | f x = NegInf} INTER space a IN subsets a
|- !f a.
!c. {x | f x <= Normal c} INTER space a IN subsets a
|- !f a.
!c. {x | Normal c < f x} INTER space a IN subsets a
72
|- !f a.
(!x. f x <> NegInf) ==>
(f IN measurable a Borel <=>
!c d. {x | Normal c <= f x /\ f x < Normal d} INTER space a IN subsets a)
[IN_MEASURABLE_BOREL_ALT4_IMP] Theorem
|- !f a.
!c d. {x | Normal c <= f x /\ f x < Normal d} INTER space a IN subsets a
|- !f a.
(!x. f x <> NegInf) ==>
!c d. {x | Normal c < f x /\ f x <= Normal d} INTER space a IN subsets a)
|- !f a.
!c d. {x | Normal c < f x /\ f x <= Normal d} INTER space a IN subsets a
|- !f a.
(!x. f x <> NegInf) ==>
!c d.
{x | Normal c <= f x /\ f x <= Normal d} INTER space a IN subsets a)
|- !f a.
!c d. {x | Normal c <= f x /\ f x <= Normal d} INTER space a IN subsets a
73
|- !f a.
(!x. f x <> NegInf) ==>
!c d. {x | Normal c < f x /\ f x < Normal d} INTER space a IN subsets a)
|- !f a.
!c d. {x | Normal c < f x /\ f x < Normal d} INTER space a IN subsets a
|- !f a.
!c. {x | f x = c} INTER space a IN subsets a
|- !f a.
{x | f x = PosInf} INTER space a IN subsets a
[IN_MEASURABLE_BOREL_CMUL] Theorem
|- !a f g z.
(!x. x IN space a ==> (g x = Normal z * f x)) ==>
[IN_MEASURABLE_BOREL_CMUL_INDICATOR] Theorem
|- !a z s.
sigma_algebra a /\ s IN subsets a /\ 0 <= z ==>
(\x. Normal z * indicator_fn s x) IN measurable a Borel
[IN_MEASURABLE_BOREL_CONST] Theorem
|- !a k f.
sigma_algebra a /\ (!x. x IN space a ==> (f x = k)) ==>
f IN measurable a Borel
74
[IN_MEASURABLE_BOREL_FN_MINUS] Theorem
|- !a f. f IN measurable a Borel ==> fn_minus f IN measurable a Borel
[IN_MEASURABLE_BOREL_FN_PLUS] Theorem
|- !a f. f IN measurable a Borel ==> fn_plus f IN measurable a Borel
[IN_MEASURABLE_BOREL_INDICATOR] Theorem
|- !a A f.
sigma_algebra a /\ A IN subsets a /\
(!x. x IN space a ==> (f x = indicator_fn A x)) ==>
[IN_MEASURABLE_BOREL_LE] Theorem
|- !f g a.
f IN measurable a Borel /\ g IN measurable a Borel ==>
{x | f x <= g x} INTER space a IN subsets a
[IN_MEASURABLE_BOREL_LT] Theorem
|- !f g a.
f IN measurable a Borel /\ g IN measurable a Borel ==>
{x | f x < g x} INTER space a IN subsets a
[IN_MEASURABLE_BOREL_MAX] Theorem
|- !a f g.
sigma_algebra a /\ f IN measurable a Borel /\ g IN measurable a Borel ==>
(\x. max (f x) (g x)) IN measurable a Borel
[IN_MEASURABLE_BOREL_MONO_SUP] Theorem
|- !fn f a.
sigma_algebra a /\ (!n. fn n IN measurable a Borel) /\
(!n x. fn n x <= fn (SUC n) x) /\
(!x. x IN space a ==> (f x = sup (IMAGE (\n. fn n x) univ(:num)))) ==>
[IN_MEASURABLE_BOREL_MUL] Theorem
|- !a f g h.
(!x.
75
x IN space a ==>
f x <> NegInf /\ f x <> PosInf /\ g x <> NegInf /\ g x <> PosInf) /\
g IN measurable a Borel /\ (!x. x IN space a ==> (h x = f x * g x)) ==>
[IN_MEASURABLE_BOREL_MUL_INDICATOR] Theorem
|- !a f s.
sigma_algebra a /\ f IN measurable a Borel /\ s IN subsets a ==>
(\x. f x * indicator_fn s x) IN measurable a Borel
[IN_MEASURABLE_BOREL_POS_SIMPLE_FN] Theorem
|- !m f.
measure_space m /\ (?s a x. pos_simple_fn m f s a x) ==>
f IN measurable (m_space m,measurable_sets m) Borel
[IN_MEASURABLE_BOREL_POW] Theorem
|- !n a f.
(!x. x IN space a ==> f x <> NegInf /\ f x <> PosInf) ==>
(\x. f x pow n) IN measurable a Borel
[IN_MEASURABLE_BOREL_SQR] Theorem
|- !a f g.
(!x. x IN space a ==> (g x = f x pow 2)) ==>
[IN_MEASURABLE_BOREL_SUB] Theorem
|- !a f g h.
sigma_algebra a /\ f IN measurable a Borel /\ g IN measurable a Borel /\
(!x. x IN space a ==> f x <> NegInf /\ g x <> PosInf) /\
(!x. x IN space a ==> (h x = f x - g x)) ==>
[IN_MEASURABLE_BOREL_SUM] Theorem
|- !a f g s.
FINITE s /\ sigma_algebra a /\
(!i. i IN s ==> f i IN measurable a Borel) /\
(!i x. i IN s /\ x IN space a ==> f i x <> NegInf) /\
(!x. x IN space a ==> (g x = SIGMA (\i. f i x) s)) ==>
76
[IN_MEASURE_PRESERVING] Theorem
|- !m1 m2 f.
f IN measure_preserving m1 m2 <=>
f IN
measurable (m_space m1,measurable_sets m1)
(m_space m2,measurable_sets m2) /\
!s.
s IN measurable_sets m2 ==>
(measure m1 (PREIMAGE f s INTER m_space m1) = measure m2 s)
[IN_SIGMA] Theorem
|- !sp a x. x IN a ==> x IN subsets (sigma sp a)
[MEASUBABLE_BIGUNION_LEMMA] Theorem
|- !a b f.
(!s. s IN subsets b ==> PREIMAGE f s IN subsets a) ==>
!c.
countable c /\ c SUBSET IMAGE (PREIMAGE f) (subsets b) ==>
BIGUNION c IN IMAGE (PREIMAGE f) (subsets b)
[MEASURABLE_BIGUNION_PROPERTY] Theorem
|- !a b f.
!c.
c SUBSET subsets b ==>
(PREIMAGE f (BIGUNION c) = BIGUNION (IMAGE (PREIMAGE f) c))
[MEASURABLE_BOREL] Theorem
|- !f a.
!c. PREIMAGE f {x | x < Normal c} INTER space a IN subsets a
[MEASURABLE_COMP] Theorem
|- !f g a b c.
f IN measurable a b /\ g IN measurable b c ==> g o f IN measurable a c
[MEASURABLE_COMP_STRONG] Theorem
77
|- !f g a b c.
f IN measurable a b /\ sigma_algebra c /\ g IN (space b -> space c) /\
(!x.
x IN subsets c ==>
PREIMAGE g x INTER IMAGE f (space a) IN subsets b) ==>
g o f IN measurable a c
[MEASURABLE_COMP_STRONGER] Theorem
|- !f g a b c t.
f IN measurable a b /\ sigma_algebra c /\ g IN (space b -> space c) /\
IMAGE f (space a) SUBSET t /\
(!s. s IN subsets c ==> PREIMAGE g s INTER t IN subsets b) ==>
g o f IN measurable a c
[MEASURABLE_DIFF_PROPERTY] Theorem
|- !a b f.
!s.
s IN subsets b ==>
(PREIMAGE f (space b DIFF s) = space a DIFF PREIMAGE f s)
[MEASURABLE_I] Theorem
|- !a. sigma_algebra a ==> I IN measurable a a
[MEASURABLE_LIFT] Theorem
|- !f a b.
f IN measurable a b ==> f IN measurable a (sigma (space b) (subsets b))
[MEASURABLE_POW_TO_POW] Theorem
|- !m f.
measure_space m /\ (measurable_sets m = POW (m_space m)) ==>
f IN measurable (m_space m,measurable_sets m) (univ(:b),POW univ(:b))
[MEASURABLE_POW_TO_POW_IMAGE] Theorem
|- !m f.
measure_space m /\ (measurable_sets m = POW (m_space m)) ==>
f IN
measurable (m_space m,measurable_sets m)
(IMAGE f (m_space m),POW (IMAGE f (m_space m)))
78
[MEASURABLE_PROD_SIGMA] Theorem
|- !a a1 a2 f.
sigma_algebra a /\ FST o f IN measurable a a1 /\
SND o f IN measurable a a2 ==>
f IN
measurable a
(sigma (space a1 CROSS space a2) (prod_sets (subsets a1) (subsets a2)))
[MEASURABLE_RANGE_REDUCE] Theorem
|- !m f s.
measure_space m /\
f IN measurable (m_space m,measurable_sets m) (s,POW s) /\ s <> {} ==>
f IN
measurable (m_space m,measurable_sets m)
(s INTER IMAGE f (m_space m),POW (s INTER IMAGE f (m_space m)))
[MEASURABLE_SETS_SUBSET_SPACE] Theorem
|- !m s. measure_space m /\ s IN measurable_sets m ==> s SUBSET m_space m
[MEASURABLE_SIGMA] Theorem
|- !f a b sp.
sigma_algebra a /\ subset_class sp b /\ f IN (space a -> sp) /\
(!s. s IN b ==> PREIMAGE f s INTER space a IN subsets a) ==>
f IN measurable a (sigma sp b)
[MEASURABLE_SIGMA_PREIMAGES] Theorem
|- !a b f.
sigma_algebra (space a,IMAGE (PREIMAGE f) (subsets b))
[MEASURABLE_SUBSET] Theorem
|- !a b. measurable a b SUBSET measurable a (sigma (space b) (subsets b))
[MEASURABLE_UP_LIFT] Theorem
|- !sp a b c f.
f IN measurable (sp,a) c /\ sigma_algebra (sp,b) /\ a SUBSET b ==>
f IN measurable (sp,b) c
79
[MEASURABLE_UP_SIGMA] Theorem
|- !a b. measurable a b SUBSET measurable (sigma (space a) (subsets a)) b
[MEASURABLE_UP_SUBSET] Theorem
|- !sp a b c.
a SUBSET b /\ sigma_algebra (sp,b) ==>
measurable (sp,a) c SUBSET measurable (sp,b) c
[MEASURE_ADDITIVE] Theorem
|- !m s t u.
measure_space m /\ s IN measurable_sets m /\ t IN measurable_sets m /\
DISJOINT s t /\ (u = s UNION t) ==>
(measure m u = measure m s + measure m t)
[MEASURE_COUNTABLE_INCREASING] Theorem
|- !m s f.
measure_space m /\ f IN (univ(:num) -> measurable_sets m) /\ (f 0 = {}) /\
(!n. f n SUBSET f (SUC n)) /\ (s = BIGUNION (IMAGE f univ(:num))) ==>
(sup (IMAGE (measure m o f) univ(:num)) = measure m s)
[MEASURE_COUNTABLY_ADDITIVE] Theorem
|- !m s f.
measure_space m /\ f IN (univ(:num) -> measurable_sets m) /\
(s = BIGUNION (IMAGE f univ(:num))) ==>
(suminf (measure m o f) = measure m s)
[MEASURE_DOWN] Theorem
|- !m0 m1.
sigma_algebra (m_space m0,measurable_sets m0) /\
measurable_sets m0 SUBSET measurable_sets m1 /\
(measure m0 = measure m1) /\ measure_space m1 ==>
measure_space m0
[MEASURE_EMPTY] Theorem
|- !m. measure_space m ==> (measure m {} = 0)
[MEASURE_EXTREAL_SUM_IMAGE] Theorem
|- !m s.
80
measure_space m /\ s IN measurable_sets m /\
(!x. x IN s ==> {x} IN measurable_sets m) /\ FINITE s ==>
(measure m s = SIGMA (\x. measure m {x}) s)
[MEASURE_PRESERVING_UP_LIFT] Theorem
|- !m1 m2 f.
f IN measure_preserving (m_space m1,a,measure m1) m2 /\
sigma_algebra (m_space m1,measurable_sets m1) /\
a SUBSET measurable_sets m1 ==>
f IN measure_preserving m1 m2
[MEASURE_PRESERVING_UP_SIGMA] Theorem
|- !m1 m2 a.
(measurable_sets m1 = subsets (sigma (m_space m1) a)) ==>
measure_preserving (m_space m1,a,measure m1) m2 SUBSET
measure_preserving m1 m2
[MEASURE_PRESERVING_UP_SUBSET] Theorem
|- !m1 m2.
a SUBSET measurable_sets m1 /\
sigma_algebra (m_space m1,measurable_sets m1) ==>
measure_preserving (m_space m1,a,measure m1) m2 SUBSET
measure_preserving m1 m2
[MEASURE_SPACE_ADDITIVE] Theorem
|- !m. measure_space m ==> additive m
[MEASURE_SPACE_BIGINTER] Theorem
|- !m s.
measure_space m /\ (!n. s n IN measurable_sets m) ==>
BIGINTER (IMAGE s univ(:num)) IN measurable_sets m
[MEASURE_SPACE_BIGUNION] Theorem
|- !m s.
measure_space m /\ (!n. s n IN measurable_sets m) ==>
BIGUNION (IMAGE s univ(:num)) IN measurable_sets m
[MEASURE_SPACE_CMUL] Theorem
|- !m c.
measure_space m /\ 0 <= c ==>
81
measure_space (m_space m,measurable_sets m,(\a. Normal c * measure m a))
[MEASURE_SPACE_DIFF] Theorem
|- !m s t.
measure_space m /\ s IN measurable_sets m /\ t IN measurable_sets m ==>
s DIFF t IN measurable_sets m
[MEASURE_SPACE_EMPTY_MEASURABLE] Theorem
|- !m. measure_space m ==> {} IN measurable_sets m
[MEASURE_SPACE_FINITE_DIFF] Theorem
|- !m s.
measure_space m /\ s IN measurable_sets m /\ measure m s <> PosInf ==>
(measure m (m_space m DIFF s) = measure m (m_space m) - measure m s)
[MEASURE_SPACE_FINITE_DIFF_SUBSET] Theorem
|- !m s t.
measure_space m /\ s IN measurable_sets m /\ t IN measurable_sets m /\
t SUBSET s /\ measure m s <> PosInf ==>
(measure m (s DIFF t) = measure m s - measure m t)
[MEASURE_SPACE_FINITE_MEASURE] Theorem
|- !m s.
measure_space m /\ s IN measurable_sets m /\
measure m (m_space m) <> PosInf ==>
measure m s <> PosInf
[MEASURE_SPACE_INCREASING] Theorem
|- !m. measure_space m ==> increasing m
[MEASURE_SPACE_INTER] Theorem
|- !m s t.
s INTER t IN measurable_sets m
[MEASURE_SPACE_IN_MSPACE] Theorem
|- !m A.
measure_space m /\ A IN measurable_sets m ==>
!x. x IN A ==> x IN m_space m
82
[MEASURE_SPACE_MSPACE_MEASURABLE] Theorem
|- !m. measure_space m ==> m_space m IN measurable_sets m
[MEASURE_SPACE_POSITIVE] Theorem
|- !m. measure_space m ==> positive m
[MEASURE_SPACE_REDUCE] Theorem
|- !m. (m_space m,measurable_sets m,measure m) = m
[MEASURE_SPACE_RESTRICTED] Theorem
|- !m s.
measure_space m /\ s IN measurable_sets m ==>
measure_space (s,IMAGE (\t. s INTER t) (measurable_sets m),measure m)
[MEASURE_SPACE_SUBSET] Theorem
|- !s s m.
s SUBSET s /\ measure_space (s,POW s,m) ==> measure_space (s,POW s,m)
[MEASURE_SPACE_SUBSET_MSPACE] Theorem
|- !A m. measure_space m /\ A IN measurable_sets m ==> A SUBSET m_space m
[MEASURE_SPACE_UNION] Theorem
|- !m s t.
s UNION t IN measurable_sets m
[MONOTONE_CONVERGENCE] Theorem
|- !m s f.
(!n. f n SUBSET f (SUC n)) /\ (s = BIGUNION (IMAGE f univ(:num))) ==>
(sup (IMAGE (measure m o f) univ(:num)) = measure m s)
[MONOTONE_CONVERGENCE2] Theorem
|- !m f.
(!n. f n SUBSET f (SUC n)) ==>
(sup (IMAGE (measure m o f) univ(:num)) =
83
measure m (BIGUNION (IMAGE f univ(:num))))
[MONOTONE_CONVERGENCE_BIGINTER] Theorem
|- !m s f.
(!n. measure m (f n) <> PosInf) /\ (!n. f (SUC n) SUBSET f n) /\
(s = BIGINTER (IMAGE f univ(:num))) ==>
(inf (IMAGE (measure m o f) univ(:num)) = measure m s)
[MONOTONE_CONVERGENCE_BIGINTER2] Theorem
|- !m f.
(!n. measure m (f n) <> PosInf) /\ (!n. f (SUC n) SUBSET f n) ==>
(inf (IMAGE (measure m o f) univ(:num)) =
measure m (BIGINTER (IMAGE f univ(:num))))
[OUTER_MEASURE_SPACE_POSITIVE] Theorem
|- !m. outer_measure_space m ==> positive m
[POW_ALGEBRA] Theorem
|- algebra (sp,POW sp)
[POW_SIGMA_ALGEBRA] Theorem
|- sigma_algebra (sp,POW sp)
[SIGMA_ALGEBRA] Theorem
|- !p.
sigma_algebra p <=>
subset_class (space p) (subsets p) /\ {} IN subsets p /\
(!s. s IN subsets p ==> space p DIFF s IN subsets p) /\
!c. countable c /\ c SUBSET subsets p ==> BIGUNION c IN subsets p
[SIGMA_ALGEBRA_ALGEBRA] Theorem
|- !a. sigma_algebra a ==> algebra a
[SIGMA_ALGEBRA_ALT] Theorem
|- !a.
sigma_algebra a <=>
algebra a /\
84
!f.
f IN (univ(:num) -> subsets a) ==>
BIGUNION (IMAGE f univ(:num)) IN subsets a
[SIGMA_ALGEBRA_ALT_DISJOINT] Theorem
|- !a.
sigma_algebra a <=>
algebra a /\
!f.
f IN (univ(:num) -> subsets a) /\
[SIGMA_ALGEBRA_ALT_MONO] Theorem
|- !a.
sigma_algebra a <=>
algebra a /\
!f.
f IN (univ(:num) -> subsets a) /\ (f 0 = {}) /\
[SIGMA_ALGEBRA_BOREL] Theorem
|- sigma_algebra Borel
[SIGMA_ALGEBRA_COUNTABLE_UNION] Theorem
|- !a c.
sigma_algebra a /\ countable c /\ c SUBSET subsets a ==>
BIGUNION c IN subsets a
[SIGMA_ALGEBRA_ENUM] Theorem
|- !a f.
sigma_algebra a /\ f IN (univ(:num) -> subsets a) ==>
[SIGMA_ALGEBRA_FN] Theorem
|- !a.
sigma_algebra a <=>
!f.
85
[SIGMA_ALGEBRA_FN_BIGINTER] Theorem
|- !a.
sigma_algebra a ==>
!f.
BIGINTER (IMAGE f univ(:num)) IN subsets a
[SIGMA_ALGEBRA_FN_DISJOINT] Theorem
|- !a.
sigma_algebra a <=>
(!s t. s IN subsets a /\ t IN subsets a ==> s UNION t IN subsets a) /\
!f.
f IN (univ(:num) -> subsets a) /\
[SIGMA_ALGEBRA_SIGMA] Theorem
|- !sp sts. subset_class sp sts ==> sigma_algebra (sigma sp sts)
[SIGMA_POW] Theorem
|- !s. sigma s (POW s) = (s,POW s)
[SIGMA_PROPERTY] Theorem
|- !sp p a.
subset_class sp p /\ {} IN p /\ a SUBSET p /\
(!s. s IN p INTER subsets (sigma sp a) ==> sp DIFF s IN p) /\
(!c.
countable c /\ c SUBSET p INTER subsets (sigma sp a) ==>
BIGUNION c IN p) ==>
subsets (sigma sp a) SUBSET p
[SIGMA_PROPERTY_ALT] Theorem
|- !sp p a.
86
(!f.
f IN (univ(:num) -> p INTER subsets (sigma sp a)) ==>
BIGUNION (IMAGE f univ(:num)) IN p) ==>
[SIGMA_PROPERTY_DISJOINT_WEAK] Theorem
|- !sp p a.
(!s t. s IN p /\ t IN p ==> s UNION t IN p) /\
(!f.
f IN (univ(:num) -> p INTER subsets (sigma sp a)) /\
BIGUNION (IMAGE f univ(:num)) IN p) ==>
[SIGMA_REDUCE] Theorem
|- !sp a. (sp,subsets (sigma sp a)) = sigma sp a
[SIGMA_SUBSET] Theorem
|- !a b.
sigma_algebra b /\ a SUBSET subsets b ==>
subsets (sigma (space b) a) SUBSET subsets b
[SIGMA_SUBSET_MEASURABLE_SETS] Theorem
|- !a m.
measure_space m /\ a SUBSET measurable_sets m ==>
subsets (sigma (m_space m) a) SUBSET measurable_sets m
[SIGMA_SUBSET_SUBSETS] Theorem
|- !sp a. a SUBSET subsets (sigma sp a)
[SPACE] Theorem
|- !a. (space a,subsets a) = a
[SPACE_BOREL] Theorem
|- space Borel = univ(:extreal)
[SPACE_SIGMA] Theorem
87
|- !sp a. space (sigma sp a) = sp
[STRONG_MEASURE_SPACE_SUBSET] Theorem
|- !s s.
s SUBSET m_space s /\ measure_space s /\
POW s SUBSET measurable_sets s ==>
measure_space (s,POW s,measure s)
[SUBADDITIVE] Theorem
|- !m s t u.
subadditive m /\ s IN measurable_sets m /\ t IN measurable_sets m /\
(u = s UNION t) ==>
measure m u <= measure m s + measure m t
[SUBSET_BIGINTER] Theorem
|- !X P. X SUBSET BIGINTER P <=> !Y. Y IN P ==> X SUBSET Y
[UNIV_SIGMA_ALGEBRA] Theorem
|- sigma_algebra (univ(:a),univ(:a -> bool))
[finite_additivity_sufficient_for_finite_spaces] Theorem
|- !s m.
sigma_algebra s /\ FINITE (space s) /\ positive (space s,subsets s,m) /\
additive (space s,subsets s,m) ==>
measure_space (space s,subsets s,m)
[finite_additivity_sufficient_for_finite_spaces2] Theorem
|- !m.
sigma_algebra (m_space m,measurable_sets m) /\ FINITE (m_space m) /\
positive m /\ additive m ==>
measure_space m
[indicator_fn_split] Theorem
|- !r s b.
FINITE r /\ (BIGUNION (IMAGE b r) = s) /\
(!i j. i IN r /\ j IN r /\ i <> j ==> DISJOINT (b i) (b j)) ==>
!a.
a SUBSET s ==>
(indicator_fn a = (\x. SIGMA (\i. indicator_fn (a INTER b i) x) r))
88
[indicator_fn_suminf] Theorem
|- !a x.
(!m n. m <> n ==> DISJOINT (a m) (a n)) ==>
(suminf (\i. indicator_fn (a i) x) =
indicator_fn (BIGUNION (IMAGE a univ(:num))) x)
[measure_split] Theorem
|- !r b m.
measure_space m /\ FINITE r /\ (BIGUNION (IMAGE b r) = m_space m) /\
(!i j. i IN r /\ j IN r /\ i <> j ==> DISJOINT (b i) (b j)) /\
(!i. i IN r ==> b i IN measurable_sets m) ==>
!a.
a IN measurable_sets m ==>
(measure m a = SIGMA (\i. measure m (a INTER b i)) r)
[positive_not_infty] Theorem
|- !m. positive m ==> !s. s IN measurable_sets m ==> measure m s <> NegInf
*)
end
signature lebesgueTheory =
sig
type thm = Thm.thm
(* Definitions *)
val RADON_F_def : thm
val RADON_F_integrals_def : thm
val finite_space_integral_def : thm
val fn_seq_def : thm
val fn_seq_integral_def : thm
val integrable_def : thm
val integral_def : thm
val max_fn_seq_def : thm
val measure_absolutely_continuous_def : thm
val negative_set_def : thm
val pos_fn_integral_def : thm
89
val pos_simple_fn_integral_def : thm
val psfis_def : thm
val psfs_def : thm
val seq_sup_def : thm
val signed_measure_space_def : thm
(* Theorems *)
val EXTREAL_SUP_FUN_SEQ_IMAGE : thm
val EXTREAL_SUP_FUN_SEQ_MONO_IMAGE : thm
val EXTREAL_SUP_SEQ : thm
val IN_psfis : thm
val IN_psfis_eq : thm
val RN_lemma1 : thm
val RN_lemma2 : thm
val Radon_Nikodym : thm
val integrable_bounded : thm
val integrable_fn_minus : thm
val integrable_fn_plus : thm
val integrable_infty : thm
val integrable_infty_null : thm
val integrable_not_infty : thm
val integrable_not_infty_alt : thm
val integrable_not_infty_alt2 : thm
val integrable_pos : thm
val integral_indicator : thm
val integral_pos_fn : thm
val integral_sequence : thm
val lebesgue_monotone_convergence : thm
val lebesgue_monotone_convergence_subset : thm
val lemma_fn_1 : thm
val lemma_fn_in_psfis : thm
val lemma_fn_mono_increasing : thm
val lemma_fn_sup : thm
val lemma_fn_upper_bounded : thm
val lemma_radon_max_in_F : thm
val lemma_radon_seq_conv_sup : thm
val max_fn_seq_mono : thm
val measurable_sequence : thm
val pos_fn_integral_add : thm
val pos_fn_integral_cmul : thm
val pos_fn_integral_cmul_indicator : thm
val pos_fn_integral_cmul_infty : thm
val pos_fn_integral_disjoint_sets : thm
90
val pos_fn_integral_disjoint_sets_sum : thm
val pos_fn_integral_indicator : thm
val pos_fn_integral_mono : thm
val pos_fn_integral_mono_mspace : thm
val pos_fn_integral_mspace : thm
val pos_fn_integral_pos : thm
val pos_fn_integral_pos_simple_fn : thm
val pos_fn_integral_split : thm
val pos_fn_integral_sum : thm
val pos_fn_integral_sum_cmul_indicator : thm
val pos_fn_integral_suminf : thm
val pos_fn_integral_zero : thm
val pos_mono_conv_mono_borel : thm
val pos_simple_fn_add : thm
val pos_simple_fn_add_alt : thm
val pos_simple_fn_cmul : thm
val pos_simple_fn_cmul_alt : thm
val pos_simple_fn_indicator : thm
val pos_simple_fn_indicator_alt : thm
val pos_simple_fn_integral_add : thm
val pos_simple_fn_integral_add_alt : thm
val pos_simple_fn_integral_cmul : thm
val pos_simple_fn_integral_cmul_alt : thm
val pos_simple_fn_integral_indicator : thm
val pos_simple_fn_integral_mono : thm
val pos_simple_fn_integral_not_infty : thm
val pos_simple_fn_integral_present : thm
val pos_simple_fn_integral_sub : thm
val pos_simple_fn_integral_sum : thm
val pos_simple_fn_integral_sum_alt : thm
val pos_simple_fn_integral_unique : thm
val pos_simple_fn_integral_zero : thm
val pos_simple_fn_integral_zero_alt : thm
val pos_simple_fn_le : thm
val pos_simple_fn_max : thm
val pos_simple_fn_not_infty : thm
val pos_simple_fn_thm1 : thm
val psfis_add : thm
val psfis_cmul : thm
val psfis_indicator : thm
val psfis_intro : thm
val psfis_mono : thm
val psfis_not_infty : thm
val psfis_pos : thm
val psfis_present : thm
val psfis_sub : thm
val psfis_sum : thm
91
val psfis_unique : thm
val psfis_zero : thm
val lebesgue_grammars : type_grammar.grammar * term_grammar.grammar
(*
[measure] Parent theory of "lebesgue"
[string] Parent theory of "lebesgue"
[RADON_F_def] Definition
|- !m v.
RADON_F m v =
{f |
f IN measurable (m_space m,measurable_sets m) Borel /\ (!x. 0 <= f x) /\
!A.
A IN measurable_sets m ==>
pos_fn_integral m (\x. f x * indicator_fn A x) <= measure v A}
[RADON_F_integrals_def] Definition
|- !m v.
RADON_F_integrals m v =
{r | ?f. (r = pos_fn_integral m f) /\ f IN RADON_F m v}
[finite_space_integral_def] Definition
|- !m f.
finite_space_integral m f =
SIGMA (\r. r * measure m (PREIMAGE f {r} INTER m_space m))
(IMAGE f (m_space m))
[fn_seq_def] Definition
|- !m f.
fn_seq m f =
(\n x.
SIGMA
(\k.
&k / 2 pow n *
indicator_fn
{x |
x IN m_space m /\ &k / 2 pow n <= f x /\
f x < (&k + 1) / 2 pow n} x) (count (4 ** n)) +
2 pow n * indicator_fn {x | x IN m_space m /\ 2 pow n <= f x} x)
[fn_seq_integral_def] Definition
92
|- !m f.
fn_seq_integral m f =
(\n.
SIGMA
(\k.
&k / 2 pow n *
measure m
{x |
x IN m_space m /\ &k / 2 pow n <= f x /\
f x < (&k + 1) / 2 pow n}) (count (4 ** n)) +
2 pow n * measure m {x | x IN m_space m /\ 2 pow n <= f x})
[integrable_def] Definition
|- !m f.
integrable m f <=>
f IN measurable (m_space m,measurable_sets m) Borel /\
pos_fn_integral m (\x. if 0 < f x then f x else 0) <> PosInf /\
pos_fn_integral m (\x. if f x < 0 then -f x else 0) <> PosInf
[integral_def] Definition
|- !m f.
integral m f =
pos_fn_integral m (\x. if 0 < f x then f x else 0) -
pos_fn_integral m (\x. if f x < 0 then -f x else 0)
[max_fn_seq_def] Definition
|- (!g x. max_fn_seq g 0 x = g 0 x) /\
!g n x. max_fn_seq g (SUC n) x = max (max_fn_seq g n x) (g (SUC n) x)
[measure_absolutely_continuous_def] Definition
|- !m v.
measure_absolutely_continuous m v <=>
!A. A IN measurable_sets m /\ (measure v A = 0) ==> (measure m A = 0)
[negative_set_def] Definition
|- !m A.
negative_set m A <=>
A IN measurable_sets m /\
!s. s IN measurable_sets m /\ s SUBSET A ==> measure m s <= 0
[pos_fn_integral_def] Definition
93
|- !m f. pos_fn_integral m f = sup {r | ?g. r IN psfis m g /\ !x. g x <= f x}
[pos_simple_fn_integral_def] Definition
|- !m s a x.
pos_simple_fn_integral m s a x =
SIGMA (\i. Normal (x i) * measure m (a i)) s
[psfis_def] Definition
|- !m f.
psfis m f = IMAGE (\(s,a,x). pos_simple_fn_integral m s a x) (psfs m f)
[psfs_def] Definition
|- !m f. psfs m f = {(s,a,x) | pos_simple_fn m f s a x}
[seq_sup_def] Definition
|- (!P. seq_sup P 0 = @r. r IN P /\ sup P < r + 1) /\
!P n.
seq_sup P (SUC n) =
@r.
r IN P /\ sup P < r + Normal ((1 / 2) pow SUC n) /\ seq_sup P n < r /\
r < sup P
[signed_measure_space_def] Definition
|- !m.
signed_measure_space m <=>
sigma_algebra (m_space m,measurable_sets m) /\ countably_additive m
[EXTREAL_SUP_FUN_SEQ_IMAGE] Theorem
|- !P P f.
(?x. P x) /\ (?z. z <> PosInf /\ !x. P x ==> x <= z) /\
(P = IMAGE f P) ==>
?g. (!n. g n IN P) /\ (sup (IMAGE (\n. f (g n)) univ(:num)) = sup P)
[EXTREAL_SUP_FUN_SEQ_MONO_IMAGE] Theorem
|- !P P.
(?x. P x) /\ (?z. z <> PosInf /\ !x. P x ==> x <= z) /\
(P = IMAGE f P) /\
(!g1 g2. g1 IN P /\ g2 IN P /\ (!x. g1 x <= g2 x) ==> f g1 <= f g2) /\
(!g1 g2. g1 IN P /\ g2 IN P ==> (\x. max (g1 x) (g2 x)) IN P) ==>
94
?g.
(!n. g n IN P) /\ (!x n. g n x <= g (SUC n) x) /\
(sup (IMAGE (\n. f (g n)) univ(:num)) = sup P)
[EXTREAL_SUP_SEQ] Theorem
|- !P.
(?x. P x) /\ (?z. z <> PosInf /\ !x. P x ==> x <= z) ==>
?x.
(!n. x n IN P) /\ (!n. x n <= x (SUC n)) /\
(sup (IMAGE x univ(:num)) = sup P)
[IN_psfis] Theorem
|- !m r f.
r IN psfis m f ==>
?s a x. pos_simple_fn m f s a x /\ (r = pos_simple_fn_integral m s a x)
[IN_psfis_eq] Theorem
|- !m r f.
r IN psfis m f <=>
?s a x. pos_simple_fn m f s a x /\ (r = pos_simple_fn_integral m s a x)
[RN_lemma1] Theorem
|- !m v e.
measure_space m /\ measure_space v /\ 0 < e /\ (m_space v = m_space m) /\
(measurable_sets v = measurable_sets m) /\
measure v (m_space m) <> PosInf /\ measure m (m_space m) <> PosInf ==>
?A.
measure m (m_space m) - measure v (m_space m) <=
measure m A - measure v A /\
!B.
B IN measurable_sets m /\ B SUBSET A ==>
-e < measure m B - measure v B
[RN_lemma2] Theorem
|- !m v.
measure_space m /\ measure_space v /\ (m_space v = m_space m) /\
measure v (m_space m) <> PosInf /\ measure m (m_space m) <> PosInf ==>
?A.
measure m (m_space m) - measure v (m_space m) <=
95
measure m A - measure v A /\
!B.
B IN measurable_sets m /\ B SUBSET A ==>
0 <= measure m B - measure v B
[Radon_Nikodym] Theorem
|- !m v.
measure v (m_space v) <> PosInf /\ measure m (m_space m) <> PosInf /\
measure_absolutely_continuous v m ==>
?f.
f IN measurable (m_space m,measurable_sets m) Borel /\ (!x. 0 <= f x) /\
!A.
A IN measurable_sets m ==>
(pos_fn_integral m (\x. f x * indicator_fn A x) = measure v A)
[integrable_bounded] Theorem
|- !m f g.
measure_space m /\ integrable m f /\
g IN measurable (m_space m,measurable_sets m) Borel /\
(!x. abs (g x) <= f x) ==>
integrable m g
[integrable_fn_minus] Theorem
|- !m f. measure_space m /\ integrable m f ==> integrable m (fn_minus f)
[integrable_fn_plus] Theorem
|- !m f. measure_space m /\ integrable m f ==> integrable m (fn_plus f)
[integrable_infty] Theorem
|- !m f s.
measure_space m /\ integrable m f /\ s IN measurable_sets m /\
(!x. x IN s ==> (f x = PosInf)) ==>
(measure m s = 0)
[integrable_infty_null] Theorem
|- !m f.
measure_space m /\ integrable m f ==>
null_set m {x | x IN m_space m /\ (f x = PosInf)}
96
[integrable_not_infty] Theorem
|- !m f.
measure_space m /\ integrable m f /\ (!x. 0 <= f x) ==>
?g.
integrable m g /\ (!x. 0 <= g x) /\
(!x. x IN m_space m ==> g x <> PosInf) /\ (integral m f = integral m g)
[integrable_not_infty_alt] Theorem
|- !m f.
integrable m (\x. if f x = PosInf then 0 else f x) /\
(integral m f = integral m (\x. if f x = PosInf then 0 else f x))
[integrable_not_infty_alt2] Theorem
|- !m f.
integrable m (\x. if f x = PosInf then 0 else f x) /\
(pos_fn_integral m f =
pos_fn_integral m (\x. if f x = PosInf then 0 else f x))
[integrable_pos] Theorem
|- !m f.
measure_space m /\ (!x. 0 <= f x) ==>
(integrable m f <=>
pos_fn_integral m f <> PosInf)
[integral_indicator] Theorem
|- !m s.
(integral m (indicator_fn s) = measure m s)
[integral_pos_fn] Theorem
|- !m f.
measure_space m /\ (!x. 0 <= f x) ==> (integral m f = pos_fn_integral m f)
[integral_sequence] Theorem
|- !m f.
(!x. 0 <= f x) /\ measure_space m /\
f IN measurable (m_space m,measurable_sets m) Borel ==>
97
sup (IMAGE (\i. pos_fn_integral m (fn_seq m f i)) univ(:num)))
[lebesgue_monotone_convergence] Theorem
|- !m f fi.
measure_space m /\
(!i. fi i IN measurable (m_space m,measurable_sets m) Borel) /\
(!i x. 0 <= fi i x) /\ (!x. 0 <= f x) /\
(!x. mono_increasing (\i. fi i x)) /\
(!x. x IN m_space m ==> (sup (IMAGE (\i. fi i x) univ(:num)) = f x)) ==>
sup (IMAGE (\i. pos_fn_integral m (fi i)) univ(:num)))
[lebesgue_monotone_convergence_subset] Theorem
|- !m f fi A.
measure_space m /\
(!i x. 0 <= fi i x) /\ (!x. 0 <= f x) /\
(!x. x IN m_space m ==> (sup (IMAGE (\i. fi i x) univ(:num)) = f x)) /\
(!x. mono_increasing (\i. fi i x)) /\ A IN measurable_sets m ==>
(pos_fn_integral m (\x. f x * indicator_fn A x) =
sup
(IMAGE (\i. pos_fn_integral m (\x. fi i x * indicator_fn A x))
univ(:num)))
[lemma_fn_1] Theorem
|- !m f n x k.
x IN m_space m /\ k IN count (4 ** n) /\ &k / 2 pow n <= f x /\
f x < (&k + 1) / 2 pow n ==>
(fn_seq m f n x = &k / 2 pow n)
|- !m f n x. x IN m_space m /\ 2 pow n <= f x ==> (fn_seq m f n x = 2 pow n)
|- !m f n x.
x IN m_space m /\ 0 <= f x ==>
2 pow n <= f x \/
?k. k IN count (4 ** n) /\ &k / 2 pow n <= f x /\ f x < (&k + 1) / 2 pow n
98
|- !m f n x. x NOTIN m_space m ==> (fn_seq m f n x = 0)
|- !m f n x. 0 <= f x ==> 0 <= fn_seq m f n x
[lemma_fn_in_psfis] Theorem
|- !m f n.
(!x. 0 <= f x) /\ measure_space m /\
fn_seq_integral m f n IN psfis m (fn_seq m f n)
[lemma_fn_mono_increasing] Theorem
|- !m f x. 0 <= f x ==> mono_increasing (\n. fn_seq m f n x)
[lemma_fn_sup] Theorem
|- !m f x.
x IN m_space m /\ 0 <= f x ==>
(sup (IMAGE (\n. fn_seq m f n x) univ(:num)) = f x)
[lemma_fn_upper_bounded] Theorem
|- !m f n x. 0 <= f x ==> fn_seq m f n x <= f x
[lemma_radon_max_in_F] Theorem
|- !f g m v.
(measurable_sets v = measurable_sets m) /\ f IN RADON_F m v /\
g IN RADON_F m v ==>
(\x. max (f x) (g x)) IN RADON_F m v
[lemma_radon_seq_conv_sup] Theorem
|- !f m v.
(measure_space m /\ measure_space v /\ (m_space v = m_space m) /\
(measurable_sets v = measurable_sets m)) /\
measure v (m_space v) <> PosInf ==>
?f_n.
(!n. f_n n IN RADON_F m v) /\ (!x n. f_n n x <= f_n (SUC n) x) /\
(sup (IMAGE (\n. pos_fn_integral m (f_n n)) univ(:num)) =
sup (RADON_F_integrals m v))
[max_fn_seq_mono] Theorem
99
|- !g n x. max_fn_seq g n x <= max_fn_seq g (SUC n) x
[measurable_sequence] Theorem
|- !m f.
measure_space m /\ f IN measurable (m_space m,measurable_sets m) Borel ==>
(?fi ri.
(!x.
x IN m_space m ==>
(sup (IMAGE (\i. fi i x) univ(:num)) = fn_plus f x)) /\
(!i. ri i IN psfis m (fi i)) /\ (!i x. fi i x <= fn_plus f x) /\
(!i x. 0 <= fi i x) /\
(pos_fn_integral m (fn_plus f) =
sup (IMAGE (\i. pos_fn_integral m (fi i)) univ(:num)))) /\
?gi vi.
(!x. mono_increasing (\i. gi i x)) /\
(!x.
x IN m_space m ==>
(sup (IMAGE (\i. gi i x) univ(:num)) = fn_minus f x)) /\
(!i. vi i IN psfis m (gi i)) /\ (!i x. gi i x <= fn_minus f x) /\
(!i x. 0 <= gi i x) /\
(pos_fn_integral m (fn_minus f) =
sup (IMAGE (\i. pos_fn_integral m (gi i)) univ(:num)))
[pos_fn_integral_add] Theorem
|- !m f g.
measure_space m /\ (!x. 0 <= f x /\ 0 <= g x) /\
g IN measurable (m_space m,measurable_sets m) Borel ==>
(pos_fn_integral m (\x. f x + g x) =
pos_fn_integral m f + pos_fn_integral m g)
[pos_fn_integral_cmul] Theorem
|- !f c.
measure_space m /\ (!x. x IN m_space m ==> 0 <= f x) /\ 0 <= c ==>
(pos_fn_integral m (\x. Normal c * f x) = Normal c * pos_fn_integral m f)
[pos_fn_integral_cmul_indicator] Theorem
|- !m s c.
measure_space m /\ s IN measurable_sets m /\ 0 <= c ==>
(pos_fn_integral m (\x. Normal c * indicator_fn s x) =
Normal c * measure m s)
100
[pos_fn_integral_cmul_infty] Theorem
|- !m s.
(pos_fn_integral m (\x. PosInf * indicator_fn s x) = PosInf * measure m s)
[pos_fn_integral_disjoint_sets] Theorem
|- !m f s t.
measure_space m /\ DISJOINT s t /\ s IN measurable_sets m /\
t IN measurable_sets m /\
f IN measurable (m_space m,measurable_sets m) Borel /\ (!x. 0 <= f x) ==>
(pos_fn_integral m (\x. f x * indicator_fn (s UNION t) x) =
pos_fn_integral m (\x. f x * indicator_fn s x) +
pos_fn_integral m (\x. f x * indicator_fn t x))
[pos_fn_integral_disjoint_sets_sum] Theorem
|- !m f s a.
FINITE s /\ measure_space m /\
(!i. i IN s ==> a i IN measurable_sets m) /\ (!x. 0 <= f x) /\
(!i j. i IN s /\ j IN s /\ i <> j ==> DISJOINT (a i) (a j)) /\
(pos_fn_integral m (\x. f x * indicator_fn (BIGUNION (IMAGE a s)) x) =
SIGMA (\i. pos_fn_integral m (\x. f x * indicator_fn (a i) x)) s)
[pos_fn_integral_indicator] Theorem
|- !m s.
(pos_fn_integral m (indicator_fn s) = measure m s)
[pos_fn_integral_mono] Theorem
|- !f g.
(!x. 0 <= f x /\ f x <= g x) ==>
pos_fn_integral m f <= pos_fn_integral m g
[pos_fn_integral_mono_mspace] Theorem
|- !m f g.
measure_space m /\ (!x. x IN m_space m ==> g x <= f x) /\
(!x. 0 <= f x) /\ (!x. 0 <= g x) ==>
pos_fn_integral m g <= pos_fn_integral m f
[pos_fn_integral_mspace] Theorem
101
|- !m f.
measure_space m /\ (!x. 0 <= f x) ==>
pos_fn_integral m (\x. f x * indicator_fn (m_space m) x))
[pos_fn_integral_pos] Theorem
|- !m f. measure_space m /\ (!x. 0 <= f x) ==> 0 <= pos_fn_integral m f
[pos_fn_integral_pos_simple_fn] Theorem
|- !m f s a x.
measure_space m /\ pos_simple_fn m f s a x ==>
(pos_fn_integral m f = pos_simple_fn_integral m s a x)
[pos_fn_integral_split] Theorem
|- !m f s.
measure_space m /\ s IN measurable_sets m /\ (!x. 0 <= f x) /\
pos_fn_integral m (\x. f x * indicator_fn s x) +
pos_fn_integral m (\x. f x * indicator_fn (m_space m DIFF s) x))
[pos_fn_integral_sum] Theorem
|- !m f s.
FINITE s /\ measure_space m /\ (!i. i IN s ==> !x. 0 <= f i x) /\
(!i. i IN s ==> f i IN measurable (m_space m,measurable_sets m) Borel) ==>
(pos_fn_integral m (\x. SIGMA (\i. f i x) s) =
SIGMA (\i. pos_fn_integral m (f i)) s)
[pos_fn_integral_sum_cmul_indicator] Theorem
|- !m s a x.
measure_space m /\ FINITE s /\ (!i. i IN s ==> 0 <= x i) /\
(!i. i IN s ==> a i IN measurable_sets m) ==>
(pos_fn_integral m
(\t. SIGMA (\i. Normal (x i) * indicator_fn (a i) t) s) =
SIGMA (\i. Normal (x i) * measure m (a i)) s)
[pos_fn_integral_suminf] Theorem
|- !m f.
measure_space m /\ (!i x. 0 <= f i x) /\
(!i. f i IN measurable (m_space m,measurable_sets m) Borel) ==>
102
(pos_fn_integral m (\x. suminf (\i. f i x)) =
suminf (\i. pos_fn_integral m (f i)))
[pos_fn_integral_zero] Theorem
|- !m. measure_space m ==> (pos_fn_integral m (\x. 0) = 0)
[pos_mono_conv_mono_borel] Theorem
|- !m f fi g r.
measure_space m /\
(!x. x IN m_space m ==> (sup (IMAGE (\i. fi i x) univ(:num)) = f x)) /\
r IN psfis m g /\ (!x. g x <= f x) /\ (!i x. 0 <= fi i x) ==>
r <= sup (IMAGE (\i. pos_fn_integral m (fi i)) univ(:num))
[pos_simple_fn_add] Theorem
|- !m f g.
measure_space m /\ pos_simple_fn m f s a x /\
pos_simple_fn m g s a x ==>
?s a x. pos_simple_fn m (\t. f t + g t) s a x
[pos_simple_fn_add_alt] Theorem
|- !m f g s a x y.
measure_space m /\ pos_simple_fn m f s a x /\ pos_simple_fn m g s a y ==>
pos_simple_fn m (\t. f t + g t) s a (\i. x i + y i)
[pos_simple_fn_cmul] Theorem
|- !m f z.
measure_space m /\ pos_simple_fn m f s a x /\ 0 <= z ==>
?s a x. pos_simple_fn m (\t. Normal z * f t) s a x
[pos_simple_fn_cmul_alt] Theorem
|- !m f s a x z.
measure_space m /\ 0 <= z /\ pos_simple_fn m f s a x ==>
pos_simple_fn m (\t. Normal z * f t) s a (\i. z * x i)
[pos_simple_fn_indicator] Theorem
|- !m A.
?s a x. pos_simple_fn m (indicator_fn A) s a x
103
[pos_simple_fn_indicator_alt] Theorem
|- !m s.
pos_simple_fn m (indicator_fn s) {0; 1}
(\i. if i = 0 then m_space m DIFF s else s) (\i. if i = 0 then 0 else 1)
[pos_simple_fn_integral_add] Theorem
|- !m f s a x g s b y.
measure_space m /\ pos_simple_fn m f s a x /\ pos_simple_fn m g s b y ==>
?s c z.
pos_simple_fn m (\x. f x + g x) s c z /\
(pos_simple_fn_integral m s a x + pos_simple_fn_integral m s b y =
pos_simple_fn_integral m s c z)
[pos_simple_fn_integral_add_alt] Theorem
|- !m f s a x g y.
measure_space m /\ pos_simple_fn m f s a x /\ pos_simple_fn m g s a y ==>
(pos_simple_fn_integral m s a x + pos_simple_fn_integral m s a y =
pos_simple_fn_integral m s a (\i. x i + y i))
[pos_simple_fn_integral_cmul] Theorem
|- !m f s a x z.
measure_space m /\ pos_simple_fn m f s a x /\ 0 <= z ==>
pos_simple_fn m (\x. Normal z * f x) s a (\i. z * x i) /\
(pos_simple_fn_integral m s a (\i. z * x i) =
Normal z * pos_simple_fn_integral m s a x)
[pos_simple_fn_integral_cmul_alt] Theorem
|- !m f s a x z.
measure_space m /\ 0 <= z /\ pos_simple_fn m f s a x ==>
?s a x.
pos_simple_fn m (\t. Normal z * f t) s a x /\
(pos_simple_fn_integral m s a x =
Normal z * pos_simple_fn_integral m s a x)
[pos_simple_fn_integral_indicator] Theorem
|- !m A.
?s a x.
pos_simple_fn m (indicator_fn A) s a x /\
104
(pos_simple_fn_integral m s a x = measure m A)
[pos_simple_fn_integral_mono] Theorem
measure_space m /\ pos_simple_fn m f s a x /\ pos_simple_fn m g s b y /\
(!x. x IN m_space m ==> f x <= g x) ==>
pos_simple_fn_integral m s a x <= pos_simple_fn_integral m s b y
[pos_simple_fn_integral_not_infty] Theorem
|- !m f s a x.
measure_space m /\ pos_simple_fn m f s a x ==>
pos_simple_fn_integral m s a x <> NegInf
[pos_simple_fn_integral_present] Theorem
?z z c k.
(!t.
t IN m_space m ==>
(f t = SIGMA (\i. Normal (z i) * indicator_fn (c i) t) k)) /\
(!t.
t IN m_space m ==>
(g t = SIGMA (\i. Normal (z i) * indicator_fn (c i) t) k)) /\
(pos_simple_fn_integral m s a x = pos_simple_fn_integral m k c z) /\
(pos_simple_fn_integral m s b y = pos_simple_fn_integral m k c z) /\
FINITE k /\ (!i. i IN k ==> 0 <= z i) /\ (!i. i IN k ==> 0 <= z i) /\
(!i j. i IN k /\ j IN k /\ i <> j ==> DISJOINT (c i) (c j)) /\
(!i. i IN k ==> c i IN measurable_sets m) /\
(BIGUNION (IMAGE c k) = m_space m)
[pos_simple_fn_integral_sub] Theorem
measure_space m /\ measure m (m_space m) <> PosInf /\ (!x. g x <= f x) /\
(!x. g x <> PosInf) /\ pos_simple_fn m f s a x /\
pos_simple_fn m g s b y ==>
?s c z.
pos_simple_fn m (\x. f x - g x) s c z /\
(pos_simple_fn_integral m s a x - pos_simple_fn_integral m s b y =
pos_simple_fn_integral m s c z)
[pos_simple_fn_integral_sum] Theorem
|- !m f s a x P.
105
measure_space m /\ (!i. i IN P ==> pos_simple_fn m (f i) s a (x i)) /\
(!i t. i IN P ==> f i t <> NegInf) /\ FINITE P /\ P <> {} ==>
pos_simple_fn m (\t. SIGMA (\i. f i t) P) s a (\i. SIGMA (\j. x j i) P) /\
(pos_simple_fn_integral m s a (\j. SIGMA (\i. x i j) P) =
SIGMA (\i. pos_simple_fn_integral m s a (x i)) P)
[pos_simple_fn_integral_sum_alt] Theorem
|- !m f s a x P.
measure_space m /\
(!i. i IN P ==> pos_simple_fn m (f i) (s i) (a i) (x i)) /\
(!i t. i IN P ==> f i t <> NegInf) /\ FINITE P /\ P <> {} ==>
?c k z.
pos_simple_fn m (\t. SIGMA (\i. f i t) P) k c z /\
(pos_simple_fn_integral m k c z =
SIGMA (\i. pos_simple_fn_integral m (s i) (a i) (x i)) P)
[pos_simple_fn_integral_unique] Theorem
|- !m f s a x s b y.
measure_space m /\ pos_simple_fn m f s a x /\ pos_simple_fn m f s b y ==>
(pos_simple_fn_integral m s a x = pos_simple_fn_integral m s b y)
[pos_simple_fn_integral_zero] Theorem
|- !m s a x.
measure_space m /\ pos_simple_fn m (\t. 0) s a x ==>
(pos_simple_fn_integral m s a x = 0)
[pos_simple_fn_integral_zero_alt] Theorem
|- !m s a x.
measure_space m /\ pos_simple_fn m g s a x /\
(!x. x IN m_space m ==> (g x = 0)) ==>
(pos_simple_fn_integral m s a x = 0)
[pos_simple_fn_le] Theorem
|- !m f g s a x x i.
measure_space m /\ pos_simple_fn m f s a x /\ pos_simple_fn m g s a x /\
(!x. x IN m_space m ==> g x <= f x) /\ i IN s /\ a i <> {} ==>
Normal (x i) <= Normal (x i)
[pos_simple_fn_max] Theorem
106
?s a x. pos_simple_fn m (\x. max (f x) (g x)) s a x
[pos_simple_fn_not_infty] Theorem
|- !m f s a x.
pos_simple_fn m f s a x ==>
!x. x IN m_space m ==> f x <> NegInf /\ f x <> PosInf
[pos_simple_fn_thm1] Theorem
|- !m f s a x i y.
measure_space m /\ pos_simple_fn m f s a x /\ i IN s /\ y IN a i ==>
(f y = Normal (x i))
[psfis_add] Theorem
|- !m f g a b.
measure_space m /\ a IN psfis m f /\ b IN psfis m g ==>
a + b IN psfis m (\x. f x + g x)
[psfis_cmul] Theorem
|- !m f a z.
measure_space m /\ a IN psfis m f /\ 0 <= z ==>
Normal z * a IN psfis m (\x. Normal z * f x)
[psfis_indicator] Theorem
|- !m A.
measure m A IN psfis m (indicator_fn A)
[psfis_intro] Theorem
|- !m a x P.
measure_space m /\ (!i. i IN P ==> a i IN measurable_sets m) /\
(!i. i IN P ==> 0 <= x i) /\ FINITE P ==>
SIGMA (\i. Normal (x i) * measure m (a i)) P IN
psfis m (\t. SIGMA (\i. Normal (x i) * indicator_fn (a i) t) P)
[psfis_mono] Theorem
|- !m f g a b.
measure_space m /\ a IN psfis m f /\ b IN psfis m g /\
(!x. x IN m_space m ==> f x <= g x) ==>
a <= b
107
[psfis_not_infty] Theorem
|- !m f a. measure_space m /\ a IN psfis m f ==> a <> NegInf
[psfis_pos] Theorem
|- !m f a.
measure_space m /\ a IN psfis m f ==> !x. x IN m_space m ==> 0 <= f x
[psfis_present] Theorem
|- !m f g a b.
measure_space m /\ a IN psfis m f /\ b IN psfis m g ==>
?z z c k.
(!t.
t IN m_space m ==>
(f t = SIGMA (\i. Normal (z i) * indicator_fn (c i) t) k)) /\
(!t.
t IN m_space m ==>
(g t = SIGMA (\i. Normal (z i) * indicator_fn (c i) t) k)) /\
(a = pos_simple_fn_integral m k c z) /\
(b = pos_simple_fn_integral m k c z) /\ FINITE k /\
(!i. i IN k ==> 0 <= z i) /\ (!i. i IN k ==> 0 <= z i) /\
(!i j. i IN k /\ j IN k /\ i <> j ==> DISJOINT (c i) (c j)) /\
(!i. i IN k ==> c i IN measurable_sets m) /\
(BIGUNION (IMAGE c k) = m_space m)
[psfis_sub] Theorem
|- !m f g a b.
measure_space m /\ measure m (m_space m) <> PosInf /\ (!x. g x <= f x) /\
(!x. g x <> PosInf) /\ a IN psfis m f /\ b IN psfis m g ==>
a - b IN psfis m (\x. f x - g x)
[psfis_sum] Theorem
|- !m f a P.
measure_space m /\ (!i. i IN P ==> a i IN psfis m (f i)) /\
(!i t. i IN P ==> f i t <> NegInf) /\ FINITE P ==>
SIGMA a P IN psfis m (\t. SIGMA (\i. f i t) P)
[psfis_unique] Theorem
|- !m f a b. measure_space m /\ a IN psfis m f /\ b IN psfis m f ==> (a = b)
[psfis_zero] Theorem
108
|- !m a. measure_space m ==> (a IN psfis m (\x. 0) <=> (a = 0))
*)
end
signature probabilityTheory =
sig
type thm = Thm.thm
(* Definitions *)
val conditional_expectation_def : thm
val conditional_prob_def : thm
val distribution_def : thm
val events_def : thm
val expectation_def : thm
val indep_def : thm
val joint_distribution_def : thm
val p_space_def : thm
val possibly_def : thm
val prob_def : thm
val prob_space_def : thm
val probably_def : thm
val random_variable_def : thm
val real_random_variable_def : thm
val rv_conditional_expectation_def : thm
(* Theorems *)
val ABS_1_MINUS_PROB : thm
val ABS_PROB : thm
val ADDITIVE_PROB : thm
val COUNTABLY_ADDITIVE_PROB : thm
val EVENTS : thm
val EVENTS_ALGEBRA : thm
val EVENTS_COMPL : thm
val EVENTS_COUNTABLE_INTER : thm
val EVENTS_COUNTABLE_UNION : thm
val EVENTS_DIFF : thm
val EVENTS_EMPTY : thm
val EVENTS_INTER : thm
val EVENTS_SIGMA_ALGEBRA : thm
109
val EVENTS_SPACE : thm
val EVENTS_UNION : thm
val INCREASING_PROB : thm
val INDEP_EMPTY : thm
val INDEP_REFL : thm
val INDEP_SPACE : thm
val INDEP_SYM : thm
val INTER_PSPACE : thm
val POSITIVE_PROB : thm
val PROB : thm
val PROB_ADDITIVE : thm
val PROB_COMPL : thm
val PROB_COMPL_LE1 : thm
val PROB_COUNTABLY_ADDITIVE : thm
val PROB_COUNTABLY_SUBADDITIVE : thm
val PROB_COUNTABLY_ZERO : thm
val PROB_EMPTY : thm
val PROB_EQUIPROBABLE_FINITE_UNIONS : thm
val PROB_EQ_BIGUNION_IMAGE : thm
val PROB_EQ_COMPL : thm
val PROB_FINITE : thm
val PROB_FINITELY_ADDITIVE : thm
val PROB_INCREASING : thm
val PROB_INCREASING_UNION : thm
val PROB_INDEP : thm
val PROB_LE_1 : thm
val PROB_ONE_INTER : thm
val PROB_POSITIVE : thm
val PROB_REAL_SUM_IMAGE : thm
val PROB_REAL_SUM_IMAGE_FN : thm
val PROB_SPACE : thm
val PROB_SPACE_ADDITIVE : thm
val PROB_SPACE_COUNTABLY_ADDITIVE : thm
val PROB_SPACE_INCREASING : thm
val PROB_SPACE_POSITIVE : thm
val PROB_SUBADDITIVE : thm
val PROB_UNIV : thm
val PROB_ZERO_UNION : thm
val PSPACE : thm
val distribution_lebesgue_thm1 : thm
val distribution_lebesgue_thm2 : thm
val distribution_prob_space : thm
val distribution_x_eq_1_imp_distribution_y_eq_0 : thm
val finite_marginal_product_space_POW : thm
val finite_marginal_product_space_POW2 : thm
val prob_x_eq_1_imp_prob_y_eq_0 : thm
110
val probability_grammars : type_grammar.grammar * term_grammar.grammar
(*
[lebesgue] Parent theory of "probability"
[conditional_expectation_def] Definition
|- !p X s.
conditional_expectation p X s =
@f.
real_random_variable f p /\
!g.
g IN s ==>
(integral p (\x. f x * indicator_fn g x) =
integral p (\x. X x * indicator_fn g x))
[conditional_prob_def] Definition
|- !p e1 e2.
conditional_prob p e1 e2 = conditional_expectation p (indicator_fn e1) e2
[distribution_def] Definition
|- !p X. distribution p X = (\s. prob p (PREIMAGE X s INTER p_space p))
[events_def] Definition
|- events = measurable_sets
[expectation_def] Definition
|- expectation = integral
[indep_def] Definition
|- !p a b.
indep p a b <=>
a IN events p /\ b IN events p /\
(prob p (a INTER b) = prob p a * prob p b)
[joint_distribution_def] Definition
|- !p X Y.
joint_distribution p X Y =
(\a. prob p (PREIMAGE (\x. (X x,Y x)) a INTER p_space p))
[p_space_def] Definition
111
|- p_space = m_space
[possibly_def] Definition
|- !p e. possibly p e <=> e IN events p /\ prob p e <> 0
[prob_def] Definition
|- prob = measure
[prob_space_def] Definition
|- !p. prob_space p <=> measure_space p /\ (measure p (p_space p) = 1)
[probably_def] Definition
|- !p e. probably p e <=> e IN events p /\ (prob p e = 1)
[random_variable_def] Definition
|- !X p s.
random_variable X p s <=>
prob_space p /\ X IN measurable (p_space p,events p) s
[real_random_variable_def] Definition
|- !X p.
real_random_variable X p <=>
prob_space p /\ X IN measurable (p_space p,events p) Borel
[rv_conditional_expectation_def] Definition
|- !p s X Y.
rv_conditional_expectation p s X Y =
conditional_expectation p X
(IMAGE (\a. PREIMAGE Y a INTER p_space p) (subsets s))
[ABS_1_MINUS_PROB] Theorem
|- !p s.
prob_space p /\ s IN events p /\ prob p s <> 0 ==> abs (1 - prob p s) < 1
[ABS_PROB] Theorem
|- !p s. prob_space p /\ s IN events p ==> (abs (prob p s) = prob p s)
[ADDITIVE_PROB] Theorem
112
|- !p.
additive p <=>
!s t.
s IN events p /\ t IN events p /\ DISJOINT s t ==>
(prob p (s UNION t) = prob p s + prob p t)
[COUNTABLY_ADDITIVE_PROB] Theorem
|- !p.
countably_additive p <=>
!f.
f IN (univ(:num) -> events p) /\
BIGUNION (IMAGE f univ(:num)) IN events p ==>
(prob p (BIGUNION (IMAGE f univ(:num))) = suminf (prob p o f))
[EVENTS] Theorem
|- !a b c. events (a,b,c) = b
[EVENTS_ALGEBRA] Theorem
|- !p. prob_space p ==> algebra (p_space p,events p)
[EVENTS_COMPL] Theorem
|- !p s. prob_space p /\ s IN events p ==> p_space p DIFF s IN events p
[EVENTS_COUNTABLE_INTER] Theorem
|- !p c.
prob_space p /\ c SUBSET events p /\ countable c /\ c <> {} ==>
BIGINTER c IN events p
[EVENTS_COUNTABLE_UNION] Theorem
|- !p c.
prob_space p /\ c SUBSET events p /\ countable c ==>
BIGUNION c IN events p
[EVENTS_DIFF] Theorem
|- !p s t.
prob_space p /\ s IN events p /\ t IN events p ==> s DIFF t IN events p
[EVENTS_EMPTY] Theorem
113
|- !p. prob_space p ==> {} IN events p
[EVENTS_INTER] Theorem
|- !p s t.
prob_space p /\ s IN events p /\ t IN events p ==> s INTER t IN events p
[EVENTS_SIGMA_ALGEBRA] Theorem
|- !p. prob_space p ==> sigma_algebra (p_space p,events p)
[EVENTS_SPACE] Theorem
|- !p. prob_space p ==> p_space p IN events p
[EVENTS_UNION] Theorem
|- !p s t.
prob_space p /\ s IN events p /\ t IN events p ==> s UNION t IN events p
[INCREASING_PROB] Theorem
|- !p.
increasing p <=>
!s t.
s IN events p /\ t IN events p /\ s SUBSET t ==> prob p s <= prob p t
[INDEP_EMPTY] Theorem
|- !p s. prob_space p /\ s IN events p ==> indep p {} s
[INDEP_REFL] Theorem
|- !p a.
prob_space p /\ a IN events p ==>
(indep p a a <=> (prob p a = 0) \/ (prob p a = 1))
[INDEP_SPACE] Theorem
|- !p s. prob_space p /\ s IN events p ==> indep p (p_space p) s
[INDEP_SYM] Theorem
|- !p a b. prob_space p /\ indep p a b ==> indep p b a
[INTER_PSPACE] Theorem
114
|- !p s. prob_space p /\ s IN events p ==> (p_space p INTER s = s)
[POSITIVE_PROB] Theorem
|- !p. positive p <=> (prob p {} = 0) /\ !s. s IN events p ==> 0 <= prob p s
[PROB] Theorem
|- !a b c. prob (a,b,c) = c
[PROB_ADDITIVE] Theorem
|- !p s t u.
prob_space p /\ s IN events p /\ t IN events p /\ DISJOINT s t /\
(u = s UNION t) ==>
(prob p u = prob p s + prob p t)
[PROB_COMPL] Theorem
|- !p s.
prob_space p /\ s IN events p ==>
(prob p (p_space p DIFF s) = 1 - prob p s)
[PROB_COMPL_LE1] Theorem
|- !p s r.
prob_space p /\ s IN events p ==>
(prob p (p_space p DIFF s) <= r <=> 1 - r <= prob p s)
[PROB_COUNTABLY_ADDITIVE] Theorem
|- !p s f.
prob_space p /\ f IN (univ(:num) -> events p) /\
(s = BIGUNION (IMAGE f univ(:num))) ==>
(prob p s = suminf (prob p o f))
[PROB_COUNTABLY_SUBADDITIVE] Theorem
|- !p f.
prob_space p /\ IMAGE f univ(:num) SUBSET events p ==>
prob p (BIGUNION (IMAGE f univ(:num))) <= suminf (prob p o f)
[PROB_COUNTABLY_ZERO] Theorem
|- !p c.
115
prob_space p /\ countable c /\ c SUBSET events p /\
(!x. x IN c ==> (prob p x = 0)) ==>
(prob p (BIGUNION c) = 0)
[PROB_EMPTY] Theorem
|- !p. prob_space p ==> (prob p {} = 0)
[PROB_EQUIPROBABLE_FINITE_UNIONS] Theorem
|- !p s.
prob_space p /\ s IN events p /\ (!x. x IN s ==> {x} IN events p) /\
FINITE s /\ (!x y. x IN s /\ y IN s ==> (prob p {x} = prob p {y})) ==>
(prob p s = &CARD s * prob p {CHOICE s})
[PROB_EQ_BIGUNION_IMAGE] Theorem
|- !p.
g IN (univ(:num) -> events p) /\
(!m n. m <> n ==> DISJOINT (g m) (g n)) /\
(!n. prob p (f n) = prob p (g n)) ==>
(prob p (BIGUNION (IMAGE f univ(:num))) =
prob p (BIGUNION (IMAGE g univ(:num))))
[PROB_EQ_COMPL] Theorem
|- !p s t.
prob_space p /\ s IN events p /\ t IN events p /\
(prob p (p_space p DIFF s) = prob p (p_space p DIFF t)) ==>
(prob p s = prob p t)
[PROB_FINITE] Theorem
|- !p s.
prob_space p /\ s IN events p ==> prob p s <> NegInf /\ prob p s <> PosInf
[PROB_FINITELY_ADDITIVE] Theorem
|- !p s f n.
prob_space p /\ f IN (count n -> events p) /\
(!a b. a < n /\ b < n /\ a <> b ==> DISJOINT (f a) (f b)) /\
(s = BIGUNION (IMAGE f (count n))) ==>
(prob p s = SIGMA (prob p o f) (count n))
116
[PROB_INCREASING] Theorem
|- !p s t.
prob_space p /\ s IN events p /\ t IN events p /\ s SUBSET t ==>
prob p s <= prob p t
[PROB_INCREASING_UNION] Theorem
|- !p f.
(sup (IMAGE (prob p o f) univ(:num)) =
prob p (BIGUNION (IMAGE f univ(:num))))
[PROB_INDEP] Theorem
|- !p s t u.
indep p s t /\ (u = s INTER t) ==> (prob p u = prob p s * prob p t)
[PROB_LE_1] Theorem
|- !p s. prob_space p /\ s IN events p ==> prob p s <= 1
[PROB_ONE_INTER] Theorem
|- !p s t.
prob_space p /\ s IN events p /\ t IN events p /\ (prob p t = 1) ==>
(prob p (s INTER t) = prob p s)
[PROB_POSITIVE] Theorem
|- !p s. prob_space p /\ s IN events p ==> 0 <= prob p s
[PROB_REAL_SUM_IMAGE] Theorem
|- !p s.
prob_space p /\ s IN events p /\ (!x. x IN s ==> {x} IN events p) /\
FINITE s ==>
(prob p s = SIGMA (\x. prob p {x}) s)
[PROB_REAL_SUM_IMAGE_FN] Theorem
|- !p f e s.
prob_space p /\ e IN events p /\
(!x. x IN s ==> e INTER f x IN events p) /\ FINITE s /\
(!x y. x IN s /\ y IN s /\ x <> y ==> DISJOINT (f x) (f y)) /\
(BIGUNION (IMAGE f s) INTER p_space p = p_space p) ==>
117
(prob p e = SIGMA (\x. prob p (e INTER f x)) s)
[PROB_SPACE] Theorem
|- !p.
prob_space p <=>
sigma_algebra (p_space p,events p) /\ positive p /\
countably_additive p /\ (prob p (p_space p) = 1)
[PROB_SPACE_ADDITIVE] Theorem
|- !p. prob_space p ==> additive p
[PROB_SPACE_COUNTABLY_ADDITIVE] Theorem
|- !p. prob_space p ==> countably_additive p
[PROB_SPACE_INCREASING] Theorem
|- !p. prob_space p ==> increasing p
[PROB_SPACE_POSITIVE] Theorem
|- !p. prob_space p ==> positive p
[PROB_SUBADDITIVE] Theorem
|- !p t u.
prob_space p /\ t IN events p /\ u IN events p ==>
prob p (t UNION u) <= prob p t + prob p u
[PROB_UNIV] Theorem
|- !p. prob_space p ==> (prob p (p_space p) = 1)
[PROB_ZERO_UNION] Theorem
|- !p s t.
prob_space p /\ s IN events p /\ t IN events p /\ (prob p t = 0) ==>
(prob p (s UNION t) = prob p s)
[PSPACE] Theorem
|- !a b c. p_space (a,b,c) = a
[distribution_lebesgue_thm1] Theorem
118
|- !X p s A.
random_variable X p s /\ A IN subsets s ==>
(distribution p X A =
integral p (indicator_fn (PREIMAGE X A INTER p_space p)))
[distribution_lebesgue_thm2] Theorem
|- !X p s A.
random_variable X p s /\ A IN subsets s ==>
(distribution p X A =
integral (space s,subsets s,distribution p X) (indicator_fn A))
[distribution_prob_space] Theorem
|- !p X s.
random_variable X p s ==> prob_space (space s,subsets s,distribution p X)
[distribution_x_eq_1_imp_distribution_y_eq_0] Theorem
|- !X p x.
random_variable X p (IMAGE X (p_space p),POW (IMAGE X (p_space p))) /\
(distribution p X {x} = 1) ==>
!y. y <> x ==> (distribution p X {y} = 0)
[finite_marginal_product_space_POW] Theorem
|- !p X Y.
(POW (p_space p) = events p) /\
random_variable X p (IMAGE X (p_space p),POW (IMAGE X (p_space p))) /\
random_variable Y p (IMAGE Y (p_space p),POW (IMAGE Y (p_space p))) /\
FINITE (p_space p) ==>
measure_space
(IMAGE X (p_space p) CROSS IMAGE Y (p_space p),
POW (IMAGE X (p_space p) CROSS IMAGE Y (p_space p)),
(\a. prob p (PREIMAGE (\x. (X x,Y x)) a INTER p_space p)))
[finite_marginal_product_space_POW2] Theorem
|- !p s1 s2 X Y.
(POW (p_space p) = events p) /\ random_variable X p (s1,POW s1) /\
random_variable Y p (s2,POW s2) /\ FINITE (p_space p) /\ FINITE s1 /\
FINITE s2 ==>
measure_space (s1 CROSS s2,POW (s1 CROSS s2),joint_distribution p X Y)
[prob_x_eq_1_imp_prob_y_eq_0] Theorem
|- !p x.
119
prob_space p /\ {x} IN events p /\ (prob p {x} = 1) ==>
!y. {y} IN events p /\ y <> x ==> (prob p {y} = 0)
*)
end
120

Formalization of Measure and Lebesgue Integration Over Extended Reals in HOL

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Formalization of Measure and Lebesgue Integration Over Extended Reals in HOL

Hochgeladen von

Copyright:

Verfügbare Formate

Formalization of Measure and Lebesgue Integration over

Extended Reals in HOL

are the non-negative measurable functions dened by f

(x) = max(f(x), 0).

Das könnte Ihnen auch gefallen